apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ci: apply zizmor fixes for unpinned action versions (#17478)

Browse Source
pull/17482/head
benclive 8 months ago committed by GitHub
parent b5eacdb588
commit 786c2227d8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
27 changed files with 243 additions and 242 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      .github/jsonnetfile.json
  2. 4
      .github/jsonnetfile.lock.json
  3. 10
      .github/release-workflows.jsonnet
  4. 24
      .github/vendor/github.com/grafana/loki-release/workflows/build.libsonnet
  5. 4
      .github/vendor/github.com/grafana/loki-release/workflows/common.libsonnet
  6. 18
      .github/vendor/github.com/grafana/loki-release/workflows/release.libsonnet
  7. 2
      .github/workflows/conventional-commits.yml
  8. 4
      .github/workflows/dependabot_reviewer.yml
  9. 7
      .github/workflows/helm-ci.yml
  10. 4
      .github/workflows/helm-diff-ci.yml
  11. 4
      .github/workflows/helm-tagged-release-pr.yaml
  12. 6
      .github/workflows/helm-weekly-release-pr.yaml
  13. 34
      .github/workflows/images.yml
  14. 3
      .github/workflows/lint-jsonnet.yml
  15. 6
      .github/workflows/logql-analyzer.yml
  16. 124
      .github/workflows/minor-release-pr.yml
  17. 4
      .github/workflows/nix-ci.yaml
  18. 24
      .github/workflows/operator-images.yaml
  19. 12
      .github/workflows/operator-release-please.yml
  20. 2
      .github/workflows/operator-reusable-hub-release.yml
  21. 2
      .github/workflows/operator-scorecard.yaml
  22. 4
      .github/workflows/operator.yaml
  23. 124
      .github/workflows/patch-release-pr.yml
  24. 44
      .github/workflows/release.yml
  25. 2
      .github/workflows/secret-scanning.yml
  26. 5
      .github/workflows/syft-sbom-ci.yml
  27. 6
      .github/zizmor.yaml

2
.github/jsonnetfile.json
Unescape View File

@ -8,7 +8,7 @@
"subdir": "workflows"
}
},
"version": "72c821916ad9b13ae86027c88c7f32174260fdd9"
"version": "26dec9c8151abda8485fc20b6cec2352da04a39e"
}
],
"legacyImports": true

4
.github/jsonnetfile.lock.json
Unescape View File

@ -8,8 +8,8 @@
"subdir": "workflows"
}
},
"version": "72c821916ad9b13ae86027c88c7f32174260fdd9",
"sum": "t+Ghk4ExAalPKTsNUsiX9ThcY2w0TUvaSNZIurcCrXc="
"version": "26dec9c8151abda8485fc20b6cec2352da04a39e",
"sum": "UOwlvbTB5YGu2pXmuGmfZVjgkM65fRUPN3H5ilL/Kzc="
}
],
"legacyImports": false

10
.github/release-workflows.jsonnet
Unescape View File

@ -85,7 +85,7 @@ local lambdaPromtailJob =
+ step.with({
'node-version': '20',
}),
step.new('Set up Docker buildx', 'docker/setup-buildx-action@v3'),
step.new('Set up Docker buildx', 'docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2'), // v3
step.new('get-secrets', 'grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.1.0')
+ { id: 'get-secrets' }
+ step.with({
@ -94,13 +94,13 @@ local lambdaPromtailJob =
ECR_SECRET_KEY=aws-credentials:secret_access_key
|||,
}),
step.new('Configure AWS credentials', 'aws-actions/configure-aws-credentials@v4')
step.new('Configure AWS credentials', 'aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502') // v4
+ step.with({
'aws-access-key-id': '${{ env.ECR_ACCESS_KEY }}',
'aws-secret-access-key': '${{ env.ECR_SECRET_KEY }}',
'aws-region': 'us-east-1',
}),
step.new('Login to Amazon ECR Public', 'aws-actions/amazon-ecr-login@v2')
step.new('Login to Amazon ECR Public', 'aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076') // v2
+ step.with({
'registry-type': 'public',
}),
@ -119,7 +119,7 @@ local lambdaPromtailJob =
arch=$(echo ${{ matrix.arch }} | cut -d'/' -f2)
echo "IMAGE_TAG=${{ steps.weekly-version.outputs.image_name }}:${{ steps.weekly-version.outputs.image_version }}-${arch}" >> $GITHUB_OUTPUT
|||),
step.new('Build and push', 'docker/build-push-action@v6')
step.new('Build and push', 'docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1') // v6
+ { id: 'build-push' }
+ { 'timeout-minutes': '${{ fromJSON(env.BUILD_TIMEOUT) }}' }
+ step.with({
@ -257,7 +257,7 @@ local lambdaPromtailJob =
BUILD_TIMEOUT: imageBuildTimeoutMin,
})
+ job.withSteps([
step.new('Set up Docker buildx', 'docker/setup-buildx-action@v3'),
step.new('Set up Docker buildx', 'docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2'), // v3
step.new('Login to DockerHub (from Vault)', 'grafana/shared-workflows/actions/dockerhub-login@main'),
step.new('Publish multi-arch manifest')
+ step.withRun(|||

24
.github/vendor/github.com/grafana/loki-release/workflows/build.libsonnet generated vendored
Unescape View File

@ -31,7 +31,7 @@ local runner = import 'runner.libsonnet',
common.setupNode,
common.googleAuth,
step.new('Set up Docker buildx', 'docker/setup-buildx-action@v3'),
step.new('Set up Docker buildx', 'docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2'), // v3
releaseStep('Parse image platform')
+ step.withId('platform')
@ -43,7 +43,7 @@ local runner = import 'runner.libsonnet',
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
|||),
step.new('Build and export', 'docker/build-push-action@v6')
step.new('Build and export', 'docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1') // v6
+ step.withTimeoutMinutes('${{ fromJSON(env.BUILD_TIMEOUT) }}')
+ step.withIf('${{ fromJSON(needs.version.outputs.pr_created) }}')
+ step.withEnv({
@ -57,7 +57,7 @@ local runner = import 'runner.libsonnet',
outputs: 'type=docker,dest=release/images/%s-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar' % name,
'build-args': 'IMAGE_TAG=${{ needs.version.outputs.version }}',
}),
step.new('Upload artifacts', 'google-github-actions/upload-cloud-storage@v2')
step.new('Upload artifacts', 'google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0') // v2
+ step.withIf('${{ fromJSON(needs.version.outputs.pr_created) }}')
+ step.with({
path: 'release/images/%s-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar' % name,
@ -97,7 +97,7 @@ local runner = import 'runner.libsonnet',
common.fetchReleaseRepo,
common.setupNode,
step.new('Set up Docker buildx', 'docker/setup-buildx-action@v3'),
step.new('Set up Docker buildx', 'docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2'), // v3
step.new('Login to DockerHub (from Vault)', 'grafana/shared-workflows/actions/dockerhub-login@main'),
releaseStep('Get weekly version')
@ -117,7 +117,7 @@ local runner = import 'runner.libsonnet',
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
|||),
step.new('Build and push', 'docker/build-push-action@v6')
step.new('Build and push', 'docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1') // v6
+ step.withId('build-push')
+ step.withTimeoutMinutes('${{ fromJSON(env.BUILD_TIMEOUT) }}')
+ step.with({
@ -165,8 +165,8 @@ local runner = import 'runner.libsonnet',
common.setupNode,
common.googleAuth,
step.new('Set up QEMU', 'docker/setup-qemu-action@v3'),
step.new('set up docker buildx', 'docker/setup-buildx-action@v3'),
step.new('Set up QEMU', 'docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392'), // v3
step.new('set up docker buildx', 'docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2'), //v3
releaseStep('parse image platform')
+ step.withId('platform')
@ -184,7 +184,7 @@ local runner = import 'runner.libsonnet',
fi
|||),
step.new('Build and export', 'docker/build-push-action@v6')
step.new('Build and export', 'docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1') // v6
+ step.withTimeoutMinutes('${{ fromJSON(env.BUILD_TIMEOUT) }}')
+ step.withIf('${{ fromJSON(needs.version.outputs.pr_created) }}')
+ step.with({
@ -211,7 +211,7 @@ local runner = import 'runner.libsonnet',
.
||| % [name, name]),
step.new('upload artifacts', 'google-github-actions/upload-cloud-storage@v2')
step.new('upload artifacts', 'google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0') // v2
+ step.withIf('${{ fromJSON(needs.version.outputs.pr_created) }}')
+ step.with({
path: 'release/plugins/%s-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar' % name,
@ -266,13 +266,13 @@ local runner = import 'runner.libsonnet',
cat release.json
if [[ `jq length release.json` -gt 1 ]]; then
if [[ `jq length release.json` -gt 1 ]]; then
echo 'release-please would create more than 1 PR, so cannot determine correct version'
echo "pr_created=false" >> $GITHUB_OUTPUT
exit 1
fi
if [[ `jq length release.json` -eq 0 ]]; then
if [[ `jq length release.json` -eq 0 ]]; then
echo "pr_created=false" >> $GITHUB_OUTPUT
else
version="$(npm run --silent get-version)"
@ -343,7 +343,7 @@ local runner = import 'runner.libsonnet',
||| % [buildImage, buildImage, std.join(' ', makeTargets)]
),
step.new('upload artifacts', 'google-github-actions/upload-cloud-storage@v2')
step.new('upload artifacts', 'google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0') // v2
+ step.withIf('${{ fromJSON(needs.version.outputs.pr_created) }}')
+ step.with({
path: 'release/dist',

4
.github/vendor/github.com/grafana/loki-release/workflows/common.libsonnet generated vendored
Unescape View File

@ -112,11 +112,11 @@
],
},
googleAuth: $.step.new('auth gcs', 'google-github-actions/auth@v2')
googleAuth: $.step.new('auth gcs', 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f') // v2
+ $.step.with({
credentials_json: '${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}',
}),
setupGoogleCloudSdk: $.step.new('Set up Cloud SDK', 'google-github-actions/setup-gcloud@v2')
setupGoogleCloudSdk: $.step.new('Set up Cloud SDK', 'google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a') // v2
+ $.step.with({
version: '>= 452.0.0',
}),

18
.github/vendor/github.com/grafana/loki-release/workflows/release.libsonnet generated vendored
Unescape View File

@ -136,7 +136,7 @@ local pullRequestFooter = 'Merging this PR will release the [artifacts](https://
gh release upload --clobber ${{ needs.shouldRelease.outputs.name }} dist/*
|||),
step.new('release artifacts', 'google-github-actions/upload-cloud-storage@v2')
step.new('release artifacts', 'google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0') // v2
+ step.withIf('${{ fromJSON(env.PUBLISH_TO_GCS) }}')
+ step.with({
path: 'release/dist',
@ -161,12 +161,12 @@ local pullRequestFooter = 'Merging this PR will release the [artifacts](https://
common.fetchReleaseLib,
common.googleAuth,
common.setupGoogleCloudSdk,
step.new('Set up QEMU', 'docker/setup-qemu-action@v3'),
step.new('set up docker buildx', 'docker/setup-buildx-action@v3'),
step.new('Set up QEMU', 'docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392'), // v3
step.new('set up docker buildx', 'docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2'), //v3
] + (if getDockerCredsFromVault then [
step.new('Login to DockerHub (from vault)', 'grafana/shared-workflows/actions/dockerhub-login@main'),
] else [
step.new('Login to DockerHub (from secrets)', 'docker/login-action@v3')
step.new('Login to DockerHub (from secrets)', 'docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772') // v3
+ step.with({
username: dockerUsername,
password: '${{ secrets.DOCKER_PASSWORD }}',
@ -196,12 +196,12 @@ local pullRequestFooter = 'Merging this PR will release the [artifacts](https://
common.fetchReleaseRepo,
common.googleAuth,
common.setupGoogleCloudSdk,
step.new('Set up QEMU', 'docker/setup-qemu-action@v3'),
step.new('set up docker buildx', 'docker/setup-buildx-action@v3'),
step.new('Set up QEMU', 'docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392'), // v3
step.new('set up docker buildx', 'docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2'), //v3
] + (if getDockerCredsFromVault then [
step.new('Login to DockerHub (from vault)', 'grafana/shared-workflows/actions/dockerhub-login@main'),
] else [
step.new('Login to DockerHub (from secrets)', 'docker/login-action@v3')
step.new('Login to DockerHub (from secrets)', 'docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772') // v3
+ step.with({
username: dockerUsername,
password: '${{ secrets.DOCKER_PASSWORD }}',
@ -290,7 +290,7 @@ local pullRequestFooter = 'Merging this PR will release the [artifacts](https://
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
else
echo "Creating branch: $BRANCH_NAME from tag: ${{ needs.publishRelease.outputs.name }}"
# Create branch from the tag
git fetch --tags
git checkout "${{ steps.extract_branch.outputs.branch }}"
@ -299,7 +299,7 @@ local pullRequestFooter = 'Merging this PR will release the [artifacts](https://
# explicity set the github app token to override the release branch protection
git remote set-url origin "https://x-access-token:${{ steps.github_app_token.outputs.token }}@github.com/${{ env.RELEASE_REPO }}"
git push -u origin $BRANCH_NAME
echo "branch_exists=false" >> $GITHUB_OUTPUT
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
fi

2
.github/workflows/conventional-commits.yml
Unescape View File

@ -5,6 +5,6 @@ jobs:
check-title:
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

4
.github/workflows/dependabot_reviewer.yml
Unescape View File

@ -18,11 +18,11 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v4
with:
persist-credentials: false
persist-credentials: false
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2.3.0
uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 # v 2.3.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"

7
.github/workflows/helm-ci.yml
Unescape View File

@ -25,7 +25,7 @@ jobs:
persist-credentials: false
- name: Set up Helm
uses: azure/setup-helm@v4
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
with:
version: v3.8.2
@ -37,8 +37,7 @@ jobs:
python-version: 3.13
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.7.0
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
- name: Run chart-testing (list-changed)
id: list-changed
run: |
@ -52,7 +51,7 @@ jobs:
timeout-minutes: 10
- name: Create kind cluster
uses: helm/kind-action@v1.12.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
if: steps.list-changed.outputs.changed == 'true'
- name: Install prometheus operator

4
.github/workflows/helm-diff-ci.yml
Unescape View File

@ -44,7 +44,7 @@ jobs:
persist-credentials: false
- name: Setup Helm
uses: azure/setup-helm@v4
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
- name: Add required Helm repositories
run: |
@ -127,7 +127,7 @@ jobs:
done
- name: Post diff as PR comment
uses: marocchino/sticky-pull-request-comment@v2
uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2
with:
header: "Helm Diff Output - Summary"
skip_unchanged: true

4
.github/workflows/helm-tagged-release-pr.yaml
Unescape View File

@ -15,7 +15,7 @@ jobs:
BUILD_IN_CONTAINER: false
steps:
- uses: actions/checkout@v4
- uses: gabe565/setup-helm-docs-action@v1
- uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1
with:
version: v1.11.2
persist-credentials: false
@ -34,7 +34,7 @@ jobs:
bash .github/workflows/scripts/helm-tagged-release.sh ${RELEASE_VERSION}
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
with:
token: ${{ steps.get_github_app_token.outputs.token }}
title: "chore: release loki helm chart ${{ steps.update.outputs.new_chart_version }}"

6
.github/workflows/helm-weekly-release-pr.yaml
Unescape View File

@ -18,7 +18,7 @@ jobs:
BUILD_IN_CONTAINER: false
steps:
- uses: actions/checkout@v4
- uses: gabe565/setup-helm-docs-action@v1
- uses: gabe565/setup-helm-docs-action@d5c35bdc9133cfbea3b671acadf50a29029e87c2 # v1
with:
version: v1.11.2
persist-credentials: false
@ -33,7 +33,7 @@ jobs:
- name: "Login to DockerHub (from vault)"
uses: "grafana/shared-workflows/actions/dockerhub-login@main"
- uses: imjasonh/setup-crane@v0.4
- uses: imjasonh/setup-crane@31b88efe9de28ae0ffa220711af4b60be9435f6e # v0.4
- name: Update/regenerate files for standard release
id: update
@ -41,7 +41,7 @@ jobs:
bash .github/workflows/scripts/helm-weekly-release.sh
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
with:
token: ${{ steps.get_github_app_token.outputs.token }}
title: "chore: release loki helm chart ${{ steps.update.outputs.new_chart_version }}"

34
.github/workflows/images.yml
Unescape View File

@ -42,7 +42,7 @@
"with":
"node-version": "20"
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "id": "get-secrets"
"name": "get-secrets"
"uses": "grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.1.0"
@ -51,13 +51,13 @@
ECR_ACCESS_KEY=aws-credentials:access_key_id
ECR_SECRET_KEY=aws-credentials:secret_access_key
- "name": "Configure AWS credentials"
"uses": "aws-actions/configure-aws-credentials@v4"
"uses": "aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502"
"with":
"aws-access-key-id": "${{ env.ECR_ACCESS_KEY }}"
"aws-region": "us-east-1"
"aws-secret-access-key": "${{ env.ECR_SECRET_KEY }}"
- "name": "Login to Amazon ECR Public"
"uses": "aws-actions/amazon-ecr-login@v2"
"uses": "aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076"
"with":
"registry-type": "public"
- "id": "weekly-version"
@ -76,7 +76,7 @@
- "id": "build-push"
"name": "Build and push"
"timeout-minutes": "${{ fromJSON(env.BUILD_TIMEOUT) }}"
"uses": "docker/build-push-action@v6"
"uses": "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
"with":
"build-args": |
IMAGE_TAG=${{ steps.weekly-version.outputs.image_version }}
@ -132,7 +132,7 @@
"with":
"node-version": 20
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "id": "weekly-version"
@ -153,7 +153,7 @@
- "id": "build-push"
"name": "Build and push"
"timeout-minutes": "${{ fromJSON(env.BUILD_TIMEOUT) }}"
"uses": "docker/build-push-action@v6"
"uses": "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
"with":
"build-args": |
IMAGE_TAG=${{ steps.weekly-version.outputs.image_version }}
@ -191,7 +191,7 @@
"runs-on": "ubuntu-latest"
"steps":
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "name": "Publish multi-arch manifest"
@ -242,7 +242,7 @@
"with":
"node-version": 20
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "id": "weekly-version"
@ -263,7 +263,7 @@
- "id": "build-push"
"name": "Build and push"
"timeout-minutes": "${{ fromJSON(env.BUILD_TIMEOUT) }}"
"uses": "docker/build-push-action@v6"
"uses": "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
"with":
"build-args": |
IMAGE_TAG=${{ steps.weekly-version.outputs.image_version }}
@ -301,7 +301,7 @@
"runs-on": "ubuntu-latest"
"steps":
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "name": "Publish multi-arch manifest"
@ -352,7 +352,7 @@
"with":
"node-version": 20
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "id": "weekly-version"
@ -373,7 +373,7 @@
- "id": "build-push"
"name": "Build and push"
"timeout-minutes": "${{ fromJSON(env.BUILD_TIMEOUT) }}"
"uses": "docker/build-push-action@v6"
"uses": "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
"with":
"build-args": |
IMAGE_TAG=${{ steps.weekly-version.outputs.image_version }}
@ -411,7 +411,7 @@
"runs-on": "ubuntu-latest"
"steps":
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "name": "Publish multi-arch manifest"
@ -462,7 +462,7 @@
"with":
"node-version": 20
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "id": "weekly-version"
@ -483,7 +483,7 @@
- "id": "build-push"
"name": "Build and push"
"timeout-minutes": "${{ fromJSON(env.BUILD_TIMEOUT) }}"
"uses": "docker/build-push-action@v6"
"uses": "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
"with":
"build-args": |
IMAGE_TAG=${{ steps.weekly-version.outputs.image_version }}
@ -521,7 +521,7 @@
"runs-on": "ubuntu-latest"
"steps":
- "name": "Set up Docker buildx"
"uses": "docker/setup-buildx-action@v3"
"uses": "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- "name": "Login to DockerHub (from Vault)"
"uses": "grafana/shared-workflows/actions/dockerhub-login@main"
- "name": "Publish multi-arch manifest"
@ -547,4 +547,4 @@
"permissions":
"contents": "write"
"id-token": "write"
"pull-requests": "write"
"pull-requests": "write"

3
.github/workflows/lint-jsonnet.yml
Unescape View File

@ -29,6 +29,3 @@ jobs:
- name: check compiled mixin has been updated
run: |
make BUILD_IN_CONTAINER=false loki-mixin-check

6
.github/workflows/logql-analyzer.yml
Unescape View File

@ -55,15 +55,15 @@ jobs:
private-key: "${{ secrets.APP_PRIVATE_KEY }}"
- name: "Set up QEMU"
uses: "docker/setup-qemu-action@v3"
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392" # v3
- name: "set up docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2" # v3
- name: "Login to DockerHub (from vault)"
uses: "grafana/shared-workflows/actions/dockerhub-login@main"
- name: "Build and push"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1" # v6
with:
build-args: "IMAGE_TAG=${{ steps.prepare.outputs.release_version }}"
context: loki

124
.github/workflows/minor-release-pr.yml
Unescape View File

@ -95,7 +95,7 @@ jobs:
--target-branch "${{ steps.extract_branch.outputs.branch }}" \
--token "${{ steps.github_app_token.outputs.token }}" \
--dry-run ${{ fromJSON(env.DRY_RUN) }}
working-directory: "lib"
dist:
needs:
@ -113,11 +113,11 @@ jobs:
persist-credentials: false
repository: "${{ env.RELEASE_REPO }}"
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
with:
version: ">= 452.0.0"
- id: "get-secrets"
@ -158,7 +158,7 @@ jobs:
working-directory: "release"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}"
path: "release/dist"
@ -186,16 +186,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -205,7 +205,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -215,7 +215,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/fluent-bit-plugin-loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/fluent-bit-plugin-loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -250,16 +250,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -269,7 +269,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -279,7 +279,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/fluent-plugin-loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/fluent-plugin-loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -314,16 +314,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -333,7 +333,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -343,7 +343,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/logcli:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/logcli-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -384,16 +384,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -403,7 +403,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -413,7 +413,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/logstash-output-loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/logstash-output-loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -448,16 +448,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -467,7 +467,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -477,7 +477,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -518,16 +518,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -537,7 +537,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -547,7 +547,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki-canary:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-canary-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -588,16 +588,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -607,7 +607,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -617,7 +617,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki-canary-boringcrypto:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-canary-boringcrypto-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -658,19 +658,19 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up QEMU"
uses: "docker/setup-qemu-action@v3"
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392"
- name: "set up docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "parse image platform"
run: |
mkdir -p images
mkdir -p plugins
platform="$(echo "${{ matrix.arch}}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -683,7 +683,7 @@ jobs:
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: |
IMAGE_TAG=${{ needs.version.outputs.version }}
@ -703,7 +703,7 @@ jobs:
.
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/plugins"
path: "release/plugins/loki-docker-driver-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -741,16 +741,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -760,7 +760,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -770,7 +770,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/promtail:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/promtail-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -811,16 +811,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -830,7 +830,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -840,7 +840,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki-query-tee:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-query-tee-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -902,7 +902,7 @@ jobs:
name: "get release version"
run: |
npm install
if [[ -z "${{ env.RELEASE_AS }}" ]]; then
npm exec -- release-please release-pr \
--consider-all-branches \
@ -932,16 +932,16 @@ jobs:
--token "${{ steps.github_app_token.outputs.token }}" \
--release-as "${{ env.RELEASE_AS }}"
fi
cat release.json
if [[ `jq length release.json` -gt 1 ]]; then
if [[ `jq length release.json` -gt 1 ]]; then
echo 'release-please would create more than 1 PR, so cannot determine correct version'
echo "pr_created=false" >> $GITHUB_OUTPUT
exit 1
fi
if [[ `jq length release.json` -eq 0 ]]; then
if [[ `jq length release.json` -eq 0 ]]; then
echo "pr_created=false" >> $GITHUB_OUTPUT
else
version="$(npm run --silent get-version)"
@ -958,4 +958,4 @@ name: "Prepare Minor Release PR from Weekly"
permissions:
contents: "write"
id-token: "write"
pull-requests: "write"
pull-requests: "write"

4
.github/workflows/nix-ci.yaml
Unescape View File

@ -18,7 +18,7 @@ jobs:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/install-nix-action@v30
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- run: nix run --print-build-logs .#lint
@ -28,7 +28,7 @@ jobs:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/install-nix-action@v30
- uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- run: nix build --print-build-logs .#promtail

24
.github/workflows/operator-images.yaml
Unescape View File

@ -22,13 +22,13 @@ jobs:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
- name: Login to Quay.io
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: quay.io
logout: true
@ -48,7 +48,7 @@ jobs:
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT
- name: Build and publish image on quay.io
uses: docker/build-push-action@v6
uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
with:
context: ./operator
push: true
@ -60,13 +60,13 @@ jobs:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
- name: Login to Quay.io
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: quay.io
logout: true
@ -86,7 +86,7 @@ jobs:
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT
- name: Build and publish image on quay.io
uses: docker/build-push-action@v6
uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
with:
context: ./operator/bundle/openshift
file: ./operator/bundle/openshift/bundle.Dockerfile
@ -99,13 +99,13 @@ jobs:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
- name: Login to Quay.io
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: quay.io
logout: true
@ -125,7 +125,7 @@ jobs:
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT
- name: Build and publish image on quay.io
uses: docker/build-push-action@v6
uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
with:
context: ./operator
file: ./operator/calculator.Dockerfile

12
.github/workflows/operator-release-please.yml
Unescape View File

@ -10,7 +10,7 @@ on:
permissions:
contents: write
pull-requests: write
# Necessary for grafana/shared-workflows/actions/dockerhub-login@main
# Necessary for grafana/shared-workflows/actions/dockerhub-login@main
id-token: write
jobs:
@ -30,7 +30,7 @@ jobs:
app-id: "${{ secrets.APP_ID }}"
owner: "${{ github.repository_owner }}"
private-key: "${{ secrets.APP_PRIVATE_KEY }}"
- uses: googleapis/release-please-action@v4
- uses: googleapis/release-please-action@a02a34c4d625f9be7cb89156071d8567266a2445 # v4
id: release
with:
path: operator
@ -45,14 +45,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Set up QEMU"
uses: "docker/setup-qemu-action@v3"
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392" # v3
- name: "Set up docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2" # v3
- name: "Login to DockerHub (from vault)"
uses: "grafana/shared-workflows/actions/dockerhub-login@main"
- name: "Build and push"
timeout-minutes: ${{ env.BUILD_TIMEOUT }}
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1" # v6
with:
context: "operator"
file: "Dockerfile"
@ -82,4 +82,4 @@ jobs:
GH_TOKEN: ${{ steps.get_github_app_token.outputs.token }}
working-directory: "release"
run: |
gh release edit "${{ needs.releasePlease.outputs.release_name }}" --draft=false --latest=false
gh release edit "${{ needs.releasePlease.outputs.release_name }}" --draft=false --latest=false

2
.github/workflows/operator-reusable-hub-release.yml
Unescape View File

@ -80,7 +80,7 @@ jobs:
- name: Add OpenShift Supported versions to redhat catalog
if: ${{ inputs.org == 'redhat-openshift-ecosystem' }}
uses: fjogeleit/yaml-update-action@main
uses: fjogeleit/yaml-update-action@b75e8a929eb61bff6b67a6114943c9468f0bd933 # v0.16.0
with:
valueFile: "operators/loki-operator/${{ env.version }}/metadata/annotations.yaml"
propertyPath: "annotations['com.redhat.openshift.versions']"

2
.github/workflows/operator-scorecard.yaml
Unescape View File

@ -19,7 +19,7 @@ jobs:
uses: actions/setup-go@v5
with:
go-version-file: ./operator/go.mod
- uses: engineerd/setup-kind@v0.5.0
- uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0
with:
version: "v0.17.0"
- name: Run scorecard

4
.github/workflows/operator.yaml
Unescape View File

@ -35,7 +35,7 @@ jobs:
with:
go-version-file: ./operator/go.mod
- name: Lint
uses: golangci/golangci-lint-action@v7
uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7
with:
version: v2.0.2
args: --timeout=5m
@ -89,7 +89,7 @@ jobs:
working-directory: ./operator
run: make test-unit-prometheus
- name: Send coverage
uses: shogo82148/actions-goveralls@v1
uses: shogo82148/actions-goveralls@e6875f831db61e6abffbd8df91a2eb6cd24b46c9 # v1
with:
working-directory: ./operator
path-to-profile: profile.cov

124
.github/workflows/patch-release-pr.yml
Unescape View File

@ -95,7 +95,7 @@ jobs:
--target-branch "${{ steps.extract_branch.outputs.branch }}" \
--token "${{ steps.github_app_token.outputs.token }}" \
--dry-run ${{ fromJSON(env.DRY_RUN) }}
working-directory: "lib"
dist:
needs:
@ -113,11 +113,11 @@ jobs:
persist-credentials: false
repository: "${{ env.RELEASE_REPO }}"
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
with:
version: ">= 452.0.0"
- id: "get-secrets"
@ -158,7 +158,7 @@ jobs:
working-directory: "release"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}"
path: "release/dist"
@ -186,16 +186,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -205,7 +205,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -215,7 +215,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/fluent-bit-plugin-loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/fluent-bit-plugin-loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -250,16 +250,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -269,7 +269,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -279,7 +279,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/fluent-plugin-loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/fluent-plugin-loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -314,16 +314,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -333,7 +333,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -343,7 +343,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/logcli:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/logcli-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -384,16 +384,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -403,7 +403,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -413,7 +413,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/logstash-output-loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/logstash-output-loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -448,16 +448,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -467,7 +467,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -477,7 +477,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -518,16 +518,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -537,7 +537,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -547,7 +547,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki-canary:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-canary-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -588,16 +588,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -607,7 +607,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -617,7 +617,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki-canary-boringcrypto:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-canary-boringcrypto-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -658,19 +658,19 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up QEMU"
uses: "docker/setup-qemu-action@v3"
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392"
- name: "set up docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "parse image platform"
run: |
mkdir -p images
mkdir -p plugins
platform="$(echo "${{ matrix.arch}}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -683,7 +683,7 @@ jobs:
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: |
IMAGE_TAG=${{ needs.version.outputs.version }}
@ -703,7 +703,7 @@ jobs:
.
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/plugins"
path: "release/plugins/loki-docker-driver-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -741,16 +741,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -760,7 +760,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -770,7 +770,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/promtail:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/promtail-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -811,16 +811,16 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- id: "platform"
name: "Parse image platform"
run: |
mkdir -p images
platform="$(echo "${{ matrix.arch }}" | sed "s/\(.*\)\/\(.*\)/\1-\2/")"
echo "platform=${platform}" >> $GITHUB_OUTPUT
echo "platform_short=$(echo ${{ matrix.arch }} | cut -d / -f 2)" >> $GITHUB_OUTPUT
@ -830,7 +830,7 @@ jobs:
if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Build and export"
timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}"
uses: "docker/build-push-action@v6"
uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1"
with:
build-args: "IMAGE_TAG=${{ needs.version.outputs.version }}"
context: "release"
@ -840,7 +840,7 @@ jobs:
tags: "${{ env.IMAGE_PREFIX }}/loki-query-tee:${{ needs.version.outputs.version }}-${{ steps.platform.outputs.platform_short }}"
- if: "${{ fromJSON(needs.version.outputs.pr_created) }}"
name: "Upload artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.BUILD_ARTIFACTS_BUCKET }}/${{ github.sha }}/images"
path: "release/images/loki-query-tee-${{ needs.version.outputs.version}}-${{ steps.platform.outputs.platform }}.tar"
@ -902,7 +902,7 @@ jobs:
name: "get release version"
run: |
npm install
if [[ -z "${{ env.RELEASE_AS }}" ]]; then
npm exec -- release-please release-pr \
--consider-all-branches \
@ -932,16 +932,16 @@ jobs:
--token "${{ steps.github_app_token.outputs.token }}" \
--release-as "${{ env.RELEASE_AS }}"
fi
cat release.json
if [[ `jq length release.json` -gt 1 ]]; then
if [[ `jq length release.json` -gt 1 ]]; then
echo 'release-please would create more than 1 PR, so cannot determine correct version'
echo "pr_created=false" >> $GITHUB_OUTPUT
exit 1
fi
if [[ `jq length release.json` -eq 0 ]]; then
if [[ `jq length release.json` -eq 0 ]]; then
echo "pr_created=false" >> $GITHUB_OUTPUT
else
version="$(npm run --silent get-version)"
@ -958,4 +958,4 @@ name: "Prepare Patch Release PR"
permissions:
contents: "write"
id-token: "write"
pull-requests: "write"
pull-requests: "write"

44
.github/workflows/release.yml
Unescape View File

@ -38,11 +38,11 @@ jobs:
with:
node-version: 20
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
with:
version: ">= 452.0.0"
- id: "get_github_app_token"
@ -79,7 +79,7 @@ jobs:
else
echo "exists=true" >> $GITHUB_OUTPUT
fi
if [[ "$isDraft" == "true" ]]; then
echo "draft=true" >> $GITHUB_OUTPUT
fi
@ -106,7 +106,7 @@ jobs:
working-directory: "release"
- if: "${{ fromJSON(env.PUBLISH_TO_GCS) }}"
name: "release artifacts"
uses: "google-github-actions/upload-cloud-storage@v2"
uses: "google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0"
with:
destination: "${{ env.PUBLISH_BUCKET }}"
parent: false
@ -155,27 +155,27 @@ jobs:
run: |
# Debug and clean the version variable
echo "Original VERSION: $VERSION"
# Remove all quotes (both single and double)
VERSION=$(echo $VERSION | tr -d '"' | tr -d "'")
echo "After removing quotes: $VERSION"
# Extract version without the 'v' prefix if it exists
VERSION="${VERSION#v}"
echo "After removing v prefix: $VERSION"
# Extract major and minor versions
MAJOR=$(echo $VERSION | cut -d. -f1)
MINOR=$(echo $VERSION | cut -d. -f2)
echo "MAJOR: $MAJOR, MINOR: $MINOR"
# Create branch name from template
BRANCH_TEMPLATE="release-\${major}.\${minor}.x"
BRANCH_NAME=${BRANCH_TEMPLATE//\$\{major\}/$MAJOR}
BRANCH_NAME=${BRANCH_NAME//\$\{minor\}/$MINOR}
echo "Checking if branch already exists: $BRANCH_NAME"
# Check if branch exists
if git ls-remote --heads origin $BRANCH_NAME | grep -q $BRANCH_NAME; then
echo "Branch $BRANCH_NAME already exists, skipping creation"
@ -183,16 +183,16 @@ jobs:
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
else
echo "Creating branch: $BRANCH_NAME from tag: ${{ needs.publishRelease.outputs.name }}"
# Create branch from the tag
git fetch --tags
git checkout "${{ steps.extract_branch.outputs.branch }}"
git checkout -b $BRANCH_NAME
# explicity set the github app token to override the release branch protection
git remote set-url origin "https://x-access-token:${{ steps.github_app_token.outputs.token }}@github.com/${{ env.RELEASE_REPO }}"
git push -u origin $BRANCH_NAME
echo "branch_exists=false" >> $GITHUB_OUTPUT
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
fi
@ -216,17 +216,17 @@ jobs:
persist-credentials: false
repository: "${{ env.RELEASE_REPO }}"
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
with:
version: ">= 452.0.0"
- name: "Set up QEMU"
uses: "docker/setup-qemu-action@v3"
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392"
- name: "set up docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- name: "Login to DockerHub (from vault)"
uses: "grafana/shared-workflows/actions/dockerhub-login@main"
- name: "download and prepare plugins"
@ -255,17 +255,17 @@ jobs:
ref: "${{ env.RELEASE_LIB_REF }}"
repository: "grafana/loki-release"
- name: "auth gcs"
uses: "google-github-actions/auth@v2"
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f"
with:
credentials_json: "${{ secrets.GCS_SERVICE_ACCOUNT_KEY }}"
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v2"
uses: "google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a"
with:
version: ">= 452.0.0"
- name: "Set up QEMU"
uses: "docker/setup-qemu-action@v3"
uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392"
- name: "set up docker buildx"
uses: "docker/setup-buildx-action@v3"
uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"
- name: "Login to DockerHub (from vault)"
uses: "grafana/shared-workflows/actions/dockerhub-login@main"
- name: "download images"
@ -359,4 +359,4 @@ name: "create release"
permissions:
contents: "write"
id-token: "write"
pull-requests: "write"
pull-requests: "write"

2
.github/workflows/secret-scanning.yml
Unescape View File

@ -10,7 +10,7 @@ jobs:
fetch-depth: 0
persist-credentials: false
- name: TruffleHog OSS
uses: trufflesecurity/trufflehog@main
uses: trufflesecurity/trufflehog@d722a7e50645c42123e31fe97761a88ade988db8 # v3.88.25
with:
path: ./
base: ${{ github.event.repository.default_branch }}

5
.github/workflows/syft-sbom-ci.yml
Unescape View File

@ -14,9 +14,8 @@ jobs:
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Anchore SBOM Action
uses: anchore/sbom-action@v0.19.0
uses: anchore/sbom-action@9f7302141466aa6482940f15371237e9d9f4c34a # v0.19.0
with:
artifact-name: ${{ github.event.repository.name }}-spdx.json

6
.github/zizmor.yaml
Unescape View File

@ -0,0 +1,6 @@
rules:
unpinned-uses:
config:
policies:
actions/*: any # trust GitHub
grafana/*: any # trust Grafana
Write Preview
Loading…
Cancel
Save