From f428beaa565109f9920899158249811179a9fbdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 15:30:30 +0100 Subject: [PATCH 01/20] Sign and package --- .drone.migration.jsonnet | 60 ++------------------------------- .github/workflows/ci.yml | 48 +++++++++++++++++++++++++++ drone_migration.yaml | 71 ++-------------------------------------- 3 files changed, 52 insertions(+), 127 deletions(-) diff --git a/.drone.migration.jsonnet b/.drone.migration.jsonnet index e97269ba..e757b2dc 100644 --- a/.drone.migration.jsonnet +++ b/.drone.migration.jsonnet @@ -21,28 +21,15 @@ local pipeline(name, steps=[], services=[]) = { steps: [step('runner identification', ['echo $DRONE_RUNNER_NAME'], 'alpine')] + steps, trigger+: { ref+: [ - 'refs/heads/main', - 'refs/pull/**', 'refs/tags/v*.*.*', 'refs/tags/weekly-f*', ], }, }; -local mainOnly = { - when: { - ref+: [ - 'refs/heads/main', - 'refs/pull/2/head', - ], - }, -}; - -local mainOrReleaseOnly = { +local releaseOnly = { when: { ref+: [ - 'refs/heads/main', - 'refs/pull/2/head', 'refs/tags/v*.*.*', 'refs/tags/weekly-f*', ], @@ -192,7 +179,7 @@ local generateTagsStep(depends_on=[]) = step('generate tags', [ depends_on: [ 'build frontend packages', ], - } + mainOrReleaseOnly, + } + releaseOnly, step('publish zip to GCS', [], image='plugins/gcs') + { depends_on: [ @@ -222,34 +209,6 @@ local generateTagsStep(depends_on=[]) = step('generate tags', [ }, } + releaseOnly, - step('publish zip to GCS with latest-dev', [], image='plugins/gcs') + { - depends_on: [ - 'package and sign', - ], - settings: { - acl: 'allUsers:READER', - source: 'grafana-pyroscope-app-${DRONE_BUILD_NUMBER}.zip', - target: 'grafana-pyroscope-app/releases/grafana-pyroscope-app-edge.zip', - token: { - from_secret: 'gcs_service_account_key', - }, - }, - } + mainOnly, - - step('publish zip to GCS with dev-tag', [], image='plugins/gcs') + { - depends_on: [ - 'package and sign', - ], - settings: { - acl: 'allUsers:READER', - source: 'grafana-pyroscope-app-${DRONE_BUILD_NUMBER}.zip', - target: 'grafana-pyroscope-app/releases/grafana-pyroscope-app-${DRONE_COMMIT}.zip', - token: { - from_secret: 'gcs_service_account_key', - }, - }, - } + mainOnly, - step('publish zip to GCS with latest', [], image='plugins/gcs') + { depends_on: [ 'package and sign', @@ -309,21 +268,6 @@ local generateTagsStep(depends_on=[]) = step('generate tags', [ } + releaseOnly, ]), - pipeline('deploy dev', [ - generateTagsStep(), - deployStep('dev'), - ]) + { - image_pull_secrets: ['gcr_reader'], - depends_on: [ - 'build packages', - ], - trigger+: { - ref: [ - 'refs/heads/main', - ], - }, - }, - pipeline('weekly deploy ops', [ generateTagsStep(), deployStep('ops'), diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0d6eb765..3c1178a7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,3 +111,51 @@ jobs: e2e/test-reports e2e/test-results retention-days: 15 + + package: + name: Sign and package + runs-on: ubuntu-latest + steps: + # Required to correctly auth to GCS + - name: Prepare - GCS + uses: actions/checkout@v4 + + - name: Prepare - Download build artifacts + uses: actions/download-artifact@v4 + with: + pattern: build-frontend + path: dist + + - name: Prepare - Credentials + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + vault_instance: ops + common_secrets: | + SIGN_PLUGIN_ACCESS_POLICY_TOKEN=plugins/sign-plugin-access-policy-token:token + + - name: Get plugin metadata + id: metadata + run: | + sudo apt-get install jq + + export GRAFANA_PLUGIN_ID=$(cat dist/plugin.json | jq -r .id) + export GRAFANA_PLUGIN_VERSION=$(cat dist/plugin.json | jq -r .info.version) + export SHA=${{ github.event.pull_request.head.sha || github.sha }} + export HASH=$(echo $SHA | cut -c1-7) + export PACKAGE_ID=${GRAFANA_PLUGIN_ID}-${GRAFANA_PLUGIN_VERSION}-${HASH} + echo "plugin_id=${GRAFANA_PLUGIN_ID}" >> $GITHUB_OUTPUT + echo "archive_name=${PACKAGE_ID}.zip" >> $GITHUB_OUTPUT + + - name: Debug + run: echo package_id=${{ steps.metadata.outputs.archive_name }}, plugin_id=${{ steps.metadata.outputs.plugin_id }} + + - name: Sign plugin + run: yarn sign + env: + GRAFANA_ACCESS_POLICY_TOKEN: ${{ env.SIGN_PLUGIN_ACCESS_POLICY_TOKEN }} + + - name: Package plugin + id: package-plugin + run: | + mv dist ${{ steps.metadata.outputs.plugin_id }} + zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r diff --git a/drone_migration.yaml b/drone_migration.yaml index a34ed553..f30e6178 100644 --- a/drone_migration.yaml +++ b/drone_migration.yaml @@ -38,9 +38,9 @@ image: node:20-bullseye name: package and sign when: + event: + - tag ref: - - refs/heads/main - - refs/pull/2/head - refs/tags/v*.*.* - refs/tags/weekly-f* - commands: [] @@ -77,36 +77,6 @@ ref: - refs/tags/v*.*.* - refs/tags/weekly-f* - - commands: [] - depends_on: - - package and sign - image: plugins/gcs - name: publish zip to GCS with latest-dev - settings: - acl: allUsers:READER - source: grafana-pyroscope-app-${DRONE_BUILD_NUMBER}.zip - target: grafana-pyroscope-app/releases/grafana-pyroscope-app-edge.zip - token: - from_secret: gcs_service_account_key - when: - ref: - - refs/heads/main - - refs/pull/2/head - - commands: [] - depends_on: - - package and sign - image: plugins/gcs - name: publish zip to GCS with dev-tag - settings: - acl: allUsers:READER - source: grafana-pyroscope-app-${DRONE_BUILD_NUMBER}.zip - target: grafana-pyroscope-app/releases/grafana-pyroscope-app-${DRONE_COMMIT}.zip - token: - from_secret: gcs_service_account_key - when: - ref: - - refs/heads/main - - refs/pull/2/head - commands: [] depends_on: - package and sign @@ -179,46 +149,9 @@ - refs/tags/weekly-f* trigger: ref: - - refs/heads/main - - refs/pull/** - refs/tags/v*.*.* - refs/tags/weekly-f* type: docker -- depends_on: - - build packages - image_pull_secrets: - - gcr_reader - kind: pipeline - name: deploy dev - services: [] - steps: - - commands: - - echo $DRONE_RUNNER_NAME - image: alpine - name: runner identification - - commands: - - git fetch origin --tags - - git status --porcelain --untracked-files=no - - git diff --no-ext-diff --quiet - depends_on: [] - image: golang:1.20.4 - name: generate tags - - depends_on: - - generate tags - image: us.gcr.io/kubernetes-dev/drone/plugins/argo-cli - name: launch deploy-plugin-dev workflow - settings: - add_ci_labels: true - command: submit --from workflowtemplate/deploy-plugin-dev --name deploy-plugin-dev-${DRONE_COMMIT} - --parameter plugintag=${DRONE_COMMIT} - log_level: debug - namespace: phlare-cd - token: - from_secret: argo_token - trigger: - ref: - - refs/heads/main - type: docker - depends_on: - build packages image_pull_secrets: From 897ed4cb348db7491f96198010ba8413456b3716 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 15:31:47 +0100 Subject: [PATCH 02/20] Update dependency --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c1178a7..1919af45 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -114,6 +114,7 @@ jobs: package: name: Sign and package + needs: [ frontend ] runs-on: ubuntu-latest steps: # Required to correctly auth to GCS From 5de2b3364c9a10ece4ec8c6210735492c5569d2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 15:48:23 +0100 Subject: [PATCH 03/20] Allow getting OIDC token --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1919af45..5e8438e4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,10 @@ on: env: BUNDLEWATCH_GITHUB_TOKEN: ${{secrets.BUNDLEWATCH_GITHUB_TOKEN}} +permissions: + contents: read + id-token: write + jobs: frontend: runs-on: ubuntu-latest From fc735a9a58a18bf5ac77d861c1865091e012a2c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 15:56:38 +0100 Subject: [PATCH 04/20] Sign the plugin when building --- .github/workflows/ci.yml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5e8438e4..230d1098 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,6 +56,19 @@ jobs: - name: Compatibility check run: npx @grafana/levitate@latest is-compatible --path src/module.ts --target @grafana/data,@grafana/ui,@grafana/runtime + - name: Setup plugin signing + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + vault_instance: ops + common_secrets: | + SIGN_PLUGIN_ACCESS_POLICY_TOKEN=plugins/sign-plugin-access-policy-token:token + + # create MANIFEST in dist + - name: Sign plugin + run: yarn sign + env: + GRAFANA_ACCESS_POLICY_TOKEN: ${{ env.SIGN_PLUGIN_ACCESS_POLICY_TOKEN }} + - uses: actions/upload-artifact@v4 if: always() with: @@ -117,7 +130,7 @@ jobs: retention-days: 15 package: - name: Sign and package + name: Package signed plugin needs: [ frontend ] runs-on: ubuntu-latest steps: @@ -131,13 +144,6 @@ jobs: pattern: build-frontend path: dist - - name: Prepare - Credentials - uses: grafana/shared-workflows/actions/get-vault-secrets@main - with: - vault_instance: ops - common_secrets: | - SIGN_PLUGIN_ACCESS_POLICY_TOKEN=plugins/sign-plugin-access-policy-token:token - - name: Get plugin metadata id: metadata run: | @@ -154,11 +160,6 @@ jobs: - name: Debug run: echo package_id=${{ steps.metadata.outputs.archive_name }}, plugin_id=${{ steps.metadata.outputs.plugin_id }} - - name: Sign plugin - run: yarn sign - env: - GRAFANA_ACCESS_POLICY_TOKEN: ${{ env.SIGN_PLUGIN_ACCESS_POLICY_TOKEN }} - - name: Package plugin id: package-plugin run: | From dba7b24450b55178b149cdd3bd5c9138d577e2dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 16:00:33 +0100 Subject: [PATCH 05/20] Debug dist paths --- .github/workflows/ci.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 230d1098..2eac8a8d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -141,9 +141,14 @@ jobs: - name: Prepare - Download build artifacts uses: actions/download-artifact@v4 with: - pattern: build-frontend + name: build-frontend path: dist + - name: Debug paths + run: | + ls -al + ls -al dist + - name: Get plugin metadata id: metadata run: | @@ -158,7 +163,7 @@ jobs: echo "archive_name=${PACKAGE_ID}.zip" >> $GITHUB_OUTPUT - name: Debug - run: echo package_id=${{ steps.metadata.outputs.archive_name }}, plugin_id=${{ steps.metadata.outputs.plugin_id }} + run: echo archive_name=${{ steps.metadata.outputs.archive_name }}, plugin_id=${{ steps.metadata.outputs.plugin_id }} - name: Package plugin id: package-plugin From 13e4876627a9f2174068bcd305fe8ab759cacf9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 16:12:46 +0100 Subject: [PATCH 06/20] Upload to GCS --- .github/workflows/ci.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2eac8a8d..db2de453 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -170,3 +170,18 @@ jobs: run: | mv dist ${{ steps.metadata.outputs.plugin_id }} zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r + + - name: Login to Google Cloud + uses: google-github-actions/auth@v2.1.7 + with: + workload_identity_provider: "projects/304398677251/locations/global/workloadIdentityPools/github/providers/github-provider" + service_account: github-plugin-ci-workflows@grafanalabs-workload-identity.iam.gserviceaccount.com + + - id: 'upload-to-gcs' + name: 'Upload assets to latest' + uses: 'google-github-actions/upload-cloud-storage@v1' + with: + path: ./ + destination: 'grafana-pyroscope-app/commits/' + glob: '*.zip' + parent: false From 040cea9c14a446e3b5b207aafa1c2aef1f8e3632 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 16:17:54 +0100 Subject: [PATCH 07/20] Try uploading to integration-artifacts --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index db2de453..5d59e304 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -182,6 +182,6 @@ jobs: uses: 'google-github-actions/upload-cloud-storage@v1' with: path: ./ - destination: 'grafana-pyroscope-app/commits/' + destination: 'integration-artifacts/grafana-pyroscope-app/commits/' glob: '*.zip' parent: false From 4b12990f7c18471968c34c4de967605e35e7c79b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 17:52:18 +0100 Subject: [PATCH 08/20] Update upload action --- .github/workflows/ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d59e304..81309b38 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -178,10 +178,11 @@ jobs: service_account: github-plugin-ci-workflows@grafanalabs-workload-identity.iam.gserviceaccount.com - id: 'upload-to-gcs' - name: 'Upload assets to latest' - uses: 'google-github-actions/upload-cloud-storage@v1' + name: 'Upload assets to GCS' + uses: google-github-actions/upload-cloud-storage@v2.2.1 with: path: ./ destination: 'integration-artifacts/grafana-pyroscope-app/commits/' glob: '*.zip' parent: false + process_gcloudignore: false From d7c0219300f184a1985e6d821f9b43cfd63afe96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 17:56:35 +0100 Subject: [PATCH 09/20] Debug --- .github/workflows/ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 81309b38..2063d23c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -144,11 +144,6 @@ jobs: name: build-frontend path: dist - - name: Debug paths - run: | - ls -al - ls -al dist - - name: Get plugin metadata id: metadata run: | @@ -177,6 +172,10 @@ jobs: workload_identity_provider: "projects/304398677251/locations/global/workloadIdentityPools/github/providers/github-provider" service_account: github-plugin-ci-workflows@grafanalabs-workload-identity.iam.gserviceaccount.com + - name: Debug paths + run: | + ls -al + - id: 'upload-to-gcs' name: 'Upload assets to GCS' uses: google-github-actions/upload-cloud-storage@v2.2.1 From e70e0a3dd7978b395b91d41baed7766c9b7ba7fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 23:36:58 +0100 Subject: [PATCH 10/20] Upload with different SA --- .github/workflows/ci.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2063d23c..47a249a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -166,22 +166,24 @@ jobs: mv dist ${{ steps.metadata.outputs.plugin_id }} zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r + - name: Setup GSC upload + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + vault_instance: ops + common_secrets: | + GCP_UPLOAD_ARTIFACTS_KEY=grafana/integration-artifacts-uploader-service-account:'credentials.json' + - name: Login to Google Cloud uses: google-github-actions/auth@v2.1.7 with: - workload_identity_provider: "projects/304398677251/locations/global/workloadIdentityPools/github/providers/github-provider" - service_account: github-plugin-ci-workflows@grafanalabs-workload-identity.iam.gserviceaccount.com - - - name: Debug paths - run: | - ls -al + credentials_json: ${{ env.GCP_UPLOAD_ARTIFACTS_KEY }} - id: 'upload-to-gcs' name: 'Upload assets to GCS' uses: google-github-actions/upload-cloud-storage@v2.2.1 with: path: ./ - destination: 'integration-artifacts/grafana-pyroscope-app/commits/' + destination: 'integration-artifacts/grafana-pyroscope-app/test/' glob: '*.zip' parent: false process_gcloudignore: false From 41084e0faffa84a5dc7e63bd006cb449e4a283d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 23:41:17 +0100 Subject: [PATCH 11/20] Try uploading to old location --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 47a249a0..72e5d85f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -183,7 +183,7 @@ jobs: uses: google-github-actions/upload-cloud-storage@v2.2.1 with: path: ./ - destination: 'integration-artifacts/grafana-pyroscope-app/test/' + destination: 'grafana-pyroscope-app/test/' glob: '*.zip' parent: false process_gcloudignore: false From 666625082f047fc77ec789f9312b3ffeb20d5162 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 6 Dec 2024 23:52:14 +0100 Subject: [PATCH 12/20] Use Drone SA --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 72e5d85f..28e5a914 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -171,7 +171,7 @@ jobs: with: vault_instance: ops common_secrets: | - GCP_UPLOAD_ARTIFACTS_KEY=grafana/integration-artifacts-uploader-service-account:'credentials.json' + GCP_UPLOAD_ARTIFACTS_KEY=infra/data/ci/drone-plugins:'credentials.json' - name: Login to Google Cloud uses: google-github-actions/auth@v2.1.7 From 1d83afd1674dd6ec50f9f7fe303b25fff85af617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Mon, 9 Dec 2024 12:42:17 +0100 Subject: [PATCH 13/20] Use migrated version --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 28e5a914..10671d8f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -171,7 +171,7 @@ jobs: with: vault_instance: ops common_secrets: | - GCP_UPLOAD_ARTIFACTS_KEY=infra/data/ci/drone-plugins:'credentials.json' + GCP_UPLOAD_ARTIFACTS_KEY=grafana-com-iap/gcp_iap_service_account_key_ops:'credentials.json' - name: Login to Google Cloud uses: google-github-actions/auth@v2.1.7 From 889272386c64085084500b84ddd37279828b69d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Mon, 9 Dec 2024 14:00:51 +0100 Subject: [PATCH 14/20] Add dev deployment step --- .github/workflows/ci.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 10671d8f..4831b079 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -133,6 +133,8 @@ jobs: name: Package signed plugin needs: [ frontend ] runs-on: ubuntu-latest + outputs: + package_id: ${{ steps.metadata.outputs.package_id }} steps: # Required to correctly auth to GCS - name: Prepare - GCS @@ -155,6 +157,7 @@ jobs: export HASH=$(echo $SHA | cut -c1-7) export PACKAGE_ID=${GRAFANA_PLUGIN_ID}-${GRAFANA_PLUGIN_VERSION}-${HASH} echo "plugin_id=${GRAFANA_PLUGIN_ID}" >> $GITHUB_OUTPUT + echo "package_id=${PACKAGE_ID}" >> $GITHUB_OUTPUT echo "archive_name=${PACKAGE_ID}.zip" >> $GITHUB_OUTPUT - name: Debug @@ -171,7 +174,7 @@ jobs: with: vault_instance: ops common_secrets: | - GCP_UPLOAD_ARTIFACTS_KEY=grafana-com-iap/gcp_iap_service_account_key_ops:'credentials.json' + GCP_UPLOAD_ARTIFACTS_KEY=grafana/integration-artifacts-uploader-service-account:'credentials.json' - name: Login to Google Cloud uses: google-github-actions/auth@v2.1.7 @@ -183,7 +186,16 @@ jobs: uses: google-github-actions/upload-cloud-storage@v2.2.1 with: path: ./ - destination: 'grafana-pyroscope-app/test/' + destination: 'integration-artifacts/grafana-pyroscope-app/test/' glob: '*.zip' parent: false process_gcloudignore: false + + deploy-to-dev: + name: Deploy PR to dev (dry run) + needs: [ package ] + runs-on: ubuntu-latest + environment: pull-requests + steps: + - name: Publish to dev + run: echo [[Test message]] Package ${{ needs.package.outputs.package_id }} deployed to dev From 154d9668639663fd92abd962886f9ec477d439ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Mon, 9 Dec 2024 15:44:40 +0100 Subject: [PATCH 15/20] Push to pyroscope bucket again with shared workflow --- .github/workflows/ci.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4831b079..a029d5de 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -183,13 +183,14 @@ jobs: - id: 'upload-to-gcs' name: 'Upload assets to GCS' - uses: google-github-actions/upload-cloud-storage@v2.2.1 + uses: grafana/shared-workflows/actions/push-to-gcs@main with: + environment: prod path: ./ - destination: 'integration-artifacts/grafana-pyroscope-app/test/' + bucket: 'grafana-pyroscope-app' + bucket_path: 'test' glob: '*.zip' parent: false - process_gcloudignore: false deploy-to-dev: name: Deploy PR to dev (dry run) From 1ef927316187b7d586ccadd60b33babe3a3388ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Mon, 9 Dec 2024 15:48:39 +0100 Subject: [PATCH 16/20] Add login to gcs step --- .github/workflows/ci.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a029d5de..1bd7aa46 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -176,10 +176,11 @@ jobs: common_secrets: | GCP_UPLOAD_ARTIFACTS_KEY=grafana/integration-artifacts-uploader-service-account:'credentials.json' - - name: Login to Google Cloud - uses: google-github-actions/auth@v2.1.7 + - id: login-to-gcs + name: Login to GCS + uses: grafana/shared-workflows/actions/login-to-gcs@main with: - credentials_json: ${{ env.GCP_UPLOAD_ARTIFACTS_KEY }} + environment: prod - id: 'upload-to-gcs' name: 'Upload assets to GCS' From 8b955acb7a8ed7619bb725e1d12f8bc8a0a3e9c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 13 Dec 2024 15:15:22 +0100 Subject: [PATCH 17/20] Use new SA --- .github/workflows/ci.yml | 29 +++++------------------------ 1 file changed, 5 insertions(+), 24 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1bd7aa46..b846382d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -154,8 +154,7 @@ jobs: export GRAFANA_PLUGIN_ID=$(cat dist/plugin.json | jq -r .id) export GRAFANA_PLUGIN_VERSION=$(cat dist/plugin.json | jq -r .info.version) export SHA=${{ github.event.pull_request.head.sha || github.sha }} - export HASH=$(echo $SHA | cut -c1-7) - export PACKAGE_ID=${GRAFANA_PLUGIN_ID}-${GRAFANA_PLUGIN_VERSION}-${HASH} + export PACKAGE_ID=${GRAFANA_PLUGIN_ID}-${GRAFANA_PLUGIN_VERSION}-${SHA} echo "plugin_id=${GRAFANA_PLUGIN_ID}" >> $GITHUB_OUTPUT echo "package_id=${PACKAGE_ID}" >> $GITHUB_OUTPUT echo "archive_name=${PACKAGE_ID}.zip" >> $GITHUB_OUTPUT @@ -169,29 +168,11 @@ jobs: mv dist ${{ steps.metadata.outputs.plugin_id }} zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r - - name: Setup GSC upload - uses: grafana/shared-workflows/actions/get-vault-secrets@main - with: - vault_instance: ops - common_secrets: | - GCP_UPLOAD_ARTIFACTS_KEY=grafana/integration-artifacts-uploader-service-account:'credentials.json' - - - id: login-to-gcs - name: Login to GCS - uses: grafana/shared-workflows/actions/login-to-gcs@main - with: - environment: prod - - - id: 'upload-to-gcs' - name: 'Upload assets to GCS' - uses: grafana/shared-workflows/actions/push-to-gcs@main + - id: Login to GCS + uses: 'google-github-actions/auth@v2' with: - environment: prod - path: ./ - bucket: 'grafana-pyroscope-app' - bucket_path: 'test' - glob: '*.zip' - parent: false + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} + service_account: ${{ secrets.GCS_SERVICE_ACCOUNT }} deploy-to-dev: name: Deploy PR to dev (dry run) From 3a956be615edd0c13cd209542df46ee7ba5f58eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 13 Dec 2024 15:18:36 +0100 Subject: [PATCH 18/20] Fix id/names --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b846382d..f47d09bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -163,12 +163,11 @@ jobs: run: echo archive_name=${{ steps.metadata.outputs.archive_name }}, plugin_id=${{ steps.metadata.outputs.plugin_id }} - name: Package plugin - id: package-plugin run: | mv dist ${{ steps.metadata.outputs.plugin_id }} zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r - - id: Login to GCS + - name: Login to GCS uses: 'google-github-actions/auth@v2' with: workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} From 57e818a9391e888a811fba8303907a9bfad0bdda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 13 Dec 2024 15:31:06 +0100 Subject: [PATCH 19/20] Upload --- .github/workflows/ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f47d09bf..673ff58a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -132,6 +132,7 @@ jobs: package: name: Package signed plugin needs: [ frontend ] + environment: pull-requests runs-on: ubuntu-latest outputs: package_id: ${{ steps.metadata.outputs.package_id }} @@ -173,6 +174,13 @@ jobs: workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} service_account: ${{ secrets.GCS_SERVICE_ACCOUNT }} + - name: Upload to GCS + uses: 'google-github-actions/upload-cloud-storage@v1' + with: + path: ./ + destination: 'pyroscope-grafana-app/test' + glob: '*.zip' + deploy-to-dev: name: Deploy PR to dev (dry run) needs: [ package ] From 9d11c7cb08f4c5e4bb8a2e0ea9e8e53f310aed8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Jamr=C3=B3z?= Date: Fri, 13 Dec 2024 15:36:18 +0100 Subject: [PATCH 20/20] Fix bucket name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 673ff58a..65acd948 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -178,7 +178,7 @@ jobs: uses: 'google-github-actions/upload-cloud-storage@v1' with: path: ./ - destination: 'pyroscope-grafana-app/test' + destination: 'grafana-pyroscope-app/test' glob: '*.zip' deploy-to-dev: