Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: Development workflow #308

Draft
wants to merge 21 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 2 additions & 58 deletions .drone.migration.jsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -21,28 +21,15 @@ local pipeline(name, steps=[], services=[]) = {
steps: [step('runner identification', ['echo $DRONE_RUNNER_NAME'], 'alpine')] + steps,
trigger+: {
ref+: [
'refs/heads/main',
'refs/pull/**',
'refs/tags/v*.*.*',
'refs/tags/weekly-f*',
],
},
};

local mainOnly = {
when: {
ref+: [
'refs/heads/main',
'refs/pull/2/head',
],
},
};

local mainOrReleaseOnly = {
local releaseOnly = {
when: {
ref+: [
'refs/heads/main',
'refs/pull/2/head',
'refs/tags/v*.*.*',
'refs/tags/weekly-f*',
],
Expand Down Expand Up @@ -192,7 +179,7 @@ local generateTagsStep(depends_on=[]) = step('generate tags', [
depends_on: [
'build frontend packages',
],
} + mainOrReleaseOnly,
} + releaseOnly,

step('publish zip to GCS', [], image='plugins/gcs') + {
depends_on: [
Expand Down Expand Up @@ -222,34 +209,6 @@ local generateTagsStep(depends_on=[]) = step('generate tags', [
},
} + releaseOnly,

step('publish zip to GCS with latest-dev', [], image='plugins/gcs') + {
depends_on: [
'package and sign',
],
settings: {
acl: 'allUsers:READER',
source: 'grafana-pyroscope-app-${DRONE_BUILD_NUMBER}.zip',
target: 'grafana-pyroscope-app/releases/grafana-pyroscope-app-edge.zip',
token: {
from_secret: 'gcs_service_account_key',
},
},
} + mainOnly,

step('publish zip to GCS with dev-tag', [], image='plugins/gcs') + {
depends_on: [
'package and sign',
],
settings: {
acl: 'allUsers:READER',
source: 'grafana-pyroscope-app-${DRONE_BUILD_NUMBER}.zip',
target: 'grafana-pyroscope-app/releases/grafana-pyroscope-app-${DRONE_COMMIT}.zip',
token: {
from_secret: 'gcs_service_account_key',
},
},
} + mainOnly,

step('publish zip to GCS with latest', [], image='plugins/gcs') + {
depends_on: [
'package and sign',
Expand Down Expand Up @@ -309,21 +268,6 @@ local generateTagsStep(depends_on=[]) = step('generate tags', [
} + releaseOnly,
]),

pipeline('deploy dev', [
generateTagsStep(),
deployStep('dev'),
]) + {
image_pull_secrets: ['gcr_reader'],
depends_on: [
'build packages',
],
trigger+: {
ref: [
'refs/heads/main',
],
},
},

pipeline('weekly deploy ops', [
generateTagsStep(),
deployStep('ops'),
Expand Down
78 changes: 78 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ on:
env:
BUNDLEWATCH_GITHUB_TOKEN: ${{secrets.BUNDLEWATCH_GITHUB_TOKEN}}

permissions:
contents: read
id-token: write

jobs:
frontend:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -52,6 +56,19 @@ jobs:
- name: Compatibility check
run: npx @grafana/levitate@latest is-compatible --path src/module.ts --target @grafana/data,@grafana/ui,@grafana/runtime

- name: Setup plugin signing
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
vault_instance: ops
common_secrets: |
SIGN_PLUGIN_ACCESS_POLICY_TOKEN=plugins/sign-plugin-access-policy-token:token

# create MANIFEST in dist
- name: Sign plugin
run: yarn sign
env:
GRAFANA_ACCESS_POLICY_TOKEN: ${{ env.SIGN_PLUGIN_ACCESS_POLICY_TOKEN }}

- uses: actions/upload-artifact@v4
if: always()
with:
Expand Down Expand Up @@ -111,3 +128,64 @@ jobs:
e2e/test-reports
e2e/test-results
retention-days: 15

package:
name: Package signed plugin
needs: [ frontend ]
environment: pull-requests
runs-on: ubuntu-latest
outputs:
package_id: ${{ steps.metadata.outputs.package_id }}
steps:
# Required to correctly auth to GCS
- name: Prepare - GCS
uses: actions/checkout@v4

- name: Prepare - Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-frontend
path: dist

- name: Get plugin metadata
id: metadata
run: |
sudo apt-get install jq

export GRAFANA_PLUGIN_ID=$(cat dist/plugin.json | jq -r .id)
export GRAFANA_PLUGIN_VERSION=$(cat dist/plugin.json | jq -r .info.version)
export SHA=${{ github.event.pull_request.head.sha || github.sha }}
export PACKAGE_ID=${GRAFANA_PLUGIN_ID}-${GRAFANA_PLUGIN_VERSION}-${SHA}
echo "plugin_id=${GRAFANA_PLUGIN_ID}" >> $GITHUB_OUTPUT
echo "package_id=${PACKAGE_ID}" >> $GITHUB_OUTPUT
echo "archive_name=${PACKAGE_ID}.zip" >> $GITHUB_OUTPUT

- name: Debug
run: echo archive_name=${{ steps.metadata.outputs.archive_name }}, plugin_id=${{ steps.metadata.outputs.plugin_id }}

- name: Package plugin
run: |
mv dist ${{ steps.metadata.outputs.plugin_id }}
zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r

- name: Login to GCS
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCS_SERVICE_ACCOUNT }}

- name: Upload to GCS
uses: 'google-github-actions/upload-cloud-storage@v1'
with:
path: ./
destination: 'grafana-pyroscope-app/test'
glob: '*.zip'

deploy-to-dev:
name: Deploy PR to dev (dry run)
needs: [ package ]
runs-on: ubuntu-latest
environment: pull-requests
steps:
- name: Publish to dev
run: echo [[Test message]] Package ${{ needs.package.outputs.package_id }} deployed to dev
Loading
Loading