Merge branch 'main' into jdb/2023-01-add-doc-validator

grafana · Sep 27, 2023 · 6bcdc0c · 6bcdc0c
2 parents c01829b + 4e4ab76
commit 6bcdc0c
Show file tree

Hide file tree

Showing 1,304 changed files with 40,760 additions and 24,463 deletions.
diff --git a/.drone/drone.yml b/.drone/drone.yml
diff --git a/.drone/pipelines/publish.jsonnet b/.drone/pipelines/publish.jsonnet
@@ -1,6 +1,7 @@
 local build_image = import '../util/build_image.jsonnet';
 local pipelines = import '../util/pipelines.jsonnet';
 local secrets = import '../util/secrets.jsonnet';
+local ghTokenFilename = '/drone/src/gh-token.txt';
 
 // job_names gets the list of job names for use in depends_on.
 local job_names = function(jobs) std.map(function(job) job.name, jobs);
@@ -112,12 +113,11 @@ linux_containers_jobs + windows_containers_jobs + [
         settings: {
           config_json: |||
             {
+              "git_committer_name": "updater-for-ci[bot]",
+              "git_author_name": "updater-for-ci[bot]",
+              "git_committer_email": "119986603+updater-for-ci[bot]@users.noreply.github.com",
+              "git_author_email": "119986603+updater-for-ci[bot]@users.noreply.github.com",
               "destination_branch": "master",
-              "pull_request_branch_prefix": "cd-agent",
-              "pull_request_enabled": false,
-              "pull_request_team_reviewers": [
-                "agent-squad"
-              ],
               "repo_name": "deployment_tools",
               "update_jsonnet_attribute_configs": [
                 {
@@ -138,7 +138,9 @@ linux_containers_jobs + windows_containers_jobs + [
               ]
             }
           |||,
-          github_token: secrets.gh_token.fromSecret,
+          github_app_id: secrets.updater_app_id.fromSecret,
+          github_app_installation_id: secrets.updater_app_installation_id.fromSecret,
+          github_app_private_key: secrets.updater_private_key.fromSecret,
         },
       },
     ],
@@ -150,29 +152,44 @@ linux_containers_jobs + windows_containers_jobs + [
       ref: ['refs/tags/v*'],
     },
     depends_on: job_names(linux_containers_jobs + windows_containers_jobs),
-    steps: [{
-      name: 'Publish release',
-      image: build_image.linux,
-      volumes: [{
-        name: 'docker',
-        path: '/var/run/docker.sock',
-      }],
-      environment: {
-        DOCKER_LOGIN: secrets.docker_login.fromSecret,
-        DOCKER_PASSWORD: secrets.docker_password.fromSecret,
-        GITHUB_TOKEN: secrets.gh_token.fromSecret,
-        GPG_PRIVATE_KEY: secrets.gpg_private_key.fromSecret,
-        GPG_PUBLIC_KEY: secrets.gpg_public_key.fromSecret,
-        GPG_PASSPHRASE: secrets.gpg_passphrase.fromSecret,
+    image_pull_secrets: ['dockerconfigjson'],
+    steps: [
+      {
+        name: 'Generate GitHub token',
+        image: 'us.gcr.io/kubernetes-dev/github-app-secret-writer:latest',
+        environment: {
+          GITHUB_APP_ID: secrets.updater_app_id.fromSecret,
+          GITHUB_APP_INSTALLATION_ID: secrets.updater_app_installation_id.fromSecret,
+          GITHUB_APP_PRIVATE_KEY: secrets.updater_private_key.fromSecret,
+        },
+        commands: [
+          '/usr/bin/github-app-external-token > %s' % ghTokenFilename
+        ]
       },
-      commands: [
-        'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD',
-        'make -j4 RELEASE_BUILD=1 VERSION=${DRONE_TAG} dist',
-        |||
-          VERSION=${DRONE_TAG} RELEASE_DOC_TAG=$(echo ${DRONE_TAG} | awk -F '.' '{print $1"."$2}') ./tools/release
-        |||,
-      ],
-    }],
+      {
+        name: 'Publish release',
+        image: build_image.linux,
+        volumes: [{
+          name: 'docker',
+          path: '/var/run/docker.sock',
+        }],
+        environment: {
+          DOCKER_LOGIN: secrets.docker_login.fromSecret,
+          DOCKER_PASSWORD: secrets.docker_password.fromSecret,
+          GPG_PRIVATE_KEY: secrets.gpg_private_key.fromSecret,
+          GPG_PUBLIC_KEY: secrets.gpg_public_key.fromSecret,
+          GPG_PASSPHRASE: secrets.gpg_passphrase.fromSecret,
+        },
+        commands: [
+          'export GITHUB_TOKEN=$(cat %s)' % ghTokenFilename,
+          'docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD',
+          'make -j4 RELEASE_BUILD=1 VERSION=${DRONE_TAG} dist',
+          |||
+            VERSION=${DRONE_TAG} RELEASE_DOC_TAG=$(echo ${DRONE_TAG} | awk -F '.' '{print $1"."$2}') ./tools/release
+          |||,
+        ],
+      }
+    ],
     volumes: [{
       name: 'docker',
       host: { path: '/var/run/docker.sock' },

diff --git a/.drone/util/secrets.jsonnet b/.drone/util/secrets.jsonnet
@@ -12,7 +12,17 @@ local newSecret(name) = {
 {
   dockerconfigjson: newSecret('dockerconfigjson').getFrom(path='secret/data/common/gcr', name='.dockerconfigjson'),
   gcr_admin: newSecret('gcr_admin').getFrom(path='infra/data/ci/gcr-admin', name='.dockerconfigjson'),
-  gh_token: newSecret('gh_token').getFrom(path='infra/data/ci/github/grafanabot', name='pat'),
+
+  // Agent Github App
+  private_key: newSecret('private_key').getFrom(path='infra/data/ci/agent/githubapp', name='private-key'),
+  app_id: newSecret('app_id').getFrom(path='infra/data/ci/agent/githubapp', name='app-id'),
+  app_installation_id: newSecret('app_installation_id').getFrom(path='infra/data/ci/agent/githubapp', name='app-installation-id'),
+
+  // Updater secrets for pushing to deployment_tools
+  updater_private_key: newSecret('updater_private_key').getFrom(path='infra/data/ci/github/updater-app', name='private-key'),
+  updater_app_id: newSecret('updater_app_id').getFrom(path='infra/data/ci/github/updater-app', name='app-id'),
+  updater_app_installation_id: newSecret('updater_app_installation_id').getFrom(path='infra/data/ci/github/updater-app', name='app-installation-id'),
+
   gpg_public_key: newSecret('gpg_public_key').getFrom(path='infra/data/ci/packages-publish/gpg', name='public-key'),
   gpg_private_key: newSecret('gpg_private_key').getFrom(path='infra/data/ci/packages-publish/gpg', name='private-key'),
   gpg_passphrase: newSecret('gpg_passphrase').getFrom(path='infra/data/ci/packages-publish/gpg', name='passphrase'),

diff --git a/.github/depcheck.yml b/.github/depcheck.yml
@@ -10,7 +10,6 @@ go_modules:
   - github.com/prometheus/memcached_exporter
   - github.com/prometheus/node_exporter
   - github.com/prometheus/statsd_exporter
-  - github.com/weaveworks/common
   - go.opentelemetry.io/collector
   - sigs.k8s.io/controller-runtime
 

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -15,3 +15,8 @@ updates:
       - dependency-name: "github.com/open-telemetry/opentelemetry-collector-contrib/*"
       - dependency-name: "go.opentelemetry.io/collector"
       - dependency-name: "go.opentelemetry.io/collector/model"
+  - package-ecosystem: "npm"
+    directory: "/web/ui"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 2
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -19,6 +19,9 @@ contributors around things like how to update the changelog.
 
 #### PR Checklist
 
-- [ ] CHANGELOG updated
+<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
+
+- [ ] CHANGELOG.md updated
 - [ ] Documentation added
 - [ ] Tests updated
+- [ ] Config converters updated
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Actions
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: "grafana/grafana-github-actions"
           path: ./actions

diff --git a/.github/workflows/bump-formula-pr.yml b/.github/workflows/bump-formula-pr.yml
@@ -1,17 +1,23 @@
 name: bump-formula-pr
 on:
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-  push:
-    tags:
-      - 'v*'
-      - '!v*-rc*' # Ignore release candidates
+  release:
+    types: [released]
+
 jobs:
   homebrew-core:
     name: homebrew-core
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     steps:
+    - name: Get latest release
+      uses: rez0n/actions-github-release@main
+      id: latest_release
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        repository: "${{ github.repository }}"
+        type: "stable"
+
     - name: Update Homebrew formula
+      if: 'steps.latest_release.outputs.release_id == github.event.release.id'
       uses: dawidd6/action-homebrew-bump-formula@v3
       with:
         # Required, custom GitHub access token with the 'public_repo' and 'workflow' scopes
@@ -24,11 +30,21 @@ jobs:
         revision: ${{github.sha}}
         # Optional, if don't want to check for already open PRs
         force: false # true
+
   homebrew-grafana:
     name: homebrew-grafana
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     steps:
+    - name: Get latest release
+      uses: rez0n/actions-github-release@main
+      id: latest_release
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        repository: "${{ github.repository }}"
+        type: "stable"
+
     - name: Update Homebrew formula
+      if: 'steps.latest_release.outputs.release_id == github.event.release.id'
       uses: dawidd6/action-homebrew-bump-formula@v3
       with:
         # Required, custom GitHub access token with the 'public_repo' and 'workflow' scopes

diff --git a/.github/workflows/check_docs.yml b/.github/workflows/check_docs.yml
@@ -17,7 +17,11 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
     - name: "Check out code"
-      uses: "actions/checkout@v3"
+      uses: "actions/checkout@v4"
     - name: "Build technical documentation"
-      run: |
-        docker run -v ${PWD}/docs/sources:/hugo/content/docs/agent/latest -e HUGO_REFLINKSERRORLEVEL=ERROR --rm grafana/docs-base:latest /bin/bash -c 'make hugo'
+      run: >
+        docker run
+        --volume "${PWD}/docs/sources:/hugo/content/docs/agent/latest"
+        --env HUGO_REFLINKSERRORLEVEL=ERROR
+        --rm grafana/docs-base:latest
+        /bin/bash -c 'echo -e "---\\nredirectURL: /docs/agent/latest/\\ntype: redirect\\nversioned: true\\n---\\n" > /hugo/content/docs/agent/_index.md && make hugo'
diff --git a/.github/workflows/depcheck.yml b/.github/workflows/depcheck.yml
@@ -8,10 +8,10 @@ jobs:
     name: Check
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-    - name: Invoke action
-      uses: rfratto/depcheck@main
-      with:
-        github-token: ${{ secrets.MANAGE_ISSUES_GH_TOKEN }}
+      - name: Invoke action
+        uses: rfratto/depcheck@main
+        with:
+          github-token: ${{ secrets.MANAGE_ISSUES_GH_TOKEN }}
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
       chartpath: ${{ steps.list-changed.outputs.chartpath }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           path: source
@@ -63,7 +63,7 @@ jobs:
     if: needs.setup.outputs.changed == 'true'
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           path: source
@@ -75,7 +75,7 @@ jobs:
           git config user.email "[email protected]"
 
       - name: Checkout helm-charts
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           repository: grafana/helm-charts

diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml
@@ -5,7 +5,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Regenerate docs
         run: |
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install Helm
         uses: azure/setup-helm@v3
@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -74,5 +74,15 @@ jobs:
         uses: helm/[email protected]
         if: steps.list-changed.outputs.changed == 'true'
 
+      - name: Add dependency chart repos
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+
+      - name: Install Prometheus Operator CRDs
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          helm install my-prometheus-operator-crds prometheus-community/prometheus-operator-crds --version 6.0.0
+
       - name: Test charts
         run: ct install --config ./operations/helm/ct.yaml
diff --git a/.github/workflows/issue_commands.yml b/.github/workflows/issue_commands.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Actions
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: "grafana/grafana-github-actions"
           path: ./actions

diff --git a/.github/workflows/needs-attention.yml b/.github/workflows/needs-attention.yml
@@ -0,0 +1,49 @@
+name: Check whether issues or PRs need attention
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 0 * * *'
+permissions:
+  issues: write
+  pull-requests: write
+jobs:
+  needs-attention:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 30
+          days-before-close: -1 # never close automatically
+          stale-issue-message: >
+            This issue has not had any activity in the past 30 days, so the
+            `needs-attention` label has been added to it.
+
+            If the opened issue is a bug, check to see if a newer release fixed
+            your issue. If it is no longer relevant, please feel free to close
+            this issue.
+
+            The `needs-attention` label signals to maintainers that something
+            has fallen through the cracks. No action is needed by you; your issue
+            will be kept open and you do not have to respond to this comment. The
+            label will be removed the next time this job runs if there is new
+            activity.
+
+            Thank you for your contributions!
+          stale-pr-message: >
+            This PR has not had any activity in the past 30 days, so the
+            `needs-attention` label has been added to it.
+
+            If you do not have enough time to follow up on this PR or you think
+            it's no longer relevant, consider closing it.
+
+            The `needs-attention` label signals to maintainers that something
+            has fallen through the cracks. No action is needed by you; your PR
+            will be kept open and you do not have to respond to this comment.
+            The label will be removed the next time this job runs if there is
+            new activity.
+
+            Thank you for your contributions!
+          stale-issue-label: needs-attention
+          stale-pr-label: needs-attention
+          exempt-issue-labels: keepalive,proposal,outdated-dependency,dev-branch
+          exempt-pr-labels: keepalive,proposal,outdated-dependency,dev-branch