ci: Publish to Plugins Catalog #1075
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| paths-ignore: | |
| - docs/* | |
| - docs/sources/** | |
| branches: | |
| - main | |
| env: | |
| BUNDLEWATCH_GITHUB_TOKEN: ${{secrets.BUNDLEWATCH_GITHUB_TOKEN}} | |
| # Required to create OIDC/JWT token required to use shared actions | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| frontend: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js environment | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'yarn' | |
| - name: Install dependencies | |
| run: yarn install --immutable | |
| # lint | |
| - name: Check TS types | |
| run: yarn typecheck | |
| - name: Lint | |
| run: yarn lint | |
| - name: Unit tests | |
| run: yarn test:ci | |
| - name: Report test coverage | |
| uses: MishaKav/[email protected] | |
| with: | |
| title: Unit test coverage | |
| # Before building make sure we have the sha of the commit | |
| # This needs to be done after unit tests because unit tests rely on 'dev' sha in some steps | |
| - name: Update version.ts | |
| run: echo "export const GIT_COMMIT = '${{ github.event.pull_request.head.sha || github.sha }}';" > src/version.ts | |
| - name: Build frontend | |
| run: yarn build | |
| - name: Check bundlesize | |
| run: yarn run bundlewatch | |
| - name: Compatibility check | |
| run: npx @grafana/levitate@latest is-compatible --path src/module.ts --target @grafana/data,@grafana/ui,@grafana/runtime | |
| # The plugin is signed here so it's possible to use the artifact produced by the job directly | |
| - name: Setup plugin signing | |
| uses: grafana/shared-workflows/actions/get-vault-secrets@main | |
| with: | |
| vault_instance: ops | |
| common_secrets: | | |
| SIGN_PLUGIN_ACCESS_POLICY_TOKEN=plugins/sign-plugin-access-policy-token:token | |
| # create MANIFEST in dist | |
| - name: Sign plugin | |
| run: yarn sign | |
| env: | |
| GRAFANA_ACCESS_POLICY_TOKEN: ${{ env.SIGN_PLUGIN_ACCESS_POLICY_TOKEN }} | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: build-frontend | |
| path: dist | |
| retention-days: 1 | |
| end-to-end: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| needs: [frontend] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js environment | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'yarn' | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: build-* | |
| merge-multiple: true | |
| path: dist | |
| # E2E tests | |
| # switch to "npm run" in order to prevent "Usage Error: Couldn't find the node_modules state file - running an install might help (findPackageLocation)" when using yarn | |
| - name: Start Grafana server | |
| run: npm run e2e:ci:server:up | |
| - name: Prepare e2e tests | |
| run: npm run e2e:ci:prepare | |
| # commented to save time during the build (building this action takes ~30s) | |
| # the next step "Prepare e2e test" takes ~20s, which gives us the time needed | |
| # uncomment it if you experience flakiness | |
| # - uses: cygnetdigital/[email protected] | |
| # with: | |
| # url: 'http://localhost:3000/a/grafana-pyroscope-app/single' | |
| # responseCode: '200' | |
| # timeout: 20000 | |
| # interval: 500 | |
| - name: Launch e2e tests | |
| run: npm run e2e:ci | |
| - name: Stop Grafana server | |
| run: npm run e2e:ci:server:down | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: e2e-test-reports-and-results | |
| path: | | |
| e2e/test-reports | |
| e2e/test-results | |
| retention-days: 15 | |
| package: | |
| # This step creates a zip file with the plugin and publishes it to Google Cloud Storage bucket. | |
| # Frontend artifacts have 1 day retention. This step needs to be run within 24 hours after frontend job finished. | |
| # Plugin is already signed in frontend job so if you need to use to locally you can just download the artifact | |
| # When pushed to main it uses "gcs-no-approval" environment which can be triggered only from main | |
| # to push the package automatically without approval | |
| name: Package and publish plugin | |
| needs: [frontend] | |
| environment: ${{ github.event_name == 'push' && 'gcs-no-approval' || 'gcs' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| package_id: ${{ steps.metadata.outputs.package_id }} | |
| sha: ${{ steps.metadata.outputs.sha }} | |
| steps: | |
| # Required to correctly auth to GCS | |
| - name: Prepare - GCS | |
| uses: actions/checkout@v4 | |
| - name: Prepare - Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-frontend | |
| path: dist | |
| - name: Get plugin metadata | |
| id: metadata | |
| run: | | |
| sudo apt-get install jq | |
| export GRAFANA_PLUGIN_ID=$(cat dist/plugin.json | jq -r .id) | |
| export SHA=${{ github.event.pull_request.head.sha || github.sha }} | |
| export PACKAGE_ID=${GRAFANA_PLUGIN_ID}-${SHA} | |
| echo "plugin_id=${GRAFANA_PLUGIN_ID}" >> $GITHUB_OUTPUT | |
| echo "package_id=${PACKAGE_ID}" >> $GITHUB_OUTPUT | |
| echo "sha=${SHA}" >> $GITHUB_OUTPUT | |
| echo "archive_name=${PACKAGE_ID}.zip" >> $GITHUB_OUTPUT | |
| # Create zip file with name following conventions [plugin-id]-[sha].zip | |
| - name: Package plugin | |
| run: | | |
| mv dist ${{ steps.metadata.outputs.plugin_id }} | |
| zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r | |
| md5sum -b ${{ steps.metadata.outputs.archive_name }} | awk '{ print $1 }' > ${{ steps.metadata.outputs.archive_name }}.md5 | |
| - name: Login to GCS | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCS_SERVICE_ACCOUNT }} | |
| - name: Publish to GCS | |
| uses: 'google-github-actions/upload-cloud-storage@v1' | |
| with: | |
| path: ./ | |
| destination: 'grafana-pyroscope-app/releases' | |
| glob: '*.{zip,md5}' | |
| predefinedAcl: publicRead | |
| deploy-to-dev-catalog: | |
| name: Deploy to dev catalog | |
| needs: [package] | |
| uses: grafana/explore-profiles/.github/workflows/deploy-to-catalog.yml@ifrost/publish-to-catalog | |
| secrets: inherit | |
| with: | |
| version: ${{ needs.package.outputs.sha }} | |
| deploy-to-dev: | |
| # This triggers Argo workflow that will perform deployment to wave. Pushes to main will trigger deployment automatically | |
| name: Deploy to dev | |
| needs: [package] | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event_name == 'push' && 'dev-no-approval' || 'dev' }} | |
| steps: | |
| - name: Publish to dev | |
| run: echo Deploying ${{ needs.package.outputs.sha }} to dev | |
| - name: Deploy to dev | |
| uses: grafana/shared-workflows/actions/[email protected] | |
| with: | |
| instance: 'ops' | |
| namespace: 'phlare-cd' | |
| workflow_template: 'deploy-plugin-dev' | |
| parameters: | | |
| plugintag=${{ needs.package.outputs.sha }} | |
| extra_args: '--name deploy-plugin-dev-${{ needs.package.outputs.sha }}' | |
| log_level: 'debug' |