-
Notifications
You must be signed in to change notification settings - Fork 3
249 lines (214 loc) · 8.28 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
name: CI
on:
push:
branches:
- main
pull_request:
paths-ignore:
- docs/*
- docs/sources/**
branches:
- main
env:
BUNDLEWATCH_GITHUB_TOKEN: ${{secrets.BUNDLEWATCH_GITHUB_TOKEN}}
# Required to create OIDC/JWT token required to use shared actions
permissions:
contents: read
id-token: write
jobs:
frontend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'yarn'
- name: Install dependencies
run: yarn install --immutable
# lint
- name: Check TS types
run: yarn typecheck
- name: Lint
run: yarn lint
- name: Unit tests
run: yarn test:ci
- name: Report test coverage
uses: MishaKav/[email protected]
with:
title: Unit test coverage
# Before building make sure we have the sha of the commit
# This needs to be done after unit tests because unit tests rely on 'dev' sha in some steps
- name: Update version.ts
run: echo "export const GIT_COMMIT = '${{ github.event.pull_request.head.sha || github.sha }}';" > src/version.ts
- name: Build frontend
run: yarn build
- name: Check bundlesize
run: yarn run bundlewatch
- name: Compatibility check
run: npx @grafana/levitate@latest is-compatible --path src/module.ts --target @grafana/data,@grafana/ui,@grafana/runtime
# The plugin is signed here so it's possible to use the artifact produced by the job directly
- name: Setup plugin signing
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
vault_instance: ops
common_secrets: |
SIGN_PLUGIN_ACCESS_POLICY_TOKEN=plugins/sign-plugin-access-policy-token:token
# create MANIFEST in dist
- name: Sign plugin
run: yarn sign
env:
GRAFANA_ACCESS_POLICY_TOKEN: ${{ env.SIGN_PLUGIN_ACCESS_POLICY_TOKEN }}
- uses: actions/upload-artifact@v4
if: always()
with:
name: build-frontend
path: dist
retention-days: 1
end-to-end:
runs-on: ubuntu-latest
timeout-minutes: 15
needs: [frontend]
steps:
- uses: actions/checkout@v4
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'yarn'
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
pattern: build-*
merge-multiple: true
path: dist
# E2E tests
# switch to "npm run" in order to prevent "Usage Error: Couldn't find the node_modules state file - running an install might help (findPackageLocation)" when using yarn
- name: Start Grafana server
run: npm run e2e:ci:server:up
- name: Prepare e2e tests
run: npm run e2e:ci:prepare
# commented to save time during the build (building this action takes ~30s)
# the next step "Prepare e2e test" takes ~20s, which gives us the time needed
# uncomment it if you experience flakiness
# - uses: cygnetdigital/[email protected]
# with:
# url: 'http://localhost:3000/a/grafana-pyroscope-app/single'
# responseCode: '200'
# timeout: 20000
# interval: 500
- name: Launch e2e tests
run: npm run e2e:ci
- name: Stop Grafana server
run: npm run e2e:ci:server:down
- uses: actions/upload-artifact@v4
if: always()
with:
name: e2e-test-reports-and-results
path: |
e2e/test-reports
e2e/test-results
retention-days: 15
package:
# This step creates a zip file with the plugin and publishes it to Google Cloud Storage bucket.
# Frontend artifacts have 1 day retention. This step needs to be run within 24 hours after frontend job finished.
# Plugin is already signed in frontend job so if you need to use to locally you can just download the artifact
# When pushed to main it uses "gcs-no-approval" environment which can be triggered only from main
# to push the package automatically without approval
name: Package and publish plugin
needs: [frontend]
environment: ${{ github.event_name == 'push' && 'gcs-no-approval' || 'gcs' }}
runs-on: ubuntu-latest
outputs:
package_id: ${{ steps.metadata.outputs.package_id }}
sha: ${{ steps.metadata.outputs.sha }}
steps:
# Required to correctly auth to GCS
- name: Prepare - GCS
uses: actions/checkout@v4
- name: Prepare - Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-frontend
path: dist
- name: Get plugin metadata
id: metadata
run: |
sudo apt-get install jq
export GRAFANA_PLUGIN_ID=$(cat dist/plugin.json | jq -r .id)
export SHA=${{ github.event.pull_request.head.sha || github.sha }}
export PACKAGE_ID=${GRAFANA_PLUGIN_ID}-${SHA}
echo "plugin_id=${GRAFANA_PLUGIN_ID}" >> $GITHUB_OUTPUT
echo "package_id=${PACKAGE_ID}" >> $GITHUB_OUTPUT
echo "sha=${SHA}" >> $GITHUB_OUTPUT
echo "archive_name=${PACKAGE_ID}.zip" >> $GITHUB_OUTPUT
# Create zip file with name following conventions [plugin-id]-[sha].zip
- name: Package plugin
run: |
mv dist ${{ steps.metadata.outputs.plugin_id }}
zip ${{ steps.metadata.outputs.archive_name }} ${{ steps.metadata.outputs.plugin_id }} -r
- name: Login to GCS
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCS_SERVICE_ACCOUNT }}
- name: Publish to GCS
uses: 'google-github-actions/upload-cloud-storage@v1'
with:
path: ./
destination: 'grafana-pyroscope-app/releases'
glob: '*.zip'
predefinedAcl: publicRead
deploy-to-dev-catalog:
name: Deploy to dev catalog
needs: [package]
runs-on: ubuntu-latest
steps:
- name: Login to GCS
id: gcloud
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCS_SERVICE_ACCOUNT }}
- name: Get secrets from Vault
id: get-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
vault_instance: ops
common_secrets: |
GCOM_PUBLISH_TOKEN_DEV=plugins/gcom-publish-token:dev
- name: Check and create stub
uses: grafana/plugin-ci-workflows/actions/plugins/publish/check-and-create-stub@main
with:
plugin-id: grafana-pyroscope-app
environment: dev
gcom-publish-token: ${{ env.GCOM_PUBLISH_TOKEN_DEV }}
gcloud-auth-token: ${{ steps.gcloud.outputs.auth_token }}
- name: Publish to catalog
uses: grafana/plugin-ci-workflows/actions/plugins/publish/publish@main
with:
zips: '["https://storage.cloud.google.com/grafana-pyroscope-app/releases/grafana-pyroscope-app-${{ needs.package.outputs.sha }}.zip"]'
environment: dev
scopes: any
gcom-publish-token: ${{ env.GCOM_PUBLISH_TOKEN_DEV }}
gcloud-auth-token: ${{ steps.gcloud.outputs.auth_token }}
deploy-to-dev:
# This triggers Argo workflow that will perform deployment to wave. Pushes to main will trigger deployment automatically
name: Deploy to dev
needs: [package]
runs-on: ubuntu-latest
environment: ${{ github.event_name == 'push' && 'dev-no-approval' || 'dev' }}
steps:
- name: Publish to dev
run: echo Deploying ${{ needs.package.outputs.sha }} to dev
- name: Deploy to dev
uses: grafana/shared-workflows/actions/[email protected]
with:
instance: 'ops'
namespace: 'phlare-cd'
workflow_template: 'deploy-plugin-dev'
parameters: |
plugintag=${{ needs.package.outputs.sha }}
extra_args: '--name deploy-plugin-dev-${{ needs.package.outputs.sha }}'
log_level: 'debug'