Skip to content

Move test-pr flow to Github actions #11

Move test-pr flow to Github actions

Move test-pr flow to Github actions #11

Workflow file for this run

name: test-pr
on:
pull_request: ~
permissions:
contents: read
id-token: write
jobs:
test-pr:
runs-on: ubuntu-latest
services:
grafana:
image: grafana/grafana-enterprise:latest
env:
GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT'
GF_PATHS_PROVISIONING: '/drone/src/scripts/drone/provisioning'
volumes:
- /var/run/docker
grabpl:
image: byrnedo/alpine-curl:0.1.8
dockerize:
image: jwilder/dockerize:0.6.1
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Load secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
repo_secrets: |
SRCCLR_API_TOKEN=github_actions:srcclr_api_token
- name: grabpl
run: |
mkdir -p bin
curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl
chmod +x bin/grabpl
- uses: actions/cache/save@v4
id: grabpl-cache
with:
key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
path: bin/grabpl
- name: install-node
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'yarn'
- name: yarn-install
run: yarn install --frozen-lockfile --no-progress
env:
PUPPETEER_CACHE_DIR: /tmp/src/cache
- name: yarn-build
run: yarn build
- name: wait-for-grafana
run: dockerize -wait http://grafana:3000 -timeout 120s
- name: yarn-test
run: yarn test-ci
env:
CI: true
PUPPETEER_CACHE_DIR: /src/cache
- name: security-scan
run: |
echo "Starting veracode scan..."
export _JAVA_OPTIONS=-Xmx4g
mkdir -p ci/jobs/security_scan
curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty
env:
SRCCLR_API_TOKEN: ${{ env.SRCCLR_API_TOKEN }}
packaging:
runs-on: ubuntu-latest
container: grafana/grafana-plugin-ci:1.9.6
needs: [test-pr]
strategy:
matrix:
packaging:
- linux-x64-glibc
- darwin-x64-unknown
- win32-x64-unknown
- linux-x64-glibc-no-chromium
- alpine-x64-no-chromium
steps:
- uses: actions/cache/restore@v4
with:
path: bin/grabpl
key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
- name: Load secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
repo_secrets: |
GRAFANA_API_KEY=github_actions:grafana_api_key
- name: package-${{ matrix.packaging }}
run: . |
./scripts/package_target.sh ${{ matrix.packaging }}
bin/grabpl build-plugin-manifest ./dist/plugin-${{ matrix.packaging }} || true
./scripts/archive_target.sh ${{ matrix.packaging }}
env:
GRAFANA_API_KEY: ${{ env.GRAFANA_API_KEY }}