* Plugins: Dependencies do not inherit parent URL for preinstall (#111762)
dependencies dont inehrit parent url for preinstall
(cherry picked from commit 073338ec29)
* fix test
---------
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
Co-authored-by: Will Browne <wbrowne@tcd.ie>
Add index IDX_folder_org_id_parent_uid_uid (#110131)
* Add index IDX_folder_org_id_parent_uid
* Force index on Dashboard Permission Filter (MYSQL)
---------
(cherry picked from commit cfe73925cd)
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: maicon <maiconscosta@gmail.com>
Add permission role_id action index (#110125)
* Add permission role_id action index
* Drop permission role_id index
---------
(cherry picked from commit 99fc606e17)
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: maicon <maiconscosta@gmail.com>
Recording rule fields were not being copied correctly when duplicating an alert rule. This manifests as missing `TargetDataSourceUID` fields from the `Record` part of the rule when rules in a group are re-ordered.
Added some additional tests to ensure we cover the generation of recording rules in tests and fixed the copying logic to ensure all fields are copied correctly.
(cherry picked from commit c73b3ccf6e)
CloudMigrations: Report on prem event with grafana version (#104515)
* grafana version in on prem event report
* store grafana version in cloud migration service
(cherry picked from commit ee99433c65)
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Resolves enterprise build failures caused by dependency cascade requiring Go 1.24.5.
Updates all workspace modules and build configuration for consistency.
- Update go.work, go.mod, and 29 workspace modules from Go 1.24.4 to Go 1.24.5
- Update Dockerfile: golang:1.24.4-alpine → golang:1.24.5-alpine
- Update Makefile and drone variables to Go 1.24.5
- Aligns with main branch (commit 52f6104230)
- Prevents GOTOOLCHAIN=local build failures in CI environments
- Tested: go mod tidy, workspace sync, and enterprise builds all work
Fixes issue where enterprise drone builds failed with:
'go: go.work requires go >= 1.24.5 (running go 1.24.4; GOTOOLCHAIN=local)'
Related to release-12.0.3 tagging requirements.
* CI: move grafana-build into pkg/build (#105640)
* move grafana-build into pkg/build
* Update go.mod/go.sum files after cherry-pick build
- Updates from workspace sync after cherry-picking daggerbuild package
- Resolves dependency conflicts from pkg/build integration
- Required for successful build after CI migration backport
* CI Migration: Replace .github with main branch version
- Complete replacement of .github directory from main branch
- Includes updated workflows, actions, and configuration files
- Ensures all CI improvements from main are included
- Next step: fix branch-specific issues in separate commits
* Fix branch triggers: Update workflows to target release branches
- Update 8 workflows to trigger on release-* instead of main
- Ensures workflows run on pull requests to release branches
- Workflows updated: documentation-ci, pr-codeql-analysis-*, pr-dependabot-update-go-workspace, pr-go-workspace-check, pr-k8s-codegen-check, verify-kinds, codeowners-validator
* Fix branch triggers: Update workflows to target both main and release branches
- CORRECTED: Include both main and release-* branch patterns
- Ensures workflows run on both main branch (original functionality) and release branches (needed for backport)
- Previous commit incorrectly removed main branch support
- Workflows updated: documentation-ci, pr-codeql-analysis-*, pr-dependabot-update-go-workspace, pr-go-workspace-check, pr-k8s-codegen-check, verify-kinds, codeowners-validator
* CI Migration: Update .gitignore to allow OSS wire file to be committed
- Remove **/wire_gen.go (allow pkg/server/wire_gen.go to be committed)
- Add /pkg/server/enterprise_wire_gen.go (keep enterprise wire file ignored)
- This enables the new committed wire files architecture for CI
* CI Migration: Add enhanced wire tool with automatic build constraints
- Backport enhanced wire tool from main branch with -gen_tags flag
- This enables automatic regeneration with proper constraints to prevent conflicts
- Wire file contains all required functions: Initialize, InitializeDocumentBuilders, etc.
- Solves the missing wire functions issue causing CI failures
- Enhanced tool ensures build constraints persist on regeneration
* CI Migration: Update Makefile to use enhanced wire tool with build constraints
- Update gen-go target to use -gen_tags flag for automatic build constraints
- Ensures future engineers get proper build constraints when running 'make gen-go'
- Matches main branch approach for consistent wire file generation
- Removes dependency on WIRE_TAGS variable and GO_RACE_FLAG for simplicity
* Add gen-enterprise-go target to Makefile for release-12.0.3
- Backports gen-enterprise-go target from main branch
- Enables enterprise wire file generation in release branches
- Part of CI migration backport wire infrastructure fixes
- Resolves CI issues where enterprise wire functions were missing
* Fix wire tool golden file format for Drone CI compatibility
- Update all 43 golden test files to match main branch format
- Change go:generate command from github.com/google/wire/cmd/wire to ./pkg/build/wire/cmd/wire/main.go
- Remove legacy '// +build !wireinject' constraints
- Fixes Drone CI test failures that were blocking OSS PR merge
- All wire tests now pass successfully
This aligns the backport branch with the golden file format updates
that were made in main branch when the wire tool was enhanced.
* Update swagger specs to include enterprise APIs
- Regenerated api-enterprise-spec.json with enterprise API definitions
- Updated api-merged.json with merged OSS and enterprise specs
- Regenerated openapi3.json with complete API specifications
- Fixes enterprise CI swagger generation validation failures
- Enterprise APIs now properly detected and documented
* Fix OSS integration tests missing enterprise build tags in Drone CI
- Add -tags=enterprise to all integration test steps in lib.star
- Fixes test-backend-integration, postgres-integration-tests, and mysql-integration-tests
- Regenerate .drone.yml with proper enterprise build tags
- Resolves 'server could not find the requested resource' errors for enterprise APIs
- Ensures enterprise APIs (querylibrary, reporting, banners, scim) are registered during tests
- Aligns OSS Drone CI with GitHub Actions behavior and enterprise repository
* Fix CODEOWNERS for release-12.0.3 compatibility
- Remove 21 entries that reference files/directories not present in release branch
- Resolves File Exist Checker failures in codeowners-validator workflow
- Maintains team ownership assignments from main branch for existing files
- Lines removed: .air.toml, apps/secret/, apps/iam/, e2e-playwright/, packages/grafana-alerting/, etc.
* baldm0mma/ update releasefinder
* Add i18n-extract script for release branch compatibility
- Add 'i18n-extract': 'make i18n-extract' to package.json scripts
- Resolves i18n-verify workflow failure that expects this script
- The make target already exists and handles OSS + enterprise i18n extraction
- Maintains i18n verification functionality from main branch workflows
- Simple safe addition that calls existing make infrastructure
* Phase 4: Fix GitHub Actions workflow branch triggers
- Add release-*.*.* pattern to 8 workflows missing it
- Fix duplicate release branch patterns in 3 workflows
- Ensure consistent branch trigger format across all workflows
- Critical workflows now properly trigger on release branches
Fixes workflows: actionlint, backend-code-checks, go-lint, reject-gh-secrets,
run-schema-v2-e2e, shellcheck, swagger-gen, trivy-scan
* Fix: Backport E2E runner infrastructure for Enterprise CI
- Add e2e/main.go and e2e/internal/ directory from main branch
- Add urfave/cli/v3 dependency required by E2E runner
- Fixes Enterprise CI failure: 'Build E2E test runner' and 'Build & package Grafana for e2e tests'
- Root cause: E2E runner infrastructure was added to main after release-12.0.3 branch creation
- Solution: Backport missing E2E runner files to enable Enterprise CI completion
Resolves: no Go files in /opt/actions-runner/_work/grafana-enterprise/grafana-enterprise/grafana/e2e
* Fix: Update go.mod dependency classification for urfave/cli/v3
- Change urfave/cli/v3 from indirect to direct dependency
- Fixes Go Workspace Check failure in CI
- Required after adding E2E runner infrastructure that directly imports urfave/cli/v3
- Resolves: make update-workspace corrects dependency classification
* Fix: Add team ownership for urfave/cli/v3 dependency
- Assign @grafana/grafana-backend-group as owner for github.com/urfave/cli/v3@v3.3.8
- Follows existing pattern: urfave/cli v1 and v2 also owned by grafana-backend-group
- Resolves Backend Code Checks / Validate Backend Configs CI failure
- Required for E2E runner infrastructure dependency ownership compliance
Fixes: modowners check requiring team assignment for newly added dependencies
* Fix: Revert experimental E2E playwright infrastructure to stable version
- Revert pr-e2e-tests.yml to stable Cypress-based E2E testing
- Remove experimental storybook-verification-playwright.yml workflow
- Revert run-dashboard-search-e2e.yml and release-pr.yml to use e2e/test-plugins/
- Keep stable E2E runner infrastructure (e2e/main.go + e2e/internal/)
- Remove experimental playwright features per team recommendation
Team feedback: Playwright tests are experimental and shouldn't be backported to stable release branches
* Fix: Complete cleanup of experimental playwright dependencies
- Revert package.json to stable version (remove e2e-playwright scripts and path references)
- Revert playwright.config.ts to stable plugin-e2e configuration
- Remove all experimental playwright infrastructure dependencies
- Ensure clean stable E2E testing environment
All experimental features removed per team recommendation for stable release branches
* Fix: Restore working package.json configuration
- Revert package.json to version 12.0.3 (working release branch version)
- Fix workspace dependency resolution issues caused by incorrect revert to main branch version
- FE tests, betterer, and linting should now work correctly
Issue was caused by reverting package.json to main branch (12.1.0-pre) instead of keeping
the working release branch configuration (12.0.3)
* CI: mirror some CI dependencies (#106148)
* mirror some CI dependencies
* remove -v from go build
* Fix: Backport missing e2e/run-suite script for daggerbuild E2E system
The daggerbuild E2E system (used by OSS workflows) expects ./e2e/run-suite
to exist, but we only backported the new E2E runner infrastructure.
This script is needed for:
- OSS workflow: 'go run ./pkg/build/e2e --suite=dashboards-suite'
- Legacy Cypress configuration with video support
- Integration between daggerbuild and existing Cypress test suites
Resolves E2E test failures in OSS workflows where videos directory
cannot be found because run-suite script was missing.
* Fix: Resolve daggerbuild E2E path doubling issue
- Extract just suite name from full path using filepath.Base()
- Prevents doubled paths like './e2e/e2e/dashboards-suite/videos'
- Resolves 'no spec files found' and 'no such file or directory' errors
- GitHub Actions passes full paths like 'e2e/dashboards-suite' but run-suite script expects just 'dashboards-suite'
* Infrastructure: Wholesale copy pkg/build/ from main
COMPLETE DAGGERBUILD SYSTEM UPDATE:
- Modern E2E system with CLI framework and --flags support
- New accessibility testing system (a11y/)
- New Playwright E2E testing system (e2e-playwright/)
- External infrastructure improvements (musl.cc → dl.grafana.com/ci)
- Updated daggerbuild core components with latest fixes
- Updated Go dependencies and wire modules
ARCHITECTURAL COMPATIBILITY VERIFIED:
- Modern pkg/build calls: ./e2e-runner cypress --start-grafana=false --cypress-video
- Our e2e runner supports: All required parameters including --suite, --env flags
- GitHub Actions workflows: Pass compatible arguments
- Binary builds: Successfully creates working e2e-runner
RESOLVES ISSUES:
- Fixes --flags parameter compatibility with GitHub Actions
- Includes all follow-up infrastructure improvements
- Provides complete, tested system with modern CLI framework
- Eliminates external dependency failures (musl.cc timeouts)
- Removes need for path doubling workarounds (modern system handles full paths correctly)
Replaces incremental cherry-picking with complete, tested system from main.
* Dependencies: Update Go modules after pkg/build wholesale copy
DEPENDENCY UPDATES:
- Updated go.work.sum with new dependencies from modern pkg/build system
- Updated all workspace module dependencies (go.mod/go.sum files)
- Removed pkg/build/cmd/enterprise.go (enterprise-only file, gets copied during enterprise development)
ENTERPRISE INTEGRATION FIX:
- enterprise.go file doesn't belong in OSS repository
- Gets copied from grafana-enterprise during development mode
- Main branch doesn't have this file, explaining module compatibility
All Go modules now properly resolved and compatible with modern pkg/build architecture.
* Dependencies: Update workspace Go module checksums after pkg/build wholesale copy
- Synchronizes all go.sum files across workspace modules
- Adds missing .mod.h1 entries that were required after infrastructure update
- Resolves Go Workspace Check CI failures
- Updates 22 modules: .citools/, apps/, pkg/ subdirectories plus go.work.sum
Addresses CI error: 'Please run make update-workspace and commit the changes'
* Infrastructure: Revert to pre-Playwright E2E system for release branch compatibility
Strategic combination of modern daggerbuild with stable E2E infrastructure:
**Modern Daggerbuild (from main):**
- Latest CLI framework (github.com/urfave/cli/v3)
- External infrastructure fixes (musl.cc → dl.grafana.com/ci)
- Complete pkg/build/ system with all enhancements
- Updated dependencies and architecture improvements
**Stable E2E Infrastructure (pre-Playwright):**
- pkg/build/e2e/service.go: Reverted to version before commit b6580ccb10
- pkg/build/a11y/: Reverted to stable version compatible with existing infrastructure
- Removed experimental pkg/build/e2e-playwright/ system
- Removed experimental e2e-playwright/ test infrastructure
**Why This Approach:**
- GitHub Actions workflows call 'go run ./pkg/build/e2e' (modern system)
- Modern system now expects only standard e2e/ directory (compatible)
- Release branches have standard e2e/ infrastructure (dashboards-suite, various-suite, etc.)
- Eliminates dependency on experimental Playwright infrastructure
**Key Dependencies Met:**
- e2e/pa11yci.conf.js: Added for a11y test compatibility
- /src/e2e directory: Standard directory structure (no e2e-playwright needed)
- Existing test plugins: Uses stable e2e/test-plugins/
**Result:**
Best of both worlds - modern, reliable daggerbuild infrastructure with
proven E2E testing that works across all release branches without
requiring experimental dependencies.
* Fix: Remove unused embed.go file causing golangci-lint failure
- Removes pkg/build/daggerbuild/msi/embed.go with unused embed.FS variable
- MSI build process uses directory mounting instead of embedded filesystem
- Resolves 'var resources is unused (unused)' linting error
* Fix: Update Node.js version to match working E2E configuration
- Changes from v22.11.0 to v22.16.0 to match commit 17952d45e4
- Working commit had all E2E tests passing with same daggerbuild infrastructure
- Node.js version differences can affect frontend builds and UI rendering
- Ensures consistent environment between working reference and current branch
* Fix: Use conditional container base for E2E compatibility
- Alpine for OSS tests (better old arch dashboardScene=false compatibility)
- Ubuntu for Enterprise tests (when image renderer needed)
- Restores original release-12.0.3 Alpine behavior for OSS
- Should resolve old arch E2E test failures
* Fix: Go fmt formatting for conditional container logic
* Revert: Remove unnecessary Alpine/Ubuntu conditional logic
- Real issue was wrong environment variable name (dashboardScene vs DISABLE_SCENES)
- Keep Ubuntu base (original main branch behavior) for simplicity
- Container base was not the root cause of old arch failures
* Experiment: Copy scripts/ from pre-Playwright commit (ea0ddb3fc9)
- Copied scripts directory from commit ea0ddb3fc9 (just before Playwright migration)
- This overwrites some CI migration fixes but testing if it's actually needed
- Can revert back to b9b4602dbd if CI breaks
Test commit to see real impact on GitHub Actions workflows.
* trigger ci 01
* Fix: Copy .drone.star from main to match scripts structure
- Resolves Starlark evaluation error for missing integration_test_pipelines
- Aligns .drone.star with main branch scripts structure
- Same fix applied to both OSS and Enterprise repositories
* make drone
* Fix ARM/v7 Docker build failures by using dagger run for cross-compilation
- Change artifacts_cmd() in scripts/drone/steps/rgm.star to use 'dagger run go run' instead of 'go run'
- Add --max-execution-steps 100000 to make drone target in Makefile to properly regenerate .drone.yml
- This fixes CGO cross-compilation issues with SQLite for ARM/v7 Docker builds
- Matches the approach already used successfully in Enterprise builds
* Fix Docker base image references in rgm build steps
- Change from symbolic names (alpine-base, ubuntu-base) to actual Docker images
- alpine-base → alpine:3.21.3
- ubuntu-base → ubuntu:22.04
- Add ubuntu and alpine parameters to rgm_artifacts_step and rgm_build_docker_step functions
- Fixes Docker pull errors: 'repository does not exist or may require authorization'
- Aligns OSS configuration with Enterprise approach
---------
Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com>
IAM: Return 401 if identity type is not valid in GetUserPreferences (#107760)
fix(GetUserPreferences): Return 401 if identity type is not valid
(cherry picked from commit e4743a9092)
Unified storage: Respect GF_DATABASE_URL override (#105331)
* Database for unified storage resources now reuses DB code that respects URL override.
Access instrument_queries via section getter.
(cherry picked from commit 041c343a86)
* Alerting: Resend alerts for states that are missing in the eval results (#105965)
What is this feature?
This PR fixes the MissingSeriesEvalsToResolve behavior when it's set to more than 4 evaluation intervals.
Why do we need this feature?
The MissingSeriesEvalsToResolve setting was not working correctly due to alerts being auto-resolved by Alertmanager after 4 evaluation intervals (via the endsAt field).
Before we had deleteStaleStatesFromCache method that was returning only stale states that had to be resolved. Non-stale states for which the current evaluation does not have a series never had endsAt updated and were never resend to the Alertmanager, so they were automatically resolved after 4 evaluations regardless of the setting.
The new processMissingSeriesStates returns state for each missing series on every evaluation, and resolves the stale ones. This guarantees that alerts without series still alert for the configured number of evaluations.
* Remove FiredAt field
Profiles: Stop passing response headers for Grafana-Pyroscope and parca datasources (#106577)
* Revert "pkgs/tsdb/[grafana-pyroscope-datasource|parca]: Fix use of request headers in responses"
This reverts commit 8bac68e906.
* Profiles: Stop passing request/response headers to the backend
(cherry picked from commit 8fdf86e56f)
(cherry picked from commit 7878815ffc)
Provisioning: Move OSS provisioning to Run step (#105428)
* Provisioning: Move OSS provisioning to Run step
---------
(cherry picked from commit 1435eedbc4)
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: maicon <maiconscosta@gmail.com>
Run Init Provisioners at Server Initialization (#105080)
* Run Init Provisioners at Server Initialization
---------
(cherry picked from commit 82bbbf1a98)
Signed-off-by: Maicon Costa <maiconscosta@gmail.com>
Co-authored-by: maicon <maiconscosta@gmail.com>
CloudMigrations: Omit autoincremented id for alert snapshots (#106598)
If you tried to migrate alerts from two differente sources/on-prem instances,
the autoincremented numeric id would be the same, and since we were creating
the resource in cloud with that same id (the API accepts it), it would
return an error "conflicting alert rule found" because that id is the primary key on the table.
We simply omit the numeric id now and let the API for the cloud instance generate it.
(cherry picked from commit a1f2693fd8)
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Alerting: Provisioning API returns 403 on quota exceeded for rule group PUT (#106409)
(cherry picked from commit 1df888c517)
Co-authored-by: Vadim Stepanov <vstpme@gmail.com>
Alerting: Fix group-level labels and query_offset in the import API (#106379)
What is this feature?
Fixes a bug when group-level query_offset and labels parameters are ignored and not saved
Why do we need this feature?
In the import API Prometheus YAML rule definitions are supported:
groups:
- name: group-1
interval: 1m
query_offset: 10m
labels:
severity: "warning"
rules:
- alert: Alert 0 > 0
expr: vector(0) > 0
But applying group-level labels and query_offset is broken and they are not saved right now because during the conversion of the API model to PrometheusRuleGroup they aren't saved to the new structure.
(cherry picked from commit f7a52bc04e)
Alerting: Fix $value type when single data source is queried (#106080)
(cherry picked from commit faeddf334a)
Co-authored-by: Alexander Akhmetov <me@alx.cx>
* Dependencies: Bump github.com/getkin/kin-openapi from v0.131.0 to v0.132.0
* Dependencies: Bump github.com/openfga/openfga from v1.8.6 to v1.8.12
* Dependencies: Bump golang.org/x to latest
