cremate graveyard legend

fix candlestick suggestions
fix candlestick
2024-11-25 14:07:17 -06:00 · 2024-11-25 13:57:55 -06:00 · 2024-11-25 13:53:07 -06:00 · 2024-11-25 13:40:57 -06:00 · 2024-11-25 13:29:18 -06:00 · 2024-11-25 13:26:47 -06:00
2637 changed files with 112009 additions and 49471 deletions
@@ -0,0 +1,45 @@
+// @ts-check
+/**
+ * @type {Array<import('eslint').Linter.Config>}
+ */
+module.exports = [
+  {
+    files: ['**/*.{js,jsx,ts,tsx}'],
+    rules: {
+      '@typescript-eslint/no-explicit-any': 'error',
+      '@grafana/no-aria-label-selectors': 'error',
+      'no-restricted-imports': [
+        'error',
+        {
+          patterns: [
+            {
+              group: ['@grafana/ui*', '*/Layout/*'],
+              importNames: ['Layout', 'HorizontalGroup', 'VerticalGroup'],
+              message: 'Use Stack component instead.',
+            },
+          ],
+        },
+      ],
+    },
+  },
+  {
+    files: ['**/*.{ts,tsx}'],
+    ignores: ['**/*.{test,spec}.{ts,tsx}', '**/__mocks__/**', '**/public/test/**'],
+    rules: {
+      '@typescript-eslint/consistent-type-assertions': ['error', { assertionStyle: 'never' }],
+    },
+  },
+  {
+    files: ['public/app/**/*.{ts,tsx}'],
+    rules: {
+      'no-barrel-files/no-barrel-files': 'error',
+    },
+  },
+  {
+    files: ['public/**/*.tsx', 'packages/grafana-ui/**/*.tsx'],
+    ignores: ['public/app/plugins/**', '**/*.story.tsx', '**/*.{test,spec}.{ts,tsx}', '**/__mocks__/', 'public/test'],
+    rules: {
+      '@grafana/no-untranslated-strings': 'error',
+    },
+  },
+];
@@ -1,8 +1,8 @@
 import { BettererFileTest } from '@betterer/betterer';
+import { ESLint } from 'eslint';
 import { promises as fs } from 'fs';
-import { ESLint, Linter } from 'eslint';
-import path from 'path';
-import { glob } from 'glob';
+
+import config from './.betterer.eslint.config';

 // Why are we ignoring these?
 // They're all deprecated/being removed so doesn't make sense to fix types
@@ -82,81 +82,20 @@ function countEslintErrors() {
    }

    const { baseDirectory } = resolver;
-    const cli = new ESLint({ cwd: baseDirectory });
-
-    // Get the base config to set up parsing etc correctly
-    // this is by far the slowest part of this code. It takes eslint about 2 seconds just to find the config
-    const baseConfig = await cli.calculateConfigForFile(filePaths[0]);
-
-    const baseRules: Partial<Linter.RulesRecord> = {
-      '@emotion/syntax-preference': [2, 'object'],
-      '@typescript-eslint/no-explicit-any': 'error',
-      '@grafana/no-aria-label-selectors': 'error',
-      'no-restricted-imports': [
-        'error',
-        {
-          patterns: [
-            {
-              group: ['@grafana/ui*', '*/Layout/*'],
-              importNames: ['Layout', 'HorizontalGroup', 'VerticalGroup'],
-              message: 'Use Stack component instead.',
-            },
-          ],
-        },
-      ],
-    };
-
-    const config: Linter.Config = {
-      ...baseConfig,
-      rules: baseRules,
-
-      // Be careful when specifying overrides for the same rules as in baseRules - it will... override
-      // the same rule, not merge them with different configurations
-      overrides: [
-        {
-          files: ['**/*.{ts,tsx}'],
-          excludedFiles: ['*.{test,spec}.{ts,tsx}', '**/__mocks__/**', '**/public/test/**'],
-          rules: {
-            '@typescript-eslint/consistent-type-assertions': ['error', { assertionStyle: 'never' }],
-          },
-        },
-
-        {
-          files: ['public/app/**/*.{ts,tsx}'],
-          rules: {
-            'no-barrel-files/no-barrel-files': 'error',
-          },
-        },
-        {
-          files: ['public/**/*.tsx', 'packages/grafana-ui/**/*.tsx'],
-          excludedFiles: [
-            'public/app/plugins/**',
-            '*.story.tsx',
-            '*.{test,spec}.{ts,tsx}',
-            '**/__mocks__/**',
-            'public/test/**',
-          ],
-          rules: {
-            '@grafana/no-untranslated-strings': 'error',
-          },
-        },
-      ],
-    };

    const runner = new ESLint({
-      baseConfig: config,
-      useEslintrc: false,
+      overrideConfig: config,
      cwd: baseDirectory,
+      warnIgnored: false,
    });

    const lintResults = await runner.lintFiles(Array.from(filePaths));
-    lintResults
-      .filter((lintResult) => lintResult.source)
-      .forEach(({ messages, filePath }) => {
-        const file = fileTestResult.addFile(filePath, '');
-        messages.forEach((message, index) => {
-          file.addIssue(0, 0, message.message, `${index}`);
-        });
+
+    lintResults.forEach(({ messages, filePath }) => {
+      const file = fileTestResult.addFile(filePath, '');
+      messages.forEach((message, index) => {
+        file.addIssue(0, 0, message.message, `${index}`);
      });
+    });
  });
 }
@@ -16,7 +16,7 @@ watch_exts = [".go", ".ini", ".toml", ".template.html"]
 ignore_files = [".*_gen.go"]
 build_delay = 1500
 cmds = [
-  ["GO_BUILD_DEV=1", "make", "build-go"],
+  ["GO_BUILD_DEV=1", "make", "build-go-fast"],
  ["make", "gen-jsonnet"],
  ["./bin/grafana", "server", "-profile", "-profile-addr=127.0.0.1", "-profile-port=6000", "-profile-block-rate=1", "-profile-mutex-rate=5", "-packaging=dev", "cfg:app_mode=development"]
 ]
@@ -1042,8 +1042,9 @@ services:
    path: /var/lib/mysql
 - commands:
  - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
+    -alertmanager.utf8-strict-mode-enabled
  environment: {}
-  image: grafana/mimir-alpine:r304-3872ccb
+  image: grafana/mimir-alpine:r316-55f47f8
  name: mimir_backend
 - environment: {}
  image: redis:6.2.11-alpine
@@ -1518,8 +1519,9 @@ services:
    path: /var/lib/mysql
 - commands:
  - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
+    -alertmanager.utf8-strict-mode-enabled
  environment: {}
-  image: grafana/mimir-alpine:r304-3872ccb
+  image: grafana/mimir-alpine:r316-55f47f8
  name: mimir_backend
 - environment: {}
  image: redis:6.2.11-alpine
@@ -2515,7 +2517,7 @@ steps:
    repo:
    - grafana/grafana
 - commands:
-  - apk add --update bash
+  - apk add --update bash git
  - ./scripts/publish-npm-packages.sh --dist-tag 'canary' --registry 'https://registry.npmjs.org'
  depends_on:
  - end-to-end-tests-dashboards-suite
@@ -2633,8 +2635,9 @@ services:
    path: /var/lib/mysql
 - commands:
  - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
+    -alertmanager.utf8-strict-mode-enabled
  environment: {}
-  image: grafana/mimir-alpine:r304-3872ccb
+  image: grafana/mimir-alpine:r316-55f47f8
  name: mimir_backend
 - environment: {}
  image: redis:6.2.11-alpine
@@ -3217,8 +3220,9 @@ services:
    path: /var/lib/mysql
 - commands:
  - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
+    -alertmanager.utf8-strict-mode-enabled
  environment: {}
-  image: grafana/mimir-alpine:r304-3872ccb
+  image: grafana/mimir-alpine:r316-55f47f8
  name: mimir_backend
 - environment: {}
  image: redis:6.2.11-alpine
@@ -3921,6 +3925,132 @@ volumes:
    path: /var/run/docker.sock
  name: docker
 ---
+clone:
+  retries: 3
+depends_on: []
+image_pull_secrets:
+- gcr
+- gar
+kind: pipeline
+name: verify-linux-packages
+node:
+  type: no-parallel
+platform:
+  arch: amd64
+  os: linux
+services: []
+steps:
+- commands:
+  - export version=$(echo ${TAG} | sed -e "s/+security-/-/g")
+  - 'echo "Step 1: Updating package lists..."'
+  - apt-get update >/dev/null 2>&1
+  - 'echo "Step 2: Installing prerequisites..."'
+  - DEBIAN_FRONTEND=noninteractive apt-get install -yq apt-transport-https software-properties-common
+    wget >/dev/null 2>&1
+  - 'echo "Step 3: Adding Grafana GPG key..."'
+  - mkdir -p /etc/apt/keyrings/
+  - wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg
+    > /dev/null
+  - 'echo "Step 4: Adding Grafana repository..."'
+  - echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable
+    main" | tee -a /etc/apt/sources.list.d/grafana.list
+  - 'echo "Step 5: Installing Grafana..."'
+  - for i in $(seq 1 60); do
+  - '    if apt-get update >/dev/null 2>&1 && DEBIAN_FRONTEND=noninteractive apt-get
+    install -yq grafana=$version >/dev/null 2>&1; then'
+  - '        echo "Command succeeded on attempt $i"'
+  - '        break'
+  - '    else'
+  - '        echo "Attempt $i failed"'
+  - '        if [ $i -eq 60 ]; then'
+  - '            echo ''All attempts failed'''
+  - '            exit 1'
+  - '        fi'
+  - '        echo "Waiting 30 seconds before next attempt..."'
+  - '        sleep 30'
+  - '    fi'
+  - done
+  - 'echo "Step 6: Verifying Grafana installation..."'
+  - 'if dpkg -s grafana | grep -q "Version: $version"; then'
+  - '    echo "Successfully verified Grafana version $version"'
+  - else
+  - '    echo "Failed to verify Grafana version $version"'
+  - '    exit 1'
+  - fi
+  - echo "Verification complete."
+  depends_on: []
+  environment: {}
+  image: ubuntu:22.04
+  name: verify-linux-DEB-packages
+- commands:
+  - 'echo "Step 1: Updating package lists..."'
+  - dnf check-update -y >/dev/null 2>&1 || true
+  - 'echo "Step 2: Installing prerequisites..."'
+  - dnf install -y dnf-utils >/dev/null 2>&1
+  - 'echo "Step 3: Adding Grafana GPG key..."'
+  - rpm --import https://rpm.grafana.com/gpg.key
+  - 'echo "Step 4: Configuring Grafana repository..."'
+  - |-
+    echo -e '[grafana]
+    name=grafana
+    baseurl=https://rpm.grafana.com
+    repo_gpgcheck=0
+    enabled=1
+    gpgcheck=0
+    gpgkey=https://rpm.grafana.com/gpg.key
+    sslverify=1
+    sslcacert=/etc/pki/tls/certs/ca-bundle.crt
+    ' > /etc/yum.repos.d/grafana.repo
+  - 'echo "Step 5: Checking RPM repository..."'
+  - export version=$(echo "${TAG}" | sed -e "s/+security-/^security_/g")
+  - dnf list available grafana-$version
+  - if [ $? -eq 0 ]; then
+  - '    echo "Grafana package found in repository. Installing from repo..."'
+  - for i in $(seq 1 60); do
+  - '    if dnf install -y --nogpgcheck grafana-$version >/dev/null 2>&1; then'
+  - '        echo "Command succeeded on attempt $i"'
+  - '        break'
+  - '    else'
+  - '        echo "Attempt $i failed"'
+  - '        if [ $i -eq 60 ]; then'
+  - '            echo ''All attempts failed'''
+  - '            exit 1'
+  - '        fi'
+  - '        echo "Waiting 30 seconds before next attempt..."'
+  - '        sleep 30'
+  - '    fi'
+  - done
+  - '    echo "Verifying GPG key..."'
+  - '    rpm --import https://rpm.grafana.com/gpg.key'
+  - '    rpm -qa gpg-pubkey* | xargs rpm -qi | grep -i grafana'
+  - else
+  - '    echo "Grafana package version $version not found in repository."'
+  - '    dnf repolist'
+  - '    dnf list available grafana*'
+  - '    exit 1'
+  - fi
+  - 'echo "Step 6: Verifying Grafana installation..."'
+  - if rpm -q grafana | grep -q "$verison"; then
+  - '    echo "Successfully verified Grafana version $version"'
+  - else
+  - '    echo "Failed to verify Grafana version $version"'
+  - '    exit 1'
+  - fi
+  - echo "Verification complete."
+  depends_on: []
+  environment: {}
+  image: rockylinux:9
+  name: verify-linux-RPM-packages
+trigger:
+  event:
+  - promote
+  target: verify-linux-packages
+type: docker
+volumes:
+- host:
+    path: /var/run/docker.sock
+  name: docker
+---
 clone:
  retries: 3
 depends_on:
@@ -3989,6 +4119,109 @@ steps:
    service_account_json:
      from_secret: packages_service_account
    target_bucket: grafana-packages
+- commands:
+  - export version=$(echo ${TAG} | sed -e "s/+security-/-/g")
+  - 'echo "Step 1: Updating package lists..."'
+  - apt-get update >/dev/null 2>&1
+  - 'echo "Step 2: Installing prerequisites..."'
+  - DEBIAN_FRONTEND=noninteractive apt-get install -yq apt-transport-https software-properties-common
+    wget >/dev/null 2>&1
+  - 'echo "Step 3: Adding Grafana GPG key..."'
+  - mkdir -p /etc/apt/keyrings/
+  - wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg
+    > /dev/null
+  - 'echo "Step 4: Adding Grafana repository..."'
+  - echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable
+    main" | tee -a /etc/apt/sources.list.d/grafana.list
+  - 'echo "Step 5: Installing Grafana..."'
+  - for i in $(seq 1 60); do
+  - '    if apt-get update >/dev/null 2>&1 && DEBIAN_FRONTEND=noninteractive apt-get
+    install -yq grafana=$version >/dev/null 2>&1; then'
+  - '        echo "Command succeeded on attempt $i"'
+  - '        break'
+  - '    else'
+  - '        echo "Attempt $i failed"'
+  - '        if [ $i -eq 60 ]; then'
+  - '            echo ''All attempts failed'''
+  - '            exit 1'
+  - '        fi'
+  - '        echo "Waiting 30 seconds before next attempt..."'
+  - '        sleep 30'
+  - '    fi'
+  - done
+  - 'echo "Step 6: Verifying Grafana installation..."'
+  - 'if dpkg -s grafana | grep -q "Version: $version"; then'
+  - '    echo "Successfully verified Grafana version $version"'
+  - else
+  - '    echo "Failed to verify Grafana version $version"'
+  - '    exit 1'
+  - fi
+  - echo "Verification complete."
+  depends_on:
+  - publish-linux-packages-deb
+  environment: {}
+  image: ubuntu:22.04
+  name: verify-linux-DEB-packages
+- commands:
+  - 'echo "Step 1: Updating package lists..."'
+  - dnf check-update -y >/dev/null 2>&1 || true
+  - 'echo "Step 2: Installing prerequisites..."'
+  - dnf install -y dnf-utils >/dev/null 2>&1
+  - 'echo "Step 3: Adding Grafana GPG key..."'
+  - rpm --import https://rpm.grafana.com/gpg.key
+  - 'echo "Step 4: Configuring Grafana repository..."'
+  - |-
+    echo -e '[grafana]
+    name=grafana
+    baseurl=https://rpm.grafana.com
+    repo_gpgcheck=0
+    enabled=1
+    gpgcheck=0
+    gpgkey=https://rpm.grafana.com/gpg.key
+    sslverify=1
+    sslcacert=/etc/pki/tls/certs/ca-bundle.crt
+    ' > /etc/yum.repos.d/grafana.repo
+  - 'echo "Step 5: Checking RPM repository..."'
+  - export version=$(echo "${TAG}" | sed -e "s/+security-/^security_/g")
+  - dnf list available grafana-$version
+  - if [ $? -eq 0 ]; then
+  - '    echo "Grafana package found in repository. Installing from repo..."'
+  - for i in $(seq 1 60); do
+  - '    if dnf install -y --nogpgcheck grafana-$version >/dev/null 2>&1; then'
+  - '        echo "Command succeeded on attempt $i"'
+  - '        break'
+  - '    else'
+  - '        echo "Attempt $i failed"'
+  - '        if [ $i -eq 60 ]; then'
+  - '            echo ''All attempts failed'''
+  - '            exit 1'
+  - '        fi'
+  - '        echo "Waiting 30 seconds before next attempt..."'
+  - '        sleep 30'
+  - '    fi'
+  - done
+  - '    echo "Verifying GPG key..."'
+  - '    rpm --import https://rpm.grafana.com/gpg.key'
+  - '    rpm -qa gpg-pubkey* | xargs rpm -qi | grep -i grafana'
+  - else
+  - '    echo "Grafana package version $version not found in repository."'
+  - '    dnf repolist'
+  - '    dnf list available grafana*'
+  - '    exit 1'
+  - fi
+  - 'echo "Step 6: Verifying Grafana installation..."'
+  - if rpm -q grafana | grep -q "$verison"; then
+  - '    echo "Successfully verified Grafana version $version"'
+  - else
+  - '    echo "Failed to verify Grafana version $version"'
+  - '    exit 1'
+  - fi
+  - echo "Verification complete."
+  depends_on:
+  - publish-linux-packages-rpm
+  environment: {}
+  image: rockylinux:9
+  name: verify-linux-RPM-packages
 - commands:
  - ./bin/build publish grafana-com --edition oss ${DRONE_TAG}
  depends_on:
@@ -4964,8 +5197,9 @@ services:
    path: /var/lib/mysql
 - commands:
  - /bin/mimir -target=backend -alertmanager.grafana-alertmanager-compatibility-enabled
+    -alertmanager.utf8-strict-mode-enabled
  environment: {}
-  image: grafana/mimir-alpine:r304-3872ccb
+  image: grafana/mimir-alpine:r316-55f47f8
  name: mimir_backend
 - environment: {}
  image: redis:6.2.11-alpine
@@ -5437,7 +5671,7 @@ steps:
  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM plugins/slack
  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM python:3.8
  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM postgres:12.3-alpine
-  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/mimir-alpine:r304-3872ccb
+  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/mimir-alpine:r316-55f47f8
  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:5.7.39
  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:8.0.32
  - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM redis:6.2.11-alpine
@@ -5476,7 +5710,7 @@ steps:
  - trivy --exit-code 1 --severity HIGH,CRITICAL plugins/slack
  - trivy --exit-code 1 --severity HIGH,CRITICAL python:3.8
  - trivy --exit-code 1 --severity HIGH,CRITICAL postgres:12.3-alpine
-  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/mimir-alpine:r304-3872ccb
+  - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/mimir-alpine:r316-55f47f8
  - trivy --exit-code 1 --severity HIGH,CRITICAL mysql:5.7.39
  - trivy --exit-code 1 --severity HIGH,CRITICAL mysql:8.0.32
  - trivy --exit-code 1 --severity HIGH,CRITICAL redis:6.2.11-alpine
@@ -5735,6 +5969,6 @@ kind: secret
 name: gcr_credentials
 ---
 kind: signature
-hmac: 61407f1b2121b47310d02c2eb313abe5112924b4f8f2ba5ed5aff4a78308aea0
+hmac: b164dd562488c482f2e670688fca02ae20dcd2e7841ec80c95838472842b4b5e

 ...
@@ -1,27 +0,0 @@
-.git
-.github
-.yarn
-build
-compiled
-/data
-deployment_tools_config.json
-/devenv
-dist
-/e2e/tmp
-node_modules
-/pkg
-/public/lib/monaco
-/scripts/grafana-server/tmp
-vendor
-e2e/test-plugins
-playwright-report
-
-# TS generate from cue by cuetsy
-**/*.gen.ts
-
-# Auto-generated internationalization files
-/public/locales/_build/
-/public/locales/**/*.js
-
-# Auto-generated icon file
-/packages/grafana-ui/src/components/Icon/iconBundle.ts
@@ -1,162 +0,0 @@
-{
-  "extends": ["@grafana/eslint-config", "plugin:react/jsx-runtime"],
-  "root": true,
-  "plugins": [
-    "@emotion",
-    "lodash",
-    "jest",
-    "import",
-    "jsx-a11y",
-    "@grafana",
-    "no-barrel-files",
-    // Included so betterer doesn't fail when processing all files,
-    // as other parts of the code use testing-library plugin
-    "testing-library",
-  ],
-  "settings": {
-    "import/internal-regex": "^(app/)|(@grafana)",
-    "import/external-module-folders": ["node_modules", ".yarn"],
-  },
-  "rules": {
-    "@grafana/no-border-radius-literal": "error",
-    "@grafana/no-unreduced-motion": "error",
-    "react/prop-types": "off",
-    // need to ignore emotion's `css` prop, see https://github.com/jsx-eslint/eslint-plugin-react/blob/master/docs/rules/no-unknown-property.md#rule-options
-    "react/no-unknown-property": ["error", { "ignore": ["css"] }],
-    "@emotion/jsx-import": "error",
-    "lodash/import-scope": [2, "member"],
-    "jest/no-focused-tests": "error",
-    "import/order": [
-      "error",
-      {
-        "groups": [["builtin", "external"], "internal", "parent", "sibling", "index"],
-        "newlines-between": "always",
-        "alphabetize": { "order": "asc" },
-      },
-    ],
-    "no-restricted-imports": [
-      "error",
-      {
-        "paths": [
-          {
-            "name": "react-redux",
-            "importNames": ["useDispatch", "useSelector"],
-            "message": "Please import from app/types instead.",
-          },
-          {
-            "name": "react-i18next",
-            "importNames": ["Trans", "t"],
-            "message": "Please import from app/core/internationalization instead",
-          },
-        ],
-      },
-    ],
-
-    // Use typescript's no-redeclare for compatibility with overrides
-    "no-redeclare": "off",
-    "@typescript-eslint/no-redeclare": ["error"],
-  },
-  "overrides": [
-    {
-      "files": ["packages/grafana-ui/src/components/uPlot/**/*.{ts,tsx}"],
-      "rules": {
-        "react-hooks/rules-of-hooks": "off",
-        "react-hooks/exhaustive-deps": "off",
-      },
-    },
-    {
-      "files": ["packages/grafana-ui/src/components/ThemeDemos/**/*.{ts,tsx}"],
-      "rules": {
-        "@emotion/jsx-import": "off",
-        "react/jsx-uses-react": "off",
-        "react/react-in-jsx-scope": "off",
-      },
-    },
-    {
-      "files": ["public/dashboards/scripted*.js"],
-      "rules": {
-        "no-redeclare": "error",
-        "@typescript-eslint/no-redeclare": "off",
-      },
-    },
-    {
-      "extends": ["plugin:jsx-a11y/recommended"],
-      "files": ["**/*.tsx"],
-      "excludedFiles": ["**/*.{spec,test}.tsx"],
-      "rules": {
-        // rules marked "off" are those left in the recommended preset we need to fix
-        // we should remove the corresponding line and fix them one by one
-        // any marked "error" contain specific overrides we'll need to keep
-        "jsx-a11y/no-autofocus": [
-          "error",
-          {
-            "ignoreNonDOM": true,
-          },
-        ],
-        "jsx-a11y/label-has-associated-control": [
-          "error",
-          {
-            "controlComponents": ["NumberInput"],
-            "depth": 2,
-          },
-        ],
-      },
-    },
-    {
-      "files": [
-        "public/app/plugins/datasource/azuremonitor/*.{ts,tsx}",
-        "public/app/plugins/datasource/azuremonitor/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloud-monitoring/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloud-monitoring/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-postgresql-datasource/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-postgresql-datasource/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-pyroscope-datasource/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-pyroscope-datasource/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-testdata-datasource/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-testdata-datasource/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/jaeger/*.{ts,tsx}",
-        "public/app/plugins/datasource/jaeger/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/mysql/*.{ts,tsx}",
-        "public/app/plugins/datasource/mysql/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/parca/*.{ts,tsx}",
-        "public/app/plugins/datasource/parca/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/tempo/*.{ts,tsx}",
-        "public/app/plugins/datasource/tempo/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloudwatch/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloudwatch/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/zipkin/*.{ts,tsx}",
-        "public/app/plugins/datasource/zipkin/**/*.{ts,tsx}",
-      ],
-      "settings": {
-        "import/resolver": {
-          "node": {
-            "extensions": [".ts", ".tsx"],
-          },
-        },
-      },
-      "rules": {
-        "import/no-restricted-paths": [
-          "error",
-          {
-            "zones": [
-              {
-                "target": "./public/app/plugins",
-                "from": "./public",
-                "except": ["./app/plugins"],
-                "message": "Core plugins are not allowed to depend on Grafana core packages",
-              },
-            ],
-          },
-        ],
-      },
-    },
-  ],
-}
@@ -12,8 +12,8 @@
 # This should make it easy to add new rules without breaking existing ones.

 # Documentation
-/.changelog-archive @grafana/grafana-release-guild
-/CHANGELOG.md @grafana/grafana-release-guild
+/.changelog-archive @grafana/grafana-developer-enablement-squad
+/CHANGELOG.md @grafana/grafana-developer-enablement-squad
 /CODE_OF_CONDUCT.md @grafana/grafana-community-support
 /CONTRIBUTING.md @grafana/grafana-community-support
 /GOVERNANCE.md @RichiH
@@ -40,7 +40,7 @@

 /docs/sources/alerting/                                                           @brendamuir
 /docs/sources/dashboards/                                                         @imatwawana
-/docs/sources/explore/                                                            @grafana/explore-squad @lwandz13
+/docs/sources/datasources/                                                        @lwandz13
 /docs/sources/panels-visualizations/                                              @imatwawana
 /docs/sources/release-notes/                                                      @irenerl24 @GrafanaWriter
 /docs/sources/upgrade-guide/                                                      @imatwawana
@@ -72,6 +72,7 @@
 /pkg/apis/ @grafana/grafana-app-platform-squad
 /pkg/apis/alerting_notifications @grafana/grafana-app-platform-squad @grafana/alerting-backend @grafana/alerting-frontend
 /pkg/apis/query @grafana/grafana-datasources-core-services
+/pkg/apis/userstorage @grafana/grafana-app-platform-squad @grafana/plugins-platform-backend
 /pkg/bus/ @grafana/grafana-search-and-storage
 /pkg/cmd/ @grafana/grafana-backend-group
 /pkg/cmd/grafana-cli/commands/install_command.go @grafana/plugins-platform-backend
@@ -121,7 +122,7 @@
 /pkg/services/apikey/ @grafana/identity-squad
 /pkg/services/cleanup/ @grafana/grafana-backend-group
 /pkg/services/contexthandler/ @grafana/grafana-backend-group @grafana/grafana-app-platform-squad
-/pkg/services/correlations/ @grafana/explore-squad
+/pkg/services/correlations/ @grafana/dataviz-squad
 /pkg/services/dashboardimport/ @grafana/grafana-backend-group
 /pkg/services/dashboards/ @grafana/grafana-app-platform-squad
 /pkg/services/dashboardversion/ @grafana/grafana-backend-group
@@ -139,7 +140,7 @@
 /pkg/services/provisioning/ @grafana/grafana-search-and-storage
 /pkg/services/provisioning/alerting/ @grafana/alerting-backend
 /pkg/services/query/ @grafana/grafana-app-platform-squad
-/pkg/services/queryhistory/ @grafana/explore-squad
+/pkg/services/queryhistory/ @grafana/observability-traces-and-profiling
 /pkg/services/quota/ @grafana/grafana-search-and-storage
 /pkg/services/screenshot/ @grafana/grafana-backend-group
 /pkg/services/search/ @grafana/grafana-search-and-storage
@@ -159,8 +160,9 @@
 /pkg/setting/ @grafana/grafana-backend-services-squad
 /pkg/tests/ @grafana/grafana-backend-services-squad
 /pkg/tests/apis/ @grafana/grafana-app-platform-squad
+/pkg/tests/apis/query @grafana/grafana-datasources-core-services
 /pkg/tests/apis/alerting @grafana/grafana-app-platform-squad @grafana/alerting-backend
-/pkg/tests/api/correlations/ @grafana/explore-squad
+/pkg/tests/api/correlations/ @grafana/dataviz-squad
 /pkg/tsdb/grafanads/ @grafana/grafana-backend-group
 /pkg/tsdb/opentsdb/ @grafana/partner-datasources
 /pkg/util/ @grafana/grafana-backend-group
@@ -188,6 +190,7 @@
 /devenv/dev-dashboards-without-uid/ @grafana/dashboards-squad
 /devenv/dev-dashboards/ @grafana/dashboards-squad
 /devenv/docker/blocks/alert_webhook_listener/ @grafana/alerting-backend
+/devenv/docker/blocks/caddy_tls/ @grafana/alerting-backend
 /devenv/docker/blocks/clickhouse/ @grafana/partner-datasources
 /devenv/docker/blocks/collectd/ @grafana/observability-metrics
 /devenv/docker/blocks/etcd @grafana/grafana-app-platform-squad
@@ -234,8 +237,8 @@
 /devenv/docker/loadtest/ @grafana/grafana-backend-services-squad
 /devenv/docker/rpmtest/ @grafana/grafana-backend-services-squad
 /devenv/jsonnet/ @grafana/dataviz-squad
+/devenv/local_cdn/ @grafana/frontend-ops
 /devenv/local-npm/ @grafana/frontend-ops
-/devenv/vscode/ @grafana/frontend-ops
 /devenv/setup.sh @grafana/grafana-backend-services-squad
 /devenv/plugins.yaml @grafana/plugins-platform-frontend

@@ -247,15 +250,15 @@


 # Continuous Integration
-.drone.yml @grafana/grafana-release-guild
-.drone.star @grafana/grafana-release-guild
-/scripts/drone/ @grafana/grafana-release-guild
-/pkg/build/ @grafana/grafana-release-guild
-/.dockerignore @grafana/grafana-release-guild
-/Dockerfile @grafana/grafana-release-guild
-/Makefile @grafana/grafana-release-guild
-/scripts/build/ @grafana/grafana-release-guild
-/scripts/list-release-artifacts.sh @grafana/grafana-release-guild
+.drone.yml @grafana/grafana-developer-enablement-squad
+.drone.star @grafana/grafana-developer-enablement-squad
+/scripts/drone/ @grafana/grafana-developer-enablement-squad
+/pkg/build/ @grafana/grafana-developer-enablement-squad
+/.dockerignore @grafana/grafana-developer-enablement-squad
+/Dockerfile @grafana/grafana-developer-enablement-squad
+/Makefile @grafana/grafana-developer-enablement-squad
+/scripts/build/ @grafana/grafana-developer-enablement-squad
+/scripts/list-release-artifacts.sh @grafana/grafana-developer-enablement-squad
 /.trivyignore @grafana/grafana-backend-services-squad

 # OSS Plugin Partnerships backend code
@@ -274,6 +277,8 @@
 # OSS Big Tent backend code
 /pkg/tsdb/mysql/ @grafana/oss-big-tent
 /pkg/tsdb/grafana-postgresql-datasource/ @grafana/oss-big-tent
+/pkg/tsdb/zipkin/ @grafana/oss-big-tent
+/pkg/tsdb/jaeger/ @grafana/oss-big-tent

 # Partner Datasources backend code
 /pkg/tsdb/mssql/ @grafana/partner-datasources
@@ -380,7 +385,8 @@
 /.nxignore @grafana/frontend-ops
 /tsconfig.json @grafana/frontend-ops
 /.editorconfig @grafana/frontend-ops
-/.eslintignore @grafana/frontend-ops
+/eslint.config.js @grafana/frontend-ops
+/.betterer.eslint.config.js @grafana/frontend-ops
 /.gitattributes @grafana/frontend-ops
 /.gitignore @grafana/frontend-ops
 /.nvmrc @grafana/frontend-ops
@@ -390,7 +396,6 @@
 /yarn.lock @grafana/frontend-ops
 /lerna.json @grafana/frontend-ops
 /.prettierrc.js @grafana/frontend-ops
-/.eslintrc @grafana/frontend-ops
 /.vim @zoltanbedi
 /jest.config.js @grafana/frontend-ops
 /latest.json @grafana/frontend-ops
@@ -414,7 +419,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/core/components/OptionsUI/ @grafana/dashboards-squad @grafana/dataviz-squad


-/public/app/core/history/ @grafana/explore-squad
+/public/app/core/history/ @grafana/observability-traces-and-profiling
 /public/app/features/admin/ @grafana/identity-access-team

 # Temp owners until Enterprise team takes over
@@ -429,7 +434,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/features/visualization/data-hover/ @grafana/dataviz-squad
 /public/app/features/commandPalette/ @grafana/grafana-frontend-platform
 /public/app/features/connections/ @grafana/plugins-platform-frontend
-/public/app/features/correlations/ @grafana/explore-squad
+/public/app/features/correlations/ @grafana/dataviz-squad
 /public/app/features/dashboard/ @grafana/dashboards-squad
 /public/app/features/dashboard/components/TransformationsEditor/ @grafana/dataviz-squad
 /public/app/features/dashboard-scene/ @grafana/dashboards-squad
@@ -437,7 +442,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/features/datasources/ @grafana/plugins-platform-frontend
 /public/app/features/dimensions/ @grafana/dataviz-squad
 /public/app/features/dataframe-import/ @grafana/dataviz-squad
-/public/app/features/explore/ @grafana/explore-squad
+/public/app/features/explore/ @grafana/observability-traces-and-profiling
 /public/app/features/expressions/ @grafana/observability-metrics
 /public/app/features/folders/ @grafana/grafana-frontend-platform
 /public/app/features/inspector/ @grafana/dashboards-squad
@@ -453,14 +458,13 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/features/playlist/ @grafana/dashboards-squad
 /public/app/features/plugins/ @grafana/plugins-platform-frontend
 /public/app/features/profile/ @grafana/grafana-frontend-platform
-/public/app/features/query-library/ @grafana/explore-squad
+/public/app/features/query-library/ @grafana/grafana-frontend-platform
 /public/app/features/runtime/ @ryantxu
 /public/app/features/query/ @grafana/dashboards-squad
 /public/app/features/sandbox/ @grafana/grafana-frontend-platform
 /public/app/features/browse-dashboards/ @grafana/grafana-frontend-platform
 /public/app/features/search/ @grafana/grafana-frontend-platform
 /public/app/features/serviceaccounts/ @grafana/identity-squad
-/public/app/features/storage/ @grafana/grafana-app-platform-squad
 /public/app/features/teams/ @grafana/access-squad
 /public/app/features/templating/ @grafana/dashboards-squad
 /public/app/features/trails/ @grafana/observability-metrics
@@ -469,6 +473,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/features/users/ @grafana/access-squad
 /public/app/features/variables/ @grafana/dashboards-squad
 /public/app/features/preferences/ @grafana/grafana-frontend-platform
+/public/app/features/bookmarks/ @grafana/grafana-frontend-platform
 /public/app/plugins/panel/alertlist/ @grafana/alerting-frontend
 /public/app/plugins/panel/annolist/ @grafana/grafana-frontend-platform
 /public/app/plugins/panel/barchart/ @grafana/dataviz-squad
@@ -547,27 +552,27 @@ playwright.config.ts @grafana/plugins-platform-frontend

 /scripts/benchmark-access-control.sh @grafana/access-squad
 /scripts/check-breaking-changes.sh @grafana/plugins-platform-frontend
-/scripts/ci-* @grafana/grafana-release-guild
-/scripts/circle-* @grafana/grafana-release-guild
-/scripts/publish-npm-packages.sh @grafana/grafana-release-guild @grafana/plugins-platform-frontend
-/scripts/validate-npm-packages.sh @grafana/grafana-release-guild @grafana/plugins-platform-frontend
+/scripts/ci-* @grafana/grafana-developer-enablement-squad
+/scripts/circle-* @grafana/grafana-developer-enablement-squad
+/scripts/publish-npm-packages.sh @grafana/grafana-developer-enablement-squad @grafana/plugins-platform-frontend
+/scripts/validate-npm-packages.sh @grafana/grafana-developer-enablement-squad @grafana/plugins-platform-frontend
 /scripts/ci-frontend-metrics.sh @grafana/grafana-frontend-platform @grafana/plugins-platform-frontend @grafana/dataviz-squad
 /scripts/cli/ @grafana/grafana-frontend-platform
 /scripts/clean-git-or-error.sh @grafana/grafana-as-code
 /scripts/grafana-server/ @grafana/grafana-frontend-platform
-/scripts/helpers/ @grafana/grafana-release-guild
+/scripts/helpers/ @grafana/grafana-developer-enablement-squad
 /scripts/import_many_dashboards.sh @torkelo
 /scripts/mixin-check.sh @bergquist
 /scripts/openapi3/ @grafana/grafana-operator-experience-squad
 /scripts/prepare-packagejson.js @grafana/frontend-ops
 /scripts/protobuf-check.sh @grafana/plugins-platform-backend
 /scripts/stripnulls.sh @grafana/grafana-as-code
-/scripts/tag_release.sh @grafana/grafana-release-guild
-/scripts/trigger_docker_build.sh @grafana/grafana-release-guild
-/scripts/trigger_grafana_packer.sh @grafana/grafana-release-guild
-/scripts/trigger_windows_build.sh @grafana/grafana-release-guild
+/scripts/tag_release.sh @grafana/grafana-developer-enablement-squad
+/scripts/trigger_docker_build.sh @grafana/grafana-developer-enablement-squad
+/scripts/trigger_grafana_packer.sh @grafana/grafana-developer-enablement-squad
+/scripts/trigger_windows_build.sh @grafana/grafana-developer-enablement-squad
 /scripts/cleanup-husky.sh @grafana/frontend-ops
-/scripts/verify-repo-update/ @grafana/grafana-release-guild
+/scripts/verify-repo-update/ @grafana/grafana-developer-enablement-squad
 /scripts/generate-icon-bundle.js @grafana/plugins-platform-frontend @grafana/grafana-frontend-platform
 /scripts/generate-rtk-apis.ts @grafana/grafana-frontend-platform
 /scripts/generate-alerting-rtk-apis.ts @grafana/alerting-frontend
@@ -626,7 +631,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /pkg/services/rendering/ @grafana/sharing-squad

 # SSE - Server Side Expressions
-/pkg/expr/ @grafana/observability-metrics
+/pkg/expr/ @grafana/grafana-datasources-core-services

 # Cloud middleware
 /grafana-mixin/ @grafana/grafana-backend-services-squad
@@ -658,6 +663,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /pkg/services/caching/ @grafana/grafana-operator-experience-squad
 /pkg/services/cloudmigration/ @grafana/grafana-operator-experience-squad
 /pkg/services/gcom/ @grafana/grafana-operator-experience-squad
+/pkg/services/authapi/ @grafana/grafana-operator-experience-squad

 # Feature toggles
 /pkg/services/featuremgmt/ @grafana/grafana-backend-services-squad
@@ -666,6 +672,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 # Kind definitions
 /kinds/dashboard @grafana/dashboards-squad
 /kinds/ @grafana/grafana-as-code
+kindsv2/ @grafana/dashboards-squad

 # Kind system and code generation
 embed.go @grafana/grafana-as-code
@@ -674,6 +681,7 @@ embed.go @grafana/grafana-as-code
 /pkg/registry/apis/ @grafana/grafana-app-platform-squad
 /pkg/registry/apis/alerting @grafana/grafana-app-platform-squad @grafana/alerting-backend
 /pkg/registry/apis/query @grafana/grafana-datasources-core-services
+/pkg/registry/apis/userstorage @grafana/grafana-app-platform-squad @grafana/plugins-platform-backend
 /pkg/codegen/ @grafana/grafana-as-code
 /pkg/codegen/generators @grafana/grafana-as-code
 /pkg/kinds/*/*_gen.go @grafana/grafana-as-code
@@ -690,44 +698,43 @@ embed.go @grafana/grafana-as-code
 /.github/dependabot.yml @grafana/frontend-ops
 /.github/issue-opened.json @grafana/grafana-community-support
 /.github/metrics-collector.json @torkelo
-/.github/pr-checks.json @marefr
-/.github/pr-commands.json @marefr
+/.github/pr-checks.json @tolzhabayev
+/.github/pr-commands.json @tolzhabayev
 /.github/renovate.json5 @grafana/frontend-ops
 /.github/teams.yml @armandgrillet
 /.github/workflows/alerting-swagger-gen.yml @grafana/alerting-backend
-/.github/workflows/auto-milestone.yml @grafana/grafana-release-guild
-/.github/workflows/backport.yml @grafana/grafana-release-guild
-/.github/workflows/bump-version.yml @grafana/grafana-release-guild
-/.github/workflows/close-milestone.yml @grafana/grafana-release-guild
-/.github/workflows/release-pr.yml @grafana/grafana-release-guild
-/.github/workflows/release-comms.yml @grafana/grafana-release-guild
+/.github/workflows/auto-milestone.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/backport.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/bump-version.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/close-milestone.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/release-pr.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/release-comms.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/codeowners-validator.yml @tolzhabayev
 /.github/workflows/codeql-analysis.yml @DanCech
 /.github/workflows/commands.yml @torkelo
-/.github/workflows/community-release.yml @grafana/grafana-release-guild
+/.github/workflows/community-release.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/detect-breaking-changes-* @grafana/plugins-platform-frontend
 /.github/workflows/doc-validator.yml @grafana/docs-tooling
 /.github/workflows/epic-add-to-platform-ux-parent-project.yml @meanmina
-/.github/workflows/github-release.yml @grafana/grafana-release-guild
+/.github/workflows/github-release.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/issue-labeled.yml @armandgrillet
 /.github/workflows/issue-opened.yml @grafana/grafana-community-support
 /.github/workflows/metrics-collector.yml @torkelo
-/.github/workflows/milestone.yml @marefr
-/.github/workflows/pr-checks.yml @marefr
+/.github/workflows/milestone.yml @tolzhabayev
+/.github/workflows/pr-checks.yml @tolzhabayev
 /.github/workflows/pr-codeql-analysis-go.yml @DanCech
 /.github/workflows/pr-codeql-analysis-javascript.yml @DanCech
 /.github/workflows/pr-codeql-analysis-python.yml @DanCech
-/.github/workflows/pr-commands.yml @marefr
-/.github/workflows/pr-patch-check.yml @grafana/grafana-release-guild
-/.github/workflows/sync-mirror.yml @grafana/grafana-release-guild
+/.github/workflows/pr-commands.yml @tolzhabayev
+/.github/workflows/pr-patch-check.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/sync-mirror.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/publish-technical-documentation-next.yml @grafana/docs-tooling
 /.github/workflows/publish-technical-documentation-release.yml @grafana/docs-tooling
-/.github/workflows/remove-milestone.yml @grafana/grafana-release-guild
+/.github/workflows/remove-milestone.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/sbom-report.yml @grafana/security-team
 /.github/workflows/scripts/json-file-to-job-output.js @grafana/plugins-platform-frontend
-/.github/workflows/scripts/pr-get-job-link.js @grafana/plugins-platform-frontend
-/.github/workflows/stale.yml @grafana/grafana-release-guild
-/.github/workflows/update-changelog.yml @grafana/grafana-release-guild
+/.github/workflows/stale.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/update-changelog.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/update-make-docs.yml @grafana/docs-tooling
 /.github/workflows/scripts/kinds/verify-kinds.go @grafana/platform-cat
 /.github/workflows/publish-kinds-next.yml @grafana/platform-cat
@@ -735,11 +742,12 @@ embed.go @grafana/grafana-as-code
 /.github/workflows/verify-kinds.yml @grafana/platform-cat
 /.github/workflows/dashboards-issue-add-label.yml @grafana/dashboards-squad
 /.github/workflows/ephemeral-instances-pr-comment.yml @grafana/grafana-backend-services-squad
-/.github/workflows/create-security-patch-from-security-mirror.yml @grafana/grafana-release-guild
+/.github/workflows/create-security-patch-from-security-mirror.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/core-plugins-build-and-release.yml @grafana/plugins-platform-frontend @grafana/plugins-platform-backend
 /.github/workflows/i18n-crowdin-upload.yml @grafana/grafana-frontend-platform
 /.github/workflows/i18n-crowdin-download.yml @grafana/grafana-frontend-platform
 /.github/workflows/pr-go-workspace-check.yml @grafana/grafana-app-platform-squad
+/.github/workflows/pr-dependabot-update-go-workspace.yml @grafana/grafana-app-platform-squad
 /.github/workflows/pr-k8s-codegen-check.yml @grafana/grafana-app-platform-squad
 /.github/workflows/go_lint.yml @grafana/grafana-backend-services-squad
 /.github/workflows/trivy-scan.yml @grafana/grafana-backend-services-squad
@@ -59,14 +59,6 @@
      "url": "https://github.com/orgs/grafana/projects/76"
    }
  },
-  {
-    "type": "label",
-    "name": "type/docs",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/69"
-    }
-  },
  {
    "type": "label",
    "name": "datasource/Azure",
@@ -539,6 +531,14 @@
      "url": "https://github.com/orgs/grafana/projects/599"
    }
  },
+  {
+    "type": "label",
+    "name": "area/provisioning/datasources",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/76"
+    }
+  },
  {
    "type": "label",
    "name": "area/scenes",
@@ -603,14 +603,6 @@
      "url": "https://github.com/orgs/grafana/projects/660"
    }
  },
-  {
-    "type": "label",
-    "name": "area/expressions",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/112"
-    }
-  },
  {
    "type": "label",
    "name": "area/backend/api",
@@ -1202,5 +1194,13 @@
    "addToProject": {
      "url": "https://github.com/orgs/grafana/projects/736"
    }
+  },
+  {
+    "type": "label",
+    "name": "area/expressions",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/699"
+    }
  }
 ]
@@ -5,6 +5,21 @@ updates:
    schedule:
      interval: "daily"
  - package-ecosystem: "gomod"
-    directory: "/"
+    directories:
+      - "/"
+      - "/apps/playlist"
+      - "/pkg/aggregator"
+      - "/pkg/apimachinery"
+      - "/pkg/apiserver"
+      - "/pkg/build"
+      - "/pkg/build/wire"
+      - "/pkg/promlib"
+      - "/pkg/semconv"
+      - "/pkg/storage/unified/apistore"
+      - "/pkg/storage/unified/resource"
+      - "/pkg/util/xorm"
    schedule:
-      interval: "weekly"
+      interval: "daily"
+      time: "02:00"
+      timezone: Etc/UTC
+    open-pull-requests-limit: 10
@@ -1,9 +1,7 @@
 {
-  "extends": [
-    "config:base"
-  ],
-  "enabledManagers": ["npm"],
-  "ignoreDeps": [
+  extends: ["config:recommended"],
+  enabledManagers: ["npm"],
+  ignoreDeps: [
    "@types/history", // this can be removed entirely when we upgrade history since v5 exposes types directly
    "history", // we should bump this together with react-router-dom (see https://github.com/grafana/grafana/issues/76744)
    "react-router-dom", // we should bump this together with history (see https://github.com/grafana/grafana/issues/76744)
@@ -14,84 +12,71 @@
    "slate", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
    "slate-react", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
    "@types/slate-react", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
-    "@types/slate" // we don't want to continue using this on the long run, use Monaco editor instead of Slate
+    "@types/slate", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
+
+    // Temporarily pause updating lerna and nx until we resolve build issues
+    "lerna",
+    "nx"
  ],
-  "includePaths": ["package.json", "packages/**", "public/app/plugins/**"],
-  "ignorePaths": ["emails/**", "plugins-bundled/**", "**/mocks/**"],
-  "labels": ["area/frontend", "dependencies", "no-changelog"],
-  "postUpdateOptions": ["yarnDedupeHighest"],
-  "packageRules": [
+  includePaths: ["package.json", "packages/**", "public/app/plugins/**"],
+  ignorePaths: ["emails/**", "plugins-bundled/**", "**/mocks/**"],
+  labels: ["area/frontend", "dependencies", "no-changelog"],
+  postUpdateOptions: ["yarnDedupeHighest"],
+  packageRules: [
    {
-      "automerge": true,
-      "matchCurrentVersion": "!/^0/",
-      "matchUpdateTypes": ["patch"],
-      "excludePackagePatterns": ["^@?storybook", "^@locker"]
+      automerge: true,
+      matchCurrentVersion: "!/^0/",
+      matchUpdateTypes: ["patch"],
+      matchPackageNames: ["!/^@?storybook/", "!/^@locker/"],
    },
    {
-      "matchPackagePatterns": ["^@?storybook"],
-      "extends": ["schedule:monthly"],
-      "groupName": "Storybook updates"
+      extends: ["schedule:monthly"],
+      groupName: "Storybook updates",
+      matchPackageNames: ["/^@?storybook/"],
    },
    {
-      "groupName": "React Aria",
-      "matchPackagePrefixes": [
-        "@react-aria/",
-        "@react-stately/"
-      ]
+      groupName: "React Aria",
+      matchPackageNames: ["@react-aria/{/,}**", "@react-stately/{/,}**"],
    },
    {
-      "groupName": "Moveable",
-      "matchPackageNames": [
-        "moveable",
-        "react-moveable"
-      ]
+      groupName: "Moveable",
+      matchPackageNames: ["moveable", "react-moveable"],
    },
    {
-      "groupName": "Slate",
-      "matchPackageNames": [
-        "@types/slate",
-        "@types/slate-react",
-        "slate",
-        "slate-react"
-      ]
+      groupName: "Slate",
+      matchPackageNames: ["@types/slate", "@types/slate-react", "slate", "slate-react"],
    },
    {
-      "groupName": "d3",
-      "matchPackagePrefixes": [
-        "d3",
-        "@types/d3"
-      ]
+      groupName: "d3",
+      matchPackageNames: ["d3{/,}**", "@types/d3{/,}**"],
    },
    {
-      "groupName": "visx",
-      "matchPackagePrefixes": [
-        "@visx/"
-      ]
+      groupName: "scenes",
+      matchPackageNames: ["@grafana/scenes", "@grafana/scenes-react"],
    },
    {
-      "groupName": "uLibraries",
-      "matchPackageNames": [
-        "@leeoniya/ufuzzy",
-        "uplot"
-      ],
-      "reviewers": ["leeoniya"],
+      groupName: "visx",
+      matchPackageNames: ["@visx/{/,}**"],
    },
    {
-      "groupName": "locker",
-      "matchPackagePrefixes": [
-        "@locker/"
-      ],
-      "reviewers": ["team:grafana/plugins-platform-frontend"],
+      groupName: "uLibraries",
+      matchPackageNames: ["@leeoniya/ufuzzy", "uplot"],
+      reviewers: ["leeoniya"],
+    },
+    {
+      groupName: "locker",
+      reviewers: ["team:grafana/plugins-platform-frontend"],
+      matchPackageNames: ["@locker/{/,}**"],
    },
  ],
-  "pin": {
-    "enabled": false
+  pin: {
+    enabled: false,
+  },
+  prConcurrentLimit: 10,
+  rebaseWhen: "conflicted",
+  reviewers: ["team:grafana/frontend-ops"],
+  separateMajorMinor: false,
+  vulnerabilityAlerts: {
+    addLabels: ["area/security"],
  },
-  "prConcurrentLimit": 10,
-  "rebaseWhen": "conflicted",
-  "reviewers": ["team:grafana/frontend-ops"],
-  "separateMajorMinor": false,
-  "vulnerabilityAlerts": {
-    "addLabels": ["area/security"]
-  }
 }
@@ -3,8 +3,11 @@ on:
  issues:
    types: [opened, closed, edited, reopened, assigned, unassigned, labeled, unlabeled]

+permissions:
+  contents: read
+  id-token: write
+
 env:
-  GITHUB_TOKEN: ${{ secrets.ISSUE_COMMANDS_TOKEN }}
  ORGANIZATION: ${{ github.repository_owner }}
  REPO: ${{ github.event.repository.name }}
  TARGET_PROJECT: 202
@@ -13,27 +16,28 @@ env:
 concurrency:
  group: issue-label-when-in-project-${{ github.event.number }}
 jobs:
-  config:
-    runs-on: "ubuntu-latest"
-    outputs:
-      has-secrets: ${{ steps.check.outputs.has-secrets }}
-    steps:
-      - name: "Check for secrets"
-        id: check
-        shell: bash
-        run: |
-          if [ -n "${{ (secrets.ISSUE_COMMANDS_TOKEN != '') || '' }}" ]; then
-            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
-          fi
-
  main:
-    needs: config
-    if: needs.config.outputs.has-secrets
+    if: github.repository == 'grafana/grafana'
    runs-on: ubuntu-latest
    steps:
-      - name: log in
-        run: gh api user -q .login
+      - name: "Get vault secrets"
+        id: vault-secrets
+        uses: grafana/shared-workflows/actions/get-vault-secrets@main
+        with:
+          # Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_commands_github_bot path in Vault
+          repo_secrets: |
+            GH_APP_ID=plugins_platform_issue_commands_github_bot:app_id
+            GH_APP_PEM=plugins_platform_issue_commands_github_bot:app_pem
+
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ env.GH_APP_ID }}
+          private_key: ${{ env.GH_APP_PEM }}
      - name: Check if issue is in target project
+        env:
+          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
        run: |
          gh api graphql -f query='
            query($org: String!, $repo: String!) {
@@ -62,6 +66,8 @@ jobs:
          done
      - name: Add label to issue
        if: env.IN_TARGET_PROJ
+        env:
+          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
        run: |
          gh api graphql -f query='
            mutation ($labelableId: ID!, $labelIds: [ID!]!) {
@@ -6,6 +6,10 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+permissions:
+  contents: read
+  id-token: write
+
 on:
  pull_request:
    paths:
@@ -154,26 +158,16 @@ jobs:
          project_id: 'grafanalabs-global'
          install_components: 'bq'

-      - name: Get link for the Github Action job
-        id: job
-        uses: actions/github-script@v6
-        with:
-          script: |
-              const name = 'Detect breaking changes';
-              const script = require('./.github/workflows/scripts/pr-get-job-link.js')
-              await script({name, github, context, core})
-
      - name: Detect breaking changes
        id: breaking-changes
        run: ./scripts/check-breaking-changes.sh
        env:
          FORCE_COLOR: 3
-          GITHUB_JOB_LINK: ${{ steps.job.outputs.link }}

      - name: Persisting the check output
        run: |
            mkdir -p ./levitate
-            echo "{ \"exit_code\": ${{ steps.breaking-changes.outputs.is_breaking }}, \"message\": \"${{ steps.breaking-changes.outputs.message }}\", \"job_link\": \"${{ steps.job.outputs.link }}#step:${GITHUB_STEP_NUMBER}:1\", \"pr_number\": \"${{ github.event.pull_request.number }}\" }" > ./levitate/result.json
+            echo "{ \"exit_code\": ${{ steps.breaking-changes.outputs.is_breaking }}, \"message\": \"${{ steps.breaking-changes.outputs.message }}\", \"pr_number\": \"${{ github.event.pull_request.number }}\" }" > ./levitate/result.json

      - name: Upload check output as artifact
        uses: actions/upload-artifact@v4
@@ -219,15 +213,12 @@ jobs:
          PR_NUMBER: ${{ github.event.pull_request.number }}
        with:
          script: |
-            const { data } = await github.rest.issues.listLabelsOnIssue({
-              issue_number: process.env.PR_NUMBER,
+            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
+              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
            });
-            const labels = data.map(({ name }) => name);
-            const doesExist = labels.includes('levitate breaking change');
-
-            return doesExist ? 1 : 0;
+            return labels.some(label => label.name === 'levitate breaking change') ? 1 : 0

      # put the markdown into a variable
      - name: Levitate Markdown
@@ -271,23 +262,41 @@ jobs:
          delete: true
          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}

-      # Posts a notification to Slack if a PR has a breaking change and it did not have a breaking change before
-      - name: Post to Slack
+      - name: Send Slack Message via Payload
        id: slack
-        if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && env.HAS_SECRETS
-        uses: slackapi/slack-github-action@v1.26.0
+        if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && github.repository == 'grafana/grafana'
+        uses: grafana/shared-workflows/actions/send-slack-message@main
        with:
-          payload: |
+          channel-id: "C031SLFH6G0"
+          payload:  |
            {
-              "pr_link": "https://github.com/grafana/grafana/pull/${{ steps.levitate-run.outputs.pr_number }}",
-              "pr_number": "${{ steps.levitate-run.outputs.pr_number }}",
-              "job_link": "${{ steps.levitate-run.outputs.job_link }}",
-              "reporting_job_link": "${{ github.event.workflow_run.html_url }}",
-              "message": "${{ steps.levitate-run.outputs.message }}"
+              "channel": "C031SLFH6G0",
+              "text": ":warning: Possible breaking changes detected in *PR:* <${{ github.event.pull_request.html_url }}|#${{ github.event.pull_request.number }} :warning:",
+              "icon_emoji": ":grot:",
+              "username": "Levitate Bot",
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "*grafana/grafana* repository has possible breaking changes"
+                  }
+                },
+                {
+                  "type": "section",
+                  "fields": [
+                    {
+                      "type": "mrkdwn",
+                      "text": "*PR:* <${{ github.event.pull_request.html_url }}|#${{ github.event.pull_request.number }}>"
+                    },
+                    {
+                      "type": "mrkdwn",
+                      "text": "*Job:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Job>"
+                    }
+                  ]
+                }
+              ]
            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_LEVITATE_WEBHOOK_URL }}
-          HAS_SECRETS: ${{ (github.repository == 'grafana/grafana' || secrets.SLACK_LEVITATE_WEBHOOK_URL != '') || '' }}

      # Add the label
      - name: Add "levitate breaking change" label
@@ -8,7 +8,7 @@ on:
        type: string
      latest:
        required: false
-        default: false
+        default: "0"
        description: Mark this release as latest (`1`) or not (`0`, default)
        type: string
      dry_run:
@@ -23,6 +23,7 @@ on:
        type: string
      latest:
        required: false
+        default: "0"
        description: Mark this release as latest (`1`) or not (`0`, default)
        type: string
      dry_run:
@@ -0,0 +1,49 @@
+name: "Update Go Workspace for Dependabot PRs"
+on:
+  pull_request:
+    branches: [main]
+    paths:
+      - .github/workflows/pr-dependabot-update-go-workspace.yml
+      - go.mod
+      - go.sum
+      - go.work
+      - go.work.sum
+      - '**/go.mod'
+      - '**/go.sum'
+      - '**.go'
+permissions:
+  contents: write
+jobs:
+  update:
+    runs-on: "ubuntu-latest"
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    continue-on-error: true
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        repository: ${{ github.event.pull_request.head.repo.full_name }}
+        ref: ${{ github.event.pull_request.head.ref }}
+
+    - name: Set go version
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: go.mod
+
+    - name: Update workspace
+      run: make update-workspace
+
+    - name: Commit and push workspace changes
+      env:
+        BRANCH_NAME: ${{ github.head_ref || github.ref_name }} 
+      run: |
+        if ! git diff --exit-code --quiet; then
+          git config --local user.name "Grot"
+          git config --local user.email "grot@grafana.com"
+          git config --local --add --bool push.autoSetupRemote true
+          echo "Committing and pushing workspace changes"
+          git remote
+          git branch -l
+          git commit -a -m "update workspace"
+          git push origin $BRANCH_NAME
+        fi
@@ -4,6 +4,15 @@ on:
  workflow_dispatch:
  pull_request:
    branches: [main]
+    paths:
+      - .github/workflows/pr-go-workspace-check.yml
+      - go.mod
+      - go.sum
+      - go.work
+      - go.work.sum
+      - '**/go.mod'
+      - '**/go.sum'
+      - '**.go'

 jobs:
  check:
@@ -8,10 +8,11 @@ on:
      dry_run:
        required: false
        default: true
+        type: boolean
      version:
        required: true
      latest:
-        type: bool
+        type: boolean
        default: false
  pull_request:
    types:
@@ -30,17 +31,18 @@ jobs:
      latest: ${{ steps.output.outputs.latest }}
    runs-on: ubuntu-latest
    steps:
+      # The github-release action expects a `LATEST` value of a string of either '1' or '0'
    - if: ${{ github.event_name == 'workflow_dispatch' }}
      run: |
        echo setting up GITHUB_ENV for ${{ github.event_name }}
        echo "VERSION=${{ inputs.version }}" >> $GITHUB_ENV
        echo "DRY_RUN=${{ inputs.dry_run }}" >> $GITHUB_ENV
-        echo "LATEST=${{ inputs.latest }}" >> $GITHUB_ENV
+        echo "LATEST=${{ inputs.latest && '1' || '0' }}" >> $GITHUB_ENV
    - if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') }}
      run: |
        echo "VERSION=$(echo ${{ github.head_ref }} | sed -e 's/release\/.*\///g')" >> $GITHUB_ENV
        echo "DRY_RUN=${{ contains(github.event.pull_request.labels.*.name, 'release/dry-run') }}" >> $GITHUB_ENV
-        echo "LATEST=${{ contains(github.event.pull_request.labels.*.name, 'release/latest') }}" >> $GITHUB_ENV
+        echo "LATEST=${{ contains(github.event.pull_request.labels.*.name, 'release/latest') && '1' || '0' }}" >> $GITHUB_ENV
    - id: output
      run: |
        echo "dry_run: $DRY_RUN"
@@ -1,9 +0,0 @@
-
-module.exports = async ({ name, github, context, core }) => {
-    const { owner, repo } = context.repo;
-    const url = `https://api.github.com/repos/${owner}/${repo}/actions/runs/${context.runId}/jobs`
-    const result = await github.request(url);
-    const job = result.data.jobs.find(j => j.name === name);
-    
-    core.setOutput('link', `${job.html_url}?check_suite_focus=true`);
-}
@@ -4,48 +4,59 @@ on:
    # only run on PRs where go.mod/go.sum/etc have been updated
    paths:
      - go.*
+      - .github/workflows/trivy-scan.yml
  push:
    branches:
      - main
    paths:
      - go.*
+      - .github/workflows/trivy-scan.yml

 jobs:
  trivy-scan:
    runs-on: ubuntu-22.04
    steps:
    - uses: actions/checkout@v4
+    - name: Install Trivy
+      uses: aquasecurity/setup-trivy@v0.2.2
+      with:
+        version: v0.56.2
+        cache: true
+    - name: Download Trivy DB
+      run: |
+        trivy fs --no-progress --download-db-only --db-repository public.ecr.aws/aquasecurity/trivy-db
    - name: Run Trivy vulnerability scanner (table output)
-      uses: aquasecurity/trivy-action@0.24.0
-      with:
-        # scan the filesystem, rather than building a Docker image prior - the
-        # downside is we won't catch dependencies that are only installed in the
-        # image, but the upside is we'll only catch vulnerabilities that are
-        # explicitly in the our dependencies
-        scan-type: 'fs'
-        scanners: 'vuln'
-        format: 'table'
-        exit-code: 1
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
-        trivyignores: .trivyignore
-        # for the PR check, ignore JS-related issues
-        skip-files: 'yarn.lock,package.json'
+      # Use the trivy binary rather than the aquasecurity/trivy-action action
+      # to avoid a few bugs
+      # scan the filesystem, rather than building a Docker image prior - the
+      # downside is we won't catch dependencies that are only installed in the
+      # image, but the upside is we'll only catch vulnerabilities that are
+      # explicitly in the our dependencies
+      run: |
+        trivy fs \
+          --scanners vuln \
+          --format table \
+          --exit-code 1 \
+          --ignore-unfixed \
+          --pkg-types os,library \
+          --severity CRITICAL,HIGH \
+          --ignorefile .trivyignore \
+          --skip-files yarn.lock,package.json \
+          --skip-db-update \
+          .
    - name: Run Trivy vulnerability scanner (SARIF)
-      uses: aquasecurity/trivy-action@0.24.0
-      with:
-        scan-type: 'fs'
-        scanners: 'vuln'
-        # Note: The SARIF format ignores severity and uploads all vulns for
-        # later triage. The table-format step above is used to fail the build
-        # if there are any critical or high vulnerabilities.
-        # See https://github.com/aquasecurity/trivy-action/issues/95
-        format: 'sarif'
-        output: 'trivy-results.sarif'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        trivyignores: .trivyignore
+      # Use the trivy binary rather than the aquasecurity/trivy-action action
+      # to avoid a few bugs
+      run: |
+        trivy fs \
+          --scanners vuln \
+          --format sarif \
+          --output trivy-results.sarif \
+          --ignore-unfixed \
+          --pkg-types os,library \
+          --ignorefile .trivyignore \
+          --skip-db-update \
+          .
      if: always() && github.repository == 'grafana/grafana'
    - name: Upload Trivy scan results to GitHub Security tab
      uses: github/codeql-action/upload-sarif@v3
@@ -107,6 +107,7 @@ profile.cov
 /pkg/extensions/*
 /pkg/build/cmd/artifactspage.go
 /pkg/build/cmd/artifactspage.tmpl.html
+/pkg/build/cmd/exportversion.go
 /pkg/server/wireexts_enterprise.go
 /pkg/cmd/grafana-cli/runner/wireexts_enterprise.go
 !/pkg/extensions/main.go
@@ -223,3 +224,5 @@ public/app/plugins/**/dist/

 # Mock service worker used for fake API responses in frontend development
 public/mockServiceWorker.js
+
+/e2e/test-plugins/*/dist
@@ -9,7 +9,21 @@
      "program": "${workspaceFolder}/pkg/cmd/grafana/",
      "env": {},
      "cwd": "${workspaceFolder}",
-      "args": ["server", "--homepath", "${workspaceFolder}", "--packaging", "dev", "cfg:app_mode=development"]
+      "args": [
+        "server", 
+        "--homepath", "${workspaceFolder}", 
+        "--packaging", "dev", 
+        "cfg:app_mode=development",
+      ]
+    },
+    {
+      "name": "Attach to Test Process",
+      "type": "go",
+      "request": "attach",
+      "mode": "remote",
+      "host": "127.0.0.1",
+      "port": 50480,
+      "apiVersion": 2,
    },
    {
      "name": "Run API Server (testdata)",
@@ -1,63 +0,0 @@
-diff --git a/cjs/history.js b/cjs/history.js
-index fcd8ebab613c6d87b9ac824feb30ab1080cf0ef2..4df20d5cb2f9ba5fc8777899aada53f49399560b 100644
--- a/cjs/history.js
-+++ b/cjs/history.js
-@@ -103,16 +103,6 @@ function createLocation(path, state, key, currentLocation) {
-     if (state !== undefined && location.state === undefined) location.state = state;
-   }
- 
-  try {
-    location.pathname = decodeURI(location.pathname);
-  } catch (e) {
-    if (e instanceof URIError) {
-      throw new URIError('Pathname "' + location.pathname + '" could not be decoded. ' + 'This is likely caused by an invalid percent-encoding.');
-    } else {
-      throw e;
-    }
-  }
-
-   if (key) location.key = key;
- 
-   if (currentLocation) {
-diff --git a/esm/history.js b/esm/history.js
-index df67820fe3eed558c44fca07a82b0cd409d46720..e0e0d4f69a407e8de782b3fdf8297d42708e110a 100644
--- a/esm/history.js
-+++ b/esm/history.js
-@@ -80,16 +80,6 @@ function createLocation(path, state, key, currentLocation) {
-     if (state !== undefined && location.state === undefined) location.state = state;
-   }
- 
-  try {
-    location.pathname = decodeURI(location.pathname);
-  } catch (e) {
-    if (e instanceof URIError) {
-      throw new URIError('Pathname "' + location.pathname + '" could not be decoded. ' + 'This is likely caused by an invalid percent-encoding.');
-    } else {
-      throw e;
-    }
-  }
-
-   if (key) location.key = key;
- 
-   if (currentLocation) {
-diff --git a/umd/history.js b/umd/history.js
-index 80e4ff66c44a2a71d4f842cc05a252e48dd18e9a..f8f4901be95e48c66f5626fbf051747a2ffbe41d 100644
--- a/umd/history.js
-+++ b/umd/history.js
-@@ -207,16 +207,6 @@
-       if (state !== undefined && location.state === undefined) location.state = state;
-     }
- 
-    try {
-      location.pathname = decodeURI(location.pathname);
-    } catch (e) {
-      if (e instanceof URIError) {
-        throw new URIError('Pathname "' + location.pathname + '" could not be decoded. ' + 'This is likely caused by an invalid percent-encoding.');
-      } else {
-        throw e;
-      }
-    }
-
-     if (key) location.key = key;
- 
-     if (currentLocation) {
@@ -26,7 +26,7 @@ plugins:
  - path: .yarn/plugins/@yarnpkg/plugin-outdated.cjs
    spec: 'https://mskelton.dev/yarn-outdated/v2'

-yarnPath: .yarn/releases/yarn-4.5.0.cjs
+yarnPath: .yarn/releases/yarn-4.5.1.cjs
 # Uncomment the following lines if you want to use Verdaccio local npm registry. Read more at packages/README.md
 #npmScopes:
 # grafana:
@@ -34,6 +34,81 @@
 - **Unified Storage:** Use ssl_mode instead of sslmode [#95662](https://github.com/grafana/grafana/pull/95662), [@chaudyg](https://github.com/chaudyg)

 <!-- 11.3.1 END -->
+<!-- 11.2.4 START -->
+
+# 11.2.4 (2024-11-19)
+
+### Features and enhancements
+
+- **Alerting:** Make context deadline on AlertNG service startup configurable [#96133](https://github.com/grafana/grafana/pull/96133), [@fayzal-g](https://github.com/fayzal-g)
+- **MigrationAssistant:** Restrict dashboards, folders and datasources by the org id of the signed in user [#96344](https://github.com/grafana/grafana/pull/96344), [@leandro-deveikis](https://github.com/leandro-deveikis)
+- **Transformations:** Add 'transpose' transform [#95076](https://github.com/grafana/grafana/pull/95076), [@jmdane](https://github.com/jmdane)
+- **User:** Check SignedInUser OrgID in RevokeInvite [#95489](https://github.com/grafana/grafana/pull/95489), [@mgyongyosi](https://github.com/mgyongyosi)
+
+### Bug fixes
+
+- **Alerting:** Force refetch prom rules when refreshing panel [#96124](https://github.com/grafana/grafana/pull/96124), [@soniaAguilarPeiron](https://github.com/soniaAguilarPeiron)
+- **Anonymous User:** Adds validator service for anonymous users [#94993](https://github.com/grafana/grafana/pull/94993), [@leandro-deveikis](https://github.com/leandro-deveikis)
+- **Anonymous User:** Adds validator service for anonymous users (Enterprise)
+- **Azure Monitor:** Support metric namespaces fallback [#95154](https://github.com/grafana/grafana/pull/95154), [@aangelisc](https://github.com/aangelisc)
+- **Azure:** Fix duplicated traces in multi-resource trace query [#95246](https://github.com/grafana/grafana/pull/95246), [@aangelisc](https://github.com/aangelisc)
+- **Azure:** Handle namespace request rejection [#95908](https://github.com/grafana/grafana/pull/95908), [@aangelisc](https://github.com/aangelisc)
+- **Folders:** Add admin permissions upon creation of a folder w. SA [#95416](https://github.com/grafana/grafana/pull/95416), [@eleijonmarck](https://github.com/eleijonmarck)
+- **Migration:** Remove table aliasing in delete statement to make it work for mariadb [#95231](https://github.com/grafana/grafana/pull/95231), [@kalleep](https://github.com/kalleep)
+- **ServerLock:** Fix pg concurrency/locking issue [#95934](https://github.com/grafana/grafana/pull/95934), [@mgyongyosi](https://github.com/mgyongyosi)
+- **ServerSideExpressions:** Disable SQL Expressions to prevent RCE and LFI vulnerability [#94959](https://github.com/grafana/grafana/pull/94959), [@samjewell](https://github.com/samjewell)
+
+<!-- 11.2.4 END -->
+<!-- 11.1.9 START -->
+
+# 11.1.9 (2024-11-19)
+
+### Features and enhancements
+
+- **Alerting:** Make context deadline on AlertNG service startup configurable [#96132](https://github.com/grafana/grafana/pull/96132), [@fayzal-g](https://github.com/fayzal-g)
+- **User:** Check SignedInUser OrgID in RevokeInvite [#95488](https://github.com/grafana/grafana/pull/95488), [@mgyongyosi](https://github.com/mgyongyosi)
+
+### Bug fixes
+
+- **Alerting:** Force refetch prom rules when refreshing panel [#96123](https://github.com/grafana/grafana/pull/96123), [@soniaAguilarPeiron](https://github.com/soniaAguilarPeiron)
+- **Anonymous User:** Adds validator service for anonymous users [#94992](https://github.com/grafana/grafana/pull/94992), [@leandro-deveikis](https://github.com/leandro-deveikis)
+- **Anonymous User:** Adds validator service for anonymous users (Enterprise)
+- **Azure Monitor:** Support metric namespaces fallback [#95153](https://github.com/grafana/grafana/pull/95153), [@aangelisc](https://github.com/aangelisc)
+- **Azure:** Fix duplicated traces in multi-resource trace query [#95245](https://github.com/grafana/grafana/pull/95245), [@aangelisc](https://github.com/aangelisc)
+- **Azure:** Handle namespace request rejection [#95907](https://github.com/grafana/grafana/pull/95907), [@aangelisc](https://github.com/aangelisc)
+- **Migration:** Remove table aliasing in delete statement to make it work for mariadb [#95230](https://github.com/grafana/grafana/pull/95230), [@kalleep](https://github.com/kalleep)
+- **Prometheus:** Fix interpolating adhoc filters with template variables [#95977](https://github.com/grafana/grafana/pull/95977), [@cazeaux](https://github.com/cazeaux)
+- **ServerLock:** Fix pg concurrency/locking issue [#95933](https://github.com/grafana/grafana/pull/95933), [@mgyongyosi](https://github.com/mgyongyosi)
+- **ServerSideExpressions:** Disable SQL Expressions to prevent RCE and LFI vulnerability [#94969](https://github.com/grafana/grafana/pull/94969), [@scottlepp](https://github.com/scottlepp)
+
+<!-- 11.1.9 END -->
+<!-- 11.0.8 START -->
+
+# 11.0.8 (2024-11-19)
+
+### Features and enhancements
+
+- **Alerting:** Make context deadline on AlertNG service startup configurable [#96131](https://github.com/grafana/grafana/pull/96131), [@fayzal-g](https://github.com/fayzal-g)
+- **User:** Check SignedInUser OrgID in RevokeInvite [#95487](https://github.com/grafana/grafana/pull/95487), [@mgyongyosi](https://github.com/mgyongyosi)
+
+### Bug fixes
+
+- **Anonymous User:** Adds validator service for anonymous users [#95151](https://github.com/grafana/grafana/pull/95151), [@leandro-deveikis](https://github.com/leandro-deveikis)
+- **Anonymous User:** Adds validator service for anonymous users (Enterprise)
+- **Azure Monitor:** Support metric namespaces fallback [#95152](https://github.com/grafana/grafana/pull/95152), [@aangelisc](https://github.com/aangelisc)
+- **Azure:** Fix duplicated traces in multi-resource trace query [#95244](https://github.com/grafana/grafana/pull/95244), [@aangelisc](https://github.com/aangelisc)
+- **Azure:** Handle namespace request rejection [#95906](https://github.com/grafana/grafana/pull/95906), [@aangelisc](https://github.com/aangelisc)
+- **Migration:** Remove table aliasing in delete statement to make it work for mariadb [#95229](https://github.com/grafana/grafana/pull/95229), [@kalleep](https://github.com/kalleep)
+- **Prometheus:** Fix interpolating adhoc filters with template variables [#95986](https://github.com/grafana/grafana/pull/95986), [@cazeaux](https://github.com/cazeaux)
+- **ServerLock:** Fix pg concurrency/locking issue [#95932](https://github.com/grafana/grafana/pull/95932), [@mgyongyosi](https://github.com/mgyongyosi)
+- **ServerSideExpressions:** Disable SQL Expressions to prevent RCE and LFI vulnerability [#94971](https://github.com/grafana/grafana/pull/94971), [@samjewell](https://github.com/samjewell)
+
+<!-- 11.0.8 END -->
+<!-- 10.4.13 START -->
+
+# 10.4.13 (2024-11-19)
+
+<!-- 10.4.13 END -->
 <!-- 11.3.0+security-01 START -->

 # 11.3.0+security-01 (2024-11-12)
@@ -43,6 +118,22 @@
 - **MigrationAssistant:** Fix Migration Assistant issue [CVE-2024-9476]

 <!-- 11.3.0+security-01 END -->
+<!-- 11.2.3+security-01 START -->
+
+# 11.2.3+security-01 (2024-11-12)
+
+- **MigrationAssistant:** Fix Migration Assistant issue [CVE-2024-9476]
+
+<!-- 11.2.3+security-01 END -->
+<!-- 10.4.12 START -->
+
+# 10.4.12 (2024-11-08)
+
+### Bug fixes
+
+- **Alerting:** Make context deadline on AlertNG service startup configurable [#96058](https://github.com/grafana/grafana/pull/96058), [@fayzal-g](https://github.com/fayzal-g)
+
+<!-- 10.4.12 END -->
 <!-- 11.3.0 START -->

 # 11.3.0 (2024-10-22)
@@ -82,6 +173,89 @@
 - **SubMenu:** Fix expanding sub menu items on touch devices [#93208](https://github.com/grafana/grafana/pull/93208), [@yincongcyincong](https://github.com/yincongcyincong)

 <!-- 11.3.0 END -->
+<!-- 11.2.3 START -->
+
+# 11.2.3 (2024-10-22)
+
+### Bug fixes
+
+- **Alerting:** Fix incorrect permission on POST external rule groups endpoint [CVE-2024-8118] [#93947](https://github.com/grafana/grafana/pull/93947), [@alexweav](https://github.com/alexweav)
+- **AzureMonitor:** Fix App Insights portal URL for multi-resource trace queries [#94475](https://github.com/grafana/grafana/pull/94475), [@aangelisc](https://github.com/aangelisc)
+- **Canvas:** Allow API calls to grafana origin [#94129](https://github.com/grafana/grafana/pull/94129), [@adela-almasan](https://github.com/adela-almasan)
+- **Folders:** Correctly show new folder button under root folder [#94712](https://github.com/grafana/grafana/pull/94712), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **OrgSync:** Do not set default Organization for a user to a non-existent Organization [#94549](https://github.com/grafana/grafana/pull/94549), [@mgyongyosi](https://github.com/mgyongyosi)
+- **Plugins:** Skip install errors if dependency plugin already exists [#94717](https://github.com/grafana/grafana/pull/94717), [@wbrowne](https://github.com/wbrowne)
+- **ServerSideExpressions:** Disable SQL Expressions to prevent RCE and LFI vulnerability [#94959](https://github.com/grafana/grafana/pull/94959), [@samjewell](https://github.com/samjewell)
+
+<!-- 11.2.3 END -->
+<!-- 11.2.2+security-01 START -->
+
+# 11.2.2+security-01 (2024-10-17)
+
+### Bug fixes
+
+- **SQL Expressions**: Fixes CVE-2024-9264
+
+<!-- 11.2.2+security-01 END -->
+<!-- 11.2.1+security-01 START -->
+
+# 11.2.1+security-01 (2024-10-17)
+
+### Features and enhancements
+
+### Bug fixes
+
+- **SQL Expressions**: Fixes CVE-2024-9264
+
+<!-- 11.2.1+security-01 END -->
+<!-- 11.1.8 START -->
+
+# 11.1.8 (2024-10-22)
+
+### Bug fixes
+
+- **Alerting:** Fix incorrect permission on POST external rule groups endpoint [CVE-2024-8118] [#93948](https://github.com/grafana/grafana/pull/93948), [@alexweav](https://github.com/alexweav)
+- **AzureMonitor:** Fix App Insights portal URL for multi-resource trace queries [#94474](https://github.com/grafana/grafana/pull/94474), [@aangelisc](https://github.com/aangelisc)
+- **OrgSync:** Do not set default Organization for a user to a non-existent Organization [#94551](https://github.com/grafana/grafana/pull/94551), [@mgyongyosi](https://github.com/mgyongyosi)
+- **ServerSideExpressions:** Disable SQL Expressions to prevent RCE and LFI vulnerability [#94969](https://github.com/grafana/grafana/pull/94969), [@scottlepp](https://github.com/scottlepp)
+
+<!-- 11.1.8 END -->
+<!-- 11.1.7+security-01 START -->
+
+# 11.1.7+security-01 (2024-10-17)
+
+### Bug fixes
+
+- **SQL Expressions**: Fixes CVE-2024-9264
+
+<!-- 11.1.7+security-01 END -->
+<!-- 11.1.6+security-01 START -->
+
+# 11.1.6+security-01 (2024-10-17)
+
+### Bug fixes
+
+- **SQL Expressions**: Fixes CVE-2024-9264
+
+<!-- 11.1.6+security-01 END -->
+<!-- 11.0.6+security-01 START -->
+
+# 11.0.6+security-01 (2024-10-17)
+
+### Bug fixes
+
+- **SQL Expressions**: Fixes CVE-2024-9264
+
+<!-- 11.0.6+security-01 END -->
+<!-- 11.0.5+security-01 START -->
+
+# 11.0.5+security-01 (2024-10-17)
+
+### Bug fixes
+
+- **SQL Expressions**: Fixes CVE-2024-9264
+
+<!-- 11.0.5+security-01 END -->
 <!-- 11.2.2 START -->

 # 11.2.2 (2024-10-01)
@@ -125,6 +299,19 @@
 - **Plugins:** Avoid returning 404 for `AutoEnabled` apps [#93487](https://github.com/grafana/grafana/pull/93487), [@wbrowne](https://github.com/wbrowne)

 <!-- 11.1.7 END -->
+<!-- 11.0.7 START -->
+
+# 11.0.7 (2024-10-22)
+
+### Bug fixes
+
+- **Alerting:** Fix incorrect permission on POST external rule groups endpoint [CVE-2024-8118] [#93949](https://github.com/grafana/grafana/pull/93949), [@alexweav](https://github.com/alexweav)
+- **AzureMonitor:** Fix App Insights portal URL for multi-resource trace queries [#94489](https://github.com/grafana/grafana/pull/94489), [@aangelisc](https://github.com/aangelisc)
+- **Dashboard:** Make dashboard search faster [#94702](https://github.com/grafana/grafana/pull/94702), [@knuzhdin](https://github.com/knuzhdin)
+- **OrgSync:** Do not set default Organization for a user to a non-existent Organization [#94552](https://github.com/grafana/grafana/pull/94552), [@mgyongyosi](https://github.com/mgyongyosi)
+- **ServerSideExpressions:** Disable SQL Expressions to prevent RCE and LFI vulnerability [#94971](https://github.com/grafana/grafana/pull/94971), [@samjewell](https://github.com/samjewell)
+
+<!-- 11.0.7 END -->
 <!-- 11.0.6 START -->

 # 11.0.6 (2024-10-01)
@@ -142,6 +329,17 @@
 - **Plugins:** Avoid returning 404 for `AutoEnabled` apps [#93486](https://github.com/grafana/grafana/pull/93486), [@wbrowne](https://github.com/wbrowne)

 <!-- 11.0.6 END -->
+<!-- 10.4.11 START -->
+
+# 10.4.11 (2024-10-22)
+
+### Bug fixes
+
+- **Alerting:** Fix broken panelId links [#94686](https://github.com/grafana/grafana/pull/94686), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Fix incorrect permission on POST external rule groups endpoint [CVE-2024-8118] [#93946](https://github.com/grafana/grafana/pull/93946), [@alexweav](https://github.com/alexweav)
+- **Dashboard:** Make dashboard search faster [#94703](https://github.com/grafana/grafana/pull/94703), [@knuzhdin](https://github.com/knuzhdin)
+
+<!-- 10.4.11 END -->
 <!-- 10.4.10 START -->

 # 10.4.10 (2024-10-01)
@@ -157,6 +355,16 @@
 - **Correlations:** Limit access to correlations page to users who can access Explore [#93673](https://github.com/grafana/grafana/pull/93673), [@ifrost](https://github.com/ifrost)

 <!-- 10.4.10 END -->
+<!-- 10.3.12 START -->
+
+# 10.3.12 (2024-10-22)
+
+### Bug fixes
+
+- **Alerting:** Fix incorrect permission on POST external rule groups endpoint [CVE-2024-8118] [#93945](https://github.com/grafana/grafana/pull/93945), [@alexweav](https://github.com/alexweav)
+- **Dashboard:** Make dashboard search faster [#94704](https://github.com/grafana/grafana/pull/94704), [@knuzhdin](https://github.com/knuzhdin)
+
+<!-- 10.3.12 END -->
 <!-- 10.3.11 START -->

 # 10.3.11 (2024-10-01)
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG BASE_IMAGE=alpine:3.19.1
+ARG BASE_IMAGE=alpine:3.20
 ARG JS_IMAGE=node:20-alpine
 ARG JS_PLATFORM=linux/amd64
 ARG GO_IMAGE=golang:1.23.1-alpine
@@ -30,7 +30,7 @@ COPY tsconfig.json .eslintrc .editorconfig .browserslistrc .prettierrc.js ./
 COPY scripts scripts
 COPY emails emails

-ENV NODE_ENV production
+ENV NODE_ENV=production
 RUN yarn build

 FROM ${GO_IMAGE} as go-builder
@@ -77,6 +77,7 @@ RUN if [[ "$BINGO" = "true" ]]; then \
 COPY embed.go Makefile build.go package.json ./
 COPY cue.mod cue.mod
 COPY kinds kinds
+COPY kindsv2 kindsv2
 COPY local local
 COPY packages/grafana-schema packages/grafana-schema
 COPY public/app/plugins public/app/plugins
@@ -3,3 +3,4 @@
 List of previous team members that have had a big impact on the company or the product and contributed during a long period of time.

 - Hugo Häggmark ([Björn Lundén](https://www.bjornlunden.se/))
+- Marcus Efraimsson
@@ -17,6 +17,7 @@ GO_RACE_FLAG := $(if $(GO_RACE),-race)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_DEV),-dev)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_TAGS),-build-tags=$(GO_BUILD_TAGS))
 GO_BUILD_FLAGS += $(GO_RACE_FLAG)
+GIT_BASE = remotes/origin/main

 # GNU xargs has flag -r, and BSD xargs (e.g. MacOS) has that behaviour by default
 XARGSR = $(shell xargs --version 2>&1 | grep -q GNU && echo xargs -r || echo xargs)
@@ -145,6 +146,11 @@ gen-cue: ## Do all CUE/Thema code generation
 	go generate ./kinds/gen.go
 	go generate ./public/app/plugins/gen.go

+.PHONY: gen-cuev2
+gen-cuev2: ## Do all CUE code generation
+	@echo "generate code from .cue files (v2)"
+	go generate ./kindsv2/gen.go
+
 .PHONY: gen-feature-toggles
 gen-feature-toggles:
 ## First go test run fails because it will re-generate the feature toggles.
@@ -173,12 +179,16 @@ gen-jsonnet:
 	go generate ./devenv/jsonnet

 .PHONY: update-workspace
-update-workspace:
+update-workspace: gen-go
 	@echo "updating workspace"
 	bash scripts/go-workspace/update-workspace.sh

 .PHONY: build-go
 build-go: gen-go update-workspace ## Build all Go binaries.
+	@echo "build go files with updated workspace"
+	$(GO) run build.go $(GO_BUILD_FLAGS) build
+
+build-go-fast: gen-go ## Build all Go binaries.
 	@echo "build go files"
 	$(GO) run build.go $(GO_BUILD_FLAGS) build

@@ -308,7 +318,7 @@ lint-go: golangci-lint ## Run all code checks for backend. You can use GO_LINT_F

 .PHONY: lint-go-diff
 lint-go-diff: $(GOLANGCI_LINT)
-	git diff --name-only remotes/origin/main | \
+	git diff --name-only $(GIT_BASE) | \
 		grep '\.go$$' | \
 		$(XARGSR) dirname | \
 		sort -u | \
@@ -411,6 +421,7 @@ protobuf: ## Compile protobuf definitions
 	buf generate pkg/plugins/backendplugin/pluginextensionv2 --template pkg/plugins/backendplugin/pluginextensionv2/buf.gen.yaml
 	buf generate pkg/plugins/backendplugin/secretsmanagerplugin --template pkg/plugins/backendplugin/secretsmanagerplugin/buf.gen.yaml
 	buf generate pkg/storage/unified/resource --template pkg/storage/unified/resource/buf.gen.yaml
+	buf generate pkg/services/authz/proto/v1 --template pkg/services/authz/proto/v1/buf.gen.yaml

 .PHONY: clean
 clean: ## Clean up intermediate build artifacts.
@@ -38,7 +38,7 @@ If you're interested in contributing to the Grafana project:

 ## Get involved

- Follow [@grafana on Twitter](https://twitter.com/grafana/).
+- Follow [@grafana on X (formerly Twitter)](https://x.com/grafana/).
 - Read and subscribe to the [Grafana blog](https://grafana.com/blog/).
 - If you have a specific question, check out our [discussion forums](https://community.grafana.com/).
 - For general discussions, join us on the [official Slack](https://slack.grafana.com) team.
@@ -0,0 +1,4 @@
+.PHONY: generate
+generate:
+	## --crdencoding none is needed to avoid infinite loop while generating recursive models'
+	grafana-app-sdk generate -c . -g ./apis --crdencoding none
@@ -0,0 +1,49 @@
+package core
+
+route: {
+	kind:  "RoutingTree"
+	group: "notifications"
+	apiResource: {
+		groupOverride: "notifications.alerting.grafana.app"
+	}
+	codegen: {
+		frontend: false
+		backend:  true
+	}
+	pluralName: "RoutingTrees"
+	current:    "v0alpha1"
+	versions: {
+		"v0alpha1": {
+			schema: {
+				#RouteDefaults: {
+					receiver: string
+					group_by?: [...string]
+					group_wait?: string
+					group_interval?:  string
+					repeat_interval?: string
+				}
+				#Matcher: {
+					 type: "=" |"!="|"=~"|"!~" @cuetsy(kind="enum")
+					 label: string
+					 value: string
+				}
+				#Route: {
+					receiver?: string
+					matchers?: [...#Matcher]
+					continue: bool
+
+					group_by?: [...string]
+					mute_time_intervals?: [...string]
+					routes?: [...#Route]
+					group_wait?: string
+					group_interval?:  string
+					repeat_interval?: string
+				}
+				spec: {
+					 defaults: #RouteDefaults
+					 routes: [...#Route]
+				}
+			}
+		}
+	}
+}
@@ -1,3 +1,3 @@
 .PHONY: generate
 generate:
-	@grafana-app-sdk generate -g ./apis --kindgrouping=group --postprocess
+	@grafana-app-sdk generate -g ./pkg/apis --kindgrouping=group --postprocess --crdencoding none
@@ -3,36 +3,81 @@ module github.com/grafana/grafana/apps/playlist
 go 1.23.1

 require (
-	github.com/grafana/grafana-app-sdk v0.19.0
+	github.com/grafana/grafana-app-sdk v0.23.1
 	k8s.io/apimachinery v0.31.1
+	k8s.io/klog/v2 v2.130.1
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340
 )

 require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/getkin/kin-openapi v0.128.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/invopop/yaml v0.3.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/perimeterx/marshmallow v1.1.5 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.60.1 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/puzpuzpuz/xsync/v2 v2.5.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.29.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	go.opentelemetry.io/otel v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0 // indirect
+	go.opentelemetry.io/otel/metric v1.32.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.32.0 // indirect
+	go.opentelemetry.io/otel/trace v1.32.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	google.golang.org/grpc v1.67.1 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/api v0.31.1 // indirect
+	k8s.io/apiextensions-apiserver v0.31.1 // indirect
+	k8s.io/client-go v0.31.1 // indirect
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
@@ -1,19 +1,36 @@
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous=
+github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
+github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/getkin/kin-openapi v0.128.0 h1:jqq3D9vC9pPq1dGcOCv7yOp1DaEe7c/T1vzcLbITSp4=
+github.com/getkin/kin-openapi v0.128.0/go.mod h1:OZrfXzUfGrNbsKj+xmFBx6E5c6yH3At/tAKSc2UszXM=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
 github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
 github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
+github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
@@ -26,18 +43,35 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/grafana/grafana-app-sdk v0.19.0 h1:RY9HvCFR+4WUy81n53wejZnof9qE6++pd6r24d6+JYs=
-github.com/grafana/grafana-app-sdk v0.19.0/go.mod h1:y0BgzYxc+a7CwOqkwUhN9zXd5cgZJjd2zAbgHEd/xzo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grafana/grafana-app-sdk v0.23.1 h1:BRpUG0bA0oVxjthkmO2thuJBo3nbjaRSSmZJHw+mA8I=
+github.com/grafana/grafana-app-sdk v0.23.1/go.mod h1:KzgPnTJfMeckGmMctv6CJb8Jr/o/5rwARDyjXoeR0Fc=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso=
+github.com/invopop/yaml v0.3.1/go.mod h1:PMOp3nn4/12yEZUFfmOuNHJsZToEEOwoWsT+D81KkeA=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -45,21 +79,59 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/perimeterx/marshmallow v1.1.5 h1:a2LALqQ1BlHM8PZblsDdidgv1mWi1DgC2UmX50IvK2s=
+github.com/perimeterx/marshmallow v1.1.5/go.mod h1:dsXbUu8CRzfYP5a87xpp0xq9S3u0Vchtcl8we9tYaXw=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc=
+github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
+github.com/puzpuzpuz/xsync/v2 v2.5.1 h1:mVGYAvzDSu52+zaGyNjC+24Xw2bQi3kTr4QJ6N9pIIU=
+github.com/puzpuzpuz/xsync/v2 v2.5.1/go.mod h1:gD2H2krq/w52MfPLE+Uy64TzJDVY7lP2znR9qmR35kU=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
+go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0 h1:lUsI2TYsQw2r1IASwoROaCnjdj2cvC2+Jbxvk6nHnWU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0/go.mod h1:2HpZxxQurfGxJlJDblybejHB6RX6pmExPNe517hREw4=
+go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
+go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
+go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4=
+go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU=
+go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
+go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -69,18 +141,26 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
-golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
-golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
+golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -89,8 +169,16 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
+gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
+google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@@ -101,8 +189,14 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
+k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
+k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40=
+k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ=
 k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
 k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
+k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
@@ -5,6 +5,8 @@ externalName: {
 	group: "playlist"
 	apiResource: {
 		groupOverride: "playlist.grafana.app"
+		mutation: operations:  ["create","update"]
+		validation: operations:  ["create","update"]
 	}
 	codegen: {
 		frontend: false
@@ -0,0 +1,64 @@
+//
+// This file is generated by grafana-app-sdk
+// DO NOT EDIT
+//
+
+package apis
+
+import (
+	"encoding/json"
+
+	"github.com/grafana/grafana-app-sdk/app"
+)
+
+var (
+	rawSchemaPlaylistv0alpha1     = []byte(`{"spec":{"properties":{"interval":{"type":"string"},"items":{"items":{"properties":{"type":{"description":"type of the item.","enum":["dashboard_by_tag","dashboard_by_uid","dashboard_by_id"],"type":"string"},"value":{"description":"Value depends on type and describes the playlist item.\n - dashboard_by_id: The value is an internal numerical identifier set by Grafana. This\n is not portable as the numerical identifier is non-deterministic between different instances.\n Will be replaced by dashboard_by_uid in the future. (deprecated)\n - dashboard_by_tag: The value is a tag which is set on any number of dashboards. All\n dashboards behind the tag will be added to the playlist.\n - dashboard_by_uid: The value is the dashboard UID","type":"string"}},"required":["type","value"],"type":"object"},"type":"array"},"title":{"type":"string"}},"required":["title","interval","items"],"type":"object"},"status":{"properties":{"additionalFields":{"description":"additionalFields is reserved for future use","type":"object","x-kubernetes-preserve-unknown-fields":true},"operatorStates":{"additionalProperties":{"properties":{"descriptiveState":{"description":"descriptiveState is an optional more descriptive state field which has no requirements on format","type":"string"},"details":{"description":"details contains any extra information that is operator-specific","type":"object","x-kubernetes-preserve-unknown-fields":true},"lastEvaluation":{"description":"lastEvaluation is the ResourceVersion last evaluated","type":"string"},"state":{"description":"state describes the state of the lastEvaluation.\nIt is limited to three possible states for machine evaluation.","enum":["success","in_progress","failed"],"type":"string"}},"required":["lastEvaluation","state"],"type":"object"},"description":"operatorStates is a map of operator ID to operator state evaluations.\nAny operator which consumes this kind SHOULD add its state evaluation information to this field.","type":"object"}},"type":"object","x-kubernetes-preserve-unknown-fields":true}}`)
+	versionSchemaPlaylistv0alpha1 app.VersionSchema
+	_                             = json.Unmarshal(rawSchemaPlaylistv0alpha1, &versionSchemaPlaylistv0alpha1)
+)
+
+var appManifestData = app.ManifestData{
+	AppName: "playlist",
+	Group:   "playlist.grafana.app",
+	Kinds: []app.ManifestKind{
+		{
+			Kind:       "Playlist",
+			Scope:      "Namespaced",
+			Conversion: false,
+			Versions: []app.ManifestKindVersion{
+				{
+					Name: "v0alpha1",
+					Admission: &app.AdmissionCapabilities{
+						Validation: &app.ValidationCapability{
+							Operations: []app.AdmissionOperation{
+								app.AdmissionOperationCreate,
+								app.AdmissionOperationUpdate,
+							},
+						},
+						Mutation: &app.MutationCapability{
+							Operations: []app.AdmissionOperation{
+								app.AdmissionOperationCreate,
+								app.AdmissionOperationUpdate,
+							},
+						},
+					},
+					Schema: &versionSchemaPlaylistv0alpha1,
+				},
+			},
+		},
+	},
+}
+
+func jsonToMap(j string) map[string]any {
+	m := make(map[string]any)
+	json.Unmarshal([]byte(j), &j)
+	return m
+}
+
+func LocalManifest() app.Manifest {
+	return app.NewEmbeddedManifest(appManifestData)
+}
+
+func RemoteManifest() app.Manifest {
+	return app.NewAPIServerManifest("playlist")
+}
@@ -65,12 +65,13 @@ func (o *Playlist) SetSubresource(name string, value any) error {
 }

 func (o *Playlist) GetStaticMetadata() resource.StaticMetadata {
+	gvk := o.GroupVersionKind()
 	return resource.StaticMetadata{
 		Name:      o.ObjectMeta.Name,
 		Namespace: o.ObjectMeta.Namespace,
-		Group:     o.GroupVersionKind().Group,
-		Version:   o.GroupVersionKind().Version,
-		Kind:      o.GroupVersionKind().Kind,
+		Group:     gvk.Group,
+		Version:   gvk.Version,
+		Kind:      gvk.Kind,
 	}
 }

@@ -12,17 +12,17 @@ import (

 func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
 	return map[string]common.OpenAPIDefinition{
-		"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.Playlist":                    schema_playlist_apis_playlist_v0alpha1_Playlist(ref),
-		"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistItem":                schema_playlist_apis_playlist_v0alpha1_PlaylistItem(ref),
-		"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistList":                schema_playlist_apis_playlist_v0alpha1_PlaylistList(ref),
-		"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistOperatorState":       schema_playlist_apis_playlist_v0alpha1_PlaylistOperatorState(ref),
-		"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistSpec":                schema_playlist_apis_playlist_v0alpha1_PlaylistSpec(ref),
-		"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistStatus":              schema_playlist_apis_playlist_v0alpha1_PlaylistStatus(ref),
-		"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlayliststatusOperatorState": schema_playlist_apis_playlist_v0alpha1_PlayliststatusOperatorState(ref),
+		"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.Playlist":                    schema_pkg_apis_playlist_v0alpha1_Playlist(ref),
+		"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistItem":                schema_pkg_apis_playlist_v0alpha1_PlaylistItem(ref),
+		"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistList":                schema_pkg_apis_playlist_v0alpha1_PlaylistList(ref),
+		"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistOperatorState":       schema_pkg_apis_playlist_v0alpha1_PlaylistOperatorState(ref),
+		"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistSpec":                schema_pkg_apis_playlist_v0alpha1_PlaylistSpec(ref),
+		"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistStatus":              schema_pkg_apis_playlist_v0alpha1_PlaylistStatus(ref),
+		"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlayliststatusOperatorState": schema_pkg_apis_playlist_v0alpha1_PlayliststatusOperatorState(ref),
 	}
 }

-func schema_playlist_apis_playlist_v0alpha1_Playlist(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_playlist_v0alpha1_Playlist(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -51,13 +51,13 @@ func schema_playlist_apis_playlist_v0alpha1_Playlist(ref common.ReferenceCallbac
 					"spec": {
 						SchemaProps: spec.SchemaProps{
 							Default: map[string]interface{}{},
-							Ref:     ref("github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistSpec"),
+							Ref:     ref("github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistSpec"),
 						},
 					},
 					"status": {
 						SchemaProps: spec.SchemaProps{
 							Default: map[string]interface{}{},
-							Ref:     ref("github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistStatus"),
+							Ref:     ref("github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistStatus"),
 						},
 					},
 				},
@@ -65,11 +65,11 @@ func schema_playlist_apis_playlist_v0alpha1_Playlist(ref common.ReferenceCallbac
 			},
 		},
 		Dependencies: []string{
-			"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistSpec", "github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
+			"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistSpec", "github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
 	}
 }

-func schema_playlist_apis_playlist_v0alpha1_PlaylistItem(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_playlist_v0alpha1_PlaylistItem(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -99,7 +99,7 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistItem(ref common.ReferenceCal
 	}
 }

-func schema_playlist_apis_playlist_v0alpha1_PlaylistList(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_playlist_v0alpha1_PlaylistList(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -132,7 +132,7 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistList(ref common.ReferenceCal
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
 										Default: map[string]interface{}{},
-										Ref:     ref("github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.Playlist"),
+										Ref:     ref("github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.Playlist"),
 									},
 								},
 							},
@@ -143,11 +143,11 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistList(ref common.ReferenceCal
 			},
 		},
 		Dependencies: []string{
-			"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.Playlist", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
+			"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.Playlist", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
 	}
 }

-func schema_playlist_apis_playlist_v0alpha1_PlaylistOperatorState(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_playlist_v0alpha1_PlaylistOperatorState(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -199,7 +199,7 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistOperatorState(ref common.Ref
 	}
 }

-func schema_playlist_apis_playlist_v0alpha1_PlaylistSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_playlist_v0alpha1_PlaylistSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -220,7 +220,7 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistSpec(ref common.ReferenceCal
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
 										Default: map[string]interface{}{},
-										Ref:     ref("github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistItem"),
+										Ref:     ref("github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistItem"),
 									},
 								},
 							},
@@ -238,11 +238,11 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistSpec(ref common.ReferenceCal
 			},
 		},
 		Dependencies: []string{
-			"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlaylistItem"},
+			"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlaylistItem"},
 	}
 }

-func schema_playlist_apis_playlist_v0alpha1_PlaylistStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_playlist_v0alpha1_PlaylistStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -273,7 +273,7 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistStatus(ref common.ReferenceC
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
 										Default: map[string]interface{}{},
-										Ref:     ref("github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlayliststatusOperatorState"),
+										Ref:     ref("github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlayliststatusOperatorState"),
 									},
 								},
 							},
@@ -283,11 +283,11 @@ func schema_playlist_apis_playlist_v0alpha1_PlaylistStatus(ref common.ReferenceC
 			},
 		},
 		Dependencies: []string{
-			"github.com/grafana/grafana/apps/playlist/apis/playlist/v0alpha1.PlayliststatusOperatorState"},
+			"github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1.PlayliststatusOperatorState"},
 	}
 }

-func schema_playlist_apis_playlist_v0alpha1_PlayliststatusOperatorState(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_playlist_v0alpha1_PlayliststatusOperatorState(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -0,0 +1,87 @@
+package app
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/grafana/grafana-app-sdk/app"
+	"github.com/grafana/grafana-app-sdk/operator"
+	"github.com/grafana/grafana-app-sdk/resource"
+	"github.com/grafana/grafana-app-sdk/simple"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/klog/v2"
+
+	playlistv0alpha1 "github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1"
+	"github.com/grafana/grafana/apps/playlist/pkg/watchers"
+)
+
+type PlaylistConfig struct {
+	EnableWatchers bool
+}
+
+func New(cfg app.Config) (app.App, error) {
+	var (
+		playlistWatcher operator.ResourceWatcher
+		err             error
+	)
+
+	playlistConfig, ok := cfg.SpecificConfig.(*PlaylistConfig)
+	if ok && playlistConfig.EnableWatchers {
+		playlistWatcher, err = watchers.NewPlaylistWatcher()
+		if err != nil {
+			return nil, fmt.Errorf("unable to create PlaylistWatcher: %w", err)
+		}
+	}
+
+	simpleConfig := simple.AppConfig{
+		Name:       "playlist",
+		KubeConfig: cfg.KubeConfig,
+		InformerConfig: simple.AppInformerConfig{
+			ErrorHandler: func(ctx context.Context, err error) {
+				klog.ErrorS(err, "Informer processing error")
+			},
+		},
+		ManagedKinds: []simple.AppManagedKind{
+			{
+				Kind:    playlistv0alpha1.PlaylistKind(),
+				Watcher: playlistWatcher,
+				Mutator: &simple.Mutator{
+					MutateFunc: func(ctx context.Context, req *app.AdmissionRequest) (*app.MutatingResponse, error) {
+						// modify req.Object if needed
+						return &app.MutatingResponse{
+							UpdatedObject: req.Object,
+						}, nil
+					},
+				},
+				Validator: &simple.Validator{
+					ValidateFunc: func(ctx context.Context, req *app.AdmissionRequest) error {
+						// do something here if needed
+						return nil
+					},
+				},
+			},
+		},
+	}
+
+	a, err := simple.NewApp(simpleConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	err = a.ValidateManifest(cfg.ManifestData)
+	if err != nil {
+		return nil, err
+	}
+
+	return a, nil
+}
+
+func GetKinds() map[schema.GroupVersion]resource.Kind {
+	gv := schema.GroupVersion{
+		Group:   playlistv0alpha1.PlaylistKind().Group(),
+		Version: playlistv0alpha1.PlaylistKind().Version(),
+	}
+	return map[schema.GroupVersion]resource.Kind{
+		gv: playlistv0alpha1.PlaylistKind(),
+	}
+}
@@ -0,0 +1,75 @@
+package watchers
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/grafana/grafana-app-sdk/operator"
+	"github.com/grafana/grafana-app-sdk/resource"
+	"k8s.io/klog/v2"
+
+	playlist "github.com/grafana/grafana/apps/playlist/pkg/apis/playlist/v0alpha1"
+)
+
+var _ operator.ResourceWatcher = &PlaylistWatcher{}
+
+type PlaylistWatcher struct{}
+
+func NewPlaylistWatcher() (*PlaylistWatcher, error) {
+	return &PlaylistWatcher{}, nil
+}
+
+// Add handles add events for playlist.Playlist resources.
+func (s *PlaylistWatcher) Add(ctx context.Context, rObj resource.Object) error {
+	object, ok := rObj.(*playlist.Playlist)
+	if !ok {
+		return fmt.Errorf("provided object is not of type *playlist.Playlist (name=%s, namespace=%s, kind=%s)",
+			rObj.GetStaticMetadata().Name, rObj.GetStaticMetadata().Namespace, rObj.GetStaticMetadata().Kind)
+	}
+
+	klog.InfoS("Added resource", "name", object.GetStaticMetadata().Identifier().Name)
+	return nil
+}
+
+// Update handles update events for playlist.Playlist resources.
+func (s *PlaylistWatcher) Update(ctx context.Context, rOld resource.Object, rNew resource.Object) error {
+	oldObject, ok := rOld.(*playlist.Playlist)
+	if !ok {
+		return fmt.Errorf("provided object is not of type *playlist.Playlist (name=%s, namespace=%s, kind=%s)",
+			rOld.GetStaticMetadata().Name, rOld.GetStaticMetadata().Namespace, rOld.GetStaticMetadata().Kind)
+	}
+
+	_, ok = rNew.(*playlist.Playlist)
+	if !ok {
+		return fmt.Errorf("provided object is not of type *playlist.Playlist (name=%s, namespace=%s, kind=%s)",
+			rNew.GetStaticMetadata().Name, rNew.GetStaticMetadata().Namespace, rNew.GetStaticMetadata().Kind)
+	}
+
+	klog.InfoS("Updated resource", "name", oldObject.GetStaticMetadata().Identifier().Name)
+	return nil
+}
+
+// Delete handles delete events for playlist.Playlist resources.
+func (s *PlaylistWatcher) Delete(ctx context.Context, rObj resource.Object) error {
+	object, ok := rObj.(*playlist.Playlist)
+	if !ok {
+		return fmt.Errorf("provided object is not of type *playlist.Playlist (name=%s, namespace=%s, kind=%s)",
+			rObj.GetStaticMetadata().Name, rObj.GetStaticMetadata().Namespace, rObj.GetStaticMetadata().Kind)
+	}
+
+	klog.InfoS("Deleted resource", "name", object.GetStaticMetadata().Identifier().Name)
+	return nil
+}
+
+// Sync is not a standard resource.Watcher function, but is used when wrapping this watcher in an operator.OpinionatedWatcher.
+// It handles resources which MAY have been updated during an outage period where the watcher was not able to consume events.
+func (s *PlaylistWatcher) Sync(ctx context.Context, rObj resource.Object) error {
+	object, ok := rObj.(*playlist.Playlist)
+	if !ok {
+		return fmt.Errorf("provided object is not of type *playlist.Playlist (name=%s, namespace=%s, kind=%s)",
+			rObj.GetStaticMetadata().Name, rObj.GetStaticMetadata().Namespace, rObj.GetStaticMetadata().Kind)
+	}
+
+	klog.InfoS("Possible resource update", "name", object.GetStaticMetadata().Identifier().Name)
+	return nil
+}
@@ -316,6 +316,9 @@ feedback_links_enabled = true
 # Static context that is being added to analytics events
 reporting_static_context =

+# Logs interaction events to the browser javascript console, intended for development only
+browser_console_reporter = false
+
 #################################### Security ############################
 [security]
 # disable creation of admin user on first start of grafana
@@ -403,8 +406,9 @@ angular_support_enabled = false
 # The CSRF check will be executed even if the request has no login cookie.
 csrf_always_check = false

-# Comma-separated list of plugins ids that won't be loaded inside the frontend sandbox
-disable_frontend_sandbox_for_plugins = grafana-incident-app
+# Comma-separated list of plugins ids that will be loaded inside the frontend sandbox
+# Currently behind the feature flag pluginsFrontendSandbox
+enable_frontend_sandbox_for_plugins =

 # Comma-separated list of paths for POST/PUT URL in actions. Empty will allow anything that is not on the same origin
 actions_allow_post_url =
@@ -553,7 +557,7 @@ token_expiration_day_limit =
 # Login cookie name
 login_cookie_name = grafana_session

-# Disable usage of Grafana build-in login solution.
+# Disable usage of Grafana's built-in login solution.
 disable_login = false

 # The maximum lifetime (duration) an authenticated user can be inactive before being required to login at next visit. Default is 7 days (7d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). The lifetime resets at each successful token rotation (token_rotation_interval_minutes).
@@ -622,6 +626,11 @@ id_response_header_namespaces = user api-key service-account
 # This feature currently **only supports single-organization deployments**
 managed_service_accounts_enabled = false

+#################################### Passwordless Auth ###########################
+[auth.passwordless]
+enabled = false
+code_expiration = 20m
+
 #################################### SSO Settings ###########################
 [sso_settings]
 # interval for reloading the SSO Settings from the database
@@ -939,7 +948,7 @@ session_duration = "15m"

 # Set the plugins that will receive AWS settings for each request (via plugin context)
 # By default this will include all Grafana Labs owned AWS plugins, or those that make use of AWS settings (ElasticSearch, Prometheus).
-forward_settings_to_plugins = cloudwatch, grafana-athena-datasource, grafana-redshift-datasource, grafana-x-ray-datasource, grafana-timestream-datasource, grafana-iot-sitewise-datasource, grafana-iot-twinmaker-app, grafana-opensearch-datasource, aws-datasource-provisioner, elasticsearch, prometheus
+forward_settings_to_plugins = cloudwatch, grafana-athena-datasource, grafana-redshift-datasource, grafana-x-ray-datasource, grafana-timestream-datasource, grafana-iot-sitewise-datasource, grafana-iot-twinmaker-app, grafana-opensearch-datasource, aws-datasource-provisioner, elasticsearch, prometheus, grafana-amazonprometheus-datasource, grafana-aurora-datasource

 #################################### Azure ###############################
 [azure]
@@ -1125,6 +1134,9 @@ log_endpoint_requests_per_second_limit = 3
 # Max requests accepted per short interval of time for Grafana backend log ingestion endpoint (/log)
 log_endpoint_burst_limit = 15

+# Enables all Faro default instrumentation by using `getWebInstrumentations`. Overrides other instrumentation flags.
+instrumentations_all_enabled = false
+
 # Should error instrumentation be enabled, only affects Grafana Javascript Agent
 instrumentations_errors_enabled = true

@@ -1562,7 +1574,8 @@ enabled = true

 #################################### Short Links #############################
 [short_links]
-# Short links which are never accessed will be deleted as cleanup. Time is in days. Default is 7 days. Max is 365. 0 means they will be deleted approximately every 10 minutes.
+# Short links that are never accessed will be deleted as cleanup. Time is set up in days. The default is 7 days. Maximum value is 365.
+# 0 means they will be deleted approximately every 10 minutes. A negative value (such as -1) will disable expiration.
 expire_time = 7

 #################################### Internal Grafana Metrics ############
@@ -1748,7 +1761,8 @@ hide_angular_deprecation =
 # Comma separated list of plugin ids for which environment variables should be forwarded. Used only when feature flag pluginsSkipHostEnvVars is enabled.
 forward_host_env_vars =
 # Comma separated list of plugin ids to install as part of the startup process.
-preinstall = grafana-lokiexplore-app
+# By default, the following plugins will be preinstalled: "grafana-lokiexplore-app"
+preinstall =
 # Controls whether preinstall plugins asynchronously (in the background) or synchronously (blocking). Useful when preinstalled plugins are used with provisioning.
 preinstall_async = true
 # Disables preinstall feature. It has the same effect as setting preinstall to an empty list.
@@ -2020,3 +2034,6 @@ fail_tests_on_console = true
 # Whether or not to enable the MSW mock API, which intercepts requests and returns mock data
 # Should only be used for local development or demo purposes
 mock_api = false
+# Whether to enable betterer eslint rules for local development
+# Useful if you want to always see betterer rules that we're trying to fix so they're more prevalent
+betterer_eslint_rules = false
@@ -315,6 +315,9 @@
 # Static context that is being added to analytics events
 ;reporting_static_context = grafanaInstance=12, os=linux

+# Logs interaction events to the browser javascript console, intended for development only
+;browser_console_reporter = false
+
 #################################### Security ####################################
 [security]
 # disable creation of admin user on first start of grafana
@@ -408,8 +411,9 @@
 # The CSRF check will be executed even if the request has no login cookie.
 ;csrf_always_check = false

-# Comma-separated list of plugins ids that won't be loaded inside the frontend sandbox
-;disable_frontend_sandbox_for_plugins =
+# Comma-separated list of plugins ids that will be loaded inside the frontend sandbox
+# Currently behind the feature flag pluginsFrontendSandbox
+;enable_frontend_sandbox_for_plugins =

 # Comma-separated list of paths for POST/PUT URL in actions. Empty will allow anything that is not on the same origin
 ;actions_allow_post_url =
@@ -1118,6 +1122,9 @@
 # Max requests accepted per short interval of time for Grafana backend log ingestion endpoint (/log).
 ;log_endpoint_burst_limit = 15

+# Enables all Faro default instrumentation by using `getWebInstrumentations`. Overrides other instrumentation flags.
+;instrumentations_all_enabled = false
+
 # Should error instrumentation be enabled, only affects Grafana Javascript Agent
 ;instrumentations_errors_enabled = true

@@ -81,7 +81,7 @@ host = "localhost:1025"
 You can access the web UI at http://localhost:12080/#/

 ## Debugging setup in VS Code
-An example of launch.json is provided in `devenv/vscode/launch.json`. It basically does what Makefile and .bra.toml do. The 'program' field is set to the folder name so VS Code loads all *.go files in it instead of just main.go.
+An example of launch.json is provided in `.vscode/launch.json`. It basically does what Makefile and .bra.toml do. The 'program' field is set to the folder name so VS Code loads all *.go files in it instead of just main.go.

 ## Troubleshooting

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash

 echo "Deleting previous bulk folders"
 find ./bulk-folders -type d -name "Bulk Folder*" -exec rm -rf "{}" \;
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash

 blocks_dir=docker/blocks
 docker_dir=docker
@@ -321,3 +321,11 @@ datasources:
    access: proxy
    url: http://localhost:4040
    editable: false
+
+
+  - name: gdev-e2etestdatasource
+    type: grafana-e2etest-datasource
+    uid: gdev-e2etest-datasource
+    access: proxy
+    url: http://localhost:4040
+    editable: false
@@ -0,0 +1,33 @@
+# TLS Caddy Server
+
+Starts a [Caddy server](https://caddyserver.com/) with TLS configured.
+
+## Setup
+
+- Caddy is setup to run on port 2081, so when configuring the webhook receiver in Grafana Alerting you should use the
+following the following URL: `https://localhost:2081`
+- Also, Caddy is configured to use a self-signed certificate and to check the client certificate (`require_and_verify` mode)
+- Caddy is setup to log requests and has debug mode enabled to make it easier to investigate possible issues
+
+## TLS Certificates
+
+If you want to configure a webhook contact point in Grafana Alerting with TLS, you need to provide a certificate and key.
+
+You can find them in `/etc/caddy` directory in the container:
+
+``` shell
+docker exec devenv-caddy_tls-1 ls /etc/caddy/
+```
+
+### CA Certificate
+
+``` shell
+docker exec devenv-caddy_tls-1 cat /etc/caddy/ca.pem
+```
+
+### Client certificates
+
+``` shell
+docker exec devenv-caddy_tls-1 cat /etc/caddy/client.pem
+docker exec devenv-caddy_tls-1 cat /etc/caddy/client.key
+```
@@ -0,0 +1,14 @@
+{
+    debug
+}
+
+localhost:2081 {
+    log
+    tls /etc/caddy/server.pem /etc/caddy/server.key {
+      ca_root /etc/caddy/ca.pem
+      client_auth {
+        mode require_and_verify
+        trust_pool file /etc/caddy/client.pem /etc/caddy/ca.pem
+      }
+    }
+}
@@ -0,0 +1,12 @@
+FROM caddy:2.8.4-alpine
+
+WORKDIR /etc/caddy
+EXPOSE 2081
+
+COPY Caddyfile ./Caddyfile
+COPY san.cnf ./san.cnf
+COPY gen_certs.sh ./gen_certs.sh
+
+RUN apk update && apk upgrade --no-cache && apk add openssl
+
+RUN ./gen_certs.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+DAYS_VALID=3650
+
+# Create CA certificate
+openssl genpkey -algorithm RSA -out ca.key
+openssl req -new -x509 -days $DAYS_VALID -key ca.key -out ca.pem -subj "/CN=My CA"
+
+# Create server certificate
+openssl genpkey -algorithm RSA -out server.key
+openssl req -new -key server.key -out server.csr -subj "/CN=localhost"
+openssl x509 -req -days $DAYS_VALID -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -extfile san.cnf -extensions v3_req
+
+# Create client key and certificate
+openssl genpkey -algorithm RSA -out client.key
+openssl req -new -key client.key -out client.csr -subj "/CN=Client"
+openssl x509 -req -days $DAYS_VALID -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.pem -extfile san.cnf -extensions v3_req
@@ -0,0 +1,7 @@
+[ v3_req ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = localhost
+IP.1 = 127.0.0.1
+IP.2 = ::1
@@ -0,0 +1,5 @@
+  caddy_tls:
+    build:
+      context: docker/blocks/caddy_tls/build
+    ports:
+      - "2081:2081"
@@ -1,6 +1,6 @@
 FROM    ubuntu:xenial

-ENV     DEBIAN_FRONTEND noninteractive
+ENV     DEBIAN_FRONTEND=noninteractive

 RUN     apt-get -y update
 RUN     apt-get -y install collectd curl python-pip
@@ -150,7 +150,8 @@ function getRandomLogItem(counter, timestamp) {
    value: counter,
    metric: chooseRandomElement(['cpu', 'memory', 'latency']),
    description: "this is description",
-    slash: "Access to the path '\\\\tkasnpo\\KASNPO\\Files\\contacts.xml' is denied."
+    slash: "Access to the path '\\\\tkasnpo\\KASNPO\\Files\\contacts.xml' is denied.",
+    url: "/foo/blah"
  };
 }

@@ -1,9 +1,10 @@
  mimir_backend:
-    image: grafana/mimir-alpine:r304-3872ccb
+    image: grafana/mimir-alpine:r316-55f47f8
    container_name: mimir_backend
    command:
      - -target=backend
      - -alertmanager.grafana-alertmanager-compatibility-enabled
+      - -alertmanager.utf8-strict-mode-enabled
  nginx:
    environment:
      - NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx
@@ -2,18 +2,18 @@ FROM centos:6.6

 RUN yum install -y initscripts curl tar gcc libc6-dev git

-ENV GOLANG_VERSION 1.4.2
+ENV GOLANG_VERSION=1.4.2

 RUN curl -sSL https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz \
 		| tar -v -C /usr/src -xz

 RUN cd /usr/src/go/src && ./make.bash --no-clean 2>&1

-ENV PATH /usr/src/go/bin:$PATH
+ENV PATH=/usr/src/go/bin:$PATH

 RUN mkdir -p /go/src /go/bin && chmod -R 777 /go
-ENV GOPATH /go
-ENV PATH /go/bin:$PATH
+ENV GOPATH=/go
+ENV PATH=/go/bin:$PATH

 WORKDIR /go/src/github.com/grafana/grafana

@@ -7,6 +7,6 @@ WORKDIR /go/src/webhook
 RUN mkdir /tmp/logs
 RUN go build -o /bin webhook-listener.go

-ENV PORT 8080
+ENV PORT=8080

 ENTRYPOINT [ "/bin/webhook-listener" ]
@@ -0,0 +1,24 @@
+server {
+	root /data;
+	autoindex on;
+
+	location / {
+		if ($request_method = 'OPTIONS') {
+			add_header 'Access-Control-Allow-Origin' '$http_origin' always;
+			add_header 'Access-Control-Allow-Credentials' 'true' always;
+			add_header 'Access-Control-Allow-Headers' '*' always;
+			add_header 'Access-Control-Allow-Methods' '*';
+			# add_header 'Access-Control-Max-Age' 1728000;
+			add_header 'Content-Type' 'text/plain; charset=utf-8';
+			add_header 'Content-Length' 0;
+			return 204;
+		}
+
+		add_header 'Access-Control-Allow-Origin' '$http_origin' always;
+		add_header 'Access-Control-Allow-Methods' '*' always;
+		add_header 'Access-Control-Allow-Headers' '*' always;
+		add_header 'Access-Control-Allow-Credentials' 'true' always;
+
+		rewrite ^/grafana-oss/11.4.0-pre/public(.*)$ $1 last;
+	}
+}
@@ -0,0 +1,11 @@
+version: '2'
+
+services:
+  grafana_local_cdn:
+    image: nginx:alpine
+    container_name: grafana_local_cdn
+    ports:
+      - "8080:80"
+    volumes:
+      - ../../public:/data
+      - ./default.conf:/etc/nginx/conf.d/default.conf
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash

 bulkDashboard() {

@@ -1,21 +0,0 @@
-{
-  // Use IntelliSense to learn about possible attributes.
-  // Hover to view descriptions of existing attributes.
-  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-  "version": "0.2.0",
-  "configurations": [
-    {
-      "name": "grafana-server",
-      "type": "go",
-      "request": "launch",
-      "mode": "auto",
-      "program": "${workspaceFolder}/pkg/cmd/grafana-server",
-      "env": {},
-      "args": [
-          "--homepath=${workspaceFolder}",
-          "--packaging=dev",
-          "cfg:app_mode=development",
-      ]
-  }
-  ]
-}
@@ -15,8 +15,6 @@ weight: 250

 LBAC for data sources is available in private preview on Grafana Cloud for Loki created with basic authentication. Loki data sources for LBAC for data sources can only be created, provisioning is currently not available.

-You cannot configure LBAC rules for Grafana-provisioned data sources from the UI. Alternatively, you can replicate the setting of the provisioned data source in a new data source as described in [LBAC Configuration for New Loki Data Source](https://grafana.com/docs/grafana/latest/administration/data-source-management/teamlbac/configure-teamlbac-for-loki/#task-1-lbac-configuration-for-new-loki-data-source) and then add the LBAC configuration to the new data source.
-
 ## Before you begin

 To be able to use LBAC for data sources rules, you need to enable the feature toggle `teamHttpHeaders` on your Grafana instance. Contact support to enable the feature toggle for you.
@@ -234,7 +234,7 @@ To determine the number of active users:

 A tiered license defines dashboard viewers, and dashboard editors and administrators, as two distinct user types that each have their own user limit.

-As of Grafana Enterprise version 9.0, Grafana only counts and enforces the _total_ number of active users in your Grafana instance. For example, if you purchase 150 active users, you can have 20 admins, 70 editors, and 60 viewers, or you can have 150 admins. Grafana will enforce the total number of active users even if you use a license that grants a specific number of admins or editors and a certain number of viewers. This is a more permissive policy than before, which gives you the flexibility to change users' roles.
+Grafana only counts and enforces the _total_ number of active users in your Grafana instance. For example, if you purchase 150 active users, you can have 20 admins, 70 editors, and 60 viewers, or you can have 150 admins. Grafana will enforce the total number of active users even if you use a license that grants a specific number of admins or editors and a certain number of viewers. This is a more permissive policy than before, which gives you the flexibility to change users' roles.

 If you are running a pre-9.0 version of Grafana Enterprise, please refer to the documentation for that version to learn more about license enforcement in your current version.

@@ -228,6 +228,58 @@ WARN[06-01|16:45:59] Running an unsigned plugin   pluginID=<plugin id>
 If you're developing a plugin, then you can enable development mode to allow all unsigned plugins.
 {{% /admonition %}}

+## Plugin Frontend Sandbox
+
+{{% admonition type="caution" %}}
+Plugin Frontend Sandbox is currently in [public preview](/docs/release-life-cycle/). Grafana Labs offers limited support, and breaking changes might occur prior to the feature being made generally available.
+{{% /admonition %}}
+
+The Plugin Frontend Sandbox is a security feature that isolates plugin frontend code from the main Grafana application.
+When enabled, plugins run in a separate JavaScript context, which provides several security benefits:
+
+- Prevents plugins from modifying parts of the Grafana interface outside their designated areas
+- Stops plugins from interfering with other plugins functionality
+- Protects core Grafana features from being altered by plugins
+- Prevents plugins from modifying global browser objects and behaviors
+
+Plugins running inside the Frontend Sandbox should continue to work normally without any noticeable changes in their intended functionality.
+
+### Enable Frontend Sandbox
+
+The Frontend Sandbox feature is currently behind the `pluginsFrontendSandbox` feature flag. To enable it, you'll need to:
+
+1. Enable the feature flag in your Grafana configuration. For more information about enabling feature flags, refer to [Configure feature toggles](/setup-grafana/configure-grafana/feature-toggles/).
+
+2. For self-hosted Grafana installations, add the plugin IDs you want to sandbox in the `security` section using the `enable_frontend_sandbox_for_plugins` configuration option.
+
+For Grafana Cloud users, you can simply use the toggle switch in the plugin catalog page to enable or disable the sandbox for each plugin. By default, the sandbox is disabled for all plugins.
+
+{{% admonition type="note" %}}
+Enabling the Frontend Sandbox might impact the performance of certain plugins. Only disable the sandbox if you fully trust the plugin and understand the security implications.
+{{% /admonition %}}
+
+### Compatibility
+
+The Frontend Sandbox is available in public preview in Grafana >=11.4. It is compatible with all types of plugins including app plugins, panel plugins, and data source plugins. Angular-based plugins are not supported. Plugins developed and signed by Grafana Labs are excluded and cannot be sandboxed.
+
+### When to Use Frontend Sandbox
+
+We strongly recommend enabling the Frontend Sandbox for plugins that allow users to write custom JavaScript code for data visualization or manipulation. These plugins, while powerful, can potentially execute arbitrary JavaScript code in your Grafana instance. The sandbox provides an additional layer of security by restricting what this code can access and modify.
+
+Examples of plugins where the sandbox is particularly important include:
+
+- Panel plugins that allow users to write custom JavaScript code
+- Plugins from untrusted sources
+
+### Troubleshooting
+
+If a plugin isn't functioning correctly with the Frontend Sandbox enabled:
+
+1. Temporarily disable the sandbox for that specific plugin
+1. Test if the plugin works correctly without the sandbox
+1. If the plugin only works with the sandbox disabled, ensure you trust the plugin source before continuing to use it without sandbox protection
+1. Report any sandbox-related issues to the plugin developer
+
 ## Learn more

 - [Browse plugins](/grafana/plugins)
@@ -81,13 +81,9 @@ The configuration file can also list data sources to automatically delete, calle
 Grafana deletes the data sources listed in `deleteDatasources` _before_ adding or updating those in the `datasources` list.

 You can configure Grafana to automatically delete provisioned data sources when they're removed from the provisioning file.
-To do so, add `prune: true` to the root of your provisioning file.
+To do so, add `prune: true` to the root of your data source provisioning file.
 With this configuration, Grafana also removes the provisioned data sources if you remove the provisioning file entirely.

-{{< admonition type="note" >}}
-The `prune` parameter is available in Grafana v11.1 and higher.
-{{< /admonition >}}
-
 ### Running multiple Grafana instances

 If you run multiple instances of Grafana, add a version number to each data source in the configuration and increase it when you update the configuration.
@@ -231,9 +227,9 @@ Data sources tagged with _HTTP\*_ communicate using the HTTP protocol, which inc
 | encrypt                       | string  | MSSQL                                                            | Determines SSL encryption handling. Options include: `disable` - data sent between client and server is not encrypted; `false` - data sent between client and server is not encrypted beyond the login packet; `true` - data sent between client and server is encrypted. Default is `false`. |
 | postgresVersion               | number  | PostgreSQL                                                       | Postgres version as a number (903/904/905/906/1000) meaning v9.3, v9.4, ..., v10                                                                                                                                                                                                              |
 | timescaledb                   | boolean | PostgreSQL                                                       | Enable usage of TimescaleDB extension                                                                                                                                                                                                                                                         |
-| maxOpenConns                  | number  | MySQL, PostgreSQL and MSSQL                                      | Maximum number of open connections to the database (Grafana v5.4+)                                                                                                                                                                                                                            |
-| maxIdleConns                  | number  | MySQL, PostgreSQL and MSSQL                                      | Maximum number of connections in the idle connection pool (Grafana v5.4+)                                                                                                                                                                                                                     |
-| connMaxLifetime               | number  | MySQL, PostgreSQL and MSSQL                                      | Maximum amount of time in seconds a connection may be reused (Grafana v5.4+)                                                                                                                                                                                                                  |
+| maxOpenConns                  | number  | MySQL, PostgreSQL and MSSQL                                      | Maximum number of open connections to the database                                                                                                                                                                                                                                            |
+| maxIdleConns                  | number  | MySQL, PostgreSQL and MSSQL                                      | Maximum number of connections in the idle connection pool                                                                                                                                                                                                                                     |
+| connMaxLifetime               | number  | MySQL, PostgreSQL and MSSQL                                      | Maximum amount of time in seconds a connection may be reused                                                                                                                                                                                                                                  |
 | keepCookies                   | array   | _HTTP\*_                                                         | Cookies that needs to be passed along while communicating with data sources                                                                                                                                                                                                                   |
 | prometheusVersion             | string  | Prometheus                                                       | The version of the Prometheus data source, such as `2.37.0`, `2.24.0`                                                                                                                                                                                                                         |
 | prometheusType                | string  | Prometheus                                                       | Prometheus database type. Options are `Prometheus`, `Cortex`, `Mimir` or`Thanos`.                                                                                                                                                                                                             |
@@ -618,12 +614,22 @@ The following sections detail the supported settings and secure settings for eac

 #### Alert notification `webhook`

-| Name       | Secure setting |
-| ---------- | -------------- |
-| url        |                |
-| httpMethod |                |
-| username   |                |
-| password   | yes            |
+| Name        | Secure setting |
+| ----------- | -------------- |
+| url         |                |
+| http_method |                |
+| username    |                |
+| password    | yes            |
+| tls_config  |                |
+
+##### TLS config
+
+| Name               | Secure setting |
+| ------------------ | -------------- |
+| insecureSkipVerify |                |
+| clientCertificate  | yes            |
+| clientKey          | yes            |
+| caCertificate      | yes            |

 #### Alert notification `googlechat`

@@ -79,7 +79,7 @@ The following list contains role-based access control actions.
 | `dashboards.permissions:write`        | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul>             | Update permissions for one or more dashboards.                                                                                                                                                                            |
 | `dashboards:read`                     | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul>             | Read one or more dashboards.                                                                                                                                                                                              |
 | `dashboards:write`                    | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul>             | Update one or more dashboards.                                                                                                                                                                                            |
-| `dashboards.public:write`             | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li></ul>                                                         | Write public dashboard configuration.                                                                                                                                                                                     |
+| `dashboards.public:write`             | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li></ul>                                                         | Write shared dashboard configuration.                                                                                                                                                                                     |
 | `datasources.caching:read`            | <ul><li>`datasources:*`</li><li>`datasources:uid:*`</li></ul>                                                       | Read data source query caching settings.                                                                                                                                                                                  |
 | `datasources.caching:write`           | <ul><li>`datasources:*`</li><li>`datasources:uid:*`</li></ul>                                                       | Update data source query caching settings.                                                                                                                                                                                |
 | `datasources:create`                  | None                                                                                                                | Create data sources.                                                                                                                                                                                                      |
@@ -100,6 +100,8 @@ The following list contains role-based access control actions.
 | `folders:delete`                      | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul>                                                               | Delete one or more folders and their subfolders.                                                                                                                                                                          |
 | `folders:read`                        | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul>                                                               | Read one or more folders and their subfolders.                                                                                                                                                                            |
 | `folders:write`                       | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul>                                                               | Update one or more folders and their subfolders.                                                                                                                                                                          |
+| `groupsync.mappings:read`                       | None                                                               | List group attribute sync mappings. To use this permission, enable the `groupAttributeSync` feature toggle.                                                                                                                                                                          |
+| `groupsync.mappings:write`                       | None                                                               | List, create, update, and delete group attribute sync mappings. To use this permission, enable the `groupAttributeSync` feature toggle.                                                                                                                                                                         |
 | `ldap.config:reload`                  | None                                                                                                                | Reload the LDAP configuration.                                                                                                                                                                                            |
 | `ldap.status:read`                    | None                                                                                                                | Verify the availability of the LDAP server or servers.                                                                                                                                                                    |
 | `ldap.user:read`                      | None                                                                                                                | Read users via LDAP.                                                                                                                                                                                                      |
@@ -188,36 +190,38 @@ The following list contains role-based access control actions used by Grafana Ad

 | Action                                               | Applicable scopes | Description                                           |
 | ---------------------------------------------------- | ----------------- | ----------------------------------------------------- |
-| `grafana‑adaptive‑metrics‑app.plugin:access`         | None              | Access the Adaptive Metrics plugin in Grafana Cloud.  |
-| `grafana‑adaptive‑metrics‑app.config:read`           | None              | Read the Adaptive Metrics app configuration.          |
-| `grafana‑adaptive‑metrics‑app.config:write`          | None              | Update the Adaptive Metrics app configuration.        |
-| `grafana‑adaptive‑metrics‑app.recommendations:read`  | None              | Read aggregation recommendations.                     |
-| `grafana‑adaptive‑metrics‑app.recommendations:apply` | None              | Apply aggregation recommendations.                    |
-| `grafana‑adaptive‑metrics‑app.rules:read`            | None              | Read aggregation rules.                               |
-| `grafana‑adaptive‑metrics‑app.rules:write`           | None              | Create aggregation rules.                             |
-| `grafana‑adaptive‑metrics‑app.rules:delete`          | None              | Delete aggregation rules.                             |
-| `grafana‑adaptive‑metrics‑app.exemptions:read`       | None              | Read recommendation exemptions.                       |
-| `grafana‑adaptive‑metrics‑app.exemptions:write`      | None              | Create, update, and delete recommendation exemptions. |
+| `grafana-adaptive-metrics-app.plugin:access`         | None              | Access the Adaptive Metrics plugin in Grafana Cloud.  |
+| `grafana-adaptive-metrics-app.config:read`           | None              | Read the Adaptive Metrics app configuration.          |
+| `grafana-adaptive-metrics-app.config:write`          | None              | Update the Adaptive Metrics app configuration.        |
+| `grafana-adaptive-metrics-app.recommendations:read`  | None              | Read aggregation recommendations.                     |
+| `grafana-adaptive-metrics-app.recommendations:apply` | None              | Apply aggregation recommendations.                    |
+| `grafana-adaptive-metrics-app.rules:read`            | None              | Read aggregation rules.                               |
+| `grafana-adaptive-metrics-app.rules:write`           | None              | Create aggregation rules.                             |
+| `grafana-adaptive-metrics-app.rules:delete`          | None              | Delete aggregation rules.                             |
+| `grafana-adaptive-metrics-app.exemptions:read`       | None              | Read recommendation exemptions.                       |
+| `grafana-adaptive-metrics-app.exemptions:write`      | None              | Create, update, and delete recommendation exemptions. |

 ### Grafana Alerting Notification action definitions

-To enable these permissions, enable the `alertingApiServer` feature toggle.
+To use these permissions, enable the `alertingApiServer` feature toggle.

-| Action                                       | Applicable scopes                  | Description                                                                                                     |
-| -------------------------------------------- | ---------------------------------- | --------------------------------------------------------------------------------------------------------------- |
-| `alert.notifications.receivers:read`         | `receivers:*`<br>`receivers:uid:*` | Read contact points. None                                                                                       |
-| `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*` | Export contact points with decrypted secrets.None                                                               |
-| `alert.notifications.receivers:create`       | None                               | Create a new contact points. The creator is automatically granted full access to the created contact point.None |
-| `alert.notifications.receivers:write`        | `receivers:*`<br>`receivers:uid:*` | Update existing contact points.None                                                                             |
-| `alert.notifications.receivers:delete`       | `receivers:*`<br>`receivers:uid:*` | Update and delete existing contact points.None                                                                  |
-| `receivers.permissions:read`                 | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points.None                                                                        |
-| `receivers.permissions:write`                | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points.None                                                                      |
-| `alert.notifications.time-intervals:read`    | None                               | Read mute time intervals.None                                                                                   |
-| `alert.notifications.time-intervals:write`   | None                               | Create new or update existing mute time intervals.None                                                          |
-| `alert.notifications.time-intervals:delete`  | None                               | Delete existing time intervals.None                                                                             |
-| `alert.notifications.templates:read`         | None                               | Read templates.                                                                                                 |
-| `alert.notifications.templates:write`        | None                               | Create new or update existing templates.None                                                                    |
-| `alert.notifications.templates:delete`       | None                               | Delete existing templates.None                                                                                  |
+| Action                                       | Applicable scopes                  | Description                                                                                                 |
+| -------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------------------------------------------------- |
+| `alert.notifications.receivers:read`         | `receivers:*`<br>`receivers:uid:*` | Read contact points.                                                                                        |
+| `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*` | Export contact points with decrypted secrets.                                                               |
+| `alert.notifications.receivers:create`       | None                               | Create a new contact points. The creator is automatically granted full access to the created contact point. |
+| `alert.notifications.receivers:write`        | `receivers:*`<br>`receivers:uid:*` | Update existing contact points.                                                                             |
+| `alert.notifications.receivers:delete`       | `receivers:*`<br>`receivers:uid:*` | Update and delete existing contact points.                                                                  |
+| `receivers.permissions:read`                 | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points.                                                                        |
+| `receivers.permissions:write`                | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points.                                                                      |
+| `alert.notifications.time-intervals:read`    | None                               | Read mute time intervals.                                                                                   |
+| `alert.notifications.time-intervals:write`   | None                               | Create new or update existing mute time intervals.                                                          |
+| `alert.notifications.time-intervals:delete`  | None                               | Delete existing time intervals.                                                                             |
+| `alert.notifications.templates:read`         | None                               | Read templates.                                                                                             |
+| `alert.notifications.templates:write`        | None                               | Create new or update existing templates.                                                                    |
+| `alert.notifications.templates:delete`       | None                               | Delete existing templates.                                                                                  |
+| `alert.notifications.routes:read`            | None                               | Read notification policies.                                                                                 |
+| `alert.notifications.routes:write`           | None                               | Create new, update or delete notification policies                                                          |

 ## Scope definitions

@@ -54,13 +54,13 @@ The following tables list permissions associated with basic and fixed roles.

 ## Basic role assignments

-| Basic role    | UID                   | Associated fixed roles                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | Description                                                                                                                                              |
-| ------------- | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Grafana Admin | `basic_grafana_admin` | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:maintainer`<br>`fixed:authentication.config:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer`                                                                                                                                                                                                                                                                                                         | Default [Grafana server administrator](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators) assignments. |
-| Admin         | `basic_admin`         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:dashboards.public:writer`<br>`fixed:folders:reader`<br>`fixed:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments.                                                                          |
-| Editor        | `basic_editor`        | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | Default [Editor](ref:rbac-basic-roles) assignments.                                                                                                      |
-| Viewer        | `basic_viewer`        | `fixed:datasources.id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:datasources:explorer` if the `viewers_can_edit` configuration flag is enabled                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Default [Viewer](ref:rbac-basic-roles) assignments.                                                                                                      |
-| No Basic Role | n/a                   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | Default [No Basic Role](ref:rbac-basic-roles)                                                                                                            |
+| Basic role    | UID                   | Associated fixed roles                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | Description                                                                                                                                              |
+| ------------- | --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Grafana Admin | `basic_grafana_admin` | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:maintainer`<br>`fixed:authentication.config:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer`<br>`fixed:groupsync:writer`                                                                                                                                                                                                                                                                                                         | Default [Grafana server administrator](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators) assignments. |
+| Admin         | `basic_admin`         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:dashboards.public:writer`<br>`fixed:folders:reader`<br>`fixed:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer`<br>`fixed:datasources.caching:reader`<br>`fixed:datasources.caching:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:plugins:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:writer`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer`<br>`fixed:groupsync:writer` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments.                                                                          |
+| Editor        | `basic_editor`        | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.reader`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | Default [Editor](ref:rbac-basic-roles) assignments.                                                                                                      |
+| Viewer        | `basic_viewer`        | `fixed:datasources.id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:datasources:explorer` if the `viewers_can_edit` configuration flag is enabled                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Default [Viewer](ref:rbac-basic-roles) assignments.                                                                                                      |
+| No Basic Role | n/a                   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | Default [No Basic Role](ref:rbac-basic-roles)                                                                                                            |

 ## Fixed role definitions

@@ -98,7 +98,7 @@ To learn how to use the roles API to determine the role UUIDs, refer to [Manage
 | `fixed:dashboards.insights:reader`           | `fixed_JlBJ2_gizP8zhgaeGE2rjyZe2Rs` | `dashboards.insights:read`                                                                                                                                                                                                                                                  | Read dashboard insights data and see presence indicators.                                                                                                                                                                                                                             |
 | `fixed:dashboards.permissions:reader`        | `fixed_f17oxuXW_58LL8mYJsm4T_mCeIw` | `dashboards.permissions:read`                                                                                                                                                                                                                                               | Read all dashboard permissions.                                                                                                                                                                                                                                                       |
 | `fixed:dashboards.permissions:writer`        | `fixed_CcznxhWX_Yqn8uWMXMQ-b5iFW9k` | All permissions from `fixed:dashboards.permissions:reader` and <br>`dashboards.permissions:write`                                                                                                                                                                           | Read and update all dashboard permissions.                                                                                                                                                                                                                                            |
-| `fixed:dashboards.public:writer`             | `fixed_f_GHHRBciaqESXfGz2oCcooqHxs` | `dashboards.public:write`                                                                                                                                                                                                                                                   | Create, update, delete or pause a public dashboard.                                                                                                                                                                                                                                   |
+| `fixed:dashboards.public:writer`             | `fixed_f_GHHRBciaqESXfGz2oCcooqHxs` | `dashboards.public:write`                                                                                                                                                                                                                                                   | Create, update, delete or pause a shared dashboard.                                                                                                                                                                                                                                   |
 | `fixed:datasources:creator`                  | `fixed_XX8jHREgUt-wo1A-rPXIiFlX6Zw` | `datasources:create`                                                                                                                                                                                                                                                        | Create data sources.                                                                                                                                                                                                                                                                  |
 | `fixed:datasources:explorer`                 | `fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw` | `datasources:explore`                                                                                                                                                                                                                                                       | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions.                                                                                                                                                |
 | `fixed:datasources:reader`                   | `fixed_C2x8IxkiBc1KZVjyYH775T9jNMQ` | `datasources:read`<br>`datasources:query`                                                                                                                                                                                                                                   | Read and query data sources.                                                                                                                                                                                                                                                          |
@@ -115,6 +115,8 @@ To learn how to use the roles API to determine the role UUIDs, refer to [Manage
 | `fixed:folders.permissions:reader`           | `fixed_E06l4cx0JFm47EeLBE4nmv3pnSo` | `folders.permissions:read`                                                                                                                                                                                                                                                  | Read all folder permissions.                                                                                                                                                                                                                                                          |
 | `fixed:folders.permissions:writer`           | `fixed_3GAgpQ_hWG8o7-lwNb86_VB37eI` | All permissions from `fixed:folders.permissions:reader` and <br>`folders.permissions:write`                                                                                                                                                                                 | Read and update all folder permissions.                                                                                                                                                                                                                                               |
 | `fixed:ldap:reader`                          | `fixed_lMcOPwSkxKY-qCK8NMJc5k6izLE` | `ldap.user:read`<br>`ldap.status:read`                                                                                                                                                                                                                                      | Read the LDAP configuration and LDAP status information.                                                                                                                                                                                                                              |
+| `fixed:groupsync:reader`                     | `fixed_tLIbDrE6kw93sKqooF8GVS9BF4E` | `groupsync.mappings:read`                                                                                                                                                                                                                                                   | List all group attribute sync mappings. To use this role, enable the `groupAttributeSync` feature toggle.                                                                                                                                                                             |
+| `fixed:groupsync:writer`                     | `fixed_q7XUYx_efzxxsVmWhQgpiYClwBs` | `groupsync.mappings:read`<br>`groupsync.mappings:write`                                                                                                                                                                                                                     | Create, read, update, and delete all group attribute sync mappings. To use this role, enable the `groupAttributeSync` feature toggle.                                                                                                                                                 |
 | `fixed:ldap:writer`                          | `fixed_p6AvnU4GCQyIh7-hbwI-bk3GYnU` | All permissions from `fixed:ldap:reader` and <br>`ldap.user:sync`<br>`ldap.config:reload`                                                                                                                                                                                   | Read and update the LDAP configuration, and read LDAP status information.                                                                                                                                                                                                             |
 | `fixed:library.panels:creator`               | `fixed_6eX6ItfegCIY5zLmPqTDW8ZV7KY` | `library.panels:create`<br>`folders:read`                                                                                                                                                                                                                                   | Create library panel at the root level.                                                                                                                                                                                                                                               |
 | `fixed:library.panels:general.reader`        | `fixed_ct0DghiBWR_2BiQm3EvNPDVmpio` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels at the root level.                                                                                                                                                                                                                                            |
@@ -27,7 +27,7 @@ filters = accesscontrol:debug accesscontrol.evaluator:debug dashboard.permission
 ## Enable audit logging

 {{% admonition type="note" %}}
-Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) version 7.3 and later, and [Grafana Cloud](/docs/grafana-cloud).
+Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
 {{% /admonition %}}

 You can enable auditing in the Grafana configuration file.
@@ -18,16 +18,16 @@ labels:
 title: Template annotations and labels
 weight: 500
 refs:
-  reference-labels:
+  labels:
    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/templates/reference/#labels
+      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rules/annotation-label/#labels
    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/alerting-rules/templates/reference/#labels
-  reference-values:
+      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/alert-rules/annotation-label/#labels
+  values:
    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/templates/reference/#values
+      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rules/annotation-label/#values
    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/alerting-rules/templates/reference/#values
+      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/alert-rules/annotation-label/#values
  annotations:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rules/annotation-label/#annotations
@@ -92,7 +92,7 @@ Refer to [Templates Introduction](ref:intro-to-templates) for a more detailed ex

 Both types of templates are written in the Go templating system. However, it's important to understand that variables and functions used in notification templates are different from those used in annotation and label templates.

-1.  **Template annotations and labels**: These templates add extra information to individual alert instances. Template variables like [`$labels`](ref:reference-labels) and [`$values`](ref:reference-values) represent alert query data of the individual alert instance.
+1.  **Template annotations and labels**: These templates add extra information to individual alert instances. Template variables like [`$labels`](ref:labels) and [`$values`](ref:values) represent alert query data of the individual alert instance.
 1.  **Template notifications**: Notification templates format the notification content for a group of alerts. Variables like [`.Alerts`](ref:notification-data-reference) include all firing and resolved alerts in the notification.

 ## Template annotations
@@ -111,11 +111,11 @@ CPU usage has exceeded 80% for the last 5 minutes.

 However, if you want to display dynamic query values in annotations, you need to use template code. Common use cases include:

- Displaying the query value that triggered the alert.
- Highlighting label information that identifies the alert, such as the environment, instance, or region.
+- Displaying the query value or threshold that triggered the alert.
+- Highlighting label information that identifies the alert, such as environment, region, or priority.
 - Providing specific instructions based on query values.
- Customizing runbook links depending on query labels.
- Including contact information based on query labels.
+- Customizing runbook links depending on query or label values.
+- Including contact information based on alert labels.

 For instance, you can template the previous example to display the specific instance and CPU value that triggered the alert.

@@ -115,9 +115,7 @@ CPU usage has exceeded 80% (81.2345) for the last 5 minutes.

 ### Include labels for extra details

-To provide additional context, you can include labels from the query using the [`$labels`](ref:reference-labels) variable.
-
-For instance, the previous case could also include the affected `instance`.
+To provide additional context, you can include labels from the query. For instance, access the [`$labels`](ref:reference-labels) variable to display a label that informs about the affected instance:

 ```
 CPU usage for {{ $labels.instance }} has exceeded 80% ({{ $values.A.Value }}) for the last 5 minutes.
@@ -127,14 +125,14 @@ CPU usage for {{ $labels.instance }} has exceeded 80% ({{ $values.A.Value }}) fo
 CPU usage for Instance 1 has exceeded 80% (81.2345) for the last 5 minutes.
 ```

-You can incorporate any labels returned by the query into the template. For instance, the following template includes information about the environment and region where the alert occurred.
+Annotations can also be used to provide a summary of key alert labels, such as the environment and alert severity. For instance, you can display a summary of the alert with important labels like:

 ```
-Alert triggered in {{ $labels.environment }} on {{ $labels.region }} region.
+Alert triggered in {{ $labels.environment }} with severity {{ $labels.severity }}
 ```

 ```template_output
-Alert triggered in production on AMER region.
+Alert triggered in production with severity critical.
 ```

 ### Print a range query
@@ -16,11 +16,6 @@ title: Annotation and label template reference
 menuTitle: Template reference
 weight: 101
 refs:
-  label-types:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rules/annotation-label/#label-types
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/alert-rules/annotation-label/#label-types
  notification-template-reference:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/configure-notifications/template-notifications/reference/
@@ -77,15 +72,15 @@ The following variables are available when templating annotations and labels:

 | Variables          | Description                                                                                                                                         |
 | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [$labels](#labels) | Contains all labels from the query, only query labels.                                                                                              |
+| [$labels](#labels) | Contains all labels from the query.                                                                                                                 |
 | [$values](#values) | Contains the labels and floating point values of all instant queries and expressions, indexed by their Ref IDs.                                     |
 | [$value](#value)   | A string containing the labels and values of all instant queries; threshold, reduce and math expressions, and classic conditions in the alert rule. |

 ### $labels

-The `$labels` variable contains all labels from the query. It excludes [user-configured and reserved labels](ref:label-types), containing only query labels.
+The `$labels` variable contains all labels from the query.

-{{< figure src="/media/docs/alerting/query-labels-and-values.png" max-width="1200px" caption="An alert rule displaying labels and value from a query." >}}
+{{< figure src="/media/docs/alerting/query-labels-and_value.png" max-width="1200px" caption="An alert rule displaying labels and value from a query" >}}

 For example, suppose you have a query that returns CPU usage for all of your servers, and you have an alert rule that fires when any of your servers have exceeded 80% CPU usage for the last 5 minutes. You want to add a summary annotation to the alert that tells you which server is experiencing high CPU usage. With the `$labels` variable you can write a template that prints a human-readable sentence such as:

@@ -149,8 +149,8 @@ Each alert instance in the `alerts` array has the following fields.
 | generatorURL | string | URL of the alert rule in the Grafana UI                                            |
 | fingerprint  | string | The labels fingerprint, alarms with the same labels will have the same fingerprint |
 | silenceURL   | string | URL to silence the alert rule in the Grafana UI                                    |
-| dashboardURL | string | **Deprecated. It will be removed in a future release.**                            |
-| panelURL     | string | **Deprecated. It will be removed in a future release.**                            |
+| dashboardURL | string | A link to the Grafana Dashboard if the alert has a Dashboard UID annotation        |
+| panelURL     | string | A link to the panel if the alert has a Panel ID annotation                         |
 | imageURL     | string | URL of a screenshot of a panel assigned to the rule that created this notification |

 {{< admonition type="note" >}}
@@ -140,8 +140,8 @@ The webhook notification is a simple way to send information about a state chang
 | generatorURL | string | URL of the alert rule in the Grafana UI                                            |
 | fingerprint  | string | The labels fingerprint, alarms with the same labels will have the same fingerprint |
 | silenceURL   | string | URL to silence the alert rule in the Grafana UI                                    |
-| dashboardURL | string | **Will be deprecated soon**                                                        |
-| panelURL     | string | **Will be deprecated soon**                                                        |
+| dashboardURL | string | A link to the Grafana Dashboard if the alert has a Dashboard UID annotation        |
+| panelURL     | string | A link to the panel if the alert has a Panel ID annotation                         |
 | imageURL     | string | URL of a screenshot of a panel assigned to the rule that created this notification |

 {{< admonition type="note" >}}
@@ -99,7 +99,7 @@ The notification template is assigned to the contact point to determine the noti

 {{< figure src="/media/docs/alerting/how-notification-templates-works.png" max-width="1200px" caption="A flow of the alert notification process, from querying the alert rule to sending the alert notification message." >}}

-By default, Grafana provides default templates, such as `default.title` and `default.message`, to format notification messages.
+By default, Grafana provides default templates, such as `{{define "default.title"}}` and `{{define "default.message"}}`, to format notification messages.

 ## More information

@@ -64,7 +64,7 @@ Notification templates allows you to change the default notification messages.
 You can modify the content and format of notification messages. For example, you can customize the content to show only specific information or adjust the format to suit a particular contact point, such as Slack or Email.

 {{% admonition type="note" %}}
-Avoid adding extra information about alert instances in notification templates, as this information is only be visible in the notification message.
+Avoid adding extra information about alert instances in notification templates, as this information is only visible in the notification message.

 Instead, you should [use annotations or labels](ref:template-annotations-and-labels) to add information directly to the alert, ensuring it's also visible in the alert state and alert history within Grafana. You can then print the new alert annotation or label in notification templates.
 {{% /admonition %}}
@@ -118,6 +118,7 @@ Grafana supports a wide range of contact points with varied support for images i
 ## Limitations

 - This feature is not supported in Mimir or Loki, or when Grafana is configured to send alerts to other Alertmanagers such as the Prometheus Alertmanager.
+- This feature is not supported when using custom templates in email notifications.
 - A number of contact points support at most one image per notification. In this case, just the first image is either uploaded to the receiving service or referenced from cloud storage per notification.
 - When multiple alerts are sent in a single notification a screenshot might be included for each alert. The order the images are shown is random.
 - If uploading screenshots to a cloud storage service such as Amazon S3, Azure Blob Storage or Google Cloud Storage; and accessing screenshots in the bucket requires authentication, logging into a VPN or corporate network; image previews might not work in all instant messaging and communication platforms as some services rewrite URLs to use their CDN.
@@ -34,11 +34,11 @@ refs:

 In contact points, you can select notification templates to customize the notification messages sent.

-By default, Grafana provides a template for the notification title (`default.title`) and a template for the notification message (`default.message`). Both default templates display common alert details.
+By default, Grafana provides a template for the notification title (`{{define "default.title"}}`) and a template for the notification message (`{{define "default.message"}}`). Both default templates display common alert details.

-You can also create custom templates to customize the content and format of notification messages, which can then be applied to one or more contact points.
+You can also create custom templates to customize the content and format of notification messages, which can then be applied to one or more contact points. In Grafana, a custom notification template is created within a notification template group.

-This documentation provides step-by-step instructions for selecting templates in contact points, previewing templates, and creating custom templates using the Grafana UI.
+This documentation provides step-by-step instructions for selecting templates in contact points, previewing templates, and creating notification template groups using the Grafana UI.

 ## Select a notification template for a contact point

@@ -50,29 +50,28 @@ To add an existing notification template to your contact point, complete the fol
   For example, if you are creating an email contact point integration, click **Message** or **Subject**.

 1. Click **Edit**.
-   A dialog box opens where you can select templates.
-1. Click **Select existing template** to select a template and [preview](#preview-a-notification-template) it using the default payload.
+   A dialog box opens where you can select notification templates.
+1. Click **Select notification template** or **Enter custom message** to customize a template or message

-   You can also copy the selected template and use it in the custom tab.
-
-1. Click **Enter custom message** to customize and edit the field directly. Note that the title changes depending on the field you are editing.
-
-1. You can switch between the two tabs to access the list of available templates and copy them across to the customized version.
+   - You can select an existing notification template and [preview](#preview-a-notification-template) it using the default payload.
+   - You can also copy the notification template and use it in the **Enter custom message** tab.

 1. Click **Save contact point**.

-## Create a notification template
+## Create a notification template and notification template group

 Create notification templates to customize notification messages and reuse them in contact points.

-Your notification template name must be unique. You cannot have two templates with the same name in the same notification template or in different notification templates. Avoid defining templates with the same name as default templates, such as: `__subject`, `__text_values_list`, `__text_alert_list`, `default.title` and `default.message`.
+In Grafana, custom notification templates (`{{define "<NAME>"}}`) are created within a notification template group, allowing you to test and implement multiple templates together.
+
+Your notification template name (`{{define "<NAME>"}}`) must be unique. You cannot have two templates with the same name in the same notification template group or in different notification template groups. Therefore, avoid using names already defined as default templates, such as: `__subject`, `__text_values_list`, `__text_alert_list`, `default.title` and `default.message`.

 To create a notification template in Grafana, complete the following steps.

 1. Click **Alerts & IRM** -> **Contact points**.
-1. Click the **Notification Templates** tab and then **+ Add notification template**.
+1. Click the **Notification Templates** tab and then **+ Add notification template group**.

-1. Enter a name for the notification template.
+1. Enter a name for the notification template group.

 1. Write the content of the template in the content field.

@@ -80,13 +79,13 @@ To create a notification template in Grafana, complete the following steps.

   If `{{ define }}` is not included in the content, `{{ define "<NOTIFICATION_TEMPLATE_NAME>" }}` and `{{ end }}` is automatically added to the start and end.

-To create a notification template that contains more than one template, complete the following steps.
+To create a notification template group that contains more than one notification template, complete the following steps.

-1. Click **+ Add notification template**.
+1. Click **+ Add notification template group**.

-1. Enter a name for the notification template.
+1. Enter a name for the notification template group.

-1. Write each template in the Content field, including `{{ define "name-of-template" }}` and `{{ end }}` at the start and end of each template.
+1. Write each template in the Content field, including `{{ define "<NOTIFICATION_TEMPLATE_NAME>" }}` and `{{ end }}` at the start and end of each template.

 1. Save your changes.

@@ -103,7 +102,7 @@ Notification template preview is only for Grafana Alertmanager.
 To preview your notification templates:

 1. Navigate to **Alerts&IRM** -> **Alerting** -> **Contact points** -> **Notification Templates**.
-1. Click **+ Add notification template** or edit an existing template.
+1. Click **+ Add notification template group** or edit an existing template group.
 1. Add or update your template content.

   Default data is provided and you can add or edit alert data to it as well as alert instances. You can add alert data directly in the Payload data window itself or click **Select alert instances** or **Add custom alerts**.
@@ -17,11 +17,6 @@ title: Notification template reference
 menuTitle: Template reference
 weight: 102
 refs:
-  label-types:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/alert-rules/annotation-label/#label-types
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/fundamentals/alert-rules/annotation-label/#label-types
  alert-rule-template-reference:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/templates/reference/
@@ -93,7 +88,7 @@ Here's an example that prints all available notification data from dot (`.`):
 | Name           | Type          | Description                                                                                                                                    |
 | -------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
 | `Status`       | string        | Firing or resolved.                                                                                                                            |
-| `Labels`       | [KV](#kv)     | The labels for this alert. It includes all [types of labels](ref:label-types).                                                                 |
+| `Labels`       | [KV](#kv)     | The labels for this alert.                                                                                                                     |
 | `Annotations`  | [KV](#kv)     | The annotations for this alert.                                                                                                                |
 | `StartsAt`     | [Time](#time) | The time the alert fired                                                                                                                       |
 | `EndsAt`       | [Time](#time) | Only set if the end time of an alert is known. Otherwise set to a configurable timeout period from the time since the last alert was received. |
@@ -87,13 +87,11 @@ Labels that you manually configure in the alert rule to identify the generated a

 Additionally, you can use a [template](ref:templates) to customize the label value and generate dynamic values from query data.

-**Query labels**
+**Data source query labels**

-Query labels are labels returned by the data source query.
+For example, if you are monitoring temperature readings and each time series for these readings has a `sensor_id`, and a `location` label, an alert instance might have the labels `{sensor_id="1",location="NY"}`, while another alert instance might have `{sensor_id="2",location="WA"}`.

-{{< figure src="/media/docs/alerting/query-labels-and-values.png" max-width="1200px" caption="An alert rule query returning labels from the query." >}}
-
-Query labels can generate multiple alert instances from the same alert rule, helping to distinguish alerts from different data. In this example, the `instance` label generates an alert instance for each server.
+Data source query labels labels are also used to generate multiple alert instances from the same alert rule, helping to distinguish alerts from different data.

 **Reserved labels**

@@ -52,7 +52,7 @@ Grafana Alerting has the following permissions.
 | `alert.provisioning:write`            | n/a                                    | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                                                                           |
 | `alert.provisioning.provenance:write` | n/a                                    | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources                                                                                         |

-Contact point permissions. To enable these permissions, enable the `alertingApiServer` feature toggle.
+Contact point permissions. To enable API and user interface that use these permissions, enable the `alertingApiServer` feature toggle.

 | Action                                       | Applicable scope                   | Description                                                                                                 |
 | -------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------------------------------------------------- |
@@ -64,7 +64,7 @@ Contact point permissions. To enable these permissions, enable the `alertingApiS
 | `receivers.permissions:read`                 | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points.                                                                        |
 | `receivers.permissions:write`                | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points.                                                                      |

-Mute time interval permissions. To enable these permissions, enable the `alertingApiServer` feature toggle.
+Mute time interval permissions. To enable API and user interface that use these permissions, enable the `alertingApiServer` feature toggle.

 | Action                                      | Applicable scope | Description                                        |
 | ------------------------------------------- | ---------------- | -------------------------------------------------- |
@@ -80,4 +80,11 @@ Notification template permissions. To enable these permissions, enable the `aler
 | `alert.notifications.templates:write`  | n/a              | Create new or update existing templates. |
 | `alert.notifications.templates:delete` | n/a              | Delete existing templates.               |

+Notification policies permissions. To enable API and user interface that use these permissions, enable the `alertingApiServer` feature toggle.
+
+| Action                             | Applicable scope | Description                                          |
+| ---------------------------------- | ---------------- | ---------------------------------------------------- |
+| `alert.notifications.routes:read`  | n/a              | Read notification policies.                          |
+| `alert.notifications.routes:write` | n/a              | Create new, update and update notification policies. |
+
 To help plan your RBAC rollout strategy, refer to [Plan your RBAC rollout strategy](https://grafana.com/docs/grafana/next/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/).
@@ -43,19 +43,19 @@ Fixed roles provide users more granular access to create, view, and update Alert

 Details of the fixed roles and the access they provide for Grafana Alerting are below.

-| Display name in UI / Fixed role                                                          | Permissions                                                                                                                                                                                                                                                                 | Description                                                                                                                                              |
-| ---------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Silences Writer: `fixed:alerting.instances:writer`                                       | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                                   | Add and update silences in Grafana and external providers.                                                                                               |
-| Instances and Silences Reader: `fixed:alerting.instances:reader`                         | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                                | Read alert instances and silences in Grafana and external providers.                                                                                     |
-| Notifications Writer: `fixed:alerting.notifications:writer`                              | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                        | Add, update, and delete notification policies and contact points in Grafana and external providers.                                                      |
-| Notifications Reader: `fixed:alerting.notifications:reader`                              | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                                                                                          | Read notification policies and contact points in Grafana and external providers.                                                                         |
-| Rules Writer: `fixed:alerting.rules:writer`                                              | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*` | Create, update, and delete all alert rules and manage rule-specific silences.                                                                            |
-| Rules Reader: `fixed:alerting.rules:reader`                                              | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list`                                                          | Read all alert rules and rule-specific silences in Grafana and external providers.                                                                       |
-| Full access: `fixed:alerting:writer`                                                     | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer`                                                                                                                                           | Add, update, and delete alert rules, silences, contact points, and notification policies in Grafana and external providers.                              |
-| Full read-only access: `fixed:alerting:reader`                                           | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                           | Read alert rules, alert instances, silences, contact points, and notification policies in Grafana and external providers.                                |
-| Read via Provisioning API + Export Secrets: `fixed:alerting.provisioning.secrets:reader` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                             | Read alert rules, alert instances, silences, contact points, and notification policies using the provisioning API and use export with decrypted secrets. |
-| Access to alert rules provisioning API: `fixed:alerting.provisioning:writer`             | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                    | Manage all alert rules, notification policies, contact points, templates, in the organization using the provisioning API.                                |
-| Set provisioning status: `fixed:alerting.provisioning.status:writer`                     | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                       | Set provisioning rules for Alerting resources. Should be used together with other regular roles (Notifications Writer and/or Rules Writer.)              |
+| Display name in UI / Fixed role                                                          | Permissions                                                                                                                                                                                                                                                                                                                                     | Description                                                                                                                                              |
+| ---------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Silences Writer: `fixed:alerting.instances:writer`                                       | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                                                                                                       | Add and update silences in Grafana and external providers.                                                                                               |
+| Instances and Silences Reader: `fixed:alerting.instances:reader`                         | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                                                                                                    | Read alert instances and silences in Grafana and external providers.                                                                                     |
+| Notifications Writer: `fixed:alerting.notifications:writer`                              | All permissions from `fixed:alerting.routes:writer`,<br> `fixed:alerting.receivers:creator`,<br> `fixed:alerting.receivers:writer`,<br> `fixed:alerting.templates:writer`,<br> `fixed:alerting.time-intervals:writer`and<br> `alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*` | Add, update, and delete notification policies and contact points in Grafana and external providers.                                                      |
+| Notifications Reader: `fixed:alerting.notifications:reader`                              | All permissions from `fixed:alerting.routes:reader`,<br> `fixed:alerting.receivers:reader`,<br> `fixed:alerting.templates:reader`,<br> `fixed:alerting.time-intervals:reader`and<br> `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                         | Read notification policies and contact points in Grafana and external providers.                                                                         |
+| Rules Writer: `fixed:alerting.rules:writer`                                              | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*`                                                                     | Create, update, and delete all alert rules and manage rule-specific silences.                                                                            |
+| Rules Reader: `fixed:alerting.rules:reader`                                              | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list`                                                                                                                              | Read all alert rules and rule-specific silences in Grafana and external providers.                                                                       |
+| Full access: `fixed:alerting:writer`                                                     | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer`                                                                                                                                                                                                               | Add, update, and delete alert rules, silences, contact points, and notification policies in Grafana and external providers.                              |
+| Full read-only access: `fixed:alerting:reader`                                           | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                                                                                               | Read alert rules, alert instances, silences, contact points, and notification policies in Grafana and external providers.                                |
+| Read via Provisioning API + Export Secrets: `fixed:alerting.provisioning.secrets:reader` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                                                                                                 | Read alert rules, alert instances, silences, contact points, and notification policies using the provisioning API and use export with decrypted secrets. |
+| Access to alert rules provisioning API: `fixed:alerting.provisioning:writer`             | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                                                                                        | Manage all alert rules, notification policies, contact points, templates, in the organization using the provisioning API.                                |
+| Set provisioning status: `fixed:alerting.provisioning.status:writer`                     | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                                                                                           | Set provisioning rules for Alerting resources. Should be used together with other regular roles (Notifications Writer and/or Rules Writer.)              |

 If you have enabled the `alertingApiServer` feature toggle, an additional set of fixed roles is available.

@@ -68,6 +68,8 @@ If you have enabled the `alertingApiServer` feature toggle, an additional set of
 | Templates Writer: `fixed:alerting.templates:writer`           | `alert.notifications.templates:read`, `alert.notifications.templates:write`, `alert.notifications.templates:delete`                                                                         | Create new and manage existing notification templates.                                                  |
 | Time Intervals Reader: `fixed:alerting.time-intervals:reader` | `alert.notifications.time-intervals:read`                                                                                                                                                   | Read all time intervals.                                                                                |
 | Time Intervals Writer: `fixed:alerting.time-intervals:writer` | `alert.notifications.time-intervals:read`, `alert.notifications.time-intervals:write`, `alert.notifications.time-intervals:delete`                                                          | Create new and manage existing time intervals.                                                          |
+| Notification Policies Reader: `fixed:alerting.routes:reader`  | `alert.notifications.routes:read`                                                                                                                                                           | Read all time intervals.                                                                                |
+| Notification Policies Writer: `fixed:alerting.routes:writer`  | `alert.notifications.routes:read` `alert.notifications.routes:write`                                                                                                                        | Create new and manage existing time intervals.                                                          |

 ## Create custom roles

@@ -69,9 +69,9 @@ refs:
      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/set-up/provision-alerting-resources/http-api-provisioning/#span-idroute-get-alert-rule-exportspan-export-an-alert-rule-in-provisioning-file-format-_routegetalertruleexport_
  alerting_http_templates:
    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/set-up/provision-alerting-resources/http-api-provisioning/#templates
+      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/set-up/provision-alerting-resources/http-api-provisioning/#notification-template-groups
    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/set-up/provision-alerting-resources/http-api-provisioning/#templates
+      destination: /docs/grafana-cloud/alerting-and-irm/alerting/set-up/provision-alerting-resources/http-api-provisioning/#notification-template-groups
  alerting_http_contactpoints:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/set-up/provision-alerting-resources/http-api-provisioning/#contact-points
@@ -165,15 +165,15 @@ To export contact points from the Grafana UI, complete the following steps.

 1. Click **Copy Code** or **Download**.

-### Export templates
+### Export notification template groups

-Grafana currently doesn't offer an Export UI or [Export endpoint](#export-api-endpoints) for notification templates, unlike other Alerting resources presented in this documentation.
+Grafana currently doesn't offer an Export UI or [Export endpoint](#export-api-endpoints) for notification template groups, unlike other Alerting resources presented in this documentation.

-However, you can export it by manually copying the content template and title directly from the Grafana UI.
+However, you can export it by manually copying the content and name of the notification template group from the Grafana UI.

 1. Click **Alerts & IRM** -> **Contact points** -> **Notification templates** tab.
-1. Find the template you want to export.
-1. Copy the content and title.
+1. Find the notification template group you want to export.
+1. Copy the content and name.
 1. Adjust it for the [file provisioning format](ref:alerting_file_provisioning_template) or [Terraform resource](ref:alerting_tf_provisioning_template).

 ### Export the notification policy tree
@@ -217,8 +217,8 @@ You can use the [Alerting HTTP API](ref:alerting_http_provisioning) to return ex
 | [Alert rules](ref:alerting_http_alertrules)                        | /api/v1/provisioning/alert-rules    |
 | [Contact points](ref:alerting_http_contactpoints)                  | /api/v1/provisioning/contact-points |
 | [Notification policy tree](ref:alerting_http_notificationpolicies) | /api/v1/provisioning/policies       |
+| [Notification template groups](ref:alerting_http_templates)        | /api/v1/provisioning/templates      |
 | [Mute timings](ref:alerting_http_mutetimings)                      | /api/v1/provisioning/mute-timings   |
-| [Templates](ref:alerting_http_templates)                           | /api/v1/provisioning/templates      |

 However, note the standard endpoints return a JSON format that is not compatible for provisioning through configuration files or Terraform, except the `/export` endpoints listed below.

@@ -46,9 +46,9 @@ refs:
      destination: /docs/grafana/<GRAFANA_VERSION>/administration/provisioning/
  export_templates:
    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/set-up/provision-alerting-resources/export-alerting-resources/#export-templates
+      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/set-up/provision-alerting-resources/export-alerting-resources/#export-notification-template-groups
    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/alerting-and-irm/alerting/set-up/provision-alerting-resources/export-alerting-resources/#export-templates
+      destination: /docs/grafana-cloud/alerting-and-irm/alerting/set-up/provision-alerting-resources/export-alerting-resources/#export-notification-template-groups
 ---

 # Use configuration files to provision alerting resources
@@ -270,8 +270,8 @@ settings:
  url: https://discord/webhook
  # <string>
  avatar_url: https://my_avatar
-  # <string>
-  use_discord_username: Grafana
+  # <bool>
+  use_discord_username: false
  # <string>
  message: |
    {{ template "default.message" . }}
@@ -616,6 +616,16 @@ settings:
  authorization_credentials: abc123
  # <string>
  maxAlerts: '10'
+  # <map>
+  tlsConfig:
+    # <bool>
+    insecureSkipVerify: false
+    # <string>
+    clientCertificate: certificate in PEM format
+    # <string>
+    clientKey: key in PEM format
+    # <string>
+    caCertificate: CA certificate in PEM format
 ```

 {{< /collapse >}}
@@ -639,19 +649,19 @@ settings:

 {{< /collapse >}}

-## Import templates
+## Import notification template groups

-Create or delete templates using provisioning files in your Grafana instance(s).
+Create or delete notification template groups using provisioning files in your Grafana instance(s).

-1. Find the notification template in Grafana.
-1. [Export](ref:export_templates) a template by copying the template content and title.
+1. Find the notification template group in Grafana.
+1. [Export](ref:export_templates) a template group by copying the template content and name.
 1. Copy the contents into a YAML or JSON configuration file and add it to the `provisioning/alerting` directory of the Grafana instance you want to import the alerting resources to.

   Example configuration files can be found below.

 1. Restart your Grafana instance (or reload the provisioned files using the Admin API).

-Here is an example of a configuration file for creating templates.
+Here is an example of a configuration file for creating notification template groups.

 ```yaml
 # config file version
@@ -661,16 +671,16 @@ apiVersion: 1
 templates:
  # <int> organization ID, default = 1
  - orgId: 1
-    # <string, required> name of the template, must be unique
+    # <string, required> name of the template group, must be unique
    name: my_first_template
-    # <string, required> content of the template
+    # <string, required> content of the template group
    template: |
      {{ define "my_first_template" }}
        Custom notification message
      {{ end }}
 ```

-Here is an example of a configuration file for deleting templates.
+Here is an example of a configuration file for deleting notification template groups.

 ```yaml
 # config file version
@@ -680,7 +690,7 @@ apiVersion: 1
 deleteTemplates:
  # <int> organization ID, default = 1
  - orgId: 1
-    # <string, required> name of the template, must be unique
+    # <string, required> name of the template group, must be unique
    name: my_first_template
 ```

@@ -853,8 +863,8 @@ In alerting resources, most properties support template variable interpolation,
 - Alert rule query model: `groups[].rules[].data.model`
 - Mute timings name: `muteTimes[].name`
 - Mute timings time intervals: `muteTimes[].time_intervals[]`
- Notification template name: `templates[].name`
- Notification template content: `templates[].template`
+- Notification template group name: `templates[].name`
+- Notification template group content: `templates[].template`

 Note for properties that support interpolation, you may unexpectedly substitute template variables when not intended. To avoid this, you can escape the `$variable` with `$$variable`.

@@ -272,19 +272,19 @@ In this section, we'll create Terraform configurations for each alerting resourc

 1. Continue to add more Grafana resources or [use the Terraform CLI for provisioning](#provision-grafana-resources-with-terraform).

-### Add and enable templates
+### Add and enable notification templates

 [Notification templates](ref:notification-template) allow customization of alert notifications across multiple contact points.

-1. Create or find the notification template you want to import in Grafana. Alternatively, consider writing the resource in code as demonstrated in the example below.
+1. Create or find the notification template group you want to import in Grafana. Alternatively, consider writing the resource in code as demonstrated in the example below.

-1. [Export](ref:alerting_export) the template as [`grafana_message_template` Terraform resource](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/message_template).
+1. [Export](ref:alerting_export) the notification template group as [`grafana_message_template` Terraform resource](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/message_template).

-   This example is a simple demo template defined as `custom_email.message`.
+   This example creates a notification template group named `custom_emails` that defines a `custom_email.message` template.

   ```terraform
    resource "grafana_message_template" "<terraform_message_template_name>" {
-        name = "custom_email.message"
+        name = "custom_emails"

        template = <<EOT
    {{ define "custom_email.message" }}
@@ -294,6 +294,8 @@ In this section, we'll create Terraform configurations for each alerting resourc
    }
   ```

+   This enables contact points to use the notification templates (`{{ define "<NAME>"}}`) within the notification template group.
+
 1. In the previous contact point, enable the template by setting the `email.message` property as follows.

   ```terraform
@@ -384,9 +386,9 @@ resource "grafana_contact_point" "my_contact_point" {
  disable_provenance = true
 }

-resource "grafana_message_template" "my_template" {
-  name     = "My Reusable Template"
-  template = "{{define \"My Reusable Template\" }}\n template content\n{{ end }}"
+resource "grafana_message_template" "custom_notification_template_group" {
+  name     = "custom_notification_template_group"
+  template = "{{define \"template1\" }}Say{{ end }}{{define \"template2\" }}Hi!{{ end }}"

  disable_provenance = true
 }
@@ -118,7 +118,7 @@ Ensure you have a public dashboard footer logo or footer text set if you don't w

 #### Learn more

-[Configure custom branding documentation](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/configure-custom-branding/#custom-branding-for-public-dashboards) for public dashboards
+[Configure custom branding documentation](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/configure-custom-branding/#custom-branding-for-shared-dashboards) for public dashboards

 ### Subfolders cause very rare issues with folders that have forward slashes in their names

@@ -31,17 +31,17 @@ cards:
      href: ./variables/
      description: Add variables to metric queries and panel titles to create interactive and dynamic dashboards.
      height: 24
-    - title: Public dashboards
-      href: ./dashboard-public/
-      description: Make your Grafana dashboards public and share them with anyone without requiring access to your Grafana organization.
-      height: 24
    - title: Reporting
      href: ./create-reports/
      description: Automatically generate and share PDF reports from your Grafana dashboards.
      height: 24
    - title: Sharing
      href: ./share-dashboards-panels/
-      description: Share Grafana dashboards and panels within your organization using links, snapshots, and JSON exports.
+      description: Share Grafana dashboards and panels using links, snapshots, embeds, and exports.
+      height: 24
+    - title: Shared dashboards
+      href: ./share-dashboards-panels/shared-dashboards/
+      description: Share your dashboards with anyone without requiring access to your Grafana organization.
      height: 24
 refs:
  panels:
@@ -34,7 +34,7 @@ refs:
      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/export-logs/
    - pattern: /docs/grafana-cloud/
      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/export-logs/
-  enabled:
+  dashboard-sharing:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#public_dashboards
    - pattern: /docs/grafana-cloud/
@@ -79,7 +79,7 @@ For every dashboard and data source, you can access usage information.

 To see dashboard usage information, click the dashboard insights icon in the header.

-{{< figure src="/media/docs/grafana/dashboards/screenshot-dashboard-insights-11.2.png" alt="Dashboard insights icon" >}}
+![Dashboard insights icon](/media/docs/grafana/dashboards/screenshot-dashboard-insights-icon-11.2.png)

 Dashboard insights show the following information:

@@ -88,7 +88,7 @@ Dashboard insights show the following information:

 {{< figure src="/static/img/docs/enterprise/dashboard_insights_stats.png" max-width="400px" class="docs-image--no-shadow" alt="Stats tab" >}}{{< figure src="/static/img/docs/enterprise/dashboard_insights_users.png" max-width="400px" class="docs-image--no-shadow" alt="Users and activity tab" >}}

-If public dashboards are [enabled](ref:enabled), you'll also see a **Public dashboards** tab in your analytics.
+If [dashboard sharing](ref:dashboard-sharing) is enabled, you'll also see a **Shared dashboards** tab in your analytics.

 ### Data source insights

@@ -70,7 +70,6 @@ Watch the following video for a quick tutorial on creating annotations:

 To add an annotation, complete the following steps:

-1. If you've just saved a dashboard, refresh the page.
 1. Click **Edit** in the top-right corner of the dashboard.
 1. Click the panel to which you're adding the annotation.

@@ -86,7 +85,6 @@ Alternatively, to add an annotation, press Ctrl/Cmd and click the panel, and the

 ### Add a region annotation

-1. If you've just saved a dashboard, refresh the page.
 1. Click **Edit** in the top-right corner of the dashboard.
 1. Press Ctrl/Cmd and click and drag on the panel.
   ![Add annotation popover](/static/img/docs/time-series-panel/time-series-annotations-add-region-annotation.gif)
@@ -190,7 +188,7 @@ Following are some query options specific to the built-in annotation query.

 You can create new queries to fetch annotations from the built-in annotation query using the `-- Grafana --` data source by setting _Filter by_ to `Tags`.

-Grafana v8.1 and later versions also support typeahead of existing tags, provide at least one tag.
+Grafana also supports typeahead of existing tags, provide at least one tag.

 For example, create an annotation query name `outages` and specify a tag `outage`. This query will show all annotations (from any dashboard or via API) with the `outage` tag. If multiple tags are defined in an annotation query, then Grafana will only show annotations matching all the tags. To modify the behavior, enable `Match any`, and Grafana will show annotations that contain any one of the tags you provided.

@@ -52,9 +52,9 @@ refs:
      destination: /docs/grafana-cloud/connect-externally-hosted/data-sources/
  add-a-data-source:
    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/#add-a-data-source
+      destination: /docs/grafana/<GRAFANA_VERSION>/administration/data-source-management/#add-a-data-source
    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/#add-a-data-source
+      destination: /docs/grafana/<GRAFANA_VERSION>/administration/data-source-management/#add-a-data-source
  about-users-and-permissions:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/
@@ -148,7 +148,7 @@ Each panel can have its own set of links that are shown in the upper left of the

 Click the icon next to the panel title to see available panel links.

-{{< figure src="/media/docs/grafana/screenshot-panel-links.png" width="200px" alt="List of panel links displayed" >}}
+{{< figure src="/media/docs/grafana/dashboards/screenshot-panel-links-v11.3.png" max-width="550px" alt="List of panel links displayed" >}}

 ### Add a panel link

@@ -37,15 +37,20 @@ You can control permissions for library panels using [role-based access control

 ## Create a library panel

-When you create a library panel, the panel on the source dashboard is converted to a library panel as well. You need to save the original dashboard once a panel is converted.
+Library panels can be reused in different dashboards throughout Grafana. When you create a library panel, the panel on the source dashboard is converted to a library panel as well. You need to save the original dashboard once a panel is converted.

-1. Click **Edit** in the top-right corner of the dashboard.
-1. On the panel you want to update, hover over any part of the panel to display the menu icon on the top-right corner.
-1. Click the menu icon and select **More > Create library panel**.
-1. In **Library panel name**, enter the name.
-1. In **Save in folder**, select the folder to save the library panel.
-1. Click **Create library panel**.
-1. Click **Save dashboard** and **Exit edit**.
+To create a library panel, follow these steps:
+
+1. In the top-right corner of the dashboard, click **Edit**.
+1. Hover over any part of the panel you want to share to display the actions menu on the top right corner.
+1. Click **More > New library panel**.
+1. In the **Library panel name** field, enter the name.
+1. In the **Save in folder** drop-down list, select the folder in which to save the library panel. By default, the root level is selected.
+1. Click **Create library panel** to save your changes.
+1. Click **Save dashboard**.
+1. (Optional) Enter a description of the changes you've made.
+1. Click **Save**.
+1. Click **Exit edit**.

 Once created, you can modify the library panel using any dashboard on which it appears. After you save the changes, all instances of the library panel reflect these modifications.

@@ -53,11 +58,13 @@ Once created, you can modify the library panel using any dashboard on which it a

 Add a Grafana library panel to a dashboard when you want to provide visualizations to other dashboard users.

+To add a library panel, follow these steps:
+
 1. Click **Dashboards** in the main menu.
-1. Click **New** and select **New Dashboard** in the dropdown.
+1. Click **New** and select **New Dashboard** in the drop-down list.
 1. On the empty dashboard, click **+ Add library panel**.

-   You'll see a list of your library panels.
+   The **Add panel from panel library** drawer opens.

 1. Filter the list or search to find the panel you want to add.
 1. Click a panel to add it to the dashboard.
@@ -69,6 +76,8 @@ Add a Grafana library panel to a dashboard when you want to provide visualizatio

 Unlink a library panel when you want to make a change to the panel and not affect other instances of the library panel.

+To unlink a library panel, follow these steps:
+
 1. Click **Dashboards** in the main menu.
 1. Click **Library panels**.
 1. Select a library panel that is being used in dashboards.
@@ -107,8 +116,9 @@ Alternatively, if you know where the library panel that you want to replace is b

 You can view a list of available library panels and see where those panels are being used.

-1. Click **Dashboards** in the main menu.
-1. Click **Library panels**.
+To view and manage library panels, follow these steps:
+
+1. Click **Dashboards > Library panels** in the main menu.

   You can see a list of previously defined library panels.
   {{< figure src="/media/docs/grafana/panels-visualizations/screenshot-library-panel-list-9-5.png" class="docs-image--no-shadow" max-width= "900px" alt="Library panels page with list of library panels" >}}
@@ -123,8 +133,8 @@ You can view a list of available library panels and see where those panels are b

 ## Delete a library panel

-Delete a library panel when you no longer need it.
+To delete a library panel that you no longer need, follow these steps:

-1. Click **Dashboards** in the main menu.
-1. Click **Library panels**.
+1. Click **Dashboards > Library panels** in the main menu.
 1. Click the delete icon next to the library panel name.
+1. Click **Delete**.
@@ -24,7 +24,7 @@ A _playlist_ is a list of dashboards that are displayed in a sequence. You might

 Grafana automatically scales dashboards to any resolution, which makes them perfect for big screens.

-You can access the Playlist feature from Grafana's side menu, in the Dashboards submenu.
+You can access the **Playlist** feature from Grafana's side menu, in the Dashboards submenu.

 {{< admonition type="note" >}}
 You must have at least Editor role permissions to create and manage playlists.
@@ -41,12 +41,12 @@ Use the information in this section to access playlists. Start and control the d

 ### Start a playlist

-You can start a playlist in six different view modes. View modes determine how the menus and navigation bar appear on the dashboards as well as how panels are sized.
+You can start a playlist in four different view modes. View modes determine how the menus and navigation bar appear on the dashboards as well as how panels are sized.

 1. Click **Dashboards** in the main menu.
 1. Click **Playlists**.
 1. Find the desired playlist and click **Start playlist**.
-1. In the dialog box that opens, select one of the [six playlist modes](#playlist-modes) available.
+1. In the dialog box that opens, select one of the [four playlist modes](#playlist-modes) available.
 1. Disable any dashboard controls that you don't want displayed while the list plays; these controls are enabled and visible by default. Select from:

   - **Time and refresh**
@@ -55,31 +55,28 @@ You can start a playlist in six different view modes. View modes determine how t

 1. Click **Start \<playlist name\>**.

-The playlist displays each dashboard for the time specified in the **Interval** field, set when creating or editing a playlist. After a playlist starts, you can [control](#control-a-playlist) it using the navbar at the top of your screen.
+The playlist displays each dashboard for the time specified in the **Interval** field, set when creating or editing a playlist. After a playlist starts, you can [start or stop it](#control-a-playlist) it using the controls at the top of your screen.

 ### Playlist modes

-| Mode                               | Description                                                                                                                                                                                                                                                                                                                                                                                                                          |
-| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Normal mode                        | <ul><li>The side menu remains visible.</li></ul><ul><li>The navbar and dashboard controls appear at the top of the screen.</li></ul>                                                                                                                                                                                                                                                                                                 |
-| Normal mode (with auto fit panels) | <ul><li>The side menu remains visible.</li></ul><ul><li>The navbar and dashboard controls appear at the top of the screen.</li></ul><ul><li>Dashboard panels automatically adjust to optimize space on screen.</li></ul>                                                                                                                                                                                                             |
-| TV mode                            | <ul><li>The side menu is hidden or removed.</li></ul><ul><li>The navbar and dashboard controls appear at the top of the screen.</li></ul><ul><li>Enabled automatically after one minute of user inactivity.</li></ul><ul><li>Enable it manually using the `d v` sequence shortcut, or by appending the parameter `?inactive` to the dashboard URL.</li></ul><ul><li>Disable it with any mouse movement or keyboard action.</li></ul> |
-| TV mode (with auto fit panels)     | <ul><li>The side menu is hidden or removed.</li></ul><ul><li>The navbar and dashboard controls appear at the top of the screen.</li></ul><ul><li>Dashboard panels automatically adjust to optimize space on screen.</li></ul><ul>                                                                                                                                                                                                    |
-| Kiosk mode                         | <ul><li>The side menu is hidden or removed.</li></ul><ul><li>The navbar and dashboard controls appear at the top of the screen.</li></ul><ul><li>You can disable or enable it manually using the `d v` sequence shortcut after the playlist has started.</li></ul>                                                                                                                                                                   |
-| Kiosk mode (with auto fit panels)  | <ul><li>The side menu is hidden or removed.</li></ul><ul><li>The navbar and dashboard controls appear at the top of the screen.</li></ul><ul><li>You can disable or enable it manually using the `d v` sequence shortcut after the playlist has started.</li></ul><ul><li>Dashboard panels automatically adjust to optimize space on screen.</li></ul>                                                                               |
+<!-- prettier-ignore-start -->

-### Control a playlist
+| Mode                               | Description                                                                          |
+| ---------------------------------- | ------------------------------------------------------------------------------------ |
+| Normal mode                        | <ul><li>The main menu and navbar remain visible.</li><li>Dashboard controls are hidden.</li><li>Playlist controls are displayed at the top of the screen.<li><ul> |
+| Normal mode (with auto fit panels) | <ul><li>The main menu and navbar remain visible.</li><li>Dashboard controls are hidden.</li><li>Playlist controls are displayed at the top of the screen.</li><li>Dashboard panels automatically adjust to optimize space on screen.</li></ul> |
+| Kiosk mode                         | <ul><li>The main menu, navbar, and dashboard controls are hidden.</li><li>You can disable the playlist manually by pressing the `Esc` key after the playlist has started. Doing so causes the playlist controls to be displayed at the top of the screen briefly.</li></ul> |
+| Kiosk mode (with auto fit panels)  | <ul><<li>The main menu, navbar, and dashboard controls are hidden.</li><li>You can disable the playlist manually by pressing the `Esc` key after the playlist has started. Doing so causes the playlist controls to be displayed at the top of the screen briefly.</li><li>Dashboard panels automatically adjust to optimize space on screen.</li></ul> |

-You can control a playlist in **Normal** or **TV** mode after it's started, using the navigation bar at the top of your screen. Press the Esc key in your keyboard to stop the playlist.
+<!-- prettier-ignore-end -->

-| Button                         | Result                                                                                                                                          |
-| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| Next (double-right arrow)      | Advances to the next dashboard.                                                                                                                 |
-| Back (left arrow)              | Returns to the previous dashboard.                                                                                                              |
-| Stop (square)                  | Ends the playlist, and exits to the current dashboard.                                                                                          |
-| Cycle view mode (monitor icon) | Rotates the display of the dashboards in different view modes.                                                                                  |
-| Time range                     | Displays data within a time range. It can be set to display the last 5 minutes up to 5 years ago, or a custom time range, using the down arrow. |
-| Refresh (circle arrow)         | Reloads the dashboard, to display the current data. It can be set to reload automatically every 5 seconds to 1 day, using the drop-down arrow.  |
+### Playlist controls
+
+You can control a playlist in **Normal** mode after it's started, using the buttons at the top of your screen. Press the `Esc` key to stop the playlist.
+
+- **Next (double-right arrow)** - Advances to the next dashboard.
+- **Back (doublt-left arrow)** - Returns to the previous dashboard.
+- **Stop playlist** - Ends the playlist, and exits to the current dashboard.

 ## Create a playlist

@@ -1,10 +1,10 @@
 ---
 aliases:
-  - ../administration/reports/
-  - ../enterprise/export-pdf/
-  - ../enterprise/reporting/
-  - ../panels/create-reports/
-  - reporting/
+  - ../administration/reports/ # /docs/grafana/latest/administration/reports/
+  - ../enterprise/export-pdf/ # /docs/grafana/latest/enterprise/export-pdf/
+  - ../enterprise/reporting/ # /docs/grafana/latest/enterprise/reporting/
+  - ../panels/create-reports/ # /docs/grafana/latest/panels/create-reports/
+  - reporting/ # /docs/grafana/latest/dashboards/reporting/
 keywords:
  - grafana
  - reporting
@@ -149,7 +149,7 @@ Only organization administrators can create reports by default. You can customiz

 ### Save as draft

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 9.1.0 and later and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 You can save a report as a draft at any point during the report creation or update process. You can save a report as a draft even if it's missing required fields. Also, the report won't be sent according to its schedule while it's a draft.

@@ -165,7 +165,7 @@ The query variables saved with a report might become of date if the results of t

 ### Render a report with panels or rows set to repeat by a variable

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 8.0 and later, and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 You can include dynamic dashboards with panels or rows, set to repeat by a variable, into reports. For detailed information about setting up repeating panels or rows in dashboards, refer to [Repeat panels or rows](ref:repeat-panels-or-rows).

@@ -253,7 +253,7 @@ When you schedule a report with a monthly frequency, and set the start date betw

 #### Send a test email

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 7.0 and later, and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 1. In the report, click **Send test email**.
 1. In the **Email** field, enter the email address or addresses that you want to test, separated by a semicolon.
@@ -264,19 +264,19 @@ The last saved version of the report will be sent to selected emails. You can us

 ### Pause a report

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 8.0 and later, and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 You can pause sending reports from the report list view by clicking the pause icon. The report will not be sent according to its schedule until it is resumed by clicking the resume button on the report row.

 ### Add multiple dashboards to a report

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 9.0 and later, and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 You can add more than one dashboard to a report. Additional dashboards will be rendered as new pages in the same PDF file, or additional images if you chose to embed images in your report email. You cannot add the same dashboard to a report multiple times.

 ### Embed a dashboard as an image into a report

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 9.0 and later, and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 You can send a report email with an image of the dashboard embedded in the email instead of attached as a PDF. In this case, the email recipients can see the dashboard at a glance instead of having to open the PDF.

@@ -284,7 +284,7 @@ You can send a report email with an image of the dashboard embedded in the email

 You can generate and save PDF files of any dashboard.

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 6.7 and later, and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 1. In the dashboard that you want to export as PDF, click the **Share** button.
 1. On the PDF tab, select a layout option for the exported dashboard: **Portrait** or **Landscape**.
@@ -327,21 +327,31 @@ font_regular = DejaVuSansCondensed.ttf
 font_bold = DejaVuSansCondensed-Bold.ttf
 # Name of the TrueType font file with italic style
 font_italic = DejaVuSansCondensed-Oblique.ttf
+# Allowed domains to receive reports. Use * to allow all domains. Use a comma-separated list to allow multiple domains. Example: allowed_domains = grafana.com, example.org
+allowed_domains = *
 ```

 ## Report settings

-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) version 7.2 and later, and [Grafana Cloud](/docs/grafana-cloud/).
+> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud/).

 You can configure organization-wide report settings in the **Settings** under **Dashboards > Reporting**. Settings are applied to all the reports for current organization.

 You can customize the branding options.

-Report branding:
+### Attachment settings
+
+#### PDF

 - **Company logo:** Company logo displayed in the report PDF. It can be configured by specifying a URL, or by uploading a file. The maximum file size is 16 MB. Defaults to the Grafana logo.

-Email branding:
+- **Theme:** Theme of the PDF attached to the report. Defaults to **Light**. The selected theme is also applied to the PDFs generated when you click **Preview PDF** during report creation or select the **Export as PDF** option on a dashboard. If **Current** is selected, the PDF in the report will be in the Admin's instance theme, but the preview and exported PDFs will be in the user's instance theme.
+
+#### Embedded Image
+
+- **Theme:** Theme of the dashboard image embedded in the email. Defaults to **Dark**.
+
+### Email branding

 - **Company logo:** Company logo displayed in the report email. It can be configured by specifying a URL, or by uploading a file. The maximum file size is 16 MB. Defaults to the Grafana logo.
 - **Email footer:** Toggle to enable the report email footer. Select **Sent by** or **None**.
@@ -1,273 +0,0 @@
---
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-title: Public dashboards
-description: Make your Grafana dashboards public and share them with anyone
-weight: 350
-refs:
-  dashboard-sharing:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/share-dashboards-panels/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/visualizations/dashboards/share-dashboards-panels/
-  custom-branding:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/configure-custom-branding/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/configure-custom-branding/
-  dashboard-insights-documentation:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/assess-dashboard-usage/#dashboard-insights
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/visualizations/dashboards/assess-dashboard-usage/
-  caching:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/administration/data-source-management/#query-and-resource-caching
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/administration/data-source-management/#query-and-resource-caching
-  grafana-enterprise:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/
---
-
-# Public dashboards
-
-> **Warning:** Making your dashboard public could result in a large number of queries to the data sources used by your dashboard.
-> This can be mitigated by utilizing the enterprise [caching](ref:caching) and/or rate limiting features.
-
-Public dashboards allow you to share your Grafana dashboard with anyone. This is useful when you want to make your dashboard available to the world without requiring access to your Grafana organization. This differs from [dashboard sharing](ref:dashboard-sharing), which either requires recipients to be users in the same Grafana organization or provides limited information, as with a snapshot.
-
-You can see a list of all your public dashboards in one place by navigating to **Dashboards > Public dashboards**. For each dashboard in the list, the page displays the status, a link to view the dashboard, a link to the public dashboard configuration, and the option to revoke the public URL.
-
-## Security implications of making your dashboard public
-
- Anyone with the URL can access the dashboard.
- Public dashboards are read-only.
- Arbitrary queries **cannot** be run against your data sources through public dashboards. Public dashboards can only execute the
-  queries stored on the original dashboard.
-
-## Make a dashboard public
-
-1. Click **Share** in the top-right corner of the dashboard.
-1. Click the **Public dashboard** tab.
-1. Acknowledge the implications of making the dashboard public by selecting all the checkboxes.
-1. Click **Generate public URL** to make the dashboard public and make your link live.
-1. Copy the public dashboard link if you'd like to share it. You can always come back later for it.
-
-Once you've made the dashboard public, a **Public** tag is displayed in the header of the dashboard.
-
-## Pause access
-
-1. Click **Share** in the top-right corner of the dashboard.
-1. Click the **Public dashboard** tab.
-1. Enable the **Pause sharing dashboard** toggle.
-
-The dashboard is no longer accessible, even with the link, until you make it shareable again.
-
-## Revoke access
-
-1. Click **Share** in the top-right corner of the dashboard.
-1. Click the **Public dashboard** tab.
-1. Click **Revoke public URL** to delete the public dashboard.
-
-The link no longer works. You must create a new public URL, as in [Make a dashboard public](#make-a-dashboard-public).
-
-## Email sharing
-
-{{% admonition type="note" %}}
-
-Available in [private preview](/docs/release-life-cycle/) in [Grafana Cloud](/docs/grafana-cloud). This feature will have a cost by active users after being promoted into general availability.
-
-Please contact support to have the feature enabled.
-
-{{% /admonition %}}
-
-Email sharing allows you to share your public dashboard with only specific people by email, instead of having it accessible to anyone with the URL. When you use email sharing, recipients receive a one-time use link that's valid for **one hour**. Once the link is used, the viewer has access to the public dashboard for **30 days**.
-
-### Invite a viewer
-
-1. Click **Share** in the top-right corner of the dashboard.
-1. Click the **Public dashboard** tab.
-1. Acknowledge the implications of making the dashboard public by selecting all the checkboxes.
-1. Click **Generate public URL** to make the dashboard public and make your link live.
-1. Under Can view dashboard, click **Only specified people**.
-1. Enter the email you want to share the public dashboard with.
-1. Click **Invite**.
-1. The recipient will receive an email with a one-time use link.
-
-### Viewers requesting access
-
-If a viewer without access tries to navigate to the public dashboard, they'll be asked to request access by providing their email. They will receive an email with a new one-time use link if the email they provided has already been invited to view the public dashboard and has not been revoked.
-
-If the viewer doesn't have an invitation or it's been revoked, you won't be notified and no link is sent.
-
-### Revoke access for a viewer
-
-1. Click **Share** in the top-right corner of the dashboard.
-1. Click the **Public dashboard** tab.
-1. Click **Revoke** on the viewer you'd like to revoke access for.
-
-Immediately, the viewer no longer has access to the public dashboard, nor can they use any existing one-time use links they may have.
-
-### Reinvite a viewer
-
-1. Click **Share** in the top-right corner of the dashboard.
-1. Click the **Public dashboard** tab.
-1. Click **Resend** on the viewer you'd like to re-share the public dashboard with.
-
-The viewer will receive an email with a new one-time use link. This will invalidate all previously issued links for that viewer.
-
-### View public dashboard users
-
-To see a list of users who have accessed your dashboard by way of email sharing, take the following steps:
-
-1. In the main sidebar navigation, click **Administration**.
-1. Click **Users**.
-1. Click the **Public dashboard users** tab.
-
-From here, you can see the earliest time a user has been active in a dashboard, which public dashboards they have access to, and their role.
-
-### Access limitations
-
-One-time use links use browser cookies, so when a viewer is granted access through one of these links, they will only have access on the browser they used to claim the link.
-
-A single viewer cannot generate multiple valid one-time use links. When a new one-time use link is issued for a viewer, all previous ones are invalidated.
-
-If a Grafana user has read access to the parent dashboard, they can view the public dashboard without needing to have access granted.
-
-## Assess public dashboard usage
-
-> **Note:** Available in [Grafana Enterprise](ref:grafana-enterprise) and [Grafana Cloud](/docs/grafana-cloud).
-
-You can check usage analytics about your public dashboard by clicking the insights icon in the dashboard header:
-
-{{< figure src="/media/docs/grafana/dashboards/screenshot-dashboard-insights-11.2.png" max-width="400px" class="docs-image--no-shadow" alt="Dashboard insights icon" >}}
-
-Learn more about the kind of information provided in the [dashboard insights documentation](ref:dashboard-insights-documentation).
-
-## Supported data sources
-
-Public dashboards _should_ work with any data source that has the properties `backend` and `alerting` both set to true in its `plugin.json`. However, this can't always be
-guaranteed because plugin developers can override this functionality. The following lists include data sources confirmed to work with public dashboards and data sources that should work, but have not been confirmed as compatible.
-
-### Confirmed:
-
-<table>
-  <tr>
-    <td>
-      <ul>
-        <li>ClickHouse</li>
-        <li>CloudWatch</li>
-        <li>Elasticsearch</li>
-        <li>Infinity</li>
-        <li>InfluxDB</li>
-        <li>Loki</li>
-        <li>Microsoft SQL Server</li>
-      </ul>
-    </td>
-    <td>
-      <ul>
-        <li>MongoDB</li>
-        <li>MySQL</li>
-        <li>Oracle Database</li>
-        <li>PostgreSQL</li>
-        <li>Prometheus</li>
-        <li>Redis</li>
-        <li>SQLite</li>
-      </ul>
-    </td>
-  </tr>
-</table>
-
-### Unsupported:
-
-<table>
-  <tr>
-    <td>
-      <ul>
-        <li>Graphite</li>
-      </ul>
-    </td>
-  </tr>
-</table>
-
-### Unconfirmed:
-
-<table>
-  <tr>
-    <td>
-      <ul>
-        <li>Altinity plugin for ClickHouse</li>
-        <li>Amazon Athena</li>
-        <li>Amazon Redshift</li>
-        <li>Amazon Timestream</li>
-        <li>Apache Cassandra</li>
-        <li>AppDynamics</li>
-        <li>Azure Data Explorer Datasource</li>
-        <li>Azure Monitor</li>
-        <li>CSV</li>
-        <li>DB2 Datasource</li>
-        <li>Databricks</li>
-        <li>Datadog</li>
-        <li>Dataset</li>
-        <li>Druid</li>
-      </ul>
-    </td>
-    <td>
-      <ul>
-        <li>Dynatrace</li>
-        <li>GitHub</li>
-        <li>Google BigQuery</li>
-        <li>Grafana for YNAB</li>
-        <li>Honeycomb</li>
-        <li>Jira</li>
-        <li>Mock</li>
-        <li>Neo4j Datasource</li>
-        <li>New Relic</li>
-        <li>OPC UA (Unified Architecture)</li>
-        <li>Open Distro for Elasticsearch</li>
-        <li>OpenSearch</li>
-        <li>OpenTSDB</li>
-      </ul>
-    </td>
-    <td>
-      <ul>
-        <li>Orbit</li>
-        <li>SAP HANA®</li>
-        <li>Salesforce</li>
-        <li>Sentry</li>
-        <li>ServiceNow</li>
-        <li>Snowflake</li>
-        <li>Splunk</li>
-        <li>Splunk Infrastructure Monitoring</li>
-        <li>Sqlyze data source</li>
-        <li>TDengine</li>
-        <li>Vertica</li>
-        <li>Wavefront</li>
-        <li>X-Ray</li>
-        <li>kdb+</li>
-        <li>simple grpc data source</li>
-      </ul>
-    </td>
-  </tr>
-</table>
-
-## Limitations
-
- Panels that use frontend data sources will fail to fetch data.
- Template variables are not supported.
- Exemplars will be omitted from the panel.
- Only annotations that query the `-- Grafana --` data source are supported.
- Organization annotations are not supported.
- Grafana Live and real-time event streams are not supported.
- Library panels are not supported.
- Data sources using Reverse Proxy functionality are not supported.
-
-## Custom branding
-
-If you're a Grafana Enterprise customer, you can use custom branding to change the appearance of a public dashboard footer. For more information, refer to [Custom branding](ref:custom-branding).
--- a/Show More
+++ b/Show More