[v8.5.x] Security Patch CI: Update to newest pr-patch-check.yml. (#77171)

Adding .github/workflows/create-security-patch-from-security-mirror.yml (#75850)

* Adding .github/workflows/create-security-patch-from-security-mirror.yml

* Added .github/workflows/create-security-patch-from-security-mirror.yml to CODEOWNERS

(cherry picked from commit 6842cc63ec)

.betterer.results

@@ -41,8 +41,8 @@ exports[`no enzyme tests`] = {
     "packages/grafana-ui/src/components/Logs/LogRows.test.tsx:3121815234": [
       [0, 17, 13, "RegExp match", "2409514259"]
     ],
-    "packages/grafana-ui/src/components/QueryField/QueryField.test.tsx:375894800": [
-      [0, 19, 13, "RegExp match", "2409514259"]
+    "packages/grafana-ui/src/components/QueryField/QueryField.test.tsx:2976628669": [
+      [0, 26, 13, "RegExp match", "2409514259"]
     ],
     "packages/grafana-ui/src/components/Slider/Slider.test.tsx:751112695": [
       [0, 17, 13, "RegExp match", "2409514259"]
@@ -56,16 +56,16 @@ exports[`no enzyme tests`] = {
     "packages/grafana-ui/src/components/Typeahead/TypeaheadInfo.test.tsx:3512289373": [
       [0, 17, 13, "RegExp match", "2409514259"]
     ],
-    "packages/grafana-ui/src/slate-plugins/braces.test.tsx:1440546721": [
+    "packages/grafana-ui/src/slate-plugins/braces.test.tsx:1691463920": [
       [0, 19, 13, "RegExp match", "2409514259"]
     ],
-    "packages/grafana-ui/src/slate-plugins/clear.test.tsx:1085648664": [
+    "packages/grafana-ui/src/slate-plugins/clear.test.tsx:3927593033": [
       [0, 19, 13, "RegExp match", "2409514259"]
     ],
-    "packages/grafana-ui/src/slate-plugins/runner.test.tsx:446043290": [
+    "packages/grafana-ui/src/slate-plugins/runner.test.tsx:1123710822": [
       [0, 19, 13, "RegExp match", "2409514259"]
     ],
-    "packages/grafana-ui/src/slate-plugins/suggestions.test.tsx:3654981205": [
+    "packages/grafana-ui/src/slate-plugins/suggestions.test.tsx:2682912140": [
       [0, 18, 13, "RegExp match", "2409514259"]
     ],
     "packages/jaeger-ui-components/src/TracePageHeader/SpanGraph/CanvasSpanGraph.test.js:1974748555": [
@@ -116,7 +116,7 @@ exports[`no enzyme tests`] = {
     "packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/AccordianText.test.js:1966455998": [
       [14, 17, 13, "RegExp match", "2409514259"]
     ],
-    "packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/KeyValuesTable.test.js:3813002651": [
+    "packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/KeyValuesTable.test.js:3568627238": [
       [14, 19, 13, "RegExp match", "2409514259"]
     ],
     "packages/jaeger-ui-components/src/TraceTimelineViewer/SpanDetail/TextList.test.js:3006381933": [
@@ -299,8 +299,8 @@ exports[`no enzyme tests`] = {
     "public/app/plugins/datasource/cloudwatch/components/ConfigEditor.test.tsx:1224072551": [
       [0, 19, 13, "RegExp match", "2409514259"]
     ],
-    "public/app/plugins/datasource/cloudwatch/components/LogsQueryField.test.tsx:2097436158": [
-      [1, 19, 13, "RegExp match", "2409514259"]
+    "public/app/plugins/datasource/cloudwatch/components/LogsQueryField.test.tsx:1501504663": [
+      [2, 19, 13, "RegExp match", "2409514259"]
     ],
     "public/app/plugins/datasource/elasticsearch/configuration/ConfigEditor.test.tsx:3481855642": [
       [0, 26, 13, "RegExp match", "2409514259"]

.bingo/Variables.mk

@@ -21,7 +21,7 @@ DRONE := $(GOBIN)/drone-v1.4.0
 $(DRONE): $(BINGO_DIR)/drone.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
 	@echo "(re)installing $(GOBIN)/drone-v1.4.0"
-	@cd $(BINGO_DIR) && $(GO) build -mod=mod -modfile=drone.mod -o=$(GOBIN)/drone-v1.4.0 "github.com/drone/drone-cli/drone"
+	@cd $(BINGO_DIR) && CGO_ENABLED=0 $(GO) build -mod=mod -modfile=drone.mod -o=$(GOBIN)/drone-v1.4.0 "github.com/drone/drone-cli/drone"
 
 WIRE := $(GOBIN)/wire-v0.5.0
 $(WIRE): $(BINGO_DIR)/wire.mod

.bingo/drone.mod

@@ -1,7 +1,8 @@
 module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
 
-go 1.17
+go 1.19
 
 replace github.com/docker/docker => github.com/docker/engine v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible
 
 require github.com/drone/drone-cli v1.4.0 // drone
+require golang.org/x/sys v0.0.0-20221010170243-090e33056c14 

.bingo/go.mod

@@ -1 +1,3 @@
-module _ // Fake go.mod auto-created by 'bingo' for go -moddir compatibility with non-Go projects. Commit this file, together with other .mod files.
+module _ // Fake go.mod auto-created by 'bingo' for go -moddir compatibility with non-Go projects. Commit this file, together with other .mod files.
+
+go 1.19

.drone.star

@@ -7,7 +7,8 @@
 load('scripts/drone/pipelines/pr.star', 'pr_pipelines')
 load('scripts/drone/pipelines/main.star', 'main_pipelines')
 load('scripts/drone/pipelines/docs.star', 'docs_pipelines')
-load('scripts/drone/pipelines/release.star', 'release_pipelines', 'publish_image_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline')
+load('scripts/drone/pipelines/release.star', 'release_pipelines', 'publish_image_pipelines',
+'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline', 'verify_release_pipeline')
 load('scripts/drone/version.star', 'version_branch_pipelines')
 load('scripts/drone/pipelines/cron.star', 'cronjobs')
 load('scripts/drone/vault.star', 'secrets')
@@ -17,5 +18,5 @@ def main(ctx):
     return pr_pipelines(edition=edition) + main_pipelines(edition=edition) + release_pipelines() + \
         publish_image_pipelines('public') + publish_image_pipelines('security') + \
         publish_artifacts_pipelines('security') + publish_artifacts_pipelines('public') + \
-        publish_npm_pipelines('public') + publish_packages_pipeline() + \
+        publish_npm_pipelines('public') + publish_packages_pipeline() + [verify_release_pipeline()] + \
         version_branch_pipelines() + cronjobs(edition=edition) + secrets()

.github/CODEOWNERS

@@ -25,9 +25,16 @@ go.sum @grafana/backend-platform
 /.bingo @grafana/backend-platform
 
 # Continuous Integration
-.drone.yml @grafana/grafana-release-eng
-.drone.star @grafana/grafana-release-eng
-/scripts/drone/ @grafana/grafana-release-eng
+.drone.yml @grafana/grafana-delivery
+.drone.star @grafana/grafana-delivery
+/scripts/drone/ @grafana/grafana-delivery
+/pkg/build/ @grafana/grafana-delivery
+/.dockerignore @grafana/grafana-delivery
+/Dockerfile @grafana/grafana-delivery
+/Makefile @grafana/grafana-delivery
+/scripts/build/ @grafana/grafana-delivery
+/scripts/list-release-artifacts.sh @grafana/grafana-delivery
+/.github/workflows/create-security-patch-from-security-mirror.yml @grafana/grafana-delivery
 
 # Cloud Datasources backend code
 /pkg/tsdb/cloudwatch @grafana/cloud-datasources
@@ -164,3 +171,4 @@ lerna.json @grafana/frontend-ops
 
 # Cloud middleware
 /grafana-mixin/ @grafana/hosted-grafana-team
+

.github/pr-checks.json

@@ -15,4 +15,4 @@
     "targetUrl": "https://github.com/grafana/grafana/blob/main/contribute/merge-pull-request.md#should-the-pull-request-be-backported",
     "skipLabels": [ "backport", "no-backport"]
   }
-]
+]

.github/renovate.json5

@@ -4,12 +4,10 @@
   ],
   "enabledManagers": ["npm"],
   "ignoreDeps": [
-    "@grafana/slate-react", // should be updated when the `slate` package is updated
     "@types/systemjs",
     "@types/d3-force", // we should bump this once we move to esm modules
     "@types/d3-interpolate", // we should bump this once we move to esm modules
     "@types/d3-scale-chromatic", // we should bump this once we move to esm modules
-    "@types/grafana__slate-react", // should be updated when the `slate` package is updated
     "@types/react-icons", // jaeger-ui-components is being refactored to use @grafana/ui icons instead
     "commander", // we are planning to remove this, so no need to update it
     "d3",
@@ -23,8 +21,6 @@
     "react-hook-form", // due to us exposing these hooks via @grafana/ui form components bumping can break plugins
     "react-icons", // jaeger-ui-components is being refactored to use @grafana/ui icons instead
     "react-router-dom", // we should bump this together with history
-    "slate",
-    "slate-plain-serializer",
     "systemjs",
     "copy-webpack-plugin", // try to upgrade with newer yarn release. Not working with 3.1.1
     "ts-loader", // we should remove ts-loader and use babel-loader instead

.github/workflows/auto-milestone.yml

@@ -0,0 +1,22 @@
+name: Auto-milestone
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+
+      - name: Run auto-milestone
+        uses: grafana/grafana-github-actions-go/auto-milestone@main
+        with:
+          pr: ${{ github.event.pull_request.number }}
+          token: ${{ steps.generate_token.outputs.token }}

.github/workflows/create-security-patch-from-security-mirror.yml

@@ -0,0 +1,28 @@
+# Owned by grafana-delivery-squad
+# Intended to be dropped into the base repo (Ex: grafana/grafana) for use in the security mirror. 
+name: Create security patch
+run-name: create-security-patch
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - "main"
+      - "v*.*.*"
+
+# This is run before the pull request has been merged, so we'll run against the src branch
+jobs:
+  trigger_downstream_create_security_patch:
+    concurrency: create-patch-${{ github.ref_name }}
+    uses: grafana/security-patch-actions/.github/workflows/create-patch.yml@main
+    if: github.repository == 'grafana/grafana-security-mirror' 
+    with:
+      repo: "${{ github.repository }}"
+      src_ref: "${{ github.head_ref }}" # this is the source branch name, Ex: "feature/newthing"
+      patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
+      patch_repo: "grafana/grafana-security-patches"
+      patch_prefix: "${{ github.event.pull_request.number }}"
+    secrets: inherit
+

.github/workflows/detect-breaking-changes-build-skip.yml

@@ -0,0 +1,34 @@
+# Workflow for skipping the Levitate detection
+# (This is needed because workflows that are skipped due to path filtering will show up as pending in Github.
+# As this has the same name as the one in detect-breaking-changes-build.yml it will take over in these cases and succeed quickly.)
+
+name: Levitate / Detect breaking changes
+
+on:
+  pull_request:
+    paths-ignore:
+      - "packages/**"
+    branches:
+      - 'main'
+
+jobs:
+  detect:
+    name: Detect breaking changes
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Skipping
+        run: echo "No modifications in the public API (packages/), skipping."
+
+        # Build and persist output as a JSON (we need to tell the report workflow that the check has been skipped)
+      - name: Persisting the check output
+        run: |
+          mkdir -p ./levitate
+          echo "{ \"shouldSkip\": true }" > ./levitate/result.json
+
+      # Upload artifact (so it can be used in the more privileged "report" workflow)
+      - name: Upload check output as artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: levitate
+          path: levitate/

.github/workflows/detect-breaking-changes-build.yml

@@ -1,6 +1,11 @@
 name: Levitate / Detect breaking changes
 
-on: pull_request
+on: 
+  pull_request:
+    paths:
+      - 'packages/**'
+    branches:
+      - 'main'
 
 jobs:
   buildPR:
@@ -15,6 +20,10 @@ jobs:
       with: 
         path: './pr'
 
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
     - name: Get yarn cache directory path
       id: yarn-cache-dir-path
       run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
@@ -56,6 +65,10 @@ jobs:
         path: './base'
         ref: ${{ github.event.pull_request.base.ref }}
 
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
     - name: Get yarn cache directory path
       id: yarn-cache-dir-path
       run: echo "::set-output name=dir::$(yarn config get cacheFolder)"

.github/workflows/pr-patch-check.yml

@@ -0,0 +1,26 @@
+# Owned by grafana-delivery-squad
+# Intended to be dropped into the base repo Ex: grafana/grafana
+name: Check for patch conflicts
+run-name: check-patch-conflicts-${{ github.base_ref }}-${{ github.head_ref }}
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - "main"
+      - "v*.*.*"
+      - "release-*"
+
+# Since this is run on a pull request, we want to apply the patches intended for the
+# target branch onto the source branch, to verify compatibility before merging.
+jobs:
+  trigger_downstream_patch_check:
+    uses: grafana/security-patch-actions/.github/workflows/test-patches.yml@main
+    with:
+      src_repo: "${{ github.repository }}"
+      src_ref: "${{ github.head_ref }}" # this is the source branch name, Ex: "feature/newthing"
+      patch_repo: "${{ github.repository }}-security-patches"
+      patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
+    secrets: inherit

.github/workflows/publish-technical-documentation-next.yml

@@ -0,0 +1,38 @@
+name: "publish-technical-documentation-next"
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "docs/sources/**"
+  workflow_dispatch:
+jobs:
+  sync:
+    if: "github.repository == 'grafana/grafana'"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout Grafana repo"
+        uses: "actions/checkout@v3"
+
+      - name: "Clone website-sync Action"
+        # WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
+        # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
+        # GitHub administrator to update the organization secret.
+        # The IT helpdesk can update the organization secret.
+        run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"
+
+      - name: "Publish to website repository (next)"
+        uses: "./.github/actions/website-sync"
+        id: "publish-next"
+        with:
+          repository: "grafana/website"
+          branch: "master"
+          host: "github.com"
+          # PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
+          # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
+          # GitHub administrator to update the organization secret.
+          # The IT helpdesk can update the organization secret.
+          github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
+          source_folder: "docs/sources"
+          target_folder: "content/docs/grafana/next"

.github/workflows/publish-technical-documentation-release.yml

@@ -0,0 +1,89 @@
+name: "publish-technical-documentation-release"
+
+on:
+  push:
+    branches:
+      - v[0-9]+.[0-9]+.x
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+    paths:
+      - "docs/sources/**"
+  workflow_dispatch:
+jobs:
+  sync:
+    if: "github.repository == 'grafana/grafana'"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Checkout Grafana repo"
+        uses: "actions/checkout@v3"
+        with:
+          fetch-depth: 0
+
+      - name: "Checkout Actions library"
+        uses: "actions/checkout@v3"
+        with:
+          repository: "grafana/grafana-github-actions"
+          path: "./actions"
+
+      - name: "Install Actions from library"
+        run: "npm install --production --prefix ./actions"
+
+      - name: "Determine if there is a matching release tag"
+        id: "has-matching-release-tag"
+        uses: "./actions/has-matching-release-tag"
+        with:
+          ref_name: "${{ github.ref_name }}"
+          release_tag_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
+          release_branch_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.x$"
+
+      - name: "Generate packages_api docs"
+        uses: "actions/setup-node@v3.2.0"
+        id: "generate-packages_api-docs"
+        with:
+          node-version-file: ".nvmrc"
+
+      - name: "Get yarn cache directory path"
+        id: "yarn-cache-dir-path"
+        run: "echo ::set-output name=dir::$(yarn config get cacheFolder)"
+
+      - uses: "actions/cache@v2.1.7"
+        with:
+          path: "${{ steps.yarn-cache-dir-path.outputs.dir }}"
+          key: "yarn-${{ hashFiles('**/yarn.lock') }}"
+          restore-keys: |
+              yarn-
+
+      - run: "yarn install --immutable"
+
+      - run: "./scripts/ci-reference-docs-build.sh"
+
+      - name: "Determine technical documentation version"
+        if: "steps.has-matching-release-tag.outputs.bool == 'true'"
+        uses: "./actions/docs-target"
+        id: "target"
+        with:
+          ref_name: "${{ github.ref_name }}"
+
+      - name: "Clone website-sync Action"
+        if: "steps.has-matching-release-tag.outputs.bool == 'true'"
+        # WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
+        # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
+        # GitHub administrator to update the organization secret.
+        # The IT helpdesk can update the organization secret.
+        run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"
+
+      - name: "Publish to website repository (release)"
+        if: "steps.has-matching-release-tag.outputs.bool == 'true'"
+        uses: "./.github/actions/website-sync"
+        id: "publish-release"
+        with:
+          repository: "grafana/website"
+          branch: "master"
+          host: "github.com"
+          # PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
+          # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
+          # GitHub administrator to update the organization secret.
+          # The IT helpdesk can update the organization secret.
+          github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
+          source_folder: "docs/sources"
+          target_folder: "content/docs/grafana/${{ steps.target.outputs.target }}"

.github/workflows/publish.yml

@@ -1,49 +0,0 @@
-name: publish_docs
-
-on:
-  push:
-    branches:
-    - v8.5.x
-    paths:
-    - 'docs/sources/**'
-    - 'packages/grafana-*/**'
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v1
-    - run: git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.GH_BOT_ACCESS_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync
-    - name: generate-packages-docs
-      uses: actions/setup-node@v2.5.1
-      id: generate-docs
-      with:
-        node-version: '16'
-    - name: Get yarn cache directory path
-      id: yarn-cache-dir-path
-      run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
-    - uses: actions/cache@v2.1.7
-      with:
-        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-        key: yarn-${{ hashFiles('**/yarn.lock') }}
-        restore-keys: |
-            yarn-
-    - run: yarn install --immutable
-    - run: ./scripts/ci-reference-docs-build.sh
-    - name: publish-to-git
-      uses: ./.github/actions/website-sync
-      id: publish
-      with:
-        repository: grafana/website
-        branch: master
-        host: github.com
-        github_pat: '${{ secrets.GH_BOT_ACCESS_TOKEN }}'
-        source_folder: docs/sources
-        target_folder: content/docs/grafana/latest
-        allow_no_changes: 'true'
-    - shell: bash
-      run: |
-        test -n "${{ steps.publish.outputs.commit_hash }}"
-        test -n "${{ steps.publish.outputs.working_directory }}"

.github/workflows/sync-mirror.yml

@@ -0,0 +1,25 @@
+# Owned by grafana-delivery-squad
+# Intended to be dropped into the base repo, Ex: grafana/grafana
+name: Sync to mirror
+run-name: sync-to-mirror-${{ github.ref_name }}
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "v*.*.*"
+      - "release-*"
+
+# This is run after the pull request has been merged, so we'll run against the target branch
+jobs:
+  trigger_downstream_patch_mirror:
+    concurrency: patch-mirror-${{ github.ref_name }}
+    uses: grafana/security-patch-actions/.github/workflows/mirror-branch-and-apply-patches.yml@main
+    if: github.repository == 'grafana/grafana'
+    with:
+      ref: "${{ github.ref_name }}" # this is the target branch name, Ex: "main"
+      src_repo: "${{ github.repository }}"
+      dest_repo: "${{ github.repository }}-security-mirror"
+      patch_repo: "${{ github.repository }}-security-patches"
+    secrets: inherit
+

.gitignore

@@ -59,6 +59,7 @@ public/css/*.min.css
 *.sublime-workspace
 *.swp
 .idea/
+.fleet/
 *.iml
 *.tmp
 .DS_Store
@@ -117,6 +118,7 @@ debug.test
 
 /scripts/build/release_publisher/release_publisher
 *.patch
+!.yarn/patches/*.patch
 
 # Ignoring frontend packages specifics
 /packages/**/dist
@@ -165,3 +167,5 @@ public/locales/**/*.js
 
 deployment_tools_config.json
 
+# Temporary file for backporting PRs
+.pr-body.txt

.yarnrc.yml

@@ -3,40 +3,37 @@ enableTelemetry: false
 nodeLinker: pnp
 
 packageExtensions:
-  "@grafana/slate-react@0.22.10-grafana":
-    peerDependencies:
-      slate-react: ">=0.22.0"
-  "@mdx-js/loader@1.6.22":
+  '@mdx-js/loader@1.6.22':
     peerDependencies:
       react: 17.0.1
-  "@storybook/addon-docs@6.4.15":
+  '@storybook/addon-docs@6.4.15':
     peerDependencies:
-      "@storybook/manager-webpack5": 6.4.15
-  "@storybook/addon-essentials@6.4.15":
+      '@storybook/manager-webpack5': 6.4.15
+  '@storybook/addon-essentials@6.4.15':
     peerDependencies:
-      "@storybook/components": 6.4.15
-      "@storybook/core-events": 6.4.15
-      "@storybook/manager-webpack5": 6.4.15
-      "@storybook/theming": 6.4.15
-  "@storybook/core-server@6.4.15":
+      '@storybook/components': 6.4.15
+      '@storybook/core-events': 6.4.15
+      '@storybook/manager-webpack5': 6.4.15
+      '@storybook/theming': 6.4.15
+  '@storybook/core-server@6.4.15':
     peerDependencies:
-      "@babel/core": ^7.0.0
-  "@storybook/core@6.4.15":
+      '@babel/core': ^7.0.0
+  '@storybook/core@6.4.15':
     peerDependencies:
-      "@babel/core": ^7.0.0
-      "@storybook/manager-webpack5": 6.4.15
-  "@storybook/csf-tools@6.4.15":
+      '@babel/core': ^7.0.0
+      '@storybook/manager-webpack5': 6.4.15
+  '@storybook/csf-tools@6.4.15':
     peerDependencies:
-      "@babel/core": ^7.0.0
-  "@storybook/react@6.4.15":
+      '@babel/core': ^7.0.0
+  '@storybook/react@6.4.15':
     peerDependencies:
-      "@storybook/manager-webpack5": 6.4.15
+      '@storybook/manager-webpack5': 6.4.15
   doctrine@3.0.0:
     dependencies:
       assert: 2.0.0
   moveable@0.28.0:
     dependencies:
-      "@daybrush/utils": 1.6.0
+      '@daybrush/utils': 1.6.0
       framework-utils: ^1.1.0
   rc-time-picker@3.7.3:
     peerDependencies:
@@ -51,9 +48,9 @@ packageExtensions:
       react-simple-compat: 1.2.1
   react-compat-moveable@0.16.0:
     dependencies:
-      "@egjs/agent": ^2.2.1
-      "@egjs/children-differ": ^1.0.1
-      "@scena/matrix": 1.1.1
+      '@egjs/agent': ^2.2.1
+      '@egjs/children-differ': ^1.0.1
+      '@scena/matrix': 1.1.1
       css-to-mat: ^1.0.3
       gesto: ^1.7.0
       overlap-area: ^1.0.0
@@ -65,17 +62,17 @@ packageExtensions:
       webpack: 4.41.5
   react-icons@2.2.7:
     peerDependencies:
-      prop-types: "*"
+      prop-types: '*'
   react-resizable@3.0.4:
     peerDependencies:
       react-dom: 17.0.1
 
 plugins:
   - path: .yarn/plugins/@yarnpkg/plugin-typescript.cjs
-    spec: "@yarnpkg/plugin-typescript"
+    spec: '@yarnpkg/plugin-typescript'
   - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
-    spec: "@yarnpkg/plugin-interactive-tools"
+    spec: '@yarnpkg/plugin-interactive-tools'
   - path: .yarn/plugins/@yarnpkg/plugin-outdated.cjs
-    spec: "https://mskelton.dev/yarn-outdated/v2"
+    spec: 'https://mskelton.dev/yarn-outdated/v2'
 
 yarnPath: .yarn/releases/yarn-3.2.0.cjs

CHANGELOG.md

@@ -1,3 +1,198 @@
+<!-- 8.5.27 START -->
+
+# 8.5.27 (2023-06-22)
+
+### Bug fixes
+
+- **Auth:** Fixed CVE-2023-3128. [#70576](https://github.com/grafana/grafana/issues/70576), [@zerok](https://github.com/zerok)
+
+<!-- 8.5.27 END -->
+<!-- 8.5.26 START -->
+
+# 8.5.26 (2023-05-22)
+
+### Bugfixes
+
+- **Alerting:** Require alert.notifications:write permissions to test receivers and templates
+
+<!-- 8.5.26 END -->
+<!-- 8.5.22 START -->
+
+# 8.5.22 (2023-03-22)
+
+<!-- 8.5.22 END -->
+
+<!-- 8.5.21 START -->
+
+# 8.5.21 (2023-02-28)
+
+<!-- 8.5.21 END -->
+
+<!-- 8.5.20 START -->
+
+# 8.5.20 (2023-01-25)
+
+### Features and enhancements
+
+- **Chore:** Upgrade Go to 1.19.4 [v8.5.x]. [#60824](https://github.com/grafana/grafana/pull/60824), [@sakjur](https://github.com/sakjur)
+
+<!-- 8.5.20 END -->
+
+<!-- 8.5.15 START -->
+
+# 8.5.15 (2022-11-08)
+
+### Features and enhancements
+
+- **Chore:** Upgrade Go to 1.19.2. [#56857](https://github.com/grafana/grafana/pull/56857), [@sakjur](https://github.com/sakjur)
+
+<!-- 8.5.15 END -->
+
+<!-- 8.5.14 START -->
+
+# 8.5.14 (2022-10-11)
+
+### Features and enhancements
+
+- **Access Control:** Allow org admins to invite new users. [#55585](https://github.com/grafana/grafana/pull/55585), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+<!-- 8.5.14 END -->
+
+<!-- 8.5.13 START -->
+
+# 8.5.13 (2022-09-20)
+
+### Features and enhancements
+
+- **Plugins:** Expose @emotion/react to plugins to prevent load failures. [#55297](https://github.com/grafana/grafana/pull/55297), [@jackw](https://github.com/jackw)
+
+### Bug fixes
+
+- **AuthNZ:** Security fixes for CVE-2022-35957 and CVE-2022-36062. [#55495](https://github.com/grafana/grafana/pull/55495), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+<!-- 8.5.13 END -->
+
+<!-- 8.5.11 START -->
+
+# 8.5.11 (2022-08-30)
+
+### Features and enhancements
+
+- **Rendering:** Add support for renderer token (#54425). [#54438](https://github.com/grafana/grafana/pull/54438), [@joanlopez](https://github.com/joanlopez)
+- **Alerting:** AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled. [#53681](https://github.com/grafana/grafana/pull/53681), [@yuri-tceretian](https://github.com/yuri-tceretian)
+
+<!-- 8.5.11 END -->
+
+<!-- 8.5.10 START -->
+
+# 8.5.10 (2022-08-08)
+
+### Bug fixes
+
+- **RBAC:** Fix Anonymous Editors missing dashboard controls. [#52649](https://github.com/grafana/grafana/pull/52649), [@gamab](https://github.com/gamab)
+
+<!-- 8.5.10 END -->
+
+<!-- 8.5.9 START -->
+
+# 8.5.9 (2022-07-14)
+
+### Bug fixes
+
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52238](https://github.com/grafana/grafana/pull/52238), [@xlson](https://github.com/xlson)
+
+<!-- 8.5.9 END -->
+
+<!-- 8.5.6 START -->
+
+# 8.5.6 (2022-06-14)
+
+### Bug fixes
+
+- **Dashboard:** Fixes random scrolling on time range change. [#50379](https://github.com/grafana/grafana/pull/50379), [@torkelo](https://github.com/torkelo)
+- **Security:** Fixes minor code scanning security warnings in old vendored javascript libs. [#50382](https://github.com/grafana/grafana/pull/50382), [@torkelo](https://github.com/torkelo)
+
+<!-- 8.5.6 END -->
+
+<!-- 8.5.5 START -->
+
+# 8.5.5 (2022-06-06)
+
+### Features and enhancements
+
+- **Azure Monitor:** Include datasource ref when interpolating variables. [#49543](https://github.com/grafana/grafana/pull/49543), [@kevinwcyu](https://github.com/kevinwcyu)
+- **CloudWatch:** Add multi-value template variable support for log group names in logs query builder. [#49737](https://github.com/grafana/grafana/pull/49737), [@kevinwcyu](https://github.com/kevinwcyu)
+- **Cloudwatch:** Add template variable query function for listing log groups. [#50100](https://github.com/grafana/grafana/pull/50100), [@yaelleC](https://github.com/yaelleC)
+
+### Bug fixes
+
+- **Alerting:** Do not overwrite existing alert rule condition. [#49920](https://github.com/grafana/grafana/pull/49920), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Remove double quotes from matchers. [#50044](https://github.com/grafana/grafana/pull/50044), [@alexweav](https://github.com/alexweav)
+
+<!-- 8.5.5 END -->
+
+<!-- 8.5.4 START -->
+
+# 8.5.4 (2022-05-30)
+
+### Features and enhancements
+
+- **Alerting:** Remove disabled flag for data source when migrating alerts. [#48559](https://github.com/grafana/grafana/pull/48559), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Show notification tab of legacy alerting only to editor. [#49624](https://github.com/grafana/grafana/pull/49624), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Update migration to migrate only alerts that belong to existing org\dashboard. [#49192](https://github.com/grafana/grafana/pull/49192), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **AzureMonitor:** Do not quote variables when a custom "All" variable option is used. [#49428](https://github.com/grafana/grafana/pull/49428), [@andresmgot](https://github.com/andresmgot)
+- **AzureMonitor:** Update allowed namespaces. [#48468](https://github.com/grafana/grafana/pull/48468), [@jcolladokuri](https://github.com/jcolladokuri)
+- **CloudMonitor:** Correctly encode default project response. [#49510](https://github.com/grafana/grafana/pull/49510), [@aangelisc](https://github.com/aangelisc)
+- **Cloudwatch:** Add support for new AWS/RDS EBS\* metrics. [#48798](https://github.com/grafana/grafana/pull/48798), [@szymonpk](https://github.com/szymonpk)
+- **InfluxDB:** Use backend for influxDB by default via feature toggle. [#48453](https://github.com/grafana/grafana/pull/48453), [@yesoreyeram](https://github.com/yesoreyeram)
+- **Legend:** Use correct unit for percent and count calculations. [#49004](https://github.com/grafana/grafana/pull/49004), [@dprokop](https://github.com/dprokop)
+- **LokI:** use millisecond steps in Grafana 8.5.x. [#48630](https://github.com/grafana/grafana/pull/48630), [@gabor](https://github.com/gabor)
+- **Plugins:** Introduce HTTP 207 Multi Status response to api/ds/query. [#48550](https://github.com/grafana/grafana/pull/48550), [@wbrowne](https://github.com/wbrowne)
+- **Reporting:** Improve PDF file size using grid layout. (Enterprise)
+- **Transformations:** Add an All Unique Values Reducer. [#48653](https://github.com/grafana/grafana/pull/48653), [@josiahg](https://github.com/josiahg)
+- **Transformers:** avoid error when the ExtractFields source field is missing. [#49368](https://github.com/grafana/grafana/pull/49368), [@wardbekker](https://github.com/wardbekker)
+- **[v8.5.x] Alerting:** Update migration to migrate only alerts that belong to existing org\dashboard. [#49199](https://github.com/grafana/grafana/pull/49199), [@grafanabot](https://github.com/grafanabot)
+- **[v8.5.x] Reporting:** Improve PDF file size using grid layout. (Enterprise)
+
+### Bug fixes
+
+- **Alerting:** Allow disabling override timings for notification policies. [#48648](https://github.com/grafana/grafana/pull/48648), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Allow serving images from custom url path. [#49022](https://github.com/grafana/grafana/pull/49022), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Apply Custom Headers to datasource queries. [#47860](https://github.com/grafana/grafana/pull/47860), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Fix RBAC actions for notification policies. [#49185](https://github.com/grafana/grafana/pull/49185), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Fix access to alerts for viewer with editor permissions when RBAC is disabled. [#49270](https://github.com/grafana/grafana/pull/49270), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Fix anonymous access to alerting. [#49203](https://github.com/grafana/grafana/pull/49203), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** correctly show all alerts in a folder. [#48684](https://github.com/grafana/grafana/pull/48684), [@gillesdemey](https://github.com/gillesdemey)
+- **AzureMonitor:** Fixes metric definition for Azure Storage queue/file/blob/table resources. [#49101](https://github.com/grafana/grafana/pull/49101), [@aangelisc](https://github.com/aangelisc)
+- **Dashboard:** Fix dashboard update permission check. [#48746](https://github.com/grafana/grafana/pull/48746), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **DashboardExport:** Fix exporting and importing dashboards where query data source ended up as incorrect. [#48410](https://github.com/grafana/grafana/pull/48410), [@torkelo](https://github.com/torkelo)
+- **FileUpload:** clicking the `Upload file` button now opens the modal correctly. [#48766](https://github.com/grafana/grafana/pull/48766), [@ashharrison90](https://github.com/ashharrison90)
+- **GrafanaUI:** Fix color of links in error Tooltips in light theme. [#49327](https://github.com/grafana/grafana/pull/49327), [@joshhunt](https://github.com/joshhunt)
+- **LibraryPanels:** Fix library panels not connecting properly in imported dashboards. [#49161](https://github.com/grafana/grafana/pull/49161), [@joshhunt](https://github.com/joshhunt)
+- **Loki:** Improve unpack parser handling. [#49074](https://github.com/grafana/grafana/pull/49074), [@gabor](https://github.com/gabor)
+- **RolePicker:** Fix menu position on smaller screens. [#48429](https://github.com/grafana/grafana/pull/48429), [@Clarity-89](https://github.com/Clarity-89)
+- **TimeRange:** Fixes updating time range from url and browser history. [#48657](https://github.com/grafana/grafana/pull/48657), [@torkelo](https://github.com/torkelo)
+- **TimeSeries:** Fix detection & rendering of sparse datapoints. [#48841](https://github.com/grafana/grafana/pull/48841), [@leeoniya](https://github.com/leeoniya)
+- **Timeseries:** Fix outside range stale state. [#49633](https://github.com/grafana/grafana/pull/49633), [@ryantxu](https://github.com/ryantxu)
+- **Tooltip:** Fix links not legible in Tooltips when using light theme. [#48748](https://github.com/grafana/grafana/pull/48748), [@joshhunt](https://github.com/joshhunt)
+- **Tooltip:** Sort decimals using standard numeric compare. [#49084](https://github.com/grafana/grafana/pull/49084), [@dprokop](https://github.com/dprokop)
+- **Transforms:** Labels to fields, fix label picker layout. [#49304](https://github.com/grafana/grafana/pull/49304), [@torkelo](https://github.com/torkelo)
+- **Variables:** Fixes issue with data source variables not updating queries with variable. [#49478](https://github.com/grafana/grafana/pull/49478), [@torkelo](https://github.com/torkelo)
+- **[v8.5.x] Alerting:** Fix RBAC actions for notification policies (#49185). [#49348](https://github.com/grafana/grafana/pull/49348), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **[v8.5.x] Alerting:** Fix access to alerts for viewer with editor permissions when RBAC is disabled. [#49427](https://github.com/grafana/grafana/pull/49427), [@konrad147](https://github.com/konrad147)
+- **[v8.5.x] Alerting:** Fix anonymous access to alerting. [#49268](https://github.com/grafana/grafana/pull/49268), [@yuri-tceretian](https://github.com/yuri-tceretian)
+
+### Breaking changes
+
+For a data source query made via /api/ds/query :
+
+- If the `DatasourceQueryMultiStatus` feature is enabled and
+  - The data source response has an error set as part of the `DataResponse`, the resulting HTTP status code is now `207 Multi Status` instead of `400 Bad gateway`
+- If the `DatasourceQueryMultiStatus` feature is **not** enabled and
+  - The data source response has an error set as part of the `DataResponse`, the resulting HTTP status code is `400 Bad Request` (no breaking change)
+    --> Issue [#48550](https://github.com/grafana/grafana/issues/48550)
+
+<!-- 8.5.4 END -->
 <!-- 8.5.3 START -->
 
 # 8.5.3
@@ -147,6 +342,26 @@ When user is using Github OAuth, GitHub login is showed as both Grafana login an
 
 The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards. Issue [#45132](https://github.com/grafana/grafana/issues/45132)
 
+<!-- 8.4.11 START -->
+
+# 8.4.11 (2022-08-30)
+
+### Features and enhancements
+
+- **Rendering:** Add support for renderer token (#54425). [#54437](https://github.com/grafana/grafana/pull/54437), [@joanlopez](https://github.com/joanlopez)
+
+<!-- 8.4.11 END -->
+
+<!-- 8.4.10 START -->
+
+# 8.4.10 (2022-07-14)
+
+### Bug fixes
+
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52218](https://github.com/grafana/grafana/pull/52218), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+<!-- 8.4.10 END -->
+
 <!-- 8.4.7 START -->
 
 # 8.4.7 (2022-04-19)
@@ -334,6 +549,16 @@ AngularJS plugin support is now in a deprecated state, meaning it will be remove
 - **News:** Reload feed when changing the time range or refreshing. [#42217](https://github.com/grafana/grafana/pull/42217), [@ashharrison90](https://github.com/ashharrison90)
 - **UI/Plot:** Implement keyboard controls for plot cursor. [#42244](https://github.com/grafana/grafana/pull/42244), [@kaydelaney](https://github.com/kaydelaney)
 
+<!-- 8.3.11 START -->
+
+# 8.3.11 (2022-08-30)
+
+### Features and enhancements
+
+- **Rendering:** Add support for renderer token (#54425). [#54436](https://github.com/grafana/grafana/pull/54436), [@joanlopez](https://github.com/joanlopez)
+
+<!-- 8.3.11 END -->
+
 <!-- 8.3.7 START -->
 
 # 8.3.7 (2022-03-01)
@@ -568,7 +793,7 @@ The access mode "browser" is deprecated in the following data sources and will b
 
 ### Features and enhancements
 
-- **AccessControl:** Apply fine-grained access control to licensing. (Enterprise)
+- **AccessControl:** Apply role-based access control to licensing. (Enterprise)
 - **Alerting:** Add UI for contact point testing with custom annotations and labels. [#40491](https://github.com/grafana/grafana/pull/40491), [@nathanrodman](https://github.com/nathanrodman)
 - **Alerting:** Make alert state indicator in panel header work with Grafana 8 alerts. [#38713](https://github.com/grafana/grafana/pull/38713), [@domasx2](https://github.com/domasx2)
 - **Alerting:** Option for Discord notifier to use webhook name. [#40463](https://github.com/grafana/grafana/pull/40463), [@Skyebold](https://github.com/Skyebold)

Dockerfile

@@ -20,7 +20,7 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.9-alpine3.15 as go-builder
+FROM golang:1.19.9-alpine3.17 as go-builder
 
 RUN apk add --no-cache gcc g++ make
 
@@ -40,7 +40,7 @@ RUN go mod verify
 RUN make build-go
 
 # Final stage
-FROM alpine:3.15
+FROM alpine:3.17
 
 LABEL maintainer="Grafana team <hello@grafana.com>"
 

Dockerfile.ubuntu

@@ -21,7 +21,7 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.9 AS go-builder
+FROM golang:1.19.8 AS go-builder
 
 WORKDIR /src/grafana
 

conf/defaults.ini

@@ -305,7 +305,7 @@ content_security_policy = false
 # $ROOT_PATH is server.root_url without the protocol.
 content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
 
-# Controls if old angular plugins are supported or not. This will be disabled by default in Grafana v9.
+# Controls if old angular plugins are supported or not. This will be disabled by default in future release
 angular_support_enabled = true
 
 [security.encryption]
@@ -437,6 +437,9 @@ sigv4_auth_enabled = false
 # Set to true to enable verbose logging of SigV4 request signing
 sigv4_verbose_logging = false
 
+# Use email lookup in addition to the unique ID provided by the IdP
+oauth_allow_insecure_email_lookup = false
+
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
@@ -1020,6 +1023,8 @@ container_name =
 server_url =
 # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
 callback_url =
+# An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side.
+renderer_token = -
 # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
 # which this setting can help protect against by only allowing a certain amount of concurrent requests.
 concurrent_render_request_limit = 30

conf/sample.ini

@@ -305,7 +305,7 @@
 # $ROOT_PATH is server.root_url without the protocol.
 ;content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
 
-# Controls if old angular plugins are supported or not. This will be disabled by default in Grafana v9.
+# Controls if old angular plugins are supported or not. This will be disabled by default in future release
 ;angular_support_enabled = true
 
 [security.encryption]
@@ -431,6 +431,9 @@
 # Set to true to enable verbose logging of SigV4 request signing
 ;sigv4_verbose_logging = false
 
+# Use email lookup in addition to the unique ID provided by the IdP
+;oauth_allow_insecure_email_lookup = false
+
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
@@ -999,6 +1002,8 @@
 ;server_url =
 # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
 ;callback_url =
+# An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side.
+;renderer_token = -
 # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
 # which this setting can help protect against by only allowing a certain amount of concurrent requests.
 ;concurrent_render_request_limit = 30

contribute/merge-pull-request.md

@@ -13,7 +13,6 @@ The following checklist/summary should give you a quick overview of what to ask/
 - Reviewed and approved?
 - All checks passed?
 - Proper pull request title?
-- Milestone assigned?
 - Add to changelog/release notes?
 - Needs backporting?
 
@@ -35,10 +34,18 @@ See [formatting guidelines](create-pull-request.md#formatting-guidelines) for mo
 
 ### Assign a milestone
 
-A milestone **should** be added to every pull request. Several things in the Grafana release process requires at least pull requests to be in a milestone, for example [generating changelog/release notes](#include-in-changelog-and-release-notes).
+Several things in the Grafana release process requires at least pull requests to be in a milestone, for example [generating changelog/release notes](#include-in-changelog-and-release-notes).
 
 This makes it easier to track what changes go into a certain release. Without this information, release managers have to go through git commits which is not an efficient process.
 
+That being said, _you don't have to assign a milestone manually_ to a pull request.
+Instead, when it is merged & closed then a bot will look for the most appropriate miletone and assign it to the pull request.
+
+That milestone should always reflect the branch that the pull request is merged into.
+For every major and minor release there is a milestone ending with `.x` (e.g. `10.0.x` for the 10.0.x releases).
+Pull requests targetting `main` should use the `.x` milestone of the next minor (or major) version (you can find that version number inside the `package.json` file).
+Backport pull requestss should use the version of the target branch (e.g. `9.4.x` for the `v9.4.x` branch).
+
 ### Include in changelog and release notes?
 
 At Grafana we generate the [changelog](https://github.com/grafana/grafana/blob/main/CHANGELOG.md) and [release notes](https://grafana.com/docs/grafana/latest/release-notes/) based on merged pull requests. Including changes in the changelog/release notes is very important to provide a somewhat complete picture of what changes a Grafana release actually includes.
@@ -53,15 +60,15 @@ The changelog/release notes are divided into sections and here's a description o
 
 **Features and enhancements:**
 
-Milestone assigned and labeled with `add to changelog` and any of the other section rules don't apply.
+Labeled with `add to changelog` and any of the other section rules don't apply.
 
 **Bug fixes:**
 
-Milestone assigned and labeled with `add to changelog` and either labeled with `type/bug` or the pull request title contains `fix` or `fixes`.
+Labeled with `add to changelog` and either labeled with `type/bug` or the pull request title contains `fix` or `fixes`.
 
 **Plugin development fixes & changes:**
 
-Milestone assigned and labeled with `area/grafana/toolkit`, `area/grafana/ui` or `area/grafana/runtime`.
+Labeled with `area/grafana/toolkit`, `area/grafana/ui` or `area/grafana/runtime`.
 
 **Deprecations:**
 

devenv/dev-dashboards/panel-graph/graph-ng-stacking2.json

@@ -3409,6 +3409,90 @@
       ],
       "title": "'undefined' join artifacts (lines)",
       "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "testdata",
+        "uid": "PD8C576611E62080A"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "axisSoftMin": 0,
+            "fillOpacity": 80,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineWidth": 1,
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 0,
+        "y": 65
+      },
+      "id": 39,
+      "options": {
+        "barRadius": 0,
+        "barWidth": 0.97,
+        "groupWidth": 0.7,
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom"
+        },
+        "orientation": "auto",
+        "showValue": "auto",
+        "stacking": "percent",
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        },
+        "xTickLabelRotation": 0,
+        "xTickLabelSpacing": 0
+      },
+      "pluginVersion": "9.1.0-pre",
+      "targets": [
+        {
+          "csvContent": "name, number, number2, number3, number4\nName1, 40, 5, 20, 10\nName2, 0,0,0,0\nName3, 6, 3, 5, 1\nName4, 1, 1, 1, 2",
+          "datasource": {
+            "type": "testdata",
+            "uid": "PD8C576611E62080A"
+          },
+          "refId": "A",
+          "scenarioId": "csv_content"
+        }
+      ],
+      "title": "Bar chart stack with 0 only series",
+      "type": "barchart"
     }
   ],
   "refresh": false,

devenv/docker/blocks/alert_webhook_listener/main.go

@@ -3,7 +3,7 @@ package main
 import (
 	"fmt"
 	"io"
-	"io/ioutil"
+	"io/ioutil"  //nolint:staticcheck // No need to change in v8.
 	"log"
 	"net/http"
 	"strings"
@@ -25,5 +25,6 @@ func hello(w http.ResponseWriter, r *http.Request) {
 
 func main() {
 	http.HandleFunc("/", hello)
+	//nolint:gosec
 	log.Fatal(http.ListenAndServe(":3010", nil))
 }

devenv/docker/blocks/slow_proxy/main.go

@@ -47,5 +47,6 @@ func main() {
 		proxy.ServeHTTP(w, r)
 	})
 
+	//nolint:gosec
 	log.Fatal(http.ListenAndServe(":3011", nil))
 }

docs/Makefile

@@ -1,27 +1,28 @@
 .PHONY: pull docs docs-quick docs-no-pull docs-test docs-local-static
 
-IMAGE = grafana/grafana-docs-dev:latest
-CONTENT_PATH = /hugo/content/docs/grafana/next
+PODMAN = $(shell if command -v podman >/dev/null 2>&1; then echo podman; else echo docker; fi)
+IMAGE = grafana/docs-base:latest
+CONTENT_PATH = /hugo/content/docs/grafana/latest
 LOCAL_STATIC_PATH = ../../website/static
 PORT = 3002:3002
 
 pull:
-	docker pull $(IMAGE)
+	$(PODMAN) pull $(IMAGE)
 
 docs: pull
-	docker run -v $(shell pwd)/sources:$(CONTENT_PATH):Z -p $(PORT) --rm -it $(IMAGE) /bin/bash -c "make server"
+	$(PODMAN) run --init -v $(shell pwd)/sources:$(CONTENT_PATH):Z -p $(PORT) --rm -it $(IMAGE) make server
 
-docs-quick: pull
-	docker run -v $(shell pwd)/sources:$(CONTENT_PATH):Z -p $(PORT) --rm -it $(IMAGE) /bin/bash -c "ln -s /frontend-docs/packages_api /hugo/content/docs/grafana/next/packages_api && make server-quick"
+docs-preview: pull
+	$(PODMAN) run --init -v $(shell pwd)/sources:$(CONTENT_PATH):Z -p $(PORT) --rm -it $(IMAGE) make server BUILD_DRAFTS=true
 
 docs-no-pull:
-	docker run -v $(shell pwd)/sources:$(CONTENT_PATH):Z -p $(PORT) --rm -it $(IMAGE) /bin/bash -c "make server"
+	$(PODMAN) run --init -v $(shell pwd)/sources:$(CONTENT_PATH):Z -p $(PORT) --rm -it $(IMAGE) make server
 
 docs-test: pull
-	docker run -v $(shell pwd)/sources:$(CONTENT_PATH):Z --rm -it $(IMAGE) /bin/bash -c 'make prod'
+	$(PODMAN) run --init -v $(shell pwd)/sources:$(CONTENT_PATH):Z --rm -it $(IMAGE) make prod
 
 # expects that you have grafana/website checked out in same path as the grafana repo.
 docs-local-static: pull
 	if [ ! -d "$(LOCAL_STATIC_PATH)" ]; then echo "local path (website project) $(LOCAL_STATIC_PATH) not found"]; exit 1; fi
-	docker run -v $(shell pwd)/sources:$(CONTENT_PATH):Z \
+	$(PODMAN) run --init -v $(shell pwd)/sources:$(CONTENT_PATH):Z \
 		-v $(shell pwd)/$(LOCAL_STATIC_PATH):/hugo/static:Z -p $(PORT) --rm -it $(IMAGE)

docs/sources/_index.md

@@ -1,8 +1,8 @@
 ---
 aliases:
-  - /docs/grafana/v1.1
-  - /docs/grafana/latest/guides/reference/admin
-  - /docs/grafana/v3.1
+  - /docs/grafana/v1.1/
+  - /docs/grafana/v3.1/
+  - guides/reference/admin/
 description: Guides, Installation and Feature Documentation
 keywords:
   - grafana

docs/sources/administration/configuration.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/installation/configuration/
+  - ../installation/configuration/
 description: Configuration documentation
 keywords:
   - grafana
@@ -606,7 +606,7 @@ Set Content Security Policy template used when adding the Content-Security-Polic
 
 ### angular_support_enabled
 
-This currently defaults to `true` but will in Grafana v9 default to `false`. When set to false the angular framework and support components will not be loaded. This means that
+This currently defaults to `true` but will default to `false` in a future release. When set to false the angular framework and support components will not be loaded. This means that
 all plugins and core features that depend on angular support will stop working.
 
 Current core features that will stop working:

docs/sources/administration/configure-docker.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/installation/configure-docker/
+  - ../installation/configure-docker/
 description: Guide for configuring the Grafana Docker image
 keywords:
   - grafana

docs/sources/administration/database-encryption.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - ''
 description: Grafana database encryption
 keywords:
   - grafana

docs/sources/administration/manage-organizations/_index.md

@@ -1,7 +1,7 @@
 ---
 aliases:
-  - /docs/grafana/latest/manage-users/server-admin/
-  - /docs/grafana/latest/manage-users/server-admin/server-admin-manage-orgs/
+  - ../manage-users/server-admin/
+  - ../manage-users/server-admin/server-admin-manage-orgs/
 description: Describes how to use organizations to isolate dashboard to users and
   teams.
 keywords:

docs/sources/administration/manage-user-preferences/_index.md

@@ -1,7 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/administration/change-your-password/
-  - /docs/grafana/latest/administration/manage-user-preferences/
+  - change-your-password/
 description: Learn how to update your user preferences and switch organizations
 keywords:
   - password

docs/sources/administration/manage-users-and-permissions/_index.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/
 title: Manage users and permissions
 weight: 200
 ---

docs/sources/administration/manage-users-and-permissions/about-users-and-permissions.md

@@ -1,10 +1,9 @@
 ---
 aliases:
-  - /docs/grafana/latest/manage-users/
-  - /docs/grafana/latest/administration/manage-users-and-permissions/about-users-and-permissions/
-  - /docs/grafana/latest/permissions/overview/
-  - /docs/grafana/latest/permissions/
-  - /docs/grafana/latest/permissions/organization_roles/
+  - ../../manage-users/
+  - ../../permissions/
+  - ../../permissions/organization_roles/
+  - ../../permissions/overview/
 title: About users and permissions
 weight: 100
 ---

docs/sources/administration/manage-users-and-permissions/manage-dashboard-permissions/_index.md

@@ -1,7 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/permissions/dashboard_folder_permissions/
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-dashboard-permissions/
+  - ../../permissions/dashboard_folder_permissions/
 title: Manage dashboard permissions
 weight: 500
 ---

docs/sources/administration/manage-users-and-permissions/manage-org-users/_index.md

@@ -1,7 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/manage-users/org-admin/
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/
+  - ../../manage-users/org-admin/
 title: Manage users in an organization
 weight: 400
 ---

docs/sources/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions/
 title: Change a user's organization permissions
 weight: 30
 ---

docs/sources/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org/
 title: Invite a user to join an organization
 weight: 10
 ---

docs/sources/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites/
 title: Manage a pending invitation
 weight: 20
 ---

docs/sources/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org/
 title: Remove a user from an organization
 weight: 40
 ---

docs/sources/administration/manage-users-and-permissions/manage-org-users/view-list-org-users.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/view-list-org-users/
 title: View a list of organization users
 weight: 50
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/_index.md

@@ -1,8 +1,7 @@
 ---
 aliases:
-  - /docs/grafana/latest/manage-users/server-admin/
-  - /docs/grafana/latest/manage-users/server-admin/server-admin-manage-users/
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/
+  - ../../manage-users/server-admin/
+  - ../../manage-users/server-admin/server-admin-manage-users/
 title: Manage users globally
 weight: 300
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/add-remove-user-to-org.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user-to-org/
+  - add-user-to-org/
 title: Add or remove a user from an organization
 weight: 30
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/add-user.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user/
 title: Add a user
 weight: 10
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/assign-remove-server-admin-privileges.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/assign-remove-server-admin-privileges/
 title: Assign or remove Grafana server administrator privileges
 weight: 20
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/change-user-org-permissions.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/change-user-org-permissions/
 title: Change a user's organization permissions
 weight: 50
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/force-user-logout.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/force-user-logout/
 title: Force a user to logout from Grafana
 weight: 90
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/grant-editor-admin-permissions.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/grant-editor-admin-permissions/
 title: Grant editors administrator permissions
 weight: 60
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/view-edit-user-account.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-user-account-details/
+  - view-user-account-details/
 title: View and edit a user account
 weight: 110
 ---

docs/sources/administration/manage-users-and-permissions/manage-server-users/view-list-users.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-list-users/
 title: View a list of users
 weight: 100
 ---

docs/sources/administration/manage-users-and-permissions/manage-teams/_index.md

@@ -1,9 +1,8 @@
 ---
 aliases:
-  - /docs/grafana/latest/manage-users/add-or-remove-user-from-team/
-  - /docs/grafana/latest/manage-users/create-or-remove-team/
-  - /docs/grafana/latest/manage-users/manage-teams/
-  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-teams/
+  - ../../manage-users/add-or-remove-user-from-team/
+  - ../../manage-users/create-or-remove-team/
+  - ../../manage-users/manage-teams/
 title: Manage teams
 weight: 600
 ---

docs/sources/administration/preferences/_index.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/administration/preferences/
 title: Preferences
 weight: 50
 ---

docs/sources/administration/preferences/change-grafana-name.md

@@ -12,7 +12,7 @@ weight: 100
 
 In Grafana, you can change your names and emails associated with groups or accounts in the Settings or Preferences. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+{{< docs/shared lookup="preferences/some-tasks-require-permissions.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Change organization name
 
@@ -23,7 +23,7 @@ Grafana server administrators and organization administrators can change organiz
 Follow these instructions if you are a Grafana Server Admin.
 
 {{< docs/list >}}
-{{< docs/shared "manage-users/view-server-org-list.md" >}}
+{{< docs/shared lookup="manage-users/view-server-org-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 1. In the organization list, click the name of the organization that you want to change.
 1. In **Name**, enter the new organization name.
@@ -35,7 +35,7 @@ Follow these instructions if you are a Grafana Server Admin.
 If you are an Organization Admin, follow these steps:
 
 {{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
+{{< docs/shared lookup="preferences/org-preferences-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 1. In **Organization name**, enter the new name.
 1. Click **Update organization name**.

docs/sources/administration/preferences/change-grafana-theme.md

@@ -13,7 +13,7 @@ weight: 200
 
 In Grafana, you can modify the UI theme configured in the Settings or Preferences. Set the UI theme for the server, an organization, a team, or your personal user account using the instructions in this topic.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+{{< docs/shared lookup="preferences/some-tasks-require-permissions.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Theme options
 
@@ -46,8 +46,8 @@ To see what the current settings are, refer to [View server settings]({{< relref
 Organization administrators can change the UI theme for all users in an organization.
 
 {{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
+{{< docs/shared lookup="preferences/org-preferences-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/select-ui-theme-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 {{< /docs/list >}}
 
 ## Change team UI theme
@@ -55,10 +55,10 @@ Organization administrators can change the UI theme for all users in an organiza
 Organization and team administrators can change the UI theme for all users in a team.
 
 {{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
+{{< docs/shared lookup="manage-users/view-team-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 1. Click on the team that you want to change the UI theme for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-ui-theme-list.md" >}}
+   {{< docs/shared lookup="preferences/select-ui-theme-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
    {{< /docs/list >}}
 
 ## Change your personal UI theme
@@ -66,6 +66,6 @@ Organization and team administrators can change the UI theme for all users in a
 You can change the UI theme for your user account. This setting overrides UI theme settings at higher levels.
 
 {{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
+{{< docs/shared lookup="preferences/navigate-user-preferences-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/select-ui-theme-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 {{< /docs/list >}}

docs/sources/administration/preferences/change-grafana-timezone.md

@@ -13,7 +13,7 @@ weight: 400
 
 By default, Grafana uses the timezone in your web browser. However, you can override this setting at the server, organization, team, or individual user level. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+{{< docs/shared lookup="preferences/some-tasks-require-permissions.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Set server timezone
 
@@ -24,8 +24,8 @@ Grafana server administrators can choose a default timezone for all users on the
 Organization administrators can choose a default timezone for their organization.
 
 {{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
+{{< docs/shared lookup="preferences/org-preferences-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/select-timezone-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 {{< /docs/list >}}
 
 ## Set team timezone
@@ -33,10 +33,10 @@ Organization administrators can choose a default timezone for their organization
 Organization administrators and team administrators can choose a default timezone for all users in a team.
 
 {{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
+{{< docs/shared lookup="manage-users/view-team-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 1. Click on the team you that you want to change the timezone for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-timezone-list.md" >}}
+   {{< docs/shared lookup="preferences/select-timezone-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
    {{< /docs/list >}}
 
 ## Set your personal timezone
@@ -44,6 +44,6 @@ Organization administrators and team administrators can choose a default timezon
 You can change the timezone for your user account. This setting overrides timezone settings at higher levels.
 
 {{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
+{{< docs/shared lookup="preferences/navigate-user-preferences-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/select-timezone-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 {{< /docs/list >}}

docs/sources/administration/preferences/change-home-dashboard.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/administration/change-home-dashboard/
+  - ../change-home-dashboard/
 description: How to replace the default home dashboard
 keywords:
   - grafana
@@ -15,7 +15,7 @@ weight: 300
 
 The home dashboard you set is the one all users will see by default when they log in. You can set the home dashboard for the server, an organization, a team, or your personal user account. This topic provides instructions for each task.
 
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
+{{< docs/shared lookup="preferences/some-tasks-require-permissions.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 ## Navigate to the home dashboard
 
@@ -52,9 +52,9 @@ default_home_dashboard_path = data/main-dashboard.json
 Organization administrators can choose a home dashboard for their organization.
 
 {{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
+{{< docs/shared lookup="preferences/navigate-to-the-dashboard-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/org-preferences-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/select-home-dashboard-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 {{< /docs/list >}}
 
 ## Set home dashboard for your team
@@ -62,11 +62,11 @@ Organization administrators can choose a home dashboard for their organization.
 Organization administrators and Team Admins can choose a home dashboard for a team.
 
 {{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
+{{< docs/shared lookup="preferences/navigate-to-the-dashboard-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="manage-users/view-team-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
 1. Click on the team that you want to change the home dashboard for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-home-dashboard-list.md" >}}
+   {{< docs/shared lookup="preferences/select-home-dashboard-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
    {{< /docs/list >}}
 
 ## Set your personal home dashboard
@@ -74,7 +74,7 @@ Organization administrators and Team Admins can choose a home dashboard for a te
 You can choose your own personal home dashboard. This setting overrides all home dashboards set at higher levels.
 
 {{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
+{{< docs/shared lookup="preferences/navigate-to-the-dashboard-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/navigate-user-preferences-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
+{{< docs/shared lookup="preferences/select-home-dashboard-list.md" source="grafana" version="<GRAFANA VERSION>" >}}
 {{< /docs/list >}}

docs/sources/administration/provisioning.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/installation/provisioning
+  - ../installation/provisioning/
 description: ''
 keywords:
   - grafana
@@ -160,6 +160,7 @@ Since not all datasources have the same configuration settings we only have the
 | httpMethod                 | string  | Prometheus                                                       | HTTP Method. 'GET', 'POST', defaults to POST                                                                                                                                                                                                                                                                        |
 | customQueryParameters      | string  | Prometheus                                                       | Query parameters to add, as a URL-encoded string.                                                                                                                                                                                                                                                                   |
 | manageAlerts               | boolean | Prometheus and Loki                                              | Manage alerts via Alerting UI                                                                                                                                                                                                                                                                                       |
+| alertmanagerUid            | string  | Prometheus and Loki                                              | UID of Alert Manager that manages Alert for this data source.                                                                                                                                                                                                                                                       |
 | esVersion                  | string  | Elasticsearch                                                    | Elasticsearch version (E.g. `7.0.0`, `7.6.1`)                                                                                                                                                                                                                                                                       |
 | timeField                  | string  | Elasticsearch                                                    | Which field that should be used as timestamp                                                                                                                                                                                                                                                                        |
 | interval                   | string  | Elasticsearch                                                    | Index date time format. nil(No Pattern), 'Hourly', 'Daily', 'Weekly', 'Monthly' or 'Yearly'                                                                                                                                                                                                                         |

docs/sources/administration/security.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/installation/security/
+  - ../installation/security/
 description: Security Docs
 keywords:
   - grafana

docs/sources/administration/set-up-for-high-availability.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/tutorials/ha_setup/
+  - ../tutorials/ha_setup/
 keywords:
   - grafana
   - tutorials

docs/sources/administration/view-server/internal-metrics.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/admin/metrics/
+  - ../../admin/metrics/
 description: Internal metrics exposed by Grafana
 keywords:
   - grafana
@@ -99,7 +99,7 @@ These instructions assume you have already added Graphite as a data source in Gr
 
 ## Pull metrics from Grafana backend plugin into Prometheus
 
-Any installed [backend plugin]({{< relref "../../developers/plugins/backend/_index.md" >}}) exposes a metrics endpoint through Grafana that you can configure Prometheus to scrape.
+Any installed [backend plugin](https://grafana.com/developers/plugin-tools/introduction/backend-plugins) exposes a metrics endpoint through Grafana that you can configure Prometheus to scrape.
 
 These instructions assume you have already added Prometheus as a data source in Grafana.
 

docs/sources/administration/view-server/view-server-settings.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/admin/view-server-settings/
+  - ../../admin/view-server-settings/
 description: How to view server settings in the Grafana UI
 keywords:
   - grafana

docs/sources/administration/view-server/view-server-stats.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/admin/view-server-stats/
+  - ../../admin/view-server-stats/
 keywords:
   - grafana
   - server

docs/sources/alerting/old-alerting/_index.md

@@ -23,4 +23,4 @@ You can perform the following tasks for alerts:
 - [Test alert rules and troubleshoot]({{< relref "troubleshoot-alerts.md" >}})
 - [Add or edit an alert contact point]({{< relref "notifications.md" >}})
 
-{{< docs/shared "alerts/grafana-managed-alerts.md" >}}
+{{< docs/shared lookup="alerts/grafana-managed-alerts.md" source="grafana" version="<GRAFANA VERSION>" >}}

docs/sources/alerting/old-alerting/add-notification-template.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/add-notification-template/
+  - ../add-notification-template/
 keywords:
   - grafana
   - documentation

docs/sources/alerting/old-alerting/create-alerts.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/create-alerts/
+  - ../create-alerts/
 description: Configure alert rules
 keywords:
   - grafana

docs/sources/alerting/old-alerting/notifications.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/notifications/
+  - ../notifications/
 description: Alerting notifications guide
 keywords:
   - Grafana
@@ -70,7 +70,7 @@ These examples show how often and when reminders are sent for a triggered alert.
 | Prometheus Alertmanager                       | `prometheus-alertmanager` | yes, external only | yes                      |
 | [Pushover](#pushover)                         | `pushover`                | yes                | no                       |
 | Sensu                                         | `sensu`                   | yes, external only | no                       |
-| [Sensu Go](#sensu-go)                         | `sensugo`                 | yes, external only | no                       |
+| Sensu Go                                      | `sensugo`                 | yes, external only | no                       |
 | [Slack](#slack)                               | `slack`                   | yes                | no                       |
 | Telegram                                      | `telegram`                | yes                | no                       |
 | Threema                                       | `threema`                 | yes, external only | no                       |
@@ -264,7 +264,7 @@ Alertmanager handles alerts sent by client applications such as Prometheus serve
 
 ### Sensu Go
 
-Grafana alert notifications can be sent to [Sensu](<(https://sensu.io)>) Go as events via the API. This operation requires an API key. For information on creating this key, refer to [Sensu Go documentation](https://docs.sensu.io/sensu-go/latest/operations/control-access/use-apikeys/#api-key-authentication).
+Grafana alert notifications can be sent to Sensu Go as events via the API. This operation requires an API key. For information on creating this key, refer to [Sensu Go documentation](https://docs.sensu.io/sensu-go/latest/operations/control-access/use-apikeys/#api-key-authentication).
 
 ## Enable images in notifications {#external-image-store}
 

docs/sources/alerting/old-alerting/pause-an-alert-rule.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/pause-an-alert-rule/
+  - ../pause-an-alert-rule/
 description: Pause an existing alert rule
 keywords:
   - grafana

docs/sources/alerting/old-alerting/troubleshoot-alerts.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/troubleshoot-alerts/
+  - ../troubleshoot-alerts/
 description: Troubleshoot alert rules
 keywords:
   - grafana

docs/sources/alerting/old-alerting/view-alerts.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/view-alerts/
+  - ../view-alerts/
 description: View existing alert rules
 keywords:
   - grafana

docs/sources/alerting/unified-alerting/_index.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/metrics/
+  - metrics/
 title: Grafana alerts
 weight: 113
 ---
@@ -9,7 +9,7 @@ weight: 113
 
 Grafana 8.0 has new and improved alerting that centralizes alerting information in a single, searchable view. It is enabled by default for all new OSS instances, and is an [opt-in]({{< relref "./opt-in.md" >}}) feature for older installations that still use legacy dashboard alerting. We encourage you to create issues in the Grafana GitHub repository for bugs found while testing Grafana alerting. See also, [What's New with Grafana alerting]({{< relref "./difference-old-new.md" >}}).
 
-> Refer to [Fine-grained access control]({{< relref "../enterprise/access-control/_index.md" >}}) in Grafana Enterprise to learn more about controlling access to alerts using fine-grained permissions.
+> Refer to [Fine-grained access control]({{< relref "../../enterprise/access-control" >}}) in Grafana Enterprise to learn more about controlling access to alerts using fine-grained permissions.
 
 When Grafana alerting is enabled, you can:
 

docs/sources/alerting/unified-alerting/alerting-rules/_index.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/rules/
+  - ../rules/
 title: Create and manage rules
 weight: 130
 ---

docs/sources/alerting/unified-alerting/alerting-rules/create-mimir-loki-managed-rule.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/unified-alerting/alerting-rules/create-cortex-loki-managed-recording-rule/
+  - create-cortex-loki-managed-recording-rule/
 description: Create Grafana Mimir or Loki managed alerting rule
 keywords:
   - grafana

docs/sources/alerting/unified-alerting/fundamentals/_index.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/metrics/
+  - ../metrics/
 title: Alerting fundamentals
 weight: 120
 ---

docs/sources/alerting/unified-alerting/fundamentals/alertmanager.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/metrics/
+  - ../../metrics/
 title: Alertmanager
 weight: 116
 ---

docs/sources/alerting/unified-alerting/fundamentals/evaluate-grafana-alerts.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/metrics/
+  - ../../metrics/
 title: Alerting on numeric data
 weight: 116
 ---
@@ -18,7 +18,7 @@ Grafana managed alerts query the following backend data sources that have alerti
 
 - built-in data sources or those developed and maintained by Grafana: `Graphite`, `Prometheus`, `Loki`, `InfluxDB`, `Elasticsearch`,
   `Google Cloud Monitoring`, `Cloudwatch`, `Azure Monitor`, `MySQL`, `PostgreSQL`, `MSSQL`, `OpenTSDB`, `Oracle`, and `Azure Monitor`
-- community developed backend data sources with alerting enabled (`backend` and `alerting` properties are set in the [plugin.json]({{< relref "../../../developers/plugins/metadata.md" >}}))
+- community developed backend data sources with alerting enabled (`backend` and `alerting` properties are set in the [plugin.json](https://grafana.com/developers/plugin-tools/reference-plugin-json))
 
 ### Metrics from the alerting engine
 

docs/sources/alerting/unified-alerting/message-templating/_index.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/alerting/message-templating/
+  - ../message-templating/
 description: Message templating
 keywords:
   - grafana

docs/sources/auth/auth-proxy.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/tutorials/authproxy/
+  - ../tutorials/authproxy/
 description: 'Grafana Auth Proxy Guide '
 keywords:
   - grafana

docs/sources/auth/google.md

@@ -55,3 +55,6 @@ You may allow users to sign-up via Google authentication by setting the
 `allow_sign_up` option to `true`. When this option is set to `true`, any
 user successfully authenticating via Google authentication will be
 automatically signed up.
+
+You may specify a domain to be passed as `hd` query parameter accepted by Google's
+OAuth 2.0 authentication API. Refer to Google's OAuth [documentation](https://developers.google.com/identity/openid-connect/openid-connect#hd-param).

docs/sources/auth/ldap.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/installation/ldap/
+  - ../installation/ldap/
 description: 'Grafana LDAP Authentication Guide '
 keywords:
   - grafana

docs/sources/auth/overview.md

@@ -68,6 +68,9 @@ token_rotation_interval_minutes = 10
 
 # The maximum lifetime (seconds) an API key can be used. If it is set all the API keys should have limited lifetime that is lower than this value.
 api_key_max_seconds_to_live = -1
+
+# Enforce user lookup based on email instead of the unique ID provided by the IdP.
+oauth_allow_insecure_email_lookup = false
 ```
 
 ### Anonymous authentication
@@ -143,3 +146,17 @@ URL to redirect the user to after signing out from Grafana. This can for example
 [auth]
 signout_redirect_url =
 ```
+
+### Enable email lookup
+
+Enable user lookup based on email in addition to using unique ID provided by IdPs.
+
+By default, Grafana relies on the user unique ID provided by the identity provider.
+Looking up users by email can be safe for some identity providers (for example, when they are single tenants and unique non-editable, validated emails are provided), as well as in some infrastructures.
+
+We strongly recommend against enabling email lookups, however it is possible to do with the following configuration.
+
+```bash
+[auth]
+oauth_allow_insecure_email_lookup = true
+```

docs/sources/auth/saml.md

@@ -1,6 +1,4 @@
 ---
-aliases:
-  - /docs/grafana/latest/auth/saml/
 description: Grafana SAML Authentication
 keywords:
   - grafana

docs/sources/auth/team-sync.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/auth/saml/
+  - saml/
 description: Grafana Team Sync
 keywords:
   - grafana

docs/sources/basics/_index.md

@@ -7,8 +7,8 @@ weight: 15
 
 This section provides basic information about observability topics in general and Grafana in particular. These topics will help people who are just starting out with observability and monitoring.
 
-{{< docs/shared "basics/what-is-grafana.md" >}}
+{{< docs/shared lookup="basics/what-is-grafana.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-{{< docs/shared "basics/grafana-cloud.md" >}}
+{{< docs/shared lookup="basics/grafana-cloud.md" source="grafana" version="<GRAFANA VERSION>" >}}
 
-{{< docs/shared "basics/grafana-enterprise.md" >}}
+{{< docs/shared lookup="basics/grafana-enterprise.md" source="grafana" version="<GRAFANA VERSION>" >}}

docs/sources/basics/glossary.md

@@ -1,7 +1,7 @@
 ---
 aliases:
-  - /docs/grafana/latest/guides/glossary
-  - /docs/grafana/latest/getting-started/glossary
+  - ../getting-started/glossary/
+  - ../guides/glossary/
 description: Grafana glossary
 keywords:
   - grafana

docs/sources/basics/intro-histograms.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/getting-started/intro-histograms
+  - ../getting-started/intro-histograms/
 description: An introduction to histograms and heatmaps
 keywords:
   - grafana

docs/sources/basics/timeseries-dimensions.md

@@ -1,7 +1,7 @@
 ---
 aliases:
-  - /docs/grafana/latest/guides/timeseries-dimensions
-  - /docs/grafana/latest/getting-started/timeseries-dimensions
+  - ../getting-started/timeseries-dimensions/
+  - ../guides/timeseries-dimensions/
 description: time series dimensions
 keywords:
   - grafana
@@ -90,4 +90,4 @@ In this case the labels that represent the dimensions will have two keys based o
 
 In the case of SQL-like data sources, more than one numeric column can be selected, with or without additional string columns to be used as dimensions. For example, `AVG(Temperature) AS AvgTemp, MAX(Temperature) AS MaxTemp`. This, if combined with multiple dimensions, can result in a lot of series. Selecting multiple values is currently only designed to be used with visualization.
 
-Additional technical information on tabular time series formats and how dimensions are extracted can be found in [the developer documentation on data frames as time series]({{< relref "../developers/plugins/data-frames.md#data-frames-as-time-series" >}}).
+Additional technical information on tabular time series formats and how dimensions are extracted can be found in [the developer documentation on data frames as time series](https://grafana.com/developers/plugin-tools/introduction/data-frames#data-frames-as-time-series).

docs/sources/best-practices/common-observability-strategies.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/getting-started/strategies/
+  - ../getting-started/strategies/
 description: Common observability strategies
 keywords:
   - grafana

docs/sources/copyright/_index.md

@@ -0,0 +1,7 @@
+---
+title: Copyright notice
+---
+
+# Copyright notice
+
+Copyright © 2021 Raintank, Inc. dba Grafana Labs. All Rights Reserved.

docs/sources/dashboards/_index.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/features/dashboard/dashboards/
+  - features/dashboard/dashboards/
 title: Dashboards
 weight: 80
 ---
@@ -14,7 +14,7 @@ Dashboard snapshots are static . Queries and expressions cannot be re-executed f
 Before you begin, ensure that you have configured a data source. See also:
 
 - [Working with Grafana dashboard UI]({{< relref "./dashboard-ui/_index.md" >}})
-- [Dashboard folders]({{< relref "./dashboard-folders.md" >}})
+- [Dashboard folders]({{< relref "./dashboard_folders" >}})
 - [Create dashboard]({{< relref "./dashboard-create" >}})
 - [Manage dashboards]({{< relref "./dashboard-manage.md" >}})
 - [Annotations]({{< relref "./annotations.md" >}})
@@ -23,7 +23,7 @@ Before you begin, ensure that you have configured a data source. See also:
 - [Keyboard shortcuts]({{< relref "./shortcuts.md" >}})
 - [Reporting]({{< relref "./reporting.md" >}})
 - [Time range controls]({{< relref "./time-range-controls.md" >}})
-- [Dashboard version history]({{< relref "./dashboard-history.md" >}})
+- [Dashboard version history]({{< relref "./dashboard_history" >}})
 - [Dashboard export and import]({{< relref "./export-import.md" >}})
 - [Dashboard JSON model]({{< relref "./json-model.md" >}})
 - [Scripted dashboards]({{< relref "./scripted-dashboards.md" >}})

docs/sources/dashboards/annotations.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/reference/annotations/
+  - ../reference/annotations/
 keywords:
   - grafana
   - annotations

docs/sources/dashboards/dashboard-create.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/features/dashboard/dashboards/
+  - ../features/dashboard/dashboards/
 title: Create dashboards
 weight: 7
 ---

docs/sources/dashboards/dashboard-manage.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/features/dashboard/dashboards/
+  - ../features/dashboard/dashboards/
 title: Manage dashboards
 weight: 8
 ---

docs/sources/dashboards/dashboard-ui/_index.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/features/dashboard/dashboards/
+  - ../features/dashboard/dashboards/
 title: ' Dashboard UI'
 weight: 2
 ---

docs/sources/dashboards/dashboard-ui/dashboard-header.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/features/dashboard/dashboards/
+  - ../../features/dashboard/dashboards/
 title: Dashboard header
 weight: 80
 ---

docs/sources/dashboards/dashboard-ui/dashboard-row.md

@@ -1,6 +1,6 @@
 ---
 aliases:
-  - /docs/grafana/latest/features/dashboard/dashboards/
+  - ../../features/dashboard/dashboards/
 title: Dashboard rows
 weight: 80
 ---