name: Build Release Packages on: workflow_dispatch: inputs: source-event: description: If this workflow was triggered by another workflow, this value should be set to the GITHUB_EVENT_NAME of that source workflow. type: string required: false default: workflow_dispatch schedule: # Every weeknight at midnight # "Scheduled workflows will only run on the default branch." (docs.github.com) - cron: '0 0 * * 1-5' push: branches: - release-*.*.* - main permissions: contents: read # Builds the following artifacts: # # npm:grafana # storybook # targz:grafana:linux/amd64 # targz:grafana:linux/arm64 # targz:grafana:linux/arm/v6 # targz:grafana:linux/arm/v7 # deb:grafana:linux/amd64 # deb:grafana:linux/arm64 # deb:grafana:linux/arm/v6 # deb:grafana:linux/arm/v7 # rpm:grafana:linux/amd64:sign # rpm:grafana:linux/arm64:sign # docker:grafana:linux/amd64 # docker:grafana:linux/arm64 # docker:grafana:linux/arm/v7 # docker:grafana:linux/amd64:ubuntu # docker:grafana:linux/arm64:ubuntu # docker:grafana:linux/arm/v7:ubuntu # targz:grafana:windows/amd64 # targz:grafana:windows/arm64 # targz:grafana:darwin/amd64 # targz:grafana:darwin/arm64 # zip:grafana:windows/amd64 # msi:grafana:windows/amd64 jobs: setup: name: setup runs-on: github-hosted-ubuntu-x64-small if: (github.repository == 'grafana/grafana') || (github.repository == 'grafana/grafana-security-mirror' && contains(github.ref_name, '+security')) outputs: version: ${{ steps.output.outputs.version }} grafana-commit: ${{ steps.output.outputs.grafana_commit }} permissions: contents: read steps: - uses: actions/checkout@v4 with: persist-credentials: false - name: Set up version (Release Branches) if: startsWith(github.ref_name, 'release-') run: echo "${REF_NAME#release-}" > VERSION env: REF_NAME: ${{ github.ref_name }} - name: Set up version (Non-release branches) if: ${{ !startsWith(github.ref_name, 'release-') }} run: jq -r .version package.json | sed -s "s/pre/${BUILD_ID}/g" > VERSION env: REF_NAME: ${{ github.ref_name }} BUILD_ID: ${{ github.run_id }} - id: output run: | echo "version=$(cat VERSION)" >> "$GITHUB_OUTPUT" echo "grafana_commit=$(git rev-parse HEAD)" | tee -a "$GITHUB_OUTPUT" # Triggers the same workflow in `grafana-enterprise` on the same ref downstream: runs-on: github-hosted-ubuntu-x64-small needs: [setup] permissions: contents: read id-token: write name: Dispatch grafana-enterprise build steps: - id: vault-secrets uses: grafana/shared-workflows/actions/get-vault-secrets@main with: repo_secrets: | GRAFANA_DELIVERY_BOT_APP_PEM=delivery-bot-app:PRIVATE_KEY - name: Generate token id: generate_token uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a with: app_id: ${{ vars.DELIVERY_BOT_APP_ID }} private_key: ${{ env.GRAFANA_DELIVERY_BOT_APP_PEM }} repositories: '["grafana-enterprise"]' permissions: '{"actions": "write"}' - uses: actions/github-script@v7 env: REF: ${{ github.ref_name }} VERSION: ${{ needs.setup.outputs.version }} BUILD_ID: ${{ github.run_id }} BUCKET: grafana-prerelease GRAFANA_COMMIT: ${{ needs.setup.outputs.grafana-commit }} SOURCE_EVENT: ${{ inputs.source-event || github.event_name }} REPO: ${{ github.repository }} with: github-token: ${{ steps.generate_token.outputs.token }} script: | const {REF, VERSION, BUILD_ID, BUCKET, GRAFANA_COMMIT, SOURCE_EVENT, REPO} = process.env; await github.rest.actions.createWorkflowDispatch({ owner: 'grafana', repo: 'grafana-enterprise', workflow_id: 'release-build.yml', ref: REF, inputs: { "version": VERSION, "build-id": String(BUILD_ID), "bucket": BUCKET, "grafana-commit": GRAFANA_COMMIT, "source-event": SOURCE_EVENT, "upstream": REPO, } }) build: runs-on: github-hosted-ubuntu-x64-large needs: [setup] permissions: contents: read id-token: write name: ${{ needs.setup.outputs.version }} / ${{ matrix.name }} strategy: fail-fast: false matrix: # The artifacts in these lists are grouped by their os+arch because the # build process can reuse the binaries for each artifact. # The downside to this is that the frontend will be built for each one when it could be reused for all of them. # This could be a future improvement. include: - name: linux-amd64 artifacts: targz:grafana:linux/amd64,deb:grafana:linux/amd64,rpm:grafana:linux/amd64,docker:grafana:linux/amd64,docker:grafana:linux/amd64:ubuntu,npm:grafana,storybook verify: true - name: linux-arm64 artifacts: targz:grafana:linux/arm64,deb:grafana:linux/arm64,rpm:grafana:linux/arm64,docker:grafana:linux/arm64,docker:grafana:linux/arm64:ubuntu verify: false - name: linux-s390x artifacts: targz:grafana:linux/s390x,deb:grafana:linux/s390x,rpm:grafana:linux/s390x,docker:grafana:linux/s390x,docker:grafana:linux/s390x:ubuntu verify: true - name: linux-armv7 artifacts: targz:grafana:linux/arm/v7,deb:grafana:linux/arm/v7,docker:grafana:linux/arm/v7,docker:grafana:linux/arm/v7:ubuntu verify: true - name: linux-armv6 artifacts: targz:grafana:linux/arm/v6,deb:grafana:linux/arm/v6 verify: true - name: windows-amd64 artifacts: targz:grafana:windows/amd64,zip:grafana:windows/amd64,msi:grafana:windows/amd64 verify: true - name: windows-arm64 artifacts: targz:grafana:windows/arm64,zip:grafana:windows/arm64 verify: true - name: darwin-amd64 artifacts: targz:grafana:darwin/amd64 verify: true - name: darwin-arm64 artifacts: targz:grafana:darwin/arm64 verify: true steps: - uses: grafana/shared-workflows/actions/dockerhub-login@dockerhub-login/v1.0.2 - uses: actions/checkout@v4 with: persist-credentials: false - name: Set up QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 with: image: docker.io/tonistiigi/binfmt:qemu-v7.0.0-28 - uses: ./.github/actions/build-package id: build with: artifacts: ${{ matrix.artifacts }} checksum: true grafana-path: . github-token: ${{ secrets.GITHUB_TOKEN }} version: ${{ needs.setup.outputs.version }} output: artifacts-${{ matrix.name }}.txt verify: ${{ matrix.verify }} build-id: ${{ github.run_id }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 with: name: artifacts-list-${{ matrix.name }} path: ${{ steps.build.outputs.file }} retention-days: 1 - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 with: name: artifacts-${{ matrix.name }} path: ${{ steps.build.outputs.dist-dir }} retention-days: 1 publish-artifacts: name: Upload artifacts uses: grafana/grafana/.github/workflows/publish-artifact.yml@main permissions: id-token: write needs: - setup - build with: bucket: grafana-prerelease pattern: artifacts-* run-id: ${{ github.run_id }} bucket-path: ${{ needs.setup.outputs.version }}_${{ github.run_id }} environment: prod publish-dockerhub: if: github.ref_name == 'main' permissions: contents: read id-token: write runs-on: ubuntu-x64-small needs: - setup - build steps: - uses: grafana/shared-workflows/actions/dockerhub-login@dockerhub-login/v1.0.2 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with: name: artifacts-list-linux-amd64 path: . - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with: name: artifacts-list-linux-arm64 path: . - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with: name: artifacts-list-linux-armv7 path: . - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with: name: artifacts-linux-amd64 path: dist - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with: name: artifacts-linux-arm64 path: dist - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with: name: artifacts-linux-armv7 path: dist - name: Push to Docker Hub env: VERSION: ${{ needs.setup.outputs.version }} run: | # grep can use a wildcard but then it includes the filename as part of the result and that gets complicated. # It's easier to use cat to combine the artifact lists cat artifacts-*.txt > artifacts.txt grep 'grafana_.*docker.tar.gz$' artifacts.txt | xargs -I % docker load -i % | sed 's/Loaded image: //g' | tee docker_images while read -r line; do # This tag will be `grafana/grafana-image-tags:...` docker push "$line" done < docker_images docker manifest create grafana/grafana:main "grafana/grafana-image-tags:${VERSION}-amd64" "grafana/grafana-image-tags:${VERSION}-arm64" "grafana/grafana-image-tags:${VERSION}-armv7" docker manifest create grafana/grafana:main-ubuntu "grafana/grafana-image-tags:${VERSION}-ubuntu-amd64" "grafana/grafana-image-tags:${VERSION}-ubuntu-arm64" "grafana/grafana-image-tags:${VERSION}-ubuntu-armv7" docker manifest create "grafana/grafana-dev:${VERSION}" "grafana/grafana-image-tags:${VERSION}-amd64" "grafana/grafana-image-tags:${VERSION}-arm64" "grafana/grafana-image-tags:${VERSION}-armv7" docker manifest create "grafana/grafana-dev:${VERSION}-ubuntu" "grafana/grafana-image-tags:${VERSION}-ubuntu-amd64" "grafana/grafana-image-tags:${VERSION}-ubuntu-arm64" "grafana/grafana-image-tags:${VERSION}-ubuntu-armv7" docker manifest push grafana/grafana:main docker manifest push grafana/grafana:main-ubuntu docker manifest push "grafana/grafana-dev:${VERSION}" docker manifest push "grafana/grafana-dev:${VERSION}-ubuntu"