Merge branch 'main' into 2024-06-shellcheck-shell-scripts

grafana · Jul 11, 2024 · ee6c13d · ee6c13d
2 parents fd58bbd + d848da2
commit ee6c13d
Show file tree

Hide file tree

Showing 36 changed files with 1,127 additions and 206 deletions.
diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
@@ -0,0 +1,6 @@
+self-hosted-runner:
+  # Labels of self-hosted runner in array of strings.
+  labels:
+    - ubuntu-amd64*
+    - ubuntu-x64*
+    - ubuntu-arm64*
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -14,3 +14,23 @@ updates:
       interval: "daily"
     pull-request-branch-name:
       separator: "-"
+
+  - package-ecosystem: "gomod"
+    directory: "/actions/trigger-argo-workflow"
+    schedule:
+      interval: "weekly"
+    groups:
+      go:
+        applies-to: "version-updates"
+        patterns:
+          - "*"
+
+  - package-ecosystem: "gomod"
+    directory: "/actions/techdocs-rewrite-relative-links"
+    schedule:
+      interval: "weekly"
+    groups:
+      go:
+        applies-to: "version-updates"
+        patterns:
+          - "*"
diff --git a/.github/publish-techdocs-testdata/docs/README.md b/.github/publish-techdocs-testdata/docs/README.md
@@ -0,0 +1,3 @@
+# Test docs
+
+Lovely stuff.
diff --git a/.github/publish-techdocs-testdata/mkdocs.yml b/.github/publish-techdocs-testdata/mkdocs.yml
@@ -0,0 +1,7 @@
+site_name: "test-docs"
+
+nav:
+  - Home: README.md
+
+plugins:
+  - techdocs-core
diff --git a/.github/workflows/build-lint-pr.yml b/.github/workflows/build-lint-pr.yml
@@ -10,7 +10,7 @@ jobs:
     if: ${{ github.event.pull_request.merged == true && contains(github.head_ref || github.ref_name, 'dependabot-npm') }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup Node.js environment
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
@@ -26,7 +26,7 @@ jobs:
         run: yarn build
 
       - name: Commit lint-pr-title changes and create new pull request
-        uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
         with:
           commit-message: "Update code on lint-pr-title action"
           branch: "update-lint-pr-code"
@@ -35,4 +35,4 @@ jobs:
           title: "Update code on lint-pr-title action"
           body: "This PR contains the code built after dependabot updated dependencies on lint-pr-title action"
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/build-trigger-argo-workflow.yaml b/.github/workflows/build-trigger-argo-workflow.yaml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
         with:

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,55 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - "main"
+
+  pull_request:
+    branches:
+      - "main"
+
+  schedule:
+    - cron: "21 5 * * 3"
+
+  # To trigger a CodeQL analysis manually
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+
+    runs-on: ubuntu-latest-8-cores
+
+    timeout-minutes: 360
+
+    permissions:
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: go
+            build-mode: autobuild
+          - language: javascript-typescript
+            build-mode: none
+            paths-ignore:
+              - "**/dist/**"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@9550da953dd3b29aedf76cd635101e48eae5eebd # v3.25.9
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          config: |
+            paths-ignore: ${{ toJSON(matrix.paths-ignore) }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@9550da953dd3b29aedf76cd635101e48eae5eebd # v3.25.9
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/lint-shared-workflows.yaml b/.github/workflows/lint-shared-workflows.yaml
@@ -1,5 +1,7 @@
 on:
   push:
+    branches:
+      - "main"
 
   pull_request:
 
@@ -12,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Lint with Prettier
         uses: creyD/prettier_action@31355f8eef017f8aeba2e0bc09d8502b13dbbad1 # v4.3.0
@@ -38,7 +40,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Install dependencies
         run: |
@@ -91,7 +93,7 @@ jobs:
           gh extension install actions/gh-actions-cache
           gh actions-cache delete --repo "${{ github.repository }}" "github-action-schema" --confirm
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ github.token }}
 
       - name: Save github-action.json schema to cache
         uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2

diff --git a/.github/workflows/publish-techdocs.md b/.github/workflows/publish-techdocs.md
@@ -23,7 +23,6 @@ concurrency:
 jobs:
   publish-docs:
     uses: grafana/shared-workflows/.github/workflows/publish-techdocs.yaml@main
-    secrets: inherit
     with:
       namespace: default
       kind: component
@@ -32,11 +31,18 @@ jobs:
 
 ## Inputs
 
-| Name                        | Type    | Description                                                                             |
-| --------------------------- | ------- | --------------------------------------------------------------------------------------- |
-| `namespace`                 | string  | The entity's namespace within EngHub (usually `default`)                                |
-| `kind`                      | string  | The kind of the entity in EngHub (usually `component`)                                  |
-| `name`                      | string  | The name of the entity in EngHub (usually matches the name of the repository)           |
-| `default-working-directory` | string  | The directory where the techdocs-cli should be run (default: `.`)                       |
-| `publish`                   | boolean | Whether to publish the built docs to EngHub (default: `true`)                           |
-| `checkout-submodules`       | string  | Checkout submodules in the repository (options: `false` (default), `true`, `recursive`) |
+| Name                             | Type    | Description                                                                                                                                                            |
+| -------------------------------- | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `namespace`                      | string  | The entity's namespace within EngHub (usually `default`)                                                                                                               |
+| `kind`                           | string  | The kind of the entity in EngHub (usually `component`)                                                                                                                 |
+| `name`                           | string  | The name of the entity in EngHub (usually matches the name of the repository)                                                                                          |
+| `default-working-directory`      | string  | The working directory to use for doc generation. Useful for cases without an mkdocs.yml file at the project root.                                                      |
+| `rewrite-relative-links`         | boolean | Execute [rewrite-relative-links][rewrite-action] step to rewrite relative links in the docs to point to the correct location in the GitHub repository                  |
+| `rewrite-relative-links-dry-run` | boolean | Execute [rewrite-relative-links][rewrite-action] step but only print the diff without modifying the files                                                              |
+| `publish`                        | boolean | Enable or disable publishing after building the docs                                                                                                                   |
+| `checkout-submodules`            | string  | Checkout submodules in the repository. Options are `true` (checkout submodules), `false` (don't checkout submodules), or `recursive` (recursively checkout submodules) |
+| `bucket`                         | string  | The name of the GCS bucket to which the docs will be published                                                                                                         |
+| `workload-identity-provider`     | string  | The GCP workload identity provider to use for authentication                                                                                                           |
+| `service-account`                | string  | The GCP service account to use for authentication                                                                                                                      |
+
+[rewrite-action]: ../../actions/techdocs-rewrite-relative-links/README.md
diff --git a/.github/workflows/publish-techdocs.yaml b/.github/workflows/publish-techdocs.yaml
@@ -4,12 +4,15 @@ on:
   workflow_call:
     inputs:
       namespace:
+        description: The entity's namespace within EngHub (usually `default`)
         required: true
         type: string
       kind:
+        description: The kind of the entity in EngHub (usually `component`)
         required: true
         type: string
       name:
+        description: The name of the entity in EngHub (usually matches the name of the repository)
         required: true
         type: string
       default-working-directory:
@@ -18,6 +21,7 @@ on:
         type: string
         default: "."
       rewrite-relative-links:
+        description: "Execute rewrite-relative-links step to rewrite relative links in the docs to point to the correct location in the GitHub repository"
         required: false
         type: boolean
         default: false
@@ -36,6 +40,21 @@ on:
         required: false
         type: string
         default: "false"
+      bucket:
+        description: "The name of the GCS bucket to which the docs will be published"
+        required: false
+        type: string
+        default: ops-us-east-0-backstage
+      workload-identity-provider:
+        description: "The GCP workload identity provider to use for authentication"
+        required: false
+        type: string
+        default: projects/304398677251/locations/global/workloadIdentityPools/github/providers/github-provider
+      service-account:
+        description: "The GCP service account to use for authentication"
+        required: false
+        type: string
+        default: github-backstage-techdocs@grafanalabs-workload-identity.iam.gserviceaccount.com
 
 jobs:
   generate-and-publish-docs:
@@ -46,11 +65,11 @@ jobs:
     steps:
       - id: checkout
         name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - id: checkout-shared-workflows
         name: Checkout shared workflows
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           repository: grafana/shared-workflows
           # TODO: Replace after merge
@@ -74,25 +93,27 @@ jobs:
         uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
         with:
           create_credentials_file: true
-          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_POOL_PROVIDER }}
-          service_account: ${{ secrets.BACKSTAGE_TECHDOCS_SA_EMAIL }}
+          workload_identity_provider: ${{ inputs.workload-identity-provider }}
+          service_account: ${{ inputs.service-account }}
 
+      # Pinning until resolved https://github.com/backstage/backstage/issues/25303
       - name: Install techdocs-cli
-        run: sudo npm install -g @techdocs/cli
+        run: sudo npm install -g @techdocs/cli@1.8.11
 
       - name: setup python
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: 3.11
 
+      # Pinning until resolved https://github.com/backstage/backstage/issues/25303
       - name: Install mkdocs and mkdocs plugins
-        run: python -m pip install mkdocs-techdocs-core==1.*
+        run: python -m pip install mkdocs-techdocs-core==1.3.5
 
       - name: Generate docs site
         run: techdocs-cli generate --no-docker --verbose
         working-directory: ${{ inputs.default-working-directory }}
 
       - name: Publish docs site
         if: inputs.publish
-        run: techdocs-cli publish --publisher-type googleGcs --storage-name ${{ secrets.BACKSTAGE_TECHDOCS_BUCKET_NAME }} --entity ${{ inputs.namespace }}/${{ inputs.kind }}/${{ inputs.name }}
+        run: techdocs-cli publish --publisher-type googleGcs --storage-name ${{ inputs.bucket }} --entity ${{ inputs.namespace }}/${{ inputs.kind }}/${{ inputs.name }}
         working-directory: ${{ inputs.default-working-directory }}
diff --git a/.github/workflows/test-find-pr-for-commit.yml b/.github/workflows/test-find-pr-for-commit.yml
@@ -39,7 +39,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: ${{ matrix.test_name }}
         id: test-find-pr-for-commit

diff --git a/.github/workflows/test-get-vault-secrets.yaml b/.github/workflows/test-get-vault-secrets.yaml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Test Vault Action
         id: test-vault-action
@@ -58,7 +58,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup BATS testing framework
         uses: mig4/setup-bats@af9a00deb21b5d795cabfeaa8d9060410377686d # v1.2.0

diff --git a/.github/workflows/test-login-to-gar.yaml b/.github/workflows/test-login-to-gar.yaml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Test Login to GAR Action
         id: test-login-to-gar

diff --git a/.github/workflows/test-publish-techdocs.yml b/.github/workflows/test-publish-techdocs.yml
@@ -0,0 +1,36 @@
+name: Publish TechDocs (test)
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - .github/publish-techdocs-testdata/**
+      - .github/workflows/publish-techdocs.yaml
+      - .github/workflows/test-publish-techdocs.yml
+      - .github/workflows/test-techdocs-rewrite-relative-links.yml
+      - techdocs-rewrite-relative-links/**
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - .github/publish-techdocs-testdata/**
+      - .github/workflows/publish-techdocs.yaml
+      - .github/workflows/test-publish-techdocs.yml
+      - .github/workflows/test-techdocs-rewrite-relative-links.yml
+      - techdocs-rewrite-relative-links/**
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  publish-docs:
+    uses: ./.github/workflows/publish-techdocs.yaml
+    secrets: inherit
+    with:
+      default-working-directory: ".github/publish-techdocs-testdata"
+      kind: component
+      name: ignored
+      namespace: default
+      publish: false
diff --git a/.github/workflows/test-techdocs-rewrite-relative-links.yaml b/.github/workflows/test-techdocs-rewrite-relative-links.yaml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup go
         uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1