clickhouse-datasource/.github/workflows/cron.yml at 4afdc57130137f5c8fd9ad06e3abd8a4974bb1f5 · grafana/clickhouse-datasource · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: cron Jobs

on:
  # Run nightly against the shared Cloud instance
  schedule:
    - cron: '0 9 * * *' # Daily at 09:00 UTC

  # Allow engineers to run Cloud E2E on-demand (useful for debugging)
  workflow_dispatch:

# Global defaults for all `run:` steps
defaults:
  run:
    shell: bash

# Baseline permissions (jobs can override/extend)
permissions:
  contents: read

# Constants you might want to tweak without hunting through the file
env:
  # Private Data Source Connect network name. You'll need to set this yourself.
  # Find this on https://datasources.grafana.net/ for the provisioned datasource.
  # If set, tests should enable/select PDC; if unset, tests should skip PDC config.
  DS_PDC_NETWORK_NAME: datasources-pdc-network-aws-datasourcese2e

  # Grafana URL for the shared Cloud instance. This should not be changed.
  GRAFANA_URL: "https://datasourcese2e.grafana-dev.net"

jobs:
  bench-tests:
    name: Run E2E Tests with Grafana Bench
    runs-on: ubuntu-24.04
    timeout-minutes: 60

    # Never run on forks — they lack the required Vault secrets regardless of trigger
    if: ${{ github.repository_owner == 'grafana' }}

    # This job needs OIDC to fetch Vault secrets via the shared action
    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          # Avoid leaving a token in the repo checkout; prefer explicit auth for publishing steps
          persist-credentials: false

      - name: Get secrets from Vault
        id: get-secrets
        uses: grafana/shared-workflows/actions/get-vault-secrets@f1614b210386ac420af6807a997ac7f6d96e477a # get-vault-secrets/v1.3.1
        with:
          # Grafana auth (used by @grafana/plugin-e2e)
          # + Prometheus creds for Bench metrics reporting
          common_secrets: |
            PLAYWRIGHT_GRAFANA_PASSWORD=data-sources/e2e:grafana-pw
            PLAYWRIGHT_GRAFANA_USERNAME=data-sources/e2e:grafana-username
            PROMETHEUS_PASSWORD=grafana-bench:prometheus_token
            PROMETHEUS_URL=grafana-bench:prometheus_url
            PROMETHEUS_USER=grafana-bench:prometheus_user

          # Repo-specific backend secrets (naming varies by datasource)
          repo_secrets: |
            DS_INSTANCE_HOST=ds-instance:host
            DS_INSTANCE_PASSWORD=ds-instance:password
            DS_INSTANCE_PORT=ds-instance:port
            DS_INSTANCE_USERNAME=ds-instance:username

          # Keep secrets in step output; we’ll pass them into the container explicitly
          export_env: false

      - name: Wait for Grafana to be reachable
        # Wait until the Cloud instance is responding before starting tests
        uses: grafana/plugin-actions/wait-for-grafana@c8ad89b7d81f8cb9967bb65e444d85f5b3d7c674 # wait-for-grafana/v1.0.2
        with:
          # Use /login so “reachable” also implies the app is up
          url: "${{ env.GRAFANA_URL }}/login"
          timeout: 600 # 10 minutes (can be slow after maintenance)
          interval: 10 # 10 seconds

      - name: Run Grafana Bench tests
        # Materialize secrets into step env vars so we can pass them into the container cleanly
        env:
          # Backend connection details (tests should read DS_INSTANCE_*)
          DS_INSTANCE_HOST: ${{ fromJSON(steps.get-secrets.outputs.secrets).DS_INSTANCE_HOST }}
          DS_INSTANCE_PASSWORD: ${{ fromJSON(steps.get-secrets.outputs.secrets).DS_INSTANCE_PASSWORD }}
          DS_INSTANCE_PORT: ${{ fromJSON(steps.get-secrets.outputs.secrets).DS_INSTANCE_PORT }}
          DS_INSTANCE_USERNAME: ${{ fromJSON(steps.get-secrets.outputs.secrets).DS_INSTANCE_USERNAME }}

          # Grafana admin credentials used by @grafana/plugin-e2e auth/storage state
          GRAFANA_ADMIN_PASSWORD: ${{ fromJSON(steps.get-secrets.outputs.secrets).PLAYWRIGHT_GRAFANA_PASSWORD }}
          GRAFANA_ADMIN_USER: ${{ fromJSON(steps.get-secrets.outputs.secrets).PLAYWRIGHT_GRAFANA_USERNAME }}

          # Bench Prometheus reporting credentials (for metrics + strict lint)
          PROMETHEUS_PASSWORD: ${{ fromJSON(steps.get-secrets.outputs.secrets).PROMETHEUS_PASSWORD }}
          PROMETHEUS_URL: ${{ fromJSON(steps.get-secrets.outputs.secrets).PROMETHEUS_URL }}
          PROMETHEUS_USER: ${{ fromJSON(steps.get-secrets.outputs.secrets).PROMETHEUS_USER }}

          # PDC network name comes from the workflow-level env above
          DS_PDC_NETWORK_NAME: ${{ env.DS_PDC_NETWORK_NAME }}
        run: |
          set -euo pipefail

          # Run Bench in a container. Bench bootstraps Playwright deps (prepare)
          # and executes your repo's e2e script (execute) with standardized reporting.
          #
          # Flags grouped by purpose:
          #   Container setup  : --network, --rm, --volume
          #   Backend secrets  : -e DS_INSTANCE_*
          #   Grafana auth     : -e GRAFANA_ADMIN_*, -e GRAFANA_URL
          #   Bench Prometheus : -e PROMETHEUS_*
          #   PDC              : -e DS_PDC_NETWORK_NAME
          #   Bench reporting  : --report-output, --run-stage, --service-*, --suite-*
          #   Test env         : --test-env (forwarded into the Playwright process)
          #   Runner           : --test-runner, --test-verbose
          docker run \
            --network=host \
            --rm \
            --volume "$PWD:/tests" \
            -e DS_INSTANCE_HOST \
            -e DS_INSTANCE_PASSWORD \
            -e DS_INSTANCE_PORT \
            -e DS_INSTANCE_USERNAME \
            -e DS_PDC_NETWORK_NAME \
            -e GRAFANA_ADMIN_PASSWORD \
            -e GRAFANA_ADMIN_USER \
            -e GRAFANA_URL \
            -e PROMETHEUS_PASSWORD \
            -e PROMETHEUS_URL \
            -e PROMETHEUS_USER \
            us-docker.pkg.dev/grafanalabs-global/docker-grafana-bench-prod/grafana-bench-playwright:v1.0.0 test \
            --prometheus-metrics \
            --prometheus-strict-lint \
            --pw-prepare "npm ci --no-audit --fund=false; npx playwright install" \
            --pw-execute "npm run e2e" \
            --report-output log \
            --run-stage ci \
            --service ${GITHUB_REPOSITORY#grafana/} \
            --service-url ${GRAFANA_URL} \
            --service-version "rrc-fast" \
            --suite-name "${{ github.repository }}/e2e" \
            --suite-path /tests \
            --test-env CI=true \
            --test-env DS_INSTANCE_HOST \
            --test-env DS_INSTANCE_PASSWORD \
            --test-env DS_INSTANCE_PORT \
            --test-env DS_INSTANCE_USERNAME \
            --test-env DS_PDC_NETWORK_NAME \
            --test-env GRAFANA_ADMIN_PASSWORD \
            --test-env GRAFANA_ADMIN_USER \
            --test-env GRAFANA_URL \
            --test-runner playwright \
            --test-verbose