fix(deps): update github.com/grafana/alerting digest to 5c84f76 (main) #50901
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - r[0-9]+ # Trigger builds after a push to weekly branches | |
| tags: | |
| # The following regex matches the Mimir release tag. Tag filters not as strict due to different regex system on Github Actions. | |
| - mimir-[0-9]+.[0-9]+.[0-9]+** | |
| pull_request: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| # Cancel any running workflow for the same branch when new commits are pushed. | |
| # We group both by ref_name (available when CI is triggered by a push to a branch/tag) | |
| # and head_ref (available when CI is triggered by a PR). | |
| group: "${{ github.ref_name }}-${{ github.head_ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Get build image from Makefile | |
| id: build_image_step | |
| run: echo "build_image=$(make print-build-image)" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| build_image: ${{ steps.build_image_step.outputs.build_image }} | |
| # Determine if we will deploy (aka push) the image to the registry. | |
| is_deploy: ${{ (startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/r')) && github.event_name == 'push' && github.repository == 'grafana/mimir' }} | |
| goversion: | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Get Go Version | |
| id: go-version | |
| run: | | |
| echo "version=$(make BUILD_IN_CONTAINER=false print-go-version)" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| version: ${{ steps.go-version.outputs.version }} | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| # Commands in the Makefile are hardcoded with an assumed file structure of the CI container | |
| # Symlink ensures paths specified in previous commands don’t break | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Lint | |
| run: make BUILD_IN_CONTAINER=false lint | |
| - name: Check Vendor Directory | |
| run: make BUILD_IN_CONTAINER=false mod-check | |
| - name: Check Protos | |
| run: make BUILD_IN_CONTAINER=false check-protos | |
| - name: Check Generated Documentation | |
| run: make BUILD_IN_CONTAINER=false check-doc | |
| - name: Check Reference Help Documentation | |
| run: make BUILD_IN_CONTAINER=false check-reference-help | |
| - name: Check White Noise | |
| run: make BUILD_IN_CONTAINER=false check-white-noise | |
| - name: Check License Header | |
| run: make BUILD_IN_CONTAINER=false check-license | |
| - name: Check Docker-Compose YAML | |
| run: make BUILD_IN_CONTAINER=false check-mimir-microservices-mode-docker-compose-yaml | |
| lint-jsonnet: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| # Commands in the Makefile are hardcoded with an assumed file structure of the CI container | |
| # Symlink ensures paths specified in previous commands don’t break | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Check Mixin | |
| run: make BUILD_IN_CONTAINER=false check-mixin | |
| - name: Check Mixin Tests | |
| run: make BUILD_IN_CONTAINER=false check-mixin-tests | |
| - name: Check Mixin with Mimirtool rules check | |
| run: make BUILD_IN_CONTAINER=false check-mixin-mimirtool-rules | |
| - name: Check Jsonnet Manifests | |
| run: make BUILD_IN_CONTAINER=false check-jsonnet-manifests | |
| - name: Check Jsonnet Getting Started | |
| run: make BUILD_IN_CONTAINER=false check-jsonnet-getting-started | |
| - name: Check Jsonnet Tests | |
| run: make BUILD_IN_CONTAINER=false check-jsonnet-tests | |
| lint-helm: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| # Commands in the Makefile are hardcoded with an assumed file structure of the CI container | |
| # Symlink ensures paths specified in previous commands don’t break | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Set up Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: v4.0.1 | |
| - name: Check Helm Tests | |
| run: make BUILD_IN_CONTAINER=false check-helm-tests | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| # Do not abort other groups when one fails. | |
| fail-fast: false | |
| # Split tests into 4 groups. | |
| matrix: | |
| test_group_id: [0, 1, 2, 3] | |
| test_group_total: [4] | |
| needs: | |
| - prepare | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Install GitHub CLI | |
| run: ./.github/workflows/scripts/install-gh.sh | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| # We use retry logic for tests to handle flaky tests that might fail intermittently. | |
| # The retry action will run the test command up to max_attempts times if it fails. | |
| # This helps reduce CI failures caused by temporary issues, timing problems, or race conditions. | |
| - name: Run Tests with retry | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 180 # 3 hours so that we rely on the timeout in the makefile | |
| max_attempts: 2 | |
| retry_wait_seconds: 0 | |
| command: | | |
| echo "Running unit tests (group ${{ matrix.test_group_id }} of ${{ matrix.test_group_total }}) with Go version: $(go version)" | |
| ./.github/workflows/scripts/run-unit-tests-group.sh --index ${{ matrix.test_group_id }} --total ${{ matrix.test_group_total }} | |
| - name: Notify on streamingpromql failures | |
| if: failure() && env.FAILED_PACKAGES != '' && contains(github.event.pull_request.labels.*.name, 'vendored-mimir-prometheus-update') | |
| run: | | |
| if echo "${{ env.FAILED_PACKAGES }}" | grep -q "pkg/streamingpromql"; then | |
| gh pr comment ${{ github.event.pull_request.number }} --body \ | |
| "⚠️ Test failures detected in \`pkg/streamingpromql\` (test group ${{ matrix.test_group_id }}/${{ matrix.test_group_total }}) | |
| Failed packages in this test group: | |
| \`\`\` | |
| ${{ env.FAILED_PACKAGES }} | |
| \`\`\` | |
| cc @charleskorn @56quarters @lamida @zenador @tcp13equals2 | |
| Please review the [test logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) and push fixes to this PR." | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| test-docs: | |
| uses: ./.github/workflows/test-docs.yml | |
| build-metaconvert-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-metaconvert | |
| target: "./cmd/metaconvert/.uptodate" | |
| build-mimir-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-mimir | |
| target: "./cmd/mimir/.uptodate" | |
| build-query-tee-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-query-tee | |
| target: "./cmd/query-tee/.uptodate" | |
| build-mimirtool-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-mimirtool | |
| target: "./cmd/mimirtool/.uptodate" | |
| build-copyblocks-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-copyblocks | |
| target: "./tools/copyblocks/.uptodate" | |
| # This job does not do anything - it exists to simplify the "needs" condition of the "deploy" job, | |
| # and to make it easier to configure the required passing checks in branch protection rules in GitHub, | |
| # as we have to specify each required passing job there. This job won't be considered successful unless | |
| # all the jobs it needs have succeeded. | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-metaconvert-image | |
| - build-mimir-image | |
| - build-query-tee-image | |
| - build-mimirtool-image | |
| - build-copyblocks-image | |
| steps: | |
| - run: echo "All dependencies succeeded!" | |
| build-race-enabled-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Install Docker Client | |
| run: ./.github/workflows/scripts/install-docker.sh | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Build Mimir with race-detector | |
| run: | | |
| make BUILD_IN_CONTAINER=false cmd/mimir/.uptodate_race | |
| export IMAGE_TAG_RACE=$(make image-tag-race) | |
| export MIMIR_DISTROLESS_IMAGE="grafana/mimir:$IMAGE_TAG_RACE" | |
| docker save $MIMIR_DISTROLESS_IMAGE -o ./mimir_race_image_distroless | |
| - name: Upload archive with race-enabled Mimir | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 | |
| with: | |
| # We deliberately don't use the "docker-image" prefix here, as that is used to find all images published as part of a release, and we don't want this image included in the release. | |
| name: test-docker-image-race-enabled-mimir | |
| path: | | |
| ./mimir_race_image_distroless | |
| integration: | |
| needs: [goversion, build-mimirtool-image, build-race-enabled-image, prepare] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| # Do not abort other groups when one fails. | |
| fail-fast: false | |
| # Split tests into 6 groups. | |
| matrix: | |
| test_group_id: [0, 1, 2, 3, 4, 5] | |
| test_group_total: [6] | |
| steps: | |
| - name: Upgrade golang | |
| uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 | |
| with: | |
| go-version: ${{ needs.goversion.outputs.version }} | |
| cache: false # We manage caching ourselves below to maintain consistency with the other jobs that don't use setup-go. | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| sudo mkdir -p /go/src/github.com/grafana/mimir | |
| sudo ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Download mimirtool Docker Image | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | |
| with: | |
| name: docker-image-mimirtool | |
| - name: Extract Docker Image from Archive | |
| run: mkdir /tmp/images && tar xvf images.tar -C /tmp/images | |
| - name: Load Mimirtool Image into Docker | |
| run: | | |
| export IMAGE_TAG=$(make image-tag) | |
| # skopeo will by default load system-specific version of the image (linux/amd64). | |
| # note that this doesn't use skopeo version from our build-image, because we don't use build-image when running integration tests. | |
| # that's why we use docker run to run latest version. | |
| docker run -v /tmp/images:/tmp/images -v /var/run/docker.sock:/var/run/docker.sock quay.io/skopeo/stable:v1.15.1 copy oci-archive:/tmp/images/mimirtool.oci "docker-daemon:grafana/mimirtool:$IMAGE_TAG" | |
| - name: Download Archive with Docker Images | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | |
| with: | |
| name: test-docker-image-race-enabled-mimir | |
| - name: Load race-enabled mimir into Docker | |
| run: | | |
| export IMAGE_TAG_RACE=$(make image-tag-race) | |
| docker load -i ./mimir_race_image_distroless | |
| docker run "grafana/mimir:$IMAGE_TAG_RACE" --version | |
| - name: Preload Images | |
| # We download docker images used by integration tests so that all images are available | |
| # locally and the download time doesn't account in the test execution time, which is subject | |
| # to a timeout | |
| run: go run ./tools/pre-pull-images | xargs -n1 -P4 docker pull | |
| # We use retry logic for integration tests to handle flaky tests that might fail intermittently. | |
| # The retry action will run the test command up to max_attempts times if it fails. | |
| # This helps reduce CI failures caused by temporary issues, network problems, or timing conditions | |
| # that are common in integration tests with multiple services interacting. | |
| - name: Integration Tests with retry | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 | |
| with: | |
| timeout_minutes: 180 # 3 hours so that we rely on the timeout in the makefile | |
| max_attempts: 2 | |
| retry_wait_seconds: 0 | |
| command: | | |
| export IMAGE_TAG_RACE=$(make image-tag-race) | |
| export MIMIR_IMAGE="grafana/mimir:$IMAGE_TAG_RACE" | |
| export IMAGE_TAG=$(make image-tag) | |
| export MIMIRTOOL_IMAGE="grafana/mimirtool:$IMAGE_TAG" | |
| export MIMIR_CHECKOUT_DIR="/go/src/github.com/grafana/mimir" | |
| echo "Running integration tests with image: $MIMIR_IMAGE (Mimir), $MIMIRTOOL_IMAGE (Mimirtool)" | |
| echo "Running integration tests (group ${{ matrix.test_group_id }} of ${{ matrix.test_group_total }}) with Go version: $(go version)" | |
| ./.github/workflows/scripts/run-integration-tests-group.sh --index ${{ matrix.test_group_id }} --total ${{ matrix.test_group_total }} | |
| deploy: | |
| needs: | |
| - prepare | |
| - build | |
| - test | |
| - test-docs | |
| - lint | |
| - lint-jsonnet | |
| - lint-helm | |
| - integration | |
| # Only deploy images on pushes to the grafana/mimir repo, which either are tag pushes or weekly release branch pushes. | |
| if: needs.prepare.outputs.is_deploy == 'true' | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Install Docker Client | |
| run: ./.github/workflows/scripts/install-docker.sh | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Download Archive with Docker Images | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 | |
| with: | |
| pattern: docker-image-* | |
| path: built-images | |
| merge-multiple: false | |
| - name: Extract Docker Images from Archive | |
| run: | | |
| mkdir /tmp/images | |
| for f in built-images/**/images.tar; do | |
| tar xvf $f -C /tmp/images | |
| done | |
| - name: Login to DockerHub | |
| uses: grafana/shared-workflows/actions/dockerhub-login@13fb504e3bfe323c1188bf244970d94b2d336e86 # v1.0.1 | |
| - name: Push Docker Images | |
| run: | | |
| ./.github/workflows/scripts/push-images.sh /tmp/images grafana/ $(make image-tag) |