chore(deps): update actions/download-artifact digest to 3e5f45b (main… #55783
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - r[0-9]+ # Trigger builds after a push to weekly branches | |
| tags: | |
| # The following regex matches the Mimir release tag. Tag filters not as strict due to different regex system on Github Actions. | |
| - mimir-[0-9]+.[0-9]+.[0-9]+** | |
| pull_request: | |
| env: | |
| # Set to 'true' to force Go build cache warmup on all branches (useful when iterating on cache changes). | |
| # When 'false', the cache is only built on main (see warmup-go-build-cache-integration-tests job for details). | |
| FORCE_BUILD_CACHE_WARMUP: 'false' | |
| permissions: | |
| contents: read | |
| concurrency: | |
| # Cancel any running workflow for the same branch when new commits are pushed. | |
| # We group both by ref_name (available when CI is triggered by a push to a branch/tag) | |
| # and head_ref (available when CI is triggered by a PR). | |
| group: "${{ github.ref_name }}-${{ github.head_ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Only the Makefile is needed to run `make print-build-image`, so we use | |
| # sparse checkout to avoid fetching the entire repository. | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| sparse-checkout: | | |
| Makefile | |
| sparse-checkout-cone-mode: false | |
| - name: Get build image from Makefile | |
| id: build_image_step | |
| run: echo "build_image=$(make print-build-image)" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| build_image: ${{ steps.build_image_step.outputs.build_image }} | |
| # Determine if we will deploy (aka push) the image to the registry. | |
| is_deploy: ${{ (startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/r')) && github.event_name == 'push' && github.repository == 'grafana/mimir' }} | |
| goversion: | |
| runs-on: ubuntu-latest | |
| needs: prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Get Go Version | |
| id: go-version | |
| run: | | |
| echo "version=$(make BUILD_IN_CONTAINER=false print-go-version)" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| version: ${{ steps.go-version.outputs.version }} | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-image-and-lint | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-image-and-lint- | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| # Commands in the Makefile are hardcoded with an assumed file structure of the CI container | |
| # Symlink ensures paths specified in previous commands don’t break | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Lint | |
| run: make BUILD_IN_CONTAINER=false lint | |
| - name: Check Vendor Directory | |
| run: make BUILD_IN_CONTAINER=false mod-check | |
| - name: Check Protos | |
| run: make BUILD_IN_CONTAINER=false check-protos | |
| - name: Check Generated Documentation | |
| run: make BUILD_IN_CONTAINER=false check-doc | |
| - name: Check Reference Help Documentation | |
| run: make BUILD_IN_CONTAINER=false check-reference-help | |
| - name: Check White Noise | |
| run: make BUILD_IN_CONTAINER=false check-white-noise | |
| - name: Check License Header | |
| run: make BUILD_IN_CONTAINER=false check-license | |
| - name: Check Docker-Compose YAML | |
| run: make BUILD_IN_CONTAINER=false check-mimir-microservices-mode-docker-compose-yaml | |
| lint-jsonnet: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| # Commands in the Makefile are hardcoded with an assumed file structure of the CI container | |
| # Symlink ensures paths specified in previous commands don’t break | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Check Mixin | |
| run: make BUILD_IN_CONTAINER=false check-mixin | |
| - name: Check Mixin Tests | |
| run: make BUILD_IN_CONTAINER=false check-mixin-tests | |
| - name: Check Mixin with Mimirtool rules check | |
| run: make BUILD_IN_CONTAINER=false check-mixin-mimirtool-rules | |
| - name: Check Jsonnet Manifests | |
| run: make BUILD_IN_CONTAINER=false check-jsonnet-manifests | |
| - name: Check Jsonnet Getting Started | |
| run: make BUILD_IN_CONTAINER=false check-jsonnet-getting-started | |
| - name: Check Jsonnet Tests | |
| run: make BUILD_IN_CONTAINER=false check-jsonnet-tests | |
| lint-helm: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| # Commands in the Makefile are hardcoded with an assumed file structure of the CI container | |
| # Symlink ensures paths specified in previous commands don’t break | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Set up Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: v4.0.1 | |
| - name: Check Helm Tests | |
| run: make BUILD_IN_CONTAINER=false check-helm-tests | |
| # Compile integration test binaries once and save the Go build cache, so that the | |
| # integration test jobs can reuse it. The cache is keyed by go.sum hash: it's rebuilt only | |
| # when dependencies change. This means test jobs will still need to compile source files | |
| # changed since the cache was created, but dependencies (the bulk of compilation time) and | |
| # unchanged Mimir source files are cached. | |
| # | |
| # The cache is compiled and saved only on main by default. GitHub Actions caches created on | |
| # main are accessible from all branches, while caches created on PR branches are scoped to | |
| # that branch only. Building only on main keeps cache storage small and ensures all branches | |
| # benefit from the shared cache. Set the FORCE_BUILD_CACHE_WARMUP env var at the top of | |
| # this file to 'true' to enable cache warmup on all branches. | |
| # | |
| # There are three separate warmup jobs because different compilation flags produce different | |
| # cache entries: integration tests (no -race), unit tests (-race), and image builds + linting | |
| # (CGO_ENABLED=0, multi-arch for images, single-arch for lint). | |
| warmup-go-build-cache-integration-tests: | |
| needs: [goversion, prepare] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Sparse checkout of go.sum only, to compute the cache key without fetching the full repo. | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| if: github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true' | |
| with: | |
| persist-credentials: false | |
| sparse-checkout: go.sum | |
| - name: Check if Go build cache exists | |
| id: check-cache | |
| if: github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true' | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /home/runner/.cache/go-build | |
| key: go-build-cache-integration-${{ hashFiles('go.sum') }} | |
| lookup-only: true | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| with: | |
| go-version: ${{ needs.goversion.outputs.version }} | |
| cache: false | |
| - name: Warm Go build cache | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: make BUILD_IN_CONTAINER=false warmup-build-cache-integration-tests | |
| - name: Print Go build cache size | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: du -sh /home/runner/.cache/go-build | |
| - uses: actions/cache/save@v4 | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| with: | |
| path: /home/runner/.cache/go-build | |
| key: go-build-cache-integration-${{ hashFiles('go.sum') }} | |
| # Same as above but for unit tests, which compile with -race (producing different cache | |
| # entries) and run inside a container. | |
| warmup-go-build-cache-unit-tests: | |
| needs: [prepare] | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| if: github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true' | |
| with: | |
| persist-credentials: false | |
| sparse-checkout: go.sum | |
| - name: Check if Go build cache exists | |
| id: check-cache | |
| if: github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true' | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-unit-${{ hashFiles('go.sum') }} | |
| lookup-only: true | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: git config --global --add safe.directory '*' | |
| - name: Warm Go build cache | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: make BUILD_IN_CONTAINER=false warmup-build-cache-unit-tests | |
| - name: Print Go build cache size | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: du -sh /go/cache | |
| - uses: actions/cache/save@v4 | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-unit-${{ hashFiles('go.sum') }} | |
| # Same as the other warmup jobs but for image builds and linting, which use | |
| # CGO_ENABLED=0 (no race) with -tags netgo,stringlabels. | |
| warmup-go-build-cache-image-and-lint: | |
| needs: [prepare] | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| if: github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true' | |
| with: | |
| persist-credentials: false | |
| sparse-checkout: go.sum | |
| - name: Check if Go build cache exists | |
| id: check-cache | |
| if: github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true' | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| lookup-only: true | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: git config --global --add safe.directory '*' | |
| - name: Warm Go build cache | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: make BUILD_IN_CONTAINER=false warmup-build-cache-image-and-lint | |
| - name: Print Go build cache size | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| run: du -sh /go/cache | |
| - uses: actions/cache/save@v4 | |
| if: steps.check-cache.outputs.cache-hit != 'true' && (github.ref == 'refs/heads/main' || env.FORCE_BUILD_CACHE_WARMUP == 'true') | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| test: | |
| runs-on: ubuntu-latest | |
| name: test (${{ matrix.extra_build_tags != '' && format('{0}, ', matrix.extra_build_tags) || '' }}${{ matrix.test_group_id }}, ${{ matrix.test_group_total }}) | |
| strategy: | |
| # Do not abort other groups when one fails. | |
| fail-fast: false | |
| # Split tests into 10 groups. | |
| matrix: | |
| test_group_id: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9] | |
| test_group_total: [10] | |
| extra_build_tags: ["", "nopools"] | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-unit-tests | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-unit-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-unit- | |
| - name: Install GitHub CLI | |
| run: ./.github/workflows/scripts/install-gh.sh | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Run Tests | |
| run: | | |
| echo "Running unit tests (group ${{ matrix.test_group_id }} of ${{ matrix.test_group_total }})${{ matrix.extra_build_tags != '' && format(' with build tags: {0}', matrix.extra_build_tags) || '' }} with Go version: $(go version)" | |
| EXTRA_BUILD_TAGS="${{ matrix.extra_build_tags }}" ./.github/workflows/scripts/run-unit-tests-group.sh --index ${{ matrix.test_group_id }} --total ${{ matrix.test_group_total }} | |
| - name: Notify on streamingpromql failures | |
| if: failure() && env.FAILED_PACKAGES != '' && contains(github.event.pull_request.labels.*.name, 'vendored-mimir-prometheus-update') | |
| run: | | |
| if echo "${{ env.FAILED_PACKAGES }}" | grep -q "pkg/streamingpromql"; then | |
| gh pr comment ${{ github.event.pull_request.number }} --body \ | |
| "⚠️ Test failures detected in \`pkg/streamingpromql\` (test group ${{ matrix.test_group_id }}/${{ matrix.test_group_total }}) | |
| Failed packages in this test group: | |
| \`\`\` | |
| ${{ env.FAILED_PACKAGES }} | |
| \`\`\` | |
| cc @charleskorn @56quarters @lamida @zenador @tcp13equals2 | |
| Please review the [test logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) and push fixes to this PR." | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| test-docs: | |
| uses: ./.github/workflows/test-docs.yml | |
| build-metaconvert-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-image-and-lint | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-image-and-lint- | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-metaconvert | |
| target: "./cmd/metaconvert/.uptodate" | |
| build-mimir-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-image-and-lint | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-image-and-lint- | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-mimir | |
| target: "./cmd/mimir/.uptodate" | |
| build-query-tee-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-image-and-lint | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-image-and-lint- | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-query-tee | |
| target: "./cmd/query-tee/.uptodate" | |
| build-mimirtool-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-image-and-lint | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-image-and-lint- | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-mimirtool | |
| target: "./cmd/mimirtool/.uptodate" | |
| build-copyblocks-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-image-and-lint | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-image-and-lint-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-image-and-lint- | |
| - name: Build | |
| uses: ./.github/actions/build-image | |
| with: | |
| artifact_name: docker-image-copyblocks | |
| target: "./tools/copyblocks/.uptodate" | |
| # This job does not do anything - it exists to simplify the "needs" condition of the "deploy" job, | |
| # and to make it easier to configure the required passing checks in branch protection rules in GitHub, | |
| # as we have to specify each required passing job there. This job won't be considered successful unless | |
| # all the jobs it needs have succeeded. | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-metaconvert-image | |
| - build-mimir-image | |
| - build-query-tee-image | |
| - build-mimirtool-image | |
| - build-copyblocks-image | |
| steps: | |
| - run: echo "All dependencies succeeded!" | |
| build-race-enabled-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - warmup-go-build-cache-unit-tests | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| # Race-enabled image uses CGO_ENABLED=1 -race -tags=netgo,stringlabels, same as unit tests. | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /go/cache | |
| key: go-build-cache-unit-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-unit- | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Install Docker Client | |
| run: ./.github/workflows/scripts/install-docker.sh | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Build Mimir with race-detector | |
| run: | | |
| make BUILD_IN_CONTAINER=false cmd/mimir/.uptodate_race | |
| export IMAGE_TAG_RACE=$(make image-tag-race) | |
| export MIMIR_DISTROLESS_IMAGE="grafana/mimir:$IMAGE_TAG_RACE" | |
| docker save $MIMIR_DISTROLESS_IMAGE -o ./mimir_race_image_distroless | |
| - name: Upload archive with race-enabled Mimir | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| # We deliberately don't use the "docker-image" prefix here, as that is used to find all images published as part of a release, and we don't want this image included in the release. | |
| name: test-docker-image-race-enabled-mimir | |
| path: | | |
| ./mimir_race_image_distroless | |
| integration: | |
| needs: [goversion, build-mimirtool-image, build-race-enabled-image, prepare, warmup-go-build-cache-integration-tests] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| # Do not abort other groups when one fails. | |
| fail-fast: false | |
| # Split tests into 20 groups. | |
| matrix: | |
| test_group_id: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19] | |
| test_group_total: [20] | |
| steps: | |
| - name: Upgrade golang | |
| uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| with: | |
| go-version: ${{ needs.goversion.outputs.version }} | |
| cache: false # We manage caching ourselves below to maintain consistency with the other jobs that don't use setup-go. | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Restore Go build cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /home/runner/.cache/go-build | |
| key: go-build-cache-integration-${{ hashFiles('go.sum') }} | |
| restore-keys: go-build-cache-integration- | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| sudo mkdir -p /go/src/github.com/grafana/mimir | |
| sudo ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Download mimirtool Docker Image | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| name: docker-image-mimirtool | |
| - name: Extract Docker Image from Archive | |
| run: mkdir /tmp/images && tar xvf images.tar -C /tmp/images | |
| - name: Load Mimirtool Image into Docker | |
| run: | | |
| export IMAGE_TAG=$(make image-tag) | |
| # skopeo will by default load system-specific version of the image (linux/amd64). | |
| # note that this doesn't use skopeo version from our build-image, because we don't use build-image when running integration tests. | |
| # that's why we use docker run to run latest version. | |
| docker run -v /tmp/images:/tmp/images -v /var/run/docker.sock:/var/run/docker.sock quay.io/skopeo/stable:v1.15.1 copy oci-archive:/tmp/images/mimirtool.oci "docker-daemon:grafana/mimirtool:$IMAGE_TAG" | |
| - name: Download Archive with Docker Images | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| name: test-docker-image-race-enabled-mimir | |
| - name: Load race-enabled mimir into Docker | |
| run: | | |
| export IMAGE_TAG_RACE=$(make image-tag-race) | |
| docker load -i ./mimir_race_image_distroless | |
| docker run "grafana/mimir:$IMAGE_TAG_RACE" --version | |
| - name: Preload Images | |
| # We download docker images used by integration tests so that all images are available | |
| # locally and the download time doesn't account in the test execution time, which is subject | |
| # to a timeout | |
| run: go run ./tools/pre-pull-images | xargs -n1 -P4 docker pull | |
| - name: Integration Tests | |
| run: | | |
| export IMAGE_TAG_RACE=$(make image-tag-race) | |
| export MIMIR_IMAGE="grafana/mimir:$IMAGE_TAG_RACE" | |
| export IMAGE_TAG=$(make image-tag) | |
| export MIMIRTOOL_IMAGE="grafana/mimirtool:$IMAGE_TAG" | |
| export MIMIR_CHECKOUT_DIR="/go/src/github.com/grafana/mimir" | |
| echo "Running integration tests with image: $MIMIR_IMAGE (Mimir), $MIMIRTOOL_IMAGE (Mimirtool)" | |
| echo "Running integration tests (group ${{ matrix.test_group_id }} of ${{ matrix.test_group_total }}) with Go version: $(go version)" | |
| ./.github/workflows/scripts/run-integration-tests-group.sh --index ${{ matrix.test_group_id }} --total ${{ matrix.test_group_total }} | |
| deploy: | |
| needs: | |
| - prepare | |
| - build | |
| - test | |
| - test-docs | |
| - lint | |
| - lint-jsonnet | |
| - lint-helm | |
| - integration | |
| # Only deploy images on pushes to the grafana/mimir repo, which either are tag pushes or weekly release branch pushes. | |
| if: needs.prepare.outputs.is_deploy == 'true' | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ needs.prepare.outputs.build_image }} # zizmor: ignore[unpinned-images] The image output produced by the prepare step is pinned | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - name: Run Git Config | |
| run: git config --global --add safe.directory '*' | |
| - name: Install Docker Client | |
| run: ./.github/workflows/scripts/install-docker.sh | |
| - name: Symlink Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/grafana/mimir | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/grafana/mimir | |
| - name: Download Archive with Docker Images | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| pattern: docker-image-* | |
| path: built-images | |
| merge-multiple: false | |
| - name: Extract Docker Images from Archive | |
| run: | | |
| mkdir /tmp/images | |
| for f in built-images/**/images.tar; do | |
| tar xvf $f -C /tmp/images | |
| done | |
| - name: Login to DockerHub | |
| uses: grafana/shared-workflows/actions/dockerhub-login@13fb504e3bfe323c1188bf244970d94b2d336e86 # v1.0.1 | |
| - name: Push Docker Images | |
| run: | | |
| ./.github/workflows/scripts/push-images.sh /tmp/images grafana/ $(make image-tag) | |
| send-slack-notification-on-automated-vendoring: | |
| needs: | |
| - prepare | |
| - goversion | |
| - lint | |
| - lint-jsonnet | |
| - lint-helm | |
| - test | |
| - test-docs | |
| - build-metaconvert-image | |
| - build-mimir-image | |
| - build-query-tee-image | |
| - build-mimirtool-image | |
| - build-copyblocks-image | |
| - build | |
| - build-race-enabled-image | |
| - integration | |
| - deploy | |
| runs-on: ubuntu-latest | |
| if: always() && github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'vendored-mimir-prometheus-update') | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Send Slack message for successful PR | |
| if: ${{ !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} | |
| uses: grafana/shared-workflows/actions/send-slack-message@7b628e7352c2dea057c565cc4fcd5564d5f396c0 #v1.0.0 | |
| with: | |
| channel-id: C04AF91LPFX #mimir-ci-notifications | |
| payload: | | |
| { | |
| "text": ":happy-mac: *Automated vendoring of mimir-prometheus into Mimir has succeeded and is awaiting approval.*\n<!subteam^S03C2P8659U> please review <${{ github.event.pull_request.html_url }}|the PR>, then approve and merge it." | |
| } | |
| - name: Send Slack message for failed PR | |
| if: ${{ contains(needs.*.result, 'failure') }} | |
| uses: grafana/shared-workflows/actions/send-slack-message@7b628e7352c2dea057c565cc4fcd5564d5f396c0 #v1.0.0 | |
| with: | |
| channel-id: C04AF91LPFX #mimir-ci-notifications | |
| payload: | | |
| { | |
| "text": ":sadcomputer: *Automated vendoring of mimir-prometheus into Mimir has failed.*\n<!subteam^S03C2P8659U> please check <${{ github.event.pull_request.html_url }}|the PR> and <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|build logs> and coordinate fixes for any issues." | |
| } | |