name: On release published on: release: types: - published jobs: linting-and-tests: name: Linting and tests uses: ./.github/workflows/linting-and-tests.yml build-sign-and-publish-plugin-to-gcom: name: Build, sign, and publish frontend plugin to grafana.com needs: - linting-and-tests runs-on: ubuntu-latest # These permissions are needed to assume roles from Github's OIDC. # https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets permissions: contents: read id-token: write steps: - name: Checkout project uses: actions/checkout@v4 - name: Install frontend dependencies uses: ./.github/actions/install-frontend-dependencies # This will fetch the secret keys from vault and set them as environment variables for subsequent steps - name: Get Vault secrets uses: grafana/shared-workflows/actions/get-vault-secrets@b7d33d6a98dc9cf332674c6cdebe92b8bcb05670 #v0.3.0 with: repo_secrets: | GRAFANA_ACCESS_POLICY_TOKEN=grafana_cloud_access_policy_token:value GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher - name: Build, sign, and package plugin id: build-sign-and-package-plugin uses: ./.github/actions/build-sign-and-package-plugin with: plugin_version_number: ${{ github.ref_name }} - name: Authenticate with GCS uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f #v2.1.7 with: credentials_json: ${{ env.GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON }} - name: Publish plugin artifact to GCS uses: google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0 #v2.2.1 with: path: grafana-plugin/${{ steps.build-sign-and-package-plugin.outputs.artifact_filename }} destination: grafana-oncall-app/releases predefinedAcl: publicRead - name: Determine GCS artifact URL shell: bash id: gcs-artifact-url # yamllint disable rule:line-length run: | echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ steps.build-sign-and-package-plugin.outputs.authoritative_version_number }}.zip" >> $GITHUB_OUTPUT - name: Publish plugin to grafana.com run: | curl -f -w "status=%{http_code}" -s -H "Authorization: Bearer ${{ env.GRAFANA_ACCESS_POLICY_TOKEN }}" -d "download[any][url]=${{ steps.gcs-artifact-url.outputs.url }}" -d "download[any][md5]=$(curl -sL ${{ steps.gcs-artifact-url.outputs.url }} | md5sum | cut -d'' '' -f1)" -d url=https://github.com/grafana/oncall/grafana-plugin https://grafana.com/api/plugins # yamllint enable rule:line-length build-engine-docker-image-and-publish-to-dockerhub: name: Build engine Docker image and publish to Dockerhub needs: - linting-and-tests uses: ./.github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml with: engine_version: ${{ github.ref_name }} # https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input docker_image_tags: | type=raw,value=${{ github.ref_name }} type=raw,value=latest create-helm-release-pr: name: Create Helm release PR needs: - build-sign-and-publish-plugin-to-gcom - build-engine-docker-image-and-publish-to-dockerhub runs-on: ubuntu-latest outputs: helm_release_pr_number: ${{ fromJSON(steps.update-helm-chart-pr.outputs.pull_request).number }} steps: - name: Checkout project uses: actions/checkout@v4 - name: Prepare version tags id: prepare-version-tags run: | echo app-version="${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT echo version="${GITHUB_REF_NAME:1}" >> $GITHUB_OUTPUT - name: Update oncall Helm chart Chart.yaml id: update-helm-chart-pr uses: fjogeleit/yaml-update-action@d98ee6a10a971effea75480e3f315e4dacc89a23 #v0.12.3 with: valueFile: helm/oncall/Chart.yaml branch: helm-release/${{ steps.prepare-version-tags.outputs.version }} targetBranch: main masterBranchName: main createPR: true # yamllint disable rule:line-length description: | This PR was created automatically by [this github action](https://github.com/grafana/oncall/blob/dev/.github/workflows/on-release-published.yml). It will be auto-merged very soon, which will then release the updated version of the chart into the `grafana/helm-charts` helm repository. # yamllint enable rule:line-length message: "Release oncall Helm chart ${{ steps.prepare-version-tags.outputs.version }}" changes: | { "version": "${{ steps.prepare-version-tags.outputs.version }}", "appVersion": "${{ steps.prepare-version-tags.outputs.app-version }}" } merge-helm-release-pr: name: Merge Helm release PR needs: - create-helm-release-pr runs-on: ubuntu-latest # These permissions are needed to assume roles from Github's OIDC. # https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets permissions: id-token: write contents: read steps: - name: Get Vault secrets uses: grafana/shared-workflows/actions/get-vault-secrets@b7d33d6a98dc9cf332674c6cdebe92b8bcb05670 #v0.3.0 with: repo_secrets: | GH_APP_ID=github-app:app-id GH_APP_PRIVATE_KEY=github-app:private-key - name: Generate Github App token id: generate-token uses: actions/create-github-app-token@v1 with: app-id: ${{ env.GH_APP_ID }} private-key: ${{ env.GH_APP_PRIVATE_KEY }} - name: Merge pull Request uses: juliangruber/merge-pull-request-action@d4773803fdc1d1fd46801ab0c56c135df9075de8 #v1.1.1 with: github-token: ${{ steps.generate-token.outputs.token }} number: ${{ needs.create-helm-release-pr.outputs.helm_release_pr_number }}