From 53304674ecdc6a3091951d27e40a809e6eb5d714 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:38:44 +0100 Subject: [PATCH 01/17] Testing new generate-docs-helm-tests-renovate-pr --- operations/helm/charts/mimir-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/helm/charts/mimir-distributed/README.md b/operations/helm/charts/mimir-distributed/README.md index 79c3c9b7a7..aea62c35cd 100644 --- a/operations/helm/charts/mimir-distributed/README.md +++ b/operations/helm/charts/mimir-distributed/README.md @@ -1,4 +1,4 @@ -# Grafana Mimir Helm chart +# Testing Grafana Mimir Helm chart Helm chart for deploying [Grafana Mimir](https://grafana.com/docs/mimir/latest/) or optionally [Grafana Enterprise Metrics](https://grafana.com/docs/enterprise-metrics/latest/) to Kubernetes. From 8d93ce417944dca8ad9224edd8de5475ee9bec8d Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:42:05 +0100 Subject: [PATCH 02/17] Remove one line to test --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 74f01106b1..447917e05e 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -13,7 +13,6 @@ permissions: id-token: write concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true jobs: From be06aa2cda22646624e93ca90d924647e0b58505 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:48:52 +0100 Subject: [PATCH 03/17] Fix workflow to enable testing --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 447917e05e..2e9e82f547 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -13,11 +13,11 @@ permissions: id-token: write concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true jobs: prepare: - if: github.event.pull_request.user.login == 'renovate[bot]' runs-on: ubuntu-latest steps: - name: Check out repository From 17224f80152d468a5b8c633b4dc7d52b0a521210 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:50:40 +0100 Subject: [PATCH 04/17] Add vault_instance --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 2e9e82f547..d37497119c 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -30,6 +30,7 @@ jobs: id: get-secrets uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.0.1 with: + vault_instance: dev repo_secrets: | APP_ID=mimir-github-bot:app_id PRIVATE_KEY=mimir-github-bot:private_key From bdf85cbbb84d8de822c925f19073ff151d4c4da8 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:52:52 +0100 Subject: [PATCH 05/17] Check if secrets are here --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index d37497119c..680a97ad02 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -34,6 +34,11 @@ jobs: repo_secrets: | APP_ID=mimir-github-bot:app_id PRIVATE_KEY=mimir-github-bot:private_key + # Use the secrets, they will be obfuscated but that way we'll know they're accessible + - name: Echo secrets + run: | + echo "${{ env.APP_ID }}" + echo "${{ env.PRIVATE_KEY }}" # Generate GitHub App Token - name: Generate GitHub App Token id: app-token From 9fa69225e7ad4362e0e51c3504ece068be0e56c6 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 14:55:02 +0100 Subject: [PATCH 06/17] Keep testing --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 680a97ad02..98a0f70844 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -30,7 +30,6 @@ jobs: id: get-secrets uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.0.1 with: - vault_instance: dev repo_secrets: | APP_ID=mimir-github-bot:app_id PRIVATE_KEY=mimir-github-bot:private_key @@ -44,8 +43,8 @@ jobs: id: app-token uses: actions/create-github-app-token@v1 with: - app-id: ${{ steps.get-secrets.outputs.APP_ID }} - private-key: ${{ steps.get-secrets.outputs.PRIVATE_KEY }} + app-id: ${{ env.APP_ID }} + private-key: ${{ env.PRIVATE_KEY }} owner: ${{ github.repository_owner }} outputs: build_image: ${{ steps.build_image_step.outputs.build_image }} From aa765ab0698d282840bdd8524b4199a3117d6bb0 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 15:00:04 +0100 Subject: [PATCH 07/17] Keep testing --- .../workflows/generate-docs-helm-tests-renovate-pr.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 98a0f70844..94a235fcd1 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -33,14 +33,9 @@ jobs: repo_secrets: | APP_ID=mimir-github-bot:app_id PRIVATE_KEY=mimir-github-bot:private_key - # Use the secrets, they will be obfuscated but that way we'll know they're accessible - - name: Echo secrets - run: | - echo "${{ env.APP_ID }}" - echo "${{ env.PRIVATE_KEY }}" # Generate GitHub App Token - name: Generate GitHub App Token - id: app-token + id: token uses: actions/create-github-app-token@v1 with: app-id: ${{ env.APP_ID }} @@ -48,6 +43,7 @@ jobs: owner: ${{ github.repository_owner }} outputs: build_image: ${{ steps.build_image_step.outputs.build_image }} + app_token: ${{ steps.token.outputs.token }} lint_and_update: runs-on: ubuntu-latest @@ -59,7 +55,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@v4 with: - token: ${{ steps.app-token.outputs.token }} + token: ${{ needs.prepare.outputs.app_token }} - name: Run Git Config run: | From 90b8d33712a629b15f9874cf18bb333ace5d2416 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 15:02:31 +0100 Subject: [PATCH 08/17] Keep testing --- .../workflows/generate-docs-helm-tests-renovate-pr.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 94a235fcd1..e7899d9b69 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -38,12 +38,14 @@ jobs: id: token uses: actions/create-github-app-token@v1 with: - app-id: ${{ env.APP_ID }} - private-key: ${{ env.PRIVATE_KEY }} + app-id: ${{ steps.get-secrets.outputs.APP_ID }} + private-key: ${{ steps.get-secrets.outputs.PRIVATE_KEY }} owner: ${{ github.repository_owner }} + # Store the token as an environment variable for later use + - name: Save token for next job + run: echo "APP_TOKEN=${{ steps.token.outputs.token }}" >> $GITHUB_ENV outputs: build_image: ${{ steps.build_image_step.outputs.build_image }} - app_token: ${{ steps.token.outputs.token }} lint_and_update: runs-on: ubuntu-latest From 05906774723404b55f73df036503ebee5666ce51 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 15:03:41 +0100 Subject: [PATCH 09/17] Keep testing --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index e7899d9b69..25d72e7474 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -38,8 +38,8 @@ jobs: id: token uses: actions/create-github-app-token@v1 with: - app-id: ${{ steps.get-secrets.outputs.APP_ID }} - private-key: ${{ steps.get-secrets.outputs.PRIVATE_KEY }} + app-id: ${{ env.APP_ID }} + private-key: ${{ env.PRIVATE_KEY }} owner: ${{ github.repository_owner }} # Store the token as an environment variable for later use - name: Save token for next job From 59c3467e16a57f8020cafecc698e00ad5e1db4f6 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 15:09:02 +0100 Subject: [PATCH 10/17] Keep testing --- .../generate-docs-helm-tests-renovate-pr.yml | 52 ++++++++++--------- 1 file changed, 28 insertions(+), 24 deletions(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 25d72e7474..93fef0a419 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -1,13 +1,13 @@ name: Regenerate docs and helm tests -# configure trigger by pull request +# Configure trigger by pull request on: pull_request: types: [opened, synchronize] paths: - 'operations/helm/**' -# These permissions are needed to assume roles from Github's OIDC. +# These permissions are needed to assume roles from GitHub's OIDC. permissions: contents: read id-token: write @@ -22,9 +22,24 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v4 + - name: Get build image from Makefile id: build_image_step run: echo "build_image=$(make print-build-image)" >> "$GITHUB_OUTPUT" + + outputs: + build_image: ${{ steps.build_image_step.outputs.build_image }} + + lint_and_update: + runs-on: ubuntu-latest + needs: + - prepare + container: + image: ${{ needs.prepare.outputs.build_image }} + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + # Retrieve GitHub App Credentials from Vault - name: Retrieve GitHub App Credentials from Vault id: get-secrets @@ -33,31 +48,20 @@ jobs: repo_secrets: | APP_ID=mimir-github-bot:app_id PRIVATE_KEY=mimir-github-bot:private_key - # Generate GitHub App Token + + # Generate GitHub App Token (Directly in the Job That Needs It) - name: Generate GitHub App Token id: token uses: actions/create-github-app-token@v1 with: - app-id: ${{ env.APP_ID }} - private-key: ${{ env.PRIVATE_KEY }} + app-id: ${{ steps.get-secrets.outputs.APP_ID }} + private-key: ${{ steps.get-secrets.outputs.PRIVATE_KEY }} owner: ${{ github.repository_owner }} - # Store the token as an environment variable for later use - - name: Save token for next job - run: echo "APP_TOKEN=${{ steps.token.outputs.token }}" >> $GITHUB_ENV - outputs: - build_image: ${{ steps.build_image_step.outputs.build_image }} - lint_and_update: - runs-on: ubuntu-latest - needs: - - prepare - container: - image: ${{ needs.prepare.outputs.build_image }} - steps: - - name: Checkout Repository + - name: Checkout Repository with App Token uses: actions/checkout@v4 with: - token: ${{ needs.prepare.outputs.app_token }} + token: ${{ steps.token.outputs.token }} - name: Run Git Config run: | @@ -71,7 +75,7 @@ jobs: - name: Checkout Pull Request Branch run: gh pr checkout ${{ github.event.pull_request.number }} env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} + GITHUB_TOKEN: ${{ steps.token.outputs.token }} - name: Run make targets id: update @@ -91,7 +95,7 @@ jobs: id: update_pr if: steps.check_updates.outputs.diff != '0' run: | - echo "Add commit for regenerating helm tests and docs" - git add operations/helm/ - git commit -m "Update build with regenerated helm tests and docs" - git push + echo "Add commit for regenerating helm tests and docs" + git add operations/helm/ + git commit -m "Update build with regenerated helm tests and docs" + git push From ef18f1545c54ea0c973989c41ad0bdcacc4959cc Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 17:05:22 +0100 Subject: [PATCH 11/17] Keep testing --- .../workflows/generate-docs-helm-tests-renovate-pr.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 93fef0a419..5c0a554759 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -49,13 +49,19 @@ jobs: APP_ID=mimir-github-bot:app_id PRIVATE_KEY=mimir-github-bot:private_key + # Use the secrets, they will be obfuscated but that way we'll know they're accessible + - name: Echo secrets + run: | + echo "${{ env.APP_ID }}" + echo "${{ env.PRIVATE_KEY }}" + # Generate GitHub App Token (Directly in the Job That Needs It) - name: Generate GitHub App Token id: token uses: actions/create-github-app-token@v1 with: - app-id: ${{ steps.get-secrets.outputs.APP_ID }} - private-key: ${{ steps.get-secrets.outputs.PRIVATE_KEY }} + app-id: ${{ env.APP_ID }} + private-key: ${{ env.PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Checkout Repository with App Token From 8b94ff6cca9096a9c85ad3426deeb3f723401e7d Mon Sep 17 00:00:00 2001 From: armandgrillet Date: Tue, 4 Mar 2025 16:09:59 +0000 Subject: [PATCH 12/17] Update build with regenerated helm tests and docs --- operations/helm/charts/mimir-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/helm/charts/mimir-distributed/README.md b/operations/helm/charts/mimir-distributed/README.md index aea62c35cd..79c3c9b7a7 100644 --- a/operations/helm/charts/mimir-distributed/README.md +++ b/operations/helm/charts/mimir-distributed/README.md @@ -1,4 +1,4 @@ -# Testing Grafana Mimir Helm chart +# Grafana Mimir Helm chart Helm chart for deploying [Grafana Mimir](https://grafana.com/docs/mimir/latest/) or optionally [Grafana Enterprise Metrics](https://grafana.com/docs/enterprise-metrics/latest/) to Kubernetes. From 7fe249973c6485a32f5bed5c98b3babd3eb2014c Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 18:12:44 +0100 Subject: [PATCH 13/17] Simplify changes --- .../generate-docs-helm-tests-renovate-pr.yml | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 5c0a554759..627f9b638a 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -1,13 +1,13 @@ name: Regenerate docs and helm tests -# Configure trigger by pull request +# configure trigger by pull request on: pull_request: types: [opened, synchronize] paths: - 'operations/helm/**' -# These permissions are needed to assume roles from GitHub's OIDC. +# These permissions are needed to assume roles from Github's OIDC. permissions: contents: read id-token: write @@ -22,11 +22,9 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v4 - - name: Get build image from Makefile id: build_image_step run: echo "build_image=$(make print-build-image)" >> "$GITHUB_OUTPUT" - outputs: build_image: ${{ steps.build_image_step.outputs.build_image }} @@ -49,12 +47,6 @@ jobs: APP_ID=mimir-github-bot:app_id PRIVATE_KEY=mimir-github-bot:private_key - # Use the secrets, they will be obfuscated but that way we'll know they're accessible - - name: Echo secrets - run: | - echo "${{ env.APP_ID }}" - echo "${{ env.PRIVATE_KEY }}" - # Generate GitHub App Token (Directly in the Job That Needs It) - name: Generate GitHub App Token id: token @@ -101,7 +93,7 @@ jobs: id: update_pr if: steps.check_updates.outputs.diff != '0' run: | - echo "Add commit for regenerating helm tests and docs" - git add operations/helm/ - git commit -m "Update build with regenerated helm tests and docs" - git push + echo "Add commit for regenerating helm tests and docs" + git add operations/helm/ + git commit -m "Update build with regenerated helm tests and docs" + git push From 9f102582add9ee8c9a7c4de4df2c2a2c5bb8e61c Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 18:17:11 +0100 Subject: [PATCH 14/17] Still testing --- operations/helm/charts/mimir-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/helm/charts/mimir-distributed/README.md b/operations/helm/charts/mimir-distributed/README.md index 79c3c9b7a7..aea62c35cd 100644 --- a/operations/helm/charts/mimir-distributed/README.md +++ b/operations/helm/charts/mimir-distributed/README.md @@ -1,4 +1,4 @@ -# Grafana Mimir Helm chart +# Testing Grafana Mimir Helm chart Helm chart for deploying [Grafana Mimir](https://grafana.com/docs/mimir/latest/) or optionally [Grafana Enterprise Metrics](https://grafana.com/docs/enterprise-metrics/latest/) to Kubernetes. From b1fa81c251248c5bef71a6a26f6534672e8d8cf8 Mon Sep 17 00:00:00 2001 From: armandgrillet Date: Tue, 4 Mar 2025 17:20:13 +0000 Subject: [PATCH 15/17] Update build with regenerated helm tests and docs --- operations/helm/charts/mimir-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/helm/charts/mimir-distributed/README.md b/operations/helm/charts/mimir-distributed/README.md index aea62c35cd..79c3c9b7a7 100644 --- a/operations/helm/charts/mimir-distributed/README.md +++ b/operations/helm/charts/mimir-distributed/README.md @@ -1,4 +1,4 @@ -# Testing Grafana Mimir Helm chart +# Grafana Mimir Helm chart Helm chart for deploying [Grafana Mimir](https://grafana.com/docs/mimir/latest/) or optionally [Grafana Enterprise Metrics](https://grafana.com/docs/enterprise-metrics/latest/) to Kubernetes. From 5491f29ca59b4ed683eb2dc4118ad26c4605ce1c Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 18:25:22 +0100 Subject: [PATCH 16/17] Re-add renovabot limitation --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 627f9b638a..9612943200 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -18,6 +18,7 @@ concurrency: jobs: prepare: + if: github.event.pull_request.user.login == 'renovate[bot]' runs-on: ubuntu-latest steps: - name: Check out repository From 5624cbcbad1f16ac939ece98370e0446673c7ac2 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Tue, 4 Mar 2025 18:33:55 +0100 Subject: [PATCH 17/17] Add comment --- .github/workflows/generate-docs-helm-tests-renovate-pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml index 9612943200..5a80718267 100644 --- a/.github/workflows/generate-docs-helm-tests-renovate-pr.yml +++ b/.github/workflows/generate-docs-helm-tests-renovate-pr.yml @@ -53,6 +53,7 @@ jobs: id: token uses: actions/create-github-app-token@v1 with: + # Variables generated by the previous step get-secrets app-id: ${{ env.APP_ID }} private-key: ${{ env.PRIVATE_KEY }} owner: ${{ github.repository_owner }}