PMM-12693 run grafana as non root #10846
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Managed | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - v3 | |
| - pmm-* | |
| tags: | |
| - v[0-9]+.[0-9]+.[0-9]+* | |
| pull_request: | |
| paths-ignore: | |
| - 'admin/**' | |
| - 'agent/**' | |
| - 'api-tests/**' | |
| - 'cli-tests/**' | |
| - 'docs/**' | |
| - 'qan-api2/**' | |
| - 'update/**' | |
| - 'vmproxy/**' | |
| jobs: | |
| test: | |
| name: Tests | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| env: | |
| PMM_SERVER_IMAGE: perconalab/pmm-server:3-dev-latest | |
| AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} | |
| AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} | |
| OAUTH_PMM_CLIENT_ID: ${{ secrets.OAUTH_PMM_CLIENT_ID }} | |
| OAUTH_PMM_CLIENT_SECRET: ${{ secrets.OAUTH_PMM_CLIENT_SECRET }} | |
| DEVCONTAINER_CACHE_ENABLED: false | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Enable Go build cache | |
| if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/go-build | |
| key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-build-${{ github.ref }}- | |
| ${{ runner.os }}-go-build- | |
| - name: Enable Go modules cache | |
| if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-go-modules- | |
| - name: Download tools | |
| if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} | |
| run: | | |
| pushd tools && go mod download -x | |
| popd && go mod download -x | |
| - name: Initialize CI environment | |
| run: make env-compose-up # the container workdir is /root/go/src/github.com/percona/pmm | |
| - name: Restore Go build cache | |
| if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} | |
| continue-on-error: true | |
| run: docker cp ~/.cache/go-build pmm-server:/root/.cache/go-build | |
| - name: Restore Go modules cache | |
| if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} | |
| continue-on-error: true | |
| run: docker cp ~/go/pkg/mod pmm-server:/root/go/pkg/mod | |
| - name: Mark the root directory of pmm as safe | |
| run: docker exec -i pmm-server git config --global --add safe.directory /root/go/src/github.com/percona/pmm | |
| - name: Update binaries | |
| run: | | |
| # We need to make this directory owned by pmm, since it's currently owned by the grafana user in the devcontainer. | |
| # TODO: remove the line below after this PR is merged to v3. | |
| docker exec -t pmm-server chown -R pmm:pmm /etc/grafana /srv/grafana | |
| docker exec -i pmm-server make run-managed-ci run-agent run-vmproxy | |
| - name: Check the status of components | |
| run: | | |
| docker exec -t pmm-server supervisorctl status || : | |
| - name: Run tests | |
| run: docker exec -i pmm-server make -C managed test-cover | |
| - name: Run PMM server update test | |
| run: docker exec -i pmm-server make -C managed test-update | |
| - name: Upload coverage results | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: managed/cover.out | |
| flags: managed | |
| env_vars: PMM_SERVER_IMAGE | |
| fail_ci_if_error: false | |
| - name: Cache | |
| if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} | |
| run: | | |
| docker exec pmm-server go clean -testcache | |
| docker exec pmm-server find ./managed -type d -name fuzzdata -exec rm -r {} + | |
| rm -fr ~/.cache/go-build | |
| mkdir -p ~/.cache | |
| docker cp pmm-server:/root/.cache/go-build ~/.cache/go-build | |
| - name: Run debug commands on failure | |
| if: ${{ failure() }} | |
| run: | | |
| env | sort | |
| go env | sort | |
| git status |