diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 21ce681b0..05d1d45d5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,17 +1,10 @@ name: ci on: - push: - branches: - - main - pull_request: - merge_group: - release: - types: - - published + workflow_call: jobs: build: - name: "build" + name: 'build' runs-on: ubuntu-latest steps: - name: checkout @@ -22,11 +15,11 @@ jobs: enable_npm: true enable_go: true enable_cue: true - cue_version: "v0.12.0" + cue_version: 'v0.12.0' - name: install percli uses: perses/cli-actions/actions/install_percli@v0.2.0 with: - cli-version: "v0.51.1" + cli-version: 'v0.51.1' - name: cache cue deps uses: actions/cache@v4 with: @@ -52,7 +45,7 @@ jobs: !node_modules lint-npm: - name: "lint-npm" + name: 'lint-npm' runs-on: ubuntu-latest steps: - name: checkout @@ -65,7 +58,7 @@ jobs: - run: npm run lint test-npm: - name: "test-npm" + name: 'test-npm' runs-on: ubuntu-latest steps: - name: checkout @@ -78,7 +71,7 @@ jobs: - run: npm run test type-check: - name: "type-check" + name: 'type-check' runs-on: ubuntu-latest steps: - name: checkout @@ -91,7 +84,7 @@ jobs: - run: npm run type-check lint-schemas: - name: "Validate plugin schemas" + name: 'Validate plugin schemas' runs-on: ubuntu-latest steps: - name: checkout @@ -101,11 +94,11 @@ jobs: with: enable_go: true enable_cue: true - cue_version: "v0.12.0" + cue_version: 'v0.12.0' - name: Install percli uses: perses/cli-actions/actions/install_percli@v0.2.0 with: - cli-version: "v0.51.1" + cli-version: 'v0.51.1' - uses: actions/cache@v4 id: cache with: @@ -133,7 +126,7 @@ jobs: version: v2.3.0 - run: make golangci-lint module-check: - name: "Check plugin modules" + name: 'Check plugin modules' runs-on: ubuntu-latest steps: - name: checkout @@ -143,7 +136,7 @@ jobs: with: enable_go: true enable_cue: true - cue_version: "v0.12.0" + cue_version: 'v0.12.0' - uses: actions/cache@v4 id: cache with: @@ -157,8 +150,8 @@ jobs: run: git diff --exit-code -- */cue.mod release: - name: "release" - needs: "build" + name: 'release' + needs: 'build' runs-on: ubuntu-latest permissions: contents: write @@ -174,8 +167,8 @@ jobs: enable_npm: true enable_go: true enable_cue: true - cue_version: "v0.12.0" - nvmrc_path: "./.nvmrc" + cue_version: 'v0.12.0' + nvmrc_path: './.nvmrc' - name: Download archive uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index 4e0c2cef9..073bd701b 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -1,18 +1,10 @@ name: doc on: - push: - branches: - - main - - release/* - - snapshot/* - tags: - - v* - pull_request: - merge_group: + workflow_call: jobs: docs-fmt: - name: "Check docs format" + name: 'Check docs format' runs-on: ubuntu-latest steps: - name: checkout @@ -25,5 +17,3 @@ jobs: run: go install github.com/bwplotka/mdox@latest - name: check docs run: make checkdocs - - diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 000000000..5f93a6e0a --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,35 @@ +name: main +on: + push: + branches: + - main + - release/* + - snapshot/* + tags: + - v* + pull_request: + merge_group: + release: + types: + - published + +jobs: + snyk: + name: 'snyk workflow' + if: ${{ startsWith(github.head_ref, 'snyk-') || startsWith(github.ref_name, 'snyk-') }} + uses: ./.github/workflows/snyk.yml + secrets: inherit + + docs: + name: 'docs workflow' + needs: [snyk] + if: ${{ always() && (needs.snyk.result == 'success' || needs.snyk.result == 'skipped') }} + uses: ./.github/workflows/doc.yml + secrets: inherit + + ci: + name: 'ci workflow' + needs: [snyk] + if: ${{ always() && (needs.snyk.result == 'success' || needs.snyk.result == 'skipped') }} + uses: ./.github/workflows/ci.yml + secrets: inherit diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml new file mode 100644 index 000000000..7ee7820b5 --- /dev/null +++ b/.github/workflows/snyk.yml @@ -0,0 +1,49 @@ +name: snyk +on: + workflow_call: + +jobs: + lockfile-update: + name: 'regenerate lockfile' + runs-on: ubuntu-latest + permissions: + contents: write + if: startsWith(github.head_ref, 'snyk-') + outputs: + lockfile-updated: ${{ steps.lockfile-changes.outputs.has_changes }} + steps: + - name: checkout + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + ref: ${{ github.head_ref }} + fetch-depth: 2 + + - uses: perses/github-actions@v0.10.0 + - uses: ./.github/perses-ci/actions/setup_environment + with: + enable_npm: true + - name: install dependencies + run: npm install + + - name: check for lockfile changes + id: lockfile-changes + run: | + if git diff --quiet package-lock.json; then + echo "has_changes=false" >> $GITHUB_OUTPUT + else + echo "has_changes=true" >> $GITHUB_OUTPUT + fi + + - name: Get last commit message + id: last-commit + run: | + echo "message=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT + + - uses: stefanzweifel/git-auto-commit-action@v6 + if: steps.lockfile-changes.outputs.has_changes == 'true' + with: + commit_message: '[IGNORE] ${{ steps.last-commit.outputs.message }}' + file_pattern: 'package-lock.json' + commit_options: '--no-verify --signoff --amend' + push_options: '--force-with-lease' diff --git a/package-lock.json b/package-lock.json index 22d88c6e4..8f4ba07cf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1727,12 +1727,11 @@ "license": "MIT" }, "node_modules/@grafana/lezer-traceql": { - "version": "0.0.20", - "resolved": "https://registry.npmjs.org/@grafana/lezer-traceql/-/lezer-traceql-0.0.20.tgz", - "integrity": "sha512-AqHLlceOEqDmZWV1FISBIR/l34rATHlPBuNGDA+2rmlvARHd+MS/DHm/K/53x0W+qZULF24JHzDrVPCHxQZ7cg==", - "license": "Apache-2.0", + "version": "0.0.22", + "resolved": "https://registry.npmjs.org/@grafana/lezer-traceql/-/lezer-traceql-0.0.22.tgz", + "integrity": "sha512-zn6WAlM/T9gTYF+0AG5xBndyuLMk/scIsth+zYP5POZA+RRICiRV7GFpdcMU0eOaGP1lhl03S/Fmn6yEcBfYzQ==", "peerDependencies": { - "@lezer/lr": "^1.3.0" + "@lezer/lr": "^1.4.2" } }, "node_modules/@hookform/resolvers": { @@ -17328,7 +17327,7 @@ "version": "0.52.0", "dependencies": { "@codemirror/autocomplete": "^6.18.4", - "@grafana/lezer-traceql": "^0.0.20", + "@grafana/lezer-traceql": "^0.0.22", "@lezer/highlight": "^1.2.1x" }, "peerDependencies": { diff --git a/tempo/package.json b/tempo/package.json index 0a34d06d7..23660248a 100644 --- a/tempo/package.json +++ b/tempo/package.json @@ -26,7 +26,7 @@ "dependencies": { "@codemirror/autocomplete": "^6.18.4", "@lezer/highlight": "^1.2.1x", - "@grafana/lezer-traceql": "^0.0.20" + "@grafana/lezer-traceql": "^0.0.22" }, "peerDependencies": { "@emotion/react": "^11.7.1",