Move test-pr flow to Github actions

.drone.star

@@ -4,14 +4,13 @@
 # 3. Run `make drone`
 # More information about this process here: https://github.com/grafana/deployment_tools/blob/master/docs/infrastructure/drone/signing.md
 
-load('scripts/drone/pipeline.star', 'prs_pipeline', 'master_pipeline', 'promotion_pipeline')
+load('scripts/drone/pipeline.star', 'master_pipeline', 'promotion_pipeline')
 load('scripts/drone/vault.star', 'secrets')
 
 
 def main(ctx):
     return (
-        prs_pipeline()
-        + master_pipeline()
+        master_pipeline()
         + promotion_pipeline()
         + secrets()
     )

.drone.yml

@@ -6,148 +6,6 @@ image_pull_secrets:
 - gcr
 - gar
 kind: pipeline
-name: test-pr
-node:
-  type: no-parallel
-platform:
-  arch: amd64
-  os: linux
-services:
-- environment:
-    GF_FEATURE_TOGGLES_ENABLE: renderAuthJWT
-    GF_PATHS_PROVISIONING: /drone/src/scripts/drone/provisioning
-  image: grafana/grafana-enterprise:latest
-  name: grafana
-steps:
-- commands:
-  - mkdir -p bin
-  - curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl
-  - chmod +x bin/grabpl
-  image: byrnedo/alpine-curl:0.1.8
-  name: grabpl
-- commands:
-  - . ~/.init-nvm.sh
-  - yarn install --frozen-lockfile --no-progress
-  depends_on:
-  - grabpl
-  environment:
-    PUPPETEER_CACHE_DIR: /drone/src/cache
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: yarn-install
-- commands:
-  - . ~/.init-nvm.sh
-  - yarn build
-  depends_on:
-  - yarn-install
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: yarn-build
-- commands:
-  - dockerize -wait http://grafana:3000 -timeout 120s
-  image: jwilder/dockerize:0.6.1
-  name: wait-for-grafana
-- commands:
-  - yarn test-ci
-  depends_on:
-  - wait-for-grafana
-  - yarn-build
-  environment:
-    CI: "true"
-    PUPPETEER_CACHE_DIR: /drone/src/cache
-  image: us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:3.0.0
-  name: yarn-test
-- commands:
-  - . ~/.init-nvm.sh
-  - echo "Starting veracode scan..."
-  - '# Increase heap size or the scanner will die.'
-  - export _JAVA_OPTIONS=-Xmx4g
-  - mkdir -p ci/jobs/security_scan
-  - curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick
-    --allow-dirty
-  depends_on:
-  - yarn-build
-  environment:
-    SRCCLR_API_TOKEN:
-      from_secret: srcclr_api_token
-  failure: ignore
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: security-scan
-- commands:
-  - . ~/.init-nvm.sh
-  - ./scripts/package_target.sh linux-x64-glibc
-  - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc || true
-  - ./scripts/archive_target.sh linux-x64-glibc
-  depends_on:
-  - yarn-test
-  environment:
-    GRAFANA_API_KEY:
-      from_secret: grafana_api_key
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: package-linux-x64-glibc
-- commands:
-  - . ~/.init-nvm.sh
-  - ./scripts/package_target.sh darwin-x64-unknown
-  - bin/grabpl build-plugin-manifest ./dist/plugin-darwin-x64-unknown || true
-  - ./scripts/archive_target.sh darwin-x64-unknown
-  depends_on:
-  - yarn-test
-  environment:
-    GRAFANA_API_KEY:
-      from_secret: grafana_api_key
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: package-darwin-x64-unknown
-- commands:
-  - . ~/.init-nvm.sh
-  - ./scripts/package_target.sh win32-x64-unknown
-  - bin/grabpl build-plugin-manifest ./dist/plugin-win32-x64-unknown || true
-  - ./scripts/archive_target.sh win32-x64-unknown
-  depends_on:
-  - yarn-test
-  environment:
-    GRAFANA_API_KEY:
-      from_secret: grafana_api_key
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: package-win32-x64-unknown
-- commands:
-  - . ~/.init-nvm.sh
-  - ./scripts/package_target.sh linux-x64-glibc true plugin-linux-x64-glibc-no-chromium
-  - bin/grabpl build-plugin-manifest ./dist/plugin-linux-x64-glibc-no-chromium ||
-    true
-  - ./scripts/archive_target.sh linux-x64-glibc plugin-linux-x64-glibc-no-chromium
-  depends_on:
-  - yarn-test
-  environment:
-    GRAFANA_API_KEY:
-      from_secret: grafana_api_key
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: package-linux-x64-glibc-no-chromium
-- commands:
-  - . ~/.init-nvm.sh
-  - ./scripts/package_target.sh alpine-x64-unknown true plugin-alpine-x64-no-chromium
-  - bin/grabpl build-plugin-manifest ./dist/plugin-alpine-x64-no-chromium || true
-  - ./scripts/archive_target.sh alpine-x64-unknown plugin-alpine-x64-no-chromium
-  depends_on:
-  - yarn-test
-  environment:
-    GRAFANA_API_KEY:
-      from_secret: grafana_api_key
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: package-alpine-x64-no-chromium
-trigger:
-  event:
-  - pull_request
-type: docker
-volumes:
-- host:
-    path: /var/run/docker.sock
-  name: docker
----
-clone:
-  retries: 3
-depends_on: []
-image_pull_secrets:
-- gcr
-- gar
-kind: pipeline
 name: test-master
 node:
   type: no-parallel
@@ -554,6 +412,6 @@ kind: secret
 name: docker_password
 ---
 kind: signature
-hmac: 15d030deddf602f0edf703164e7049ff4bccc23f795995e4f7a3050452a25069
+hmac: e20005adbd05726c7f5cd2c387179af3319f02ea0612da8a0eb19ff4f250a47b
 
 ...

.github/workflows/test-pr.yml

@@ -0,0 +1,149 @@
+name: test-pr
+on:
+  pull_request: ~
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  test-pr:  
+    runs-on: ubuntu-latest
+    services: 
+      grafana:
+        image: grafana/grafana-enterprise:latest
+        env:
+          GF_FEATURE_TOGGLES_ENABLE: 'renderAuthJWT'
+          GF_PATHS_PROVISIONING: '/scripts/drone/provisioning'
+        volumes:
+          - /var/run/docker
+      grabpl:
+        image: byrnedo/alpine-curl:0.1.8
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Load secrets
+        uses: grafana/shared-workflows/actions/get-vault-secrets@main
+        with:
+          repo_secrets: |
+            SRCCLR_API_TOKEN=github_actions:srcclr_api_token
+
+      - name: grabpl
+        run: |
+          mkdir -p bin
+          curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.20/grabpl
+          chmod +x bin/grabpl
+
+      - uses: actions/cache@v4
+        id: grabpl-cache
+        with:
+          key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
+          path: bin/grabpl
+          restore-keys: |
+            grabpl-${{ runner.os }}-
+            grabpl-
+
+      - name: install-node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache yarn cache
+        uses: actions/cache@v4
+        id: cache-yarn-cache
+        with:
+          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+
+      - name: Cache node_modules
+        id: cache-node-modules
+        uses: actions/cache@v4
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-${{ matrix.node-version }}-nodemodules-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-${{ matrix.node-version }}-nodemodules-
+
+      - name: yarn-install
+        run: yarn install --frozen-lockfile --no-progress
+        env:
+          PUPPETEER_CACHE_DIR: /tmp/src/cache
+
+      - name: yarn-build
+        run: yarn build
+
+      - uses: grafana/shared-workflows/actions/login-to-gar@main
+        id: login-to-gar
+
+      - name: run-puppeter-image
+        run: |
+          docker pull us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0
+          docker run us-docker.pkg.dev/grafanalabs-dev/grafana-ci/docker-puppeteer:2.0.0
+
+      - name: wait-for-grafana
+        run: |
+          for i in {1..10}; do
+            if docker exec grafana curl -sf http://localhost:3000; then
+              echo "Grafana is ready!"
+              exit 0
+            fi
+            echo "Waiting for container to be ready..."
+            sleep 10
+          done
+          echo "Container failed to start in time" >&2
+          exit 1
+
+      - name: yarn-test
+        run: yarn test-ci
+        env:
+          CI: "true"
+          PUPPETEER_CACHE_DIR: /tmp/src/cache
+
+      - name: security-scan
+        run: |
+          echo "Starting veracode scan..."
+          export _JAVA_OPTIONS=-Xmx4g
+          mkdir -p ci/jobs/security_scan
+          curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan --skip-compile --quick --allow-dirty
+        env:
+          SRCCLR_API_TOKEN: ${{ env.SRCCLR_API_TOKEN }}
+
+  packaging:
+    runs-on: ubuntu-latest
+    container: grafana/grafana-plugin-ci:1.9.6
+    needs: [test-pr]
+    strategy:
+      matrix:
+        packaging:
+          - linux-x64-glibc
+          - darwin-x64-unknown
+          - win32-x64-unknown
+          - linux-x64-glibc-no-chromium
+          - alpine-x64-no-chromium
+
+    steps:
+      - uses: actions/cache@v4
+        with:
+          path: bin/grabpl
+          key: grabpl-${{ runner.os }}-${{ hashFiles('**/binary.url') }}
+
+      - name: Load secrets
+        uses: grafana/shared-workflows/actions/get-vault-secrets@main
+        with:
+          repo_secrets: |
+            GRAFANA_API_KEY=github_actions:grafana_api_key
+
+      - name: package-${{ matrix.packaging }}
+        run: . |
+          ./scripts/package_target.sh ${{ matrix.packaging }}
+          bin/grabpl build-plugin-manifest ./dist/plugin-${{ matrix.packaging }} || true
+          ./scripts/archive_target.sh ${{ matrix.packaging }}
+        env:
+          GRAFANA_API_KEY: ${{ env.GRAFANA_API_KEY }}

scripts/drone/pipeline.star

@@ -18,18 +18,6 @@ def common_steps(skip_errors):
         package_step(arch='alpine-x64-unknown', name='package-alpine-x64-no-chromium', skip_chromium=True, override_output='plugin-alpine-x64-no-chromium', skip_errors=skip_errors),
     ]
 
-def prs_pipeline():
-    return [
-        pipeline(
-            name='test-pr',
-            trigger={
-                'event': ['pull_request'],
-            },
-            steps=common_steps(True),
-            services=e2e_services(),
-        ),
-    ]
-
 def master_pipeline():
     steps = common_steps(False) + [
         publish_to_docker_master(),