ci: move variables to env (#104605 )

* ci: move variables to `env` * ci: move sha to `env` * ci: import `SHA` and `PRE_COMMIT_SHA` (cherry picked from commit d19f86a736)
Release: 11.2.9 (#104359 )
2026-01-08 13:22:08 +08:00 · 2025-04-28 13:07:23 +01:00 · 2025-04-23 00:27:58 +01:00 · 2025-04-22 18:21:28 +00:00 · 2025-04-22 18:21:28 +00:00 · 2025-04-22 18:21:28 +00:00
8407 changed files with 339870 additions and 201085 deletions
--- a/.betterer.results
+++ b/.betterer.results
--- a/.betterer.results.json
+++ b/.betterer.results.json
--- a/.betterer.ts
+++ b/.betterer.ts
@@ -7,7 +7,6 @@ import { glob } from 'glob';
 // Why are we ignoring these?
 // They're all deprecated/being removed so doesn't make sense to fix types
 const eslintPathsToIgnore = [
-  'packages/grafana-e2e', // deprecated.
  'public/app/angular', // will be removed in Grafana 11
  'public/app/plugins/panel/graph', // will be removed alongside angular
  'public/app/plugins/panel/table-old', // will be removed alongside angular
@@ -76,68 +75,87 @@ function regexp(pattern: RegExp, issueMessage: string) {

 function countEslintErrors() {
  return new BettererFileTest(async (filePaths, fileTestResult, resolver) => {
+    // Just bail early if there's no files to test. Prevents trying to get the base config from failing
+    if (filePaths.length === 0) {
+      return;
+    }
+
    const { baseDirectory } = resolver;
    const cli = new ESLint({ cwd: baseDirectory });

-    const eslintConfigFiles = await glob('**/.eslintrc');
-    const eslintConfigMainPaths = eslintConfigFiles.map((file) => path.resolve(path.dirname(file)));
+    // Get the base config to set up parsing etc correctly
+    // this is by far the slowest part of this code. It takes eslint about 2 seconds just to find the config
+    const baseConfig = await cli.calculateConfigForFile(filePaths[0]);

    const baseRules: Partial<Linter.RulesRecord> = {
      '@emotion/syntax-preference': [2, 'object'],
      '@typescript-eslint/no-explicit-any': 'error',
      '@grafana/no-aria-label-selectors': 'error',
-    };
-
-    const nonTestFilesRules: Partial<Linter.RulesRecord> = {
-      ...baseRules,
-      '@typescript-eslint/consistent-type-assertions': ['error', { assertionStyle: 'never' }],
-    };
-
-    // group files by eslint config file
-    // this will create two file groups for each eslint config file
-    // one for test files and one for non-test files
-    const fileGroups: Record<string, string[]> = {};
-
-    for (const filePath of filePaths) {
-      let configPath = eslintConfigMainPaths.find((configPath) => filePath.startsWith(configPath)) ?? '';
-      const isTestFile =
-        filePath.endsWith('.test.tsx') ||
-        filePath.endsWith('.test.ts') ||
-        filePath.includes('__mocks__') ||
-        filePath.includes('public/test/');
-
-      if (isTestFile) {
-        configPath += '-test';
-      }
-      if (!fileGroups[configPath]) {
-        fileGroups[configPath] = [];
-      }
-      fileGroups[configPath].push(filePath);
-    }
-
-    for (const configPath of Object.keys(fileGroups)) {
-      const rules = configPath.endsWith('-test') ? baseRules : nonTestFilesRules;
-      // this is by far the slowest part of this code. It takes eslint about 2 seconds just to find the config
-      const linterOptions = (await cli.calculateConfigForFile(fileGroups[configPath][0])) as Linter.Config;
-      const runner = new ESLint({
-        baseConfig: {
-          ...linterOptions,
-          rules: rules,
+      'no-restricted-imports': [
+        'error',
+        {
+          patterns: [
+            {
+              group: ['@grafana/ui*', '*/Layout/*'],
+              importNames: ['Layout', 'HorizontalGroup', 'VerticalGroup'],
+              message: 'Use Stack component instead.',
+            },
+          ],
        },
-        useEslintrc: false,
-        cwd: baseDirectory,
-      });
-      const lintResults = await runner.lintFiles(fileGroups[configPath]);
-      lintResults
-        .filter((lintResult) => lintResult.source)
-        .forEach((lintResult) => {
-          const { messages } = lintResult;
-          const filePath = lintResult.filePath;
-          const file = fileTestResult.addFile(filePath, '');
-          messages.forEach((message, index) => {
-            file.addIssue(0, 0, message.message, `${index}`);
-          });
+      ],
+    };
+
+    const config: Linter.Config = {
+      ...baseConfig,
+      rules: baseRules,
+
+      // Be careful when specifying overrides for the same rules as in baseRules - it will... override
+      // the same rule, not merge them with different configurations
+      overrides: [
+        {
+          files: ['**/*.{ts,tsx}'],
+          excludedFiles: ['*.{test,spec}.{ts,tsx}', '**/__mocks__/**', '**/public/test/**'],
+          rules: {
+            '@typescript-eslint/consistent-type-assertions': ['error', { assertionStyle: 'never' }],
+          },
+        },
+
+        {
+          files: ['public/app/**/*.{ts,tsx}'],
+          rules: {
+            'no-barrel-files/no-barrel-files': 'error',
+          },
+        },
+        {
+          files: ['public/**/*.tsx', 'packages/grafana-ui/**/*.tsx'],
+          excludedFiles: [
+            'public/app/plugins/**',
+            '*.story.tsx',
+            '*.{test,spec}.{ts,tsx}',
+            '**/__mocks__/**',
+            'public/test/**',
+          ],
+          rules: {
+            '@grafana/no-untranslated-strings': 'error',
+          },
+        },
+      ],
+    };
+
+    const runner = new ESLint({
+      baseConfig: config,
+      useEslintrc: false,
+      cwd: baseDirectory,
+    });
+
+    const lintResults = await runner.lintFiles(Array.from(filePaths));
+    lintResults
+      .filter((lintResult) => lintResult.source)
+      .forEach(({ messages, filePath }) => {
+        const file = fileTestResult.addFile(filePath, '');
+        messages.forEach((message, index) => {
+          file.addIssue(0, 0, message.message, `${index}`);
        });
-    }
+      });
  });
 }
--- a/.bingo/Variables.mk
+++ b/.bingo/Variables.mk
@@ -35,11 +35,11 @@ $(DRONE): $(BINGO_DIR)/drone.mod
 	@echo "(re)installing $(GOBIN)/drone-v1.5.0"
 	@cd $(BINGO_DIR) && GOWORK=off CGO_ENABLED=0 $(GO) build -mod=mod -modfile=drone.mod -o=$(GOBIN)/drone-v1.5.0 "github.com/drone/drone-cli/drone"

-GOLANGCI_LINT := $(GOBIN)/golangci-lint-v1.53.3
+GOLANGCI_LINT := $(GOBIN)/golangci-lint-v1.64.2
 $(GOLANGCI_LINT): $(BINGO_DIR)/golangci-lint.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/golangci-lint-v1.53.3"
-	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=golangci-lint.mod -o=$(GOBIN)/golangci-lint-v1.53.3 "github.com/golangci/golangci-lint/cmd/golangci-lint"
+	@echo "(re)installing $(GOBIN)/golangci-lint-v1.64.2"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=golangci-lint.mod -o=$(GOBIN)/golangci-lint-v1.64.2 "github.com/golangci/golangci-lint/cmd/golangci-lint"

 JB := $(GOBIN)/jb-v0.5.1
 $(JB): $(BINGO_DIR)/jb.mod
@@ -53,15 +53,9 @@ $(LEFTHOOK): $(BINGO_DIR)/lefthook.mod
 	@echo "(re)installing $(GOBIN)/lefthook-v1.4.8"
 	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=lefthook.mod -o=$(GOBIN)/lefthook-v1.4.8 "github.com/evilmartians/lefthook"

-SWAGGER := $(GOBIN)/swagger-v0.30.2
+SWAGGER := $(GOBIN)/swagger-v0.30.6-0.20240310114303-db51e79a0e37
 $(SWAGGER): $(BINGO_DIR)/swagger.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/swagger-v0.30.2"
-	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=swagger.mod -o=$(GOBIN)/swagger-v0.30.2 "github.com/go-swagger/go-swagger/cmd/swagger"
-
-WIRE := $(GOBIN)/wire-v0.6.0
-$(WIRE): $(BINGO_DIR)/wire.mod
-	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/wire-v0.6.0"
-	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=wire.mod -o=$(GOBIN)/wire-v0.6.0 "github.com/google/wire/cmd/wire"
+	@echo "(re)installing $(GOBIN)/swagger-v0.30.6-0.20240310114303-db51e79a0e37"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=swagger.mod -o=$(GOBIN)/swagger-v0.30.6-0.20240310114303-db51e79a0e37 "github.com/go-swagger/go-swagger/cmd/swagger"

--- a/.bingo/golangci-lint.mod
+++ b/.bingo/golangci-lint.mod
@@ -1,5 +1,5 @@
 module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT

-go 1.20
+go 1.24.2

-require github.com/golangci/golangci-lint v1.53.3 // cmd/golangci-lint
+require github.com/golangci/golangci-lint v1.64.2 // cmd/golangci-lint
--- a/.bingo/golangci-lint.sum
+++ b/.bingo/golangci-lint.sum
--- a/.bingo/swagger.mod
+++ b/.bingo/swagger.mod
@@ -2,4 +2,4 @@ module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT

 go 1.18

-require github.com/go-swagger/go-swagger v0.30.2 // cmd/swagger
+require github.com/go-swagger/go-swagger v0.30.6-0.20240310114303-db51e79a0e37 // cmd/swagger
--- a/.bingo/swagger.sum
+++ b/.bingo/swagger.sum
@@ -42,8 +42,13 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
+github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
@@ -51,6 +56,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
@@ -73,9 +80,13 @@ github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
 github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -83,49 +94,71 @@ github.com/go-openapi/analysis v0.21.2 h1:hXFrOYFHUAMQdu6zwAiKKJHJQ8kqZs1ux/ru1P
 github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
 github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
 github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
+github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
+github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=
 github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.2 h1:dxy7PGTqEh94zj2E3h1cUmQQWiM1+aeCROfAr02EmK8=
 github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
 github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
+github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w=
+github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE=
 github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
 github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
+github.com/go-openapi/inflect v0.21.0 h1:FoBjBTQEcbg2cJUWX6uwL9OyIW8eqc9k4KhN4lfbeYk=
+github.com/go-openapi/inflect v0.21.0/go.mod h1:INezMuUu7SJQc2AyR3WO0DqqYUJSj8Kb4hBd7WtjlAw=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/jsonreference v0.19.6 h1:UBIxjkht+AWIgYzCDSv2GN+E/togfwXUJFRTWhl2Jjs=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
 github.com/go-openapi/loads v0.21.0 h1:jYtUO4wwP7psAweisP/MDoOpdzsYEESdoPcsWjHDR68=
 github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
 github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
 github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
+github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=
+github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=
 github.com/go-openapi/runtime v0.21.1 h1:/KIG00BzA2x2HRStX2tnhbqbQdPcFlkgsYCiNY20FZs=
 github.com/go-openapi/runtime v0.24.1 h1:Sml5cgQKGYQHF+M7yYSHaH1eOjvTykrddTE/KtQVjqo=
 github.com/go-openapi/runtime v0.24.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
+github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=
+github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc=
 github.com/go-openapi/spec v0.20.4 h1:O8hJrt0UMnhHcluhIdUgCLRWyM2x7QkBXRvOs7m+O1M=
 github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
 github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
 github.com/go-openapi/spec v0.20.7 h1:1Rlu/ZrOCCob0n+JKKJAWhNWMPW8bOZRg8FJaY+0SKI=
 github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
+github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
+github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
 github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
 github.com/go-openapi/strfmt v0.21.1 h1:G6s2t5V5kGCHLVbSdZ/6lI8Wm4OzoPFkc3/cjAsKQrM=
 github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
 github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
+github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=
+github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-openapi/validate v0.20.3 h1:GZPPhhKSZrE8HjB4eEkoYAZmoWA4+tCemSgINH1/vKw=
 github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-openapi/validate v0.22.0 h1:b0QecH6VslW/TxtpKgzpO1SNG7GU2FsaqKdP1E2T50Y=
 github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
+github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
+github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
@@ -133,6 +166,10 @@ github.com/go-swagger/go-swagger v0.29.0 h1:z3YoZtLvS1Y8TE/PCat1VypcZxM0IgKLt0Nv
 github.com/go-swagger/go-swagger v0.29.0/go.mod h1:Z4GJzI+bHKKkGB2Ji1rawpi3/ldXX8CkzGIa9HAC5EE=
 github.com/go-swagger/go-swagger v0.30.2 h1:23odPUyQZdkNFZZSBJ3mqYYcdh+LnuReEbdWN18OMRo=
 github.com/go-swagger/go-swagger v0.30.2/go.mod h1:neDPes8r8PCz2JPvHRDj8BTULLh4VJUt7n6MpQqxhHM=
+github.com/go-swagger/go-swagger v0.30.6-0.20240310114303-db51e79a0e37 h1:KFcZmKdZmapAog2+eL1buervAYrYolBZk7fMecPPDmo=
+github.com/go-swagger/go-swagger v0.30.6-0.20240310114303-db51e79a0e37/go.mod h1:i1/E+d8iPNReSE7y04FaVu5OPKB3il5cn+T1Egogg3I=
+github.com/go-swagger/go-swagger v0.30.6-0.20240418033037-c46c303aaa02 h1:J6YiT/eg3gAfKMdVCkWXe6khsO+nxa8W4URZ4AUqzbA=
+github.com/go-swagger/go-swagger v0.30.6-0.20240418033037-c46c303aaa02/go.mod h1:i1/E+d8iPNReSE7y04FaVu5OPKB3il5cn+T1Egogg3I=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
 github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
 github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
@@ -211,11 +248,15 @@ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm4
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
+github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
+github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@@ -223,11 +264,16 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
+github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
@@ -246,6 +292,8 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -253,6 +301,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
@@ -283,6 +333,9 @@ github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3v
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
+github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
+github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -297,18 +350,32 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
+github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
+github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.8.0 h1:5MmtuhAgYeU6qpa7w7bP0dv6MBYuup0vekhSpSkoq60=
 github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
 github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
+github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -318,9 +385,12 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk=
 github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
 github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
+github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
+github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -329,9 +399,12 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.3.0 h1:mjC+YW8QpAdXibNi+vNWgzmgBH4+5l5dCXv8cNysBLI=
 github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ=
 github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM=
@@ -345,6 +418,7 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
 go.mongodb.org/mongo-driver v1.8.2 h1:8ssUXufb90ujcIvR6MyE1SchaNj0SFxsakiZgxIyrMk=
@@ -352,12 +426,16 @@ go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCu
 go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
 go.mongodb.org/mongo-driver v1.10.1 h1:NujsPveKwHaWuKUer/ceo9DzEe7HIj1SlJ6uvXZG0S4=
 go.mongodb.org/mongo-driver v1.10.1/go.mod h1:z4XpeoU6w+9Vht+jAFyLgVrD+jGSQQe0+CBWFHNiHt8=
+go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
+go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -369,10 +447,14 @@ golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -383,6 +465,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -409,6 +493,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
+golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -444,6 +530,8 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220121210141-e204ce36a2ba h1:6u6sik+bn/y7vILcYkK3iwTBWN7WtBvB0+SZswQnbf8=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -465,6 +553,9 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -511,11 +602,17 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -526,6 +623,9 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -583,6 +683,8 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
 golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
+golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -683,6 +785,8 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.66.3 h1:jRskFVxYaMGAMUbN0UZ7niA9gzL9B49DOqE78vg0k3w=
 gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
 gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/.bingo/variables.env
+++ b/.bingo/variables.env
@@ -14,13 +14,11 @@ CUE="${GOBIN}/cue-v0.5.0"

 DRONE="${GOBIN}/drone-v1.5.0"

-GOLANGCI_LINT="${GOBIN}/golangci-lint-v1.53.3"
+GOLANGCI_LINT="${GOBIN}/golangci-lint-v1.64.2"

 JB="${GOBIN}/jb-v0.5.1"

 LEFTHOOK="${GOBIN}/lefthook-v1.4.8"

-SWAGGER="${GOBIN}/swagger-v0.30.2"
-
-WIRE="${GOBIN}/wire-v0.6.0"
+SWAGGER="${GOBIN}/swagger-v0.30.6-0.20240310114303-db51e79a0e37"

--- a/.bingo/wire.mod
+++ b/.bingo/wire.mod
@@ -1,5 +0,0 @@
-module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
-
-go 1.16
-
-require github.com/google/wire v0.6.0 // cmd/wire
--- a/.bingo/wire.sum
+++ b/.bingo/wire.sum
@@ -1,66 +0,0 @@
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/subcommands v1.0.1 h1:/eqq+otEXm5vhfBrbREPCSVQbvofip6kIz+mX5TUH7k=
-github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
-github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
-github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
-github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8=
-github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
-github.com/google/wire v0.6.0 h1:HBkoIh4BdSxoyo9PveV8giw7ZsaBOvzWKfcg/6MrVwI=
-github.com/google/wire v0.6.0/go.mod h1:F4QhpQ9EDIdJ1Mbop/NZBRB+5yrR6qg3BnctaoUk6NA=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
-golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b h1:NVD8gBK33xpdqCaZVVtd6OFJp+3dxkXuz7+U7KaVN6s=
-golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
-golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
-golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/.bra.toml
+++ b/.bra.toml
@@ -2,7 +2,7 @@
 init_cmds = [
  ["GO_BUILD_DEV=1", "make", "build-go"],
  ["make", "gen-jsonnet"],
-  ["./bin/grafana", "server", "-packaging=dev", "cfg:app_mode=development"]
+  ["./bin/grafana", "server", "-profile", "-profile-addr=0.0.0.0", "-profile-port=6000", "-profile-block-rate=1", "-profile-mutex-rate=5", "-packaging=dev", "cfg:app_mode=development"]
 ]
 watch_all = true
 follow_symlinks = true
@@ -18,5 +18,5 @@ build_delay = 1500
 cmds = [
  ["GO_BUILD_DEV=1", "make", "build-go"],
  ["make", "gen-jsonnet"],
-  ["./bin/grafana", "server", "-packaging=dev", "cfg:app_mode=development"]
+  ["./bin/grafana", "server", "-profile", "-profile-addr=0.0.0.0", "-profile-port=6000", "-profile-block-rate=1", "-profile-mutex-rate=5", "-packaging=dev", "cfg:app_mode=development"]
 ]
--- a/.drone.star
+++ b/.drone.star
@@ -17,18 +17,11 @@ load(
    "publish_npm_pipelines",
    "publish_packages_pipeline",
 )
-load(
-    "scripts/drone/pipelines/ci_images.star",
-    "publish_ci_windows_test_image_pipeline",
-)
+load("scripts/drone/events/rrc-patch.star", "rrc_patch_pipelines")
 load(
    "scripts/drone/pipelines/publish_images.star",
    "publish_image_pipelines_public",
 )
-load(
-    "scripts/drone/pipelines/windows.star",
-    "windows_test_backend",
-)
 load(
    "scripts/drone/rgm.star",
    "rgm",
@@ -39,17 +32,13 @@ def main(_ctx):
    return (
        pr_pipelines() +
        main_pipelines() +
+        rrc_patch_pipelines() +
        publish_image_pipelines_public() +
        publish_artifacts_pipelines("public") +
        publish_npm_pipelines() +
        publish_packages_pipeline() +
        rgm() +
-        [windows_test_backend({
-            "event": ["promote"],
-            "target": ["test-windows"],
-        }, "oss", "testing")] +
        integration_test_pipelines() +
-        publish_ci_windows_test_image_pipeline() +
        cronjobs() +
        secrets()
    )
--- a/.drone.yml
+++ b/.drone.yml
--- a/.eslintignore
+++ b/.eslintignore
@@ -13,6 +13,8 @@ node_modules
 /public/lib/monaco
 /scripts/grafana-server/tmp
 vendor
+e2e/custom-plugins
+playwright-report

 # TS generate from cue by cuetsy
 **/*.gen.ts
--- a/.eslintrc
+++ b/.eslintrc
@@ -1,13 +1,25 @@
 {
-  "extends": ["@grafana/eslint-config"],
+  "extends": ["@grafana/eslint-config", "plugin:react/jsx-runtime"],
  "root": true,
-  "plugins": ["@emotion", "lodash", "jest", "import", "jsx-a11y", "@grafana"],
+  "plugins": [
+    "@emotion",
+    "lodash",
+    "jest",
+    "import",
+    "jsx-a11y",
+    "@grafana",
+    "no-barrel-files",
+    // Included so betterer doesn't fail when processing all files,
+    // as other parts of the code use testing-library plugin
+    "testing-library",
+  ],
  "settings": {
    "import/internal-regex": "^(app/)|(@grafana)",
-    "import/external-module-folders": ["node_modules", ".yarn"]
+    "import/external-module-folders": ["node_modules", ".yarn"],
  },
  "rules": {
    "@grafana/no-border-radius-literal": "error",
+    "@grafana/no-unreduced-motion": "error",
    "react/prop-types": "off",
    // need to ignore emotion's `css` prop, see https://github.com/jsx-eslint/eslint-plugin-react/blob/master/docs/rules/no-unknown-property.md#rule-options
    "react/no-unknown-property": ["error", { "ignore": ["css"] }],
@@ -19,8 +31,8 @@
      {
        "groups": [["builtin", "external"], "internal", "parent", "sibling", "index"],
        "newlines-between": "always",
-        "alphabetize": { "order": "asc" }
-      }
+        "alphabetize": { "order": "asc" },
+      },
    ],
    "no-restricted-imports": [
      "error",
@@ -29,47 +41,43 @@
          {
            "name": "react-redux",
            "importNames": ["useDispatch", "useSelector"],
-            "message": "Please import from app/types instead."
+            "message": "Please import from app/types instead.",
          },
          {
            "name": "react-i18next",
            "importNames": ["Trans", "t"],
-            "message": "Please import from app/core/internationalization instead"
+            "message": "Please import from app/core/internationalization instead",
          },
-          {
-            "name": "@grafana/e2e",
-            "message": "@grafana/e2e is deprecated. Please import from ./e2e/utils instead"
-          }
-        ]
-      }
+        ],
+      },
    ],

    // Use typescript's no-redeclare for compatibility with overrides
    "no-redeclare": "off",
-    "@typescript-eslint/no-redeclare": ["error"]
+    "@typescript-eslint/no-redeclare": ["error"],
  },
  "overrides": [
    {
      "files": ["packages/grafana-ui/src/components/uPlot/**/*.{ts,tsx}"],
      "rules": {
        "react-hooks/rules-of-hooks": "off",
-        "react-hooks/exhaustive-deps": "off"
-      }
+        "react-hooks/exhaustive-deps": "off",
+      },
    },
    {
      "files": ["packages/grafana-ui/src/components/ThemeDemos/**/*.{ts,tsx}"],
      "rules": {
        "@emotion/jsx-import": "off",
        "react/jsx-uses-react": "off",
-        "react/react-in-jsx-scope": "off"
-      }
+        "react/react-in-jsx-scope": "off",
+      },
    },
    {
      "files": ["public/dashboards/scripted*.js"],
      "rules": {
        "no-redeclare": "error",
-        "@typescript-eslint/no-redeclare": "off"
-      }
+        "@typescript-eslint/no-redeclare": "off",
+      },
    },
    {
      "extends": ["plugin:jsx-a11y/recommended"],
@@ -82,17 +90,17 @@
        "jsx-a11y/no-autofocus": [
          "error",
          {
-            "ignoreNonDOM": true
-          }
+            "ignoreNonDOM": true,
+          },
        ],
        "jsx-a11y/label-has-associated-control": [
          "error",
          {
            "controlComponents": ["NumberInput"],
-            "depth": 2
-          }
-        ]
-      }
+            "depth": 2,
+          },
+        ],
+      },
    },
    {
      "files": [
@@ -125,14 +133,14 @@
        "public/app/plugins/datasource/cloudwatch/*.{ts,tsx}",
        "public/app/plugins/datasource/cloudwatch/**/*.{ts,tsx}",
        "public/app/plugins/datasource/zipkin/*.{ts,tsx}",
-        "public/app/plugins/datasource/zipkin/**/*.{ts,tsx}"
+        "public/app/plugins/datasource/zipkin/**/*.{ts,tsx}",
      ],
      "settings": {
        "import/resolver": {
          "node": {
-            "extensions": [".ts", ".tsx"]
-          }
-        }
+            "extensions": [".ts", ".tsx"],
+          },
+        },
      },
      "rules": {
        "import/no-restricted-paths": [
@@ -143,12 +151,12 @@
                "target": "./public/app/plugins",
                "from": "./public",
                "except": ["./app/plugins"],
-                "message": "Core plugins are not allowed to depend on Grafana core packages"
-              }
-            ]
-          }
-        ]
-      }
-    }
-  ]
+                "message": "Core plugins are not allowed to depend on Grafana core packages",
+              },
+            ],
+          },
+        ],
+      },
+    },
+  ],
 }
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -38,127 +38,123 @@
 /docs/.codespellignore                                                            @grafana/docs-tooling
 /docs/sources/                                                                    @Eve832

-/docs/sources/administration/                                                     @jdbaldry @lwandz13
 /docs/sources/alerting/                                                           @brendamuir
 /docs/sources/dashboards/                                                         @imatwawana
-/docs/sources/datasources/                                                        @jdbaldry
-/docs/sources/explore/                                                            @grafana/explore-squad
-/docs/sources/fundamentals                                                        @chri2547
-/docs/sources/getting-started/                                                    @chri2547
-/docs/sources/introduction/                                                       @chri2547
+/docs/sources/explore/                                                            @grafana/explore-squad @lwandz13
 /docs/sources/panels-visualizations/                                              @imatwawana
-/docs/sources/release-notes/                                                      @Eve832 @GrafanaWriter
-/docs/sources/setup-grafana/                                                      @chri2547
+/docs/sources/release-notes/                                                      @irenerl24 @GrafanaWriter
 /docs/sources/upgrade-guide/                                                      @imatwawana
 /docs/sources/whatsnew/                                                           @imatwawana

-/docs/sources/developers/plugins/                                                 @Eve832 @josmperez @grafana/plugins-platform-frontend @grafana/plugins-platform-backend
+/docs/sources/developers/plugins/                                                 @grafana/plugins-platform-frontend @grafana/plugins-platform-backend

 /docs/sources/panels-visualizations/query-transform-data/transform-data/index.md  @imatwawana @baldm0mma
 # END Technical documentation

 # Backend code
-/go.mod @grafana/backend-platform
-/go.sum @grafana/backend-platform
+/go.mod @grafana/grafana-backend-group
+/go.sum @grafana/grafana-backend-group
 /go.work @grafana/grafana-app-platform-squad
 /go.work.sum @grafana/grafana-app-platform-squad
-/.bingo/ @grafana/backend-platform
-/pkg/README.md @grafana/backend-platform
-/pkg/ruleguard.rules.go @grafana/backend-platform
-/.bra.toml @grafana/backend-platform
-/.golangci.toml @grafana/backend-platform
-/build.go @grafana/backend-platform
-/scripts/modowners/ @grafana/backend-platform
+/.bingo/ @grafana/grafana-backend-group
+/pkg/README.md @grafana/grafana-backend-group
+/pkg/ruleguard.rules.go @grafana/grafana-backend-group
+/.bra.toml @grafana/grafana-backend-group
+/.golangci.yml @grafana/grafana-backend-group
+/build.go @grafana/grafana-backend-services-squad
+/scripts/modowners/ @grafana/grafana-backend-services-squad
+/scripts/go-workspace @grafana/grafana-app-platform-squad
 /hack/ @grafana/grafana-app-platform-squad

-/pkg/api/ @grafana/backend-platform
+/apps/alerting/ @grafana/alerting-backend
+/pkg/api/ @grafana/grafana-backend-group
 /pkg/apis/ @grafana/grafana-app-platform-squad
-/pkg/bus/ @grafana/backend-platform
-/pkg/cmd/ @grafana/backend-platform
+/pkg/apis/alerting_notifications @grafana/grafana-app-platform-squad @grafana/alerting-backend @grafana/alerting-frontend
+/pkg/bus/ @grafana/grafana-search-and-storage
+/pkg/cmd/ @grafana/grafana-backend-group
 /pkg/cmd/grafana/apiserver @grafana/grafana-app-platform-squad
-/pkg/components/apikeygen/ @grafana/identity-access-team
-/pkg/components/satokengen/ @grafana/identity-access-team
-/pkg/components/dashdiffs/ @grafana/backend-platform
-/pkg/components/imguploader/ @grafana/backend-platform
-/pkg/components/loki/ @grafana/backend-platform
-/pkg/components/null/ @grafana/backend-platform
-/pkg/components/simplejson/ @grafana/backend-platform
-/pkg/events/ @grafana/backend-platform
-/pkg/extensions/ @grafana/backend-platform
-/pkg/ifaces/ @grafana/backend-platform
-/pkg/infra/appcontext/ @grafana/backend-platform
-/pkg/infra/db/ @grafana/backend-platform
-/pkg/infra/localcache/ @grafana/backend-platform
-/pkg/infra/log/ @grafana/backend-platform
-/pkg/infra/metrics/ @grafana/backend-platform
-/pkg/infra/network/ @grafana/backend-platform
-/pkg/infra/process/ @grafana/backend-platform
-/pkg/infra/remotecache/ @grafana/backend-platform
-/pkg/infra/serverlock/ @grafana/backend-platform
-/pkg/infra/slugify/ @grafana/backend-platform
-/pkg/infra/tracing/ @grafana/backend-platform
-/pkg/infra/usagestats/ @grafana/backend-platform
-/pkg/middleware/ @grafana/backend-platform
-/pkg/mocks/ @grafana/backend-platform
-/pkg/models/ @grafana/backend-platform
-/pkg/server/ @grafana/backend-platform
+/pkg/components/apikeygen/ @grafana/identity-squad
+/pkg/components/satokengen/ @grafana/identity-squad
+/pkg/components/dashdiffs/ @grafana/grafana-app-platform-squad
+/pkg/components/imguploader/ @grafana/alerting-backend
+/pkg/components/loki/ @grafana/grafana-backend-group
+/pkg/components/null/ @grafana/grafana-backend-group
+/pkg/components/simplejson/ @grafana/grafana-backend-group
+/pkg/events/ @grafana/grafana-backend-group
+/pkg/extensions/ @grafana/grafana-backend-group
+/pkg/ifaces/ @grafana/grafana-backend-group
+/pkg/infra/db/ @grafana/grafana-backend-group
+/pkg/infra/localcache/ @grafana/grafana-backend-group
+/pkg/infra/log/ @grafana/grafana-backend-group
+/pkg/infra/metrics/ @grafana/grafana-backend-group
+/pkg/infra/network/ @grafana/grafana-backend-group
+/pkg/infra/process/ @grafana/grafana-backend-group
+/pkg/infra/remotecache/ @grafana/grafana-backend-group
+/pkg/infra/serverlock/ @grafana/grafana-backend-group
+/pkg/infra/slugify/ @grafana/grafana-backend-group
+/pkg/infra/tracing/ @grafana/grafana-backend-group
+/pkg/infra/usagestats/ @grafana/grafana-backend-group
+/pkg/middleware/ @grafana/grafana-backend-group
+/pkg/mocks/ @grafana/grafana-backend-group
+/pkg/models/ @grafana/grafana-backend-group
+/pkg/semconv/ @grafana/grafana-backend-group
+/pkg/server/ @grafana/grafana-backend-group
 /pkg/apiserver @grafana/grafana-app-platform-squad
 /pkg/apimachinery @grafana/grafana-app-platform-squad
+/pkg/apimachinery/identity/ @grafana/identity-squad
+/pkg/apimachinery/errutil/ @grafana/grafana-backend-group
 /pkg/promlib @grafana/observability-metrics
-/pkg/services/annotations/ @grafana/backend-platform
-/pkg/services/apikey/ @grafana/identity-access-team
-/pkg/services/cleanup/ @grafana/backend-platform
-/pkg/services/contexthandler/ @grafana/backend-platform
+/pkg/storage/ @grafana/grafana-search-and-storage
+/pkg/services/annotations/ @grafana/grafana-search-and-storage
+/pkg/services/apikey/ @grafana/identity-squad
+/pkg/services/cleanup/ @grafana/grafana-backend-group
+/pkg/services/contexthandler/ @grafana/grafana-backend-group
 /pkg/services/correlations/ @grafana/explore-squad
-/pkg/services/dashboardimport/ @grafana/backend-platform
-/pkg/services/dashboards/ @grafana/backend-platform
-/pkg/services/dashboardversion/ @grafana/backend-platform
-/pkg/services/encryption/ @grafana/backend-platform
-/pkg/services/folder/ @grafana/backend-platform
+/pkg/services/dashboardimport/ @grafana/grafana-backend-group
+/pkg/services/dashboards/ @grafana/grafana-app-platform-squad
+/pkg/services/dashboardversion/ @grafana/grafana-backend-group
+/pkg/services/encryption/ @grafana/grafana-operator-experience-squad
+/pkg/services/folder/ @grafana/grafana-search-and-storage
 /pkg/services/apiserver @grafana/grafana-app-platform-squad
-/pkg/services/hooks/ @grafana/backend-platform
-/pkg/services/kmsproviders/ @grafana/backend-platform
-/pkg/services/licensing/ @grafana/backend-platform
-/pkg/services/navtree/ @grafana/backend-platform
-/pkg/services/notifications/ @grafana/backend-platform
-/pkg/services/org/ @grafana/backend-platform
+/pkg/services/hooks/ @grafana/grafana-backend-group
+/pkg/services/kmsproviders/ @grafana/grafana-operator-experience-squad
+/pkg/services/licensing/ @grafana/grafana-operator-experience-squad
+/pkg/services/navtree/ @grafana/grafana-backend-group
+/pkg/services/notifications/ @grafana/grafana-backend-group
+/pkg/services/org/ @grafana/grafana-backend-group
 /pkg/services/playlist/ @grafana/grafana-app-platform-squad
-/pkg/services/preference/ @grafana/backend-platform
-/pkg/services/provisioning/ @grafana/backend-platform
-/pkg/services/query/ @grafana/backend-platform
-/pkg/services/queryhistory/ @grafana/backend-platform
-/pkg/services/quota/ @grafana/backend-platform
-/pkg/services/rendering/ @grafana/backend-platform
-/pkg/services/screenshot/ @grafana/backend-platform
-/pkg/services/search/ @grafana/backend-platform
-/pkg/services/searchusers/ @grafana/backend-platform
-/pkg/services/secrets/ @grafana/backend-platform
-/pkg/services/shorturls/ @grafana/backend-platform
-/pkg/services/sqlstore/ @grafana/backend-platform
-/pkg/services/ssosettings/ @grafana/identity-access-team
-/pkg/services/star/ @grafana/backend-platform
-/pkg/services/stats/ @grafana/backend-platform
-/pkg/services/tag/ @grafana/backend-platform
-/pkg/services/team/ @grafana/identity-access-team
-/pkg/services/temp_user/ @grafana/backend-platform
-/pkg/services/updatechecker/ @grafana/backend-platform
-/pkg/services/user/ @grafana/identity-access-team
-/pkg/services/validations/ @grafana/backend-platform
-/pkg/setting/ @grafana/backend-platform
-/pkg/tests/ @grafana/backend-platform
+/pkg/services/preference/ @grafana/grafana-backend-group
+/pkg/services/provisioning/ @grafana/grafana-search-and-storage
+/pkg/services/query/ @grafana/grafana-app-platform-squad
+/pkg/services/queryhistory/ @grafana/explore-squad
+/pkg/services/quota/ @grafana/grafana-search-and-storage
+/pkg/services/screenshot/ @grafana/grafana-backend-group
+/pkg/services/search/ @grafana/grafana-search-and-storage
+/pkg/services/searchusers/ @grafana/grafana-search-and-storage
+/pkg/services/secrets/ @grafana/grafana-operator-experience-squad
+/pkg/services/shorturls/ @grafana/grafana-backend-group
+/pkg/services/sqlstore/ @grafana/grafana-search-and-storage
+/pkg/services/ssosettings/ @grafana/identity-squad
+/pkg/services/star/ @grafana/grafana-search-and-storage
+/pkg/services/stats/ @grafana/grafana-backend-group
+/pkg/services/tag/ @grafana/grafana-search-and-storage
+/pkg/services/team/ @grafana/access-squad
+/pkg/services/temp_user/ @grafana/grafana-backend-group
+/pkg/services/updatechecker/ @grafana/grafana-backend-group
+/pkg/services/user/ @grafana/access-squad
+/pkg/services/validations/ @grafana/grafana-backend-group
+/pkg/setting/ @grafana/grafana-backend-services-squad
+/pkg/tests/ @grafana/grafana-backend-services-squad
 /pkg/tests/apis/ @grafana/grafana-app-platform-squad
+/pkg/tests/apis/alerting @grafana/grafana-app-platform-squad @grafana/alerting-backend
 /pkg/tests/api/correlations/ @grafana/explore-squad
-/pkg/tsdb/grafanads/ @grafana/backend-platform
-/pkg/tsdb/legacydata/ @grafana/backend-platform
-/pkg/tsdb/opentsdb/ @grafana/backend-platform
-/pkg/tsdb/sqleng/ @grafana/partner-datasources @grafana/oss-big-tent
-/pkg/util/ @grafana/backend-platform
-/pkg/web/ @grafana/backend-platform
-
-/pkg/infra/kvstore/ @grafana/backend-platform
-/pkg/infra/fs/ @grafana/backend-platform
-/pkg/infra/x/ @grafana/backend-platform
+/pkg/tsdb/grafanads/ @grafana/grafana-backend-group
+/pkg/tsdb/opentsdb/ @grafana/partner-datasources
+/pkg/util/ @grafana/grafana-backend-group
+/pkg/web/ @grafana/grafana-backend-group

+/pkg/infra/kvstore/ @grafana/grafana-backend-group
+/pkg/infra/fs/ @grafana/grafana-backend-group

 # devenv
 # Backend code, developers environment
@@ -166,33 +162,33 @@

 # Logs code, developers environment
 /devenv/docker/blocks/loki* @grafana/observability-logs
-/devenv/docker/blocks/elastic* @grafana/observability-logs
+/devenv/docker/blocks/elastic* @grafana/aws-datasources
 /devenv/docker/blocks/self-instrumentation* @grafana/observability-metrics

 /devenv/bulk-dashboards/ @grafana/dashboards-squad
 /devenv/bulk-folders/ @grafana/grafana-frontend-platform
-/devenv/create_docker_compose.sh @grafana/backend-platform
-/devenv/alert_rules.yaml @grafana/alerting-backend-product
+/devenv/create_docker_compose.sh @grafana/grafana-backend-services-squad
+/devenv/alert_rules.yaml @grafana/alerting-backend
 /devenv/dashboards.yaml @grafana/dashboards-squad
-/devenv/datasources.yaml @grafana/backend-platform
-/devenv/datasources_docker.yaml @grafana/backend-platform
+/devenv/datasources.yaml @grafana/grafana-backend-group
+/devenv/datasources_docker.yaml @grafana/grafana-backend-group
 /devenv/dev-dashboards-without-uid/ @grafana/dashboards-squad
 /devenv/dev-dashboards/ @grafana/dashboards-squad
-/devenv/docker/blocks/alert_webhook_listener/ @grafana/alerting-backend-product
+/devenv/docker/blocks/alert_webhook_listener/ @grafana/alerting-backend
 /devenv/docker/blocks/clickhouse/ @grafana/partner-datasources
 /devenv/docker/blocks/collectd/ @grafana/observability-metrics
 /devenv/docker/blocks/etcd @grafana/grafana-app-platform-squad
 /devenv/docker/blocks/grafana/ @grafana/grafana-as-code
-/devenv/docker/blocks/graphite/ @grafana/observability-metrics
-/devenv/docker/blocks/graphite09/ @grafana/observability-metrics
-/devenv/docker/blocks/graphite1/ @grafana/observability-metrics
-/devenv/docker/blocks/influxdb/ @grafana/observability-metrics
-/devenv/docker/blocks/influxdb1/ @grafana/observability-metrics
-/devenv/docker/blocks/jaeger/ @grafana/observability-traces-and-profiling
+/devenv/docker/blocks/graphite/ @grafana/partner-datasources
+/devenv/docker/blocks/graphite09/ @grafana/partner-datasources
+/devenv/docker/blocks/graphite1/ @grafana/partner-datasources
+/devenv/docker/blocks/influxdb/ @grafana/partner-datasources
+/devenv/docker/blocks/influxdb1/ @grafana/partner-datasources
+/devenv/docker/blocks/jaeger/ @grafana/oss-big-tent
 /devenv/docker/blocks/maildev/ @grafana/alerting-frontend
 /devenv/docker/blocks/mariadb/ @grafana/oss-big-tent
-/devenv/docker/blocks/memcached/ @grafana/backend-platform
-/devenv/docker/blocks/mimir_backend/ @grafana/alerting-backend-product
+/devenv/docker/blocks/memcached/ @grafana/grafana-backend-group
+/devenv/docker/blocks/mimir_backend/ @grafana/alerting-backend
 /devenv/docker/blocks/mssql/ @grafana/partner-datasources
 /devenv/docker/blocks/mssql_arm64/ @grafana/partner-datasources
 /devenv/docker/blocks/mssql_tests/ @grafana/partner-datasources
@@ -201,31 +197,32 @@
 /devenv/docker/blocks/mysql_exporter/ @grafana/oss-big-tent
 /devenv/docker/blocks/mysql_opendata/ @grafana/oss-big-tent
 /devenv/docker/blocks/mysql_tests/ @grafana/oss-big-tent
-/devenv/docker/blocks/opentsdb/ @grafana/observability-metrics
+/devenv/docker/blocks/opentsdb/ @grafana/partner-datasources
 /devenv/docker/blocks/postgres/ @grafana/oss-big-tent
 /devenv/docker/blocks/postgres_tests/ @grafana/oss-big-tent
 /devenv/docker/blocks/prometheus/ @grafana/observability-metrics
 /devenv/docker/blocks/prometheus_random_data/ @grafana/observability-metrics
 /devenv/docker/blocks/pyroscope/ @grafana/observability-traces-and-profiling
 /devenv/docker/blocks/redis/ @bergquist
-/devenv/docker/blocks/sensugo/ @grafana/backend-platform
+/devenv/docker/blocks/sensugo/ @grafana/grafana-backend-group
 /devenv/docker/blocks/slow_proxy/ @bergquist
 /devenv/docker/blocks/smtp/ @bergquist
 /devenv/docker/blocks/tempo/ @grafana/observability-traces-and-profiling
 /devenv/docker/blocks/traefik/ @mckn
-/devenv/docker/blocks/zipkin/ @grafana/observability-traces-and-profiling
-/devenv/docker/blocks/webdav/ @grafana/alerting-backend-product
+/devenv/docker/blocks/zipkin/ @grafana/oss-big-tent
+/devenv/docker/blocks/webdav/ @grafana/alerting-backend
 /devenv/docker/buildcontainer/ @bergquist
-/devenv/docker/compose_header.yml @grafana/backend-platform
+/devenv/docker/compose_header.yml @grafana/grafana-backend-services-squad
 /devenv/docker/debtest/ @bergquist
-/devenv/docker/ha-test-unified-alerting/ @grafana/alerting-backend-product
-/devenv/docker/ha_test/ @grafana/backend-platform
-/devenv/docker/loadtest/ @grafana/backend-platform
-/devenv/docker/rpmtest/ @grafana/backend-platform
+/devenv/docker/ha-test-unified-alerting/ @grafana/alerting-backend
+/devenv/docker/ha_test/ @grafana/grafana-backend-services-squad
+/devenv/docker/loadtest/ @grafana/grafana-backend-services-squad
+/devenv/docker/rpmtest/ @grafana/grafana-backend-services-squad
 /devenv/jsonnet/ @grafana/dataviz-squad
 /devenv/local-npm/ @grafana/frontend-ops
 /devenv/vscode/ @grafana/frontend-ops
-/devenv/setup.sh @grafana/backend-platform
+/devenv/setup.sh @grafana/grafana-backend-services-squad
+/devenv/plugins.yaml @grafana/plugins-platform-frontend

 # Emails
 /emails/ @grafana/alerting-frontend
@@ -244,6 +241,7 @@
 /Makefile @grafana/grafana-release-guild
 /scripts/build/ @grafana/grafana-release-guild
 /scripts/list-release-artifacts.sh @grafana/grafana-release-guild
+/.trivyignore @grafana/grafana-backend-services-squad

 # OSS Plugin Partnerships backend code
 /pkg/tsdb/cloudwatch/ @grafana/aws-datasources
@@ -252,13 +250,11 @@

 # Observability backend code
 /pkg/tsdb/prometheus/ @grafana/observability-metrics
-/pkg/tsdb/influxdb/ @grafana/observability-metrics
-/pkg/tsdb/elasticsearch/ @grafana/observability-logs
-/pkg/tsdb/graphite/ @grafana/observability-metrics
+/pkg/tsdb/elasticsearch/ @grafana/aws-datasources
 /pkg/tsdb/loki/ @grafana/observability-logs
 /pkg/tsdb/tempo/ @grafana/observability-traces-and-profiling
 /pkg/tsdb/grafana-pyroscope-datasource/ @grafana/observability-traces-and-profiling
-/pkg/tsdb/parca/ @grafana/observability-traces-and-profiling
+/pkg/tsdb/parca/ @grafana/oss-big-tent

 # OSS Big Tent backend code
 /pkg/tsdb/mysql/ @grafana/oss-big-tent
@@ -266,10 +262,12 @@

 # Partner Datasources backend code
 /pkg/tsdb/mssql/ @grafana/partner-datasources
+/pkg/tsdb/influxdb/ @grafana/partner-datasources
+/pkg/tsdb/graphite/ @grafana/partner-datasources

 # Database migrations
-/pkg/services/sqlstore/migrations/ @grafana/backend-platform @grafana/hosted-grafana-team
-*_mig.go @grafana/backend-platform @grafana/hosted-grafana-team
+/pkg/services/sqlstore/migrations/ @grafana/grafana-search-and-storage
+*_mig.go @grafana/grafana-search-and-storage

 # Grafana app platform
 /pkg/services/live/ @grafana/grafana-app-platform-squad
@@ -277,14 +275,15 @@
 /pkg/services/store/ @grafana/grafana-app-platform-squad
 /pkg/infra/filestorage/ @grafana/grafana-app-platform-squad
 /pkg/modules/ @grafana/grafana-app-platform-squad
-/pkg/services/grpcserver/ @grafana/grafana-app-platform-squad
+/pkg/services/grpcserver/ @grafana/grafana-search-and-storage
 /pkg/generated @grafana/grafana-app-platform-squad

 # Alerting
-/pkg/services/ngalert/ @grafana/alerting-backend-product
-/pkg/services/sqlstore/migrations/ualert/ @grafana/alerting-backend-product
-/pkg/tests/api/alerting/ @grafana/alerting-backend-product
+/pkg/services/ngalert/ @grafana/alerting-backend
+/pkg/services/sqlstore/migrations/ualert/ @grafana/alerting-backend
+/pkg/tests/api/alerting/ @grafana/alerting-backend
 /public/app/features/alerting/ @grafana/alerting-frontend
+/public/app/features/gops/ @grafana/alerting-frontend

 # Library Services
 /pkg/services/libraryelements/ @grafana/dashboards-squad
@@ -304,7 +303,7 @@
 /pkg/services/plugindashboards/ @grafana/plugins-platform-backend

 # Backend code docs
-/contribute/backend/ @grafana/backend-platform
+/contribute/backend/ @grafana/grafana-backend-group


 /crowdin.yml @grafana/grafana-frontend-platform
@@ -313,38 +312,47 @@
 /e2e/ @grafana/grafana-frontend-platform
 /e2e/cloud-plugins-suite/ @grafana/partner-datasources
 /e2e/plugin-e2e/plugin-e2e-api-tests/ @grafana/plugins-platform-frontend
+
+# Packages
 /packages/ @grafana/grafana-frontend-platform @grafana/plugins-platform-frontend
+/packages/grafana-data/src/**/*logs* @grafana/observability-logs
+/packages/grafana-data/src/transformations/ @grafana/dataviz-squad
 /packages/grafana-e2e-selectors/ @grafana/grafana-frontend-platform
-/packages/grafana-e2e/ @grafana/grafana-frontend-platform
+/packages/grafana-flamegraph/ @grafana/observability-traces-and-profiling
+/packages/grafana-o11y-ds-frontend/ @grafana/observability-logs
+/packages/grafana-o11y-ds-frontend/src/IntervalInput/ @grafana/observability-traces-and-profiling
+/packages/grafana-o11y-ds-frontend/src/NodeGraph/ @grafana/observability-traces-and-profiling
+/packages/grafana-o11y-ds-frontend/src/pyroscope/ @grafana/observability-traces-and-profiling
+/packages/grafana-o11y-ds-frontend/src/SpanBar/ @grafana/observability-traces-and-profiling
+/packages/grafana-o11y-ds-frontend/src/TraceToLogs/ @grafana/observability-traces-and-profiling
+/packages/grafana-o11y-ds-frontend/src/TraceToMetrics/ @grafana/observability-traces-and-profiling
+/packages/grafana-o11y-ds-frontend/src/TraceToProfiles/ @grafana/observability-traces-and-profiling
+/packages/grafana-plugin-configs/ @grafana/plugins-platform-frontend
+/packages/grafana-prometheus/ @grafana/observability-metrics
+/packages/grafana-schema/src/**/*canvas* @grafana/dataviz-squad
+/packages/grafana-schema/src/**/*tempo* @grafana/observability-traces-and-profiling
+/packages/grafana-sql/ @grafana/partner-datasources @grafana/oss-big-tent
 /packages/grafana-ui/.storybook/ @grafana/plugins-platform-frontend
 /packages/grafana-ui/src/components/ @grafana/grafana-frontend-platform
+/packages/grafana-ui/src/components/BarGauge/ @grafana/dataviz-squad
+/packages/grafana-ui/src/components/DataLinks/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/DateTimePickers/ @grafana/grafana-frontend-platform
+/packages/grafana-ui/src/components/Gauge/ @grafana/dataviz-squad
+/packages/grafana-ui/src/components/Sparkline/ @grafana/grafana-frontend-platform @grafana/app-o11y-visualizations
 /packages/grafana-ui/src/components/Table/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/Table/SparklineCell.tsx @grafana/dataviz-squad @grafana/app-o11y-visualizations
-/packages/grafana-ui/src/components/Gauge/ @grafana/dataviz-squad
-/packages/grafana-ui/src/components/BarGauge/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/uPlot/ @grafana/dataviz-squad
-/packages/grafana-ui/src/components/DataLinks/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/ValuePicker/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/VizLayout/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/VizLegend/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/VizRepeater/ @grafana/dataviz-squad
 /packages/grafana-ui/src/components/VizTooltip/ @grafana/dataviz-squad
-/packages/grafana-ui/src/components/Sparkline/ @grafana/grafana-frontend-platform @grafana/app-o11y-visualizations
 /packages/grafana-ui/src/graveyard/Graph/ @grafana/dataviz-squad
 /packages/grafana-ui/src/graveyard/GraphNG/ @grafana/dataviz-squad
 /packages/grafana-ui/src/graveyard/TimeSeries/ @grafana/dataviz-squad
 /packages/grafana-ui/src/utils/storybook/ @grafana/plugins-platform-frontend
-/packages/grafana-data/src/transformations/ @grafana/dataviz-squad
-/packages/grafana-data/src/**/*logs* @grafana/observability-logs
-/packages/grafana-schema/src/**/*tempo* @grafana/observability-traces-and-profiling
-/packages/grafana-schema/src/**/*canvas* @grafana/dataviz-squad
-/packages/grafana-flamegraph/ @grafana/observability-traces-and-profiling
+
 /plugins-bundled/ @grafana/plugins-platform-frontend
-/packages/grafana-plugin-configs/ @grafana/plugins-platform-frontend
-/packages/grafana-prometheus/ @grafana/observability-metrics
-/packages/grafana-o11y-ds-frontend/ @grafana/observability-logs @grafana/observability-traces-and-profiling
-/packages/grafana-sql/ @grafana/partner-datasources @grafana/oss-big-tent

 # root files, mostly frontend
 /.browserslistrc @grafana/frontend-ops
@@ -376,7 +384,6 @@
 /.levignore.js @grafana/plugins-platform-frontend
 playwright.config.ts @grafana/plugins-platform-frontend

-
 # public folder
 /public/app/core/ @grafana/grafana-frontend-platform
 /public/app/core/components/TimePicker/ @grafana/grafana-frontend-platform
@@ -385,25 +392,26 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/core/components/TimeSeries/ @grafana/dataviz-squad
 /public/app/core/components/TimelineChart/ @grafana/dataviz-squad
 /public/app/core/components/Form/ @grafana/grafana-frontend-platform
+/public/app/core/history/ @grafana/explore-squad
 /public/app/features/all.ts @grafana/grafana-frontend-platform
 /public/app/features/admin/ @grafana/identity-access-team

 # Temp owners until Enterprise team takes over
 /public/app/features/migrate-to-cloud @grafana/grafana-frontend-platform

-/public/app/features/auth-config/ @grafana/identity-access-team
+/public/app/features/auth-config/ @grafana/identity-squad
 /public/app/features/annotations/ @grafana/dashboards-squad
-/public/app/features/api-keys/ @grafana/identity-access-team
+/public/app/features/api-keys/ @grafana/identity-squad
 /public/app/features/canvas/ @grafana/dataviz-squad
 /public/app/features/geo/ @grafana/dataviz-squad
 /public/app/features/visualization/data-hover/ @grafana/dataviz-squad
 /public/app/features/commandPalette/ @grafana/grafana-frontend-platform
-/public/app/features/connections/ @grafana/plugins-platform-frontend @mikkancso
+/public/app/features/connections/ @grafana/plugins-platform-frontend
 /public/app/features/correlations/ @grafana/explore-squad
 /public/app/features/dashboard/ @grafana/dashboards-squad
 /public/app/features/dashboard/components/TransformationsEditor/ @grafana/dataviz-squad
 /public/app/features/dashboard-scene/ @grafana/dashboards-squad
-/public/app/features/datasources/ @grafana/plugins-platform-frontend @mikkancso
+/public/app/features/datasources/ @grafana/plugins-platform-frontend
 /public/app/features/dimensions/ @grafana/dataviz-squad
 /public/app/features/dataframe-import/ @grafana/dataviz-squad
 /public/app/features/explore/ @grafana/explore-squad
@@ -414,6 +422,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/features/library-panels/ @grafana/dashboards-squad
 /public/app/features/logs/ @grafana/observability-logs
 /public/app/features/live/ @grafana/grafana-app-platform-squad
+/public/app/features/apiserver/ @grafana/grafana-app-platform-squad
 /public/app/features/manage-dashboards/ @grafana/dashboards-squad
 /public/app/features/notifications/ @grafana/grafana-frontend-platform
 /public/app/features/org/ @grafana/grafana-frontend-platform
@@ -421,20 +430,22 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/features/playlist/ @grafana/dashboards-squad
 /public/app/features/plugins/ @grafana/plugins-platform-frontend
 /public/app/features/profile/ @grafana/grafana-frontend-platform
+/public/app/features/query-library/ @grafana/explore-squad
 /public/app/features/runtime/ @ryantxu
 /public/app/features/query/ @grafana/dashboards-squad
 /public/app/features/sandbox/ @grafana/grafana-frontend-platform
 /public/app/features/browse-dashboards/ @grafana/grafana-frontend-platform
 /public/app/features/search/ @grafana/grafana-frontend-platform
-/public/app/features/serviceaccounts/ @grafana/identity-access-team
+/public/app/features/serviceaccounts/ @grafana/identity-squad
 /public/app/features/storage/ @grafana/grafana-app-platform-squad
-/public/app/features/teams/ @grafana/identity-access-team
+/public/app/features/teams/ @grafana/access-squad
 /public/app/features/templating/ @grafana/dashboards-squad
-/public/app/features/trails/ @torkelo
+/public/app/features/trails/ @grafana/observability-metrics
 /public/app/features/transformers/ @grafana/dataviz-squad
 /public/app/features/transformers/timeSeriesTable/ @grafana/dataviz-squad @grafana/app-o11y-visualizations
-/public/app/features/users/ @grafana/identity-access-team
+/public/app/features/users/ @grafana/access-squad
 /public/app/features/variables/ @grafana/dashboards-squad
+/public/app/features/preferences/ @grafana/grafana-frontend-platform
 /public/app/plugins/panel/alertlist/ @grafana/alerting-frontend
 /public/app/plugins/panel/annolist/ @grafana/grafana-frontend-platform
 /public/app/plugins/panel/barchart/ @grafana/dataviz-squad
@@ -473,6 +484,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/store/ @grafana/grafana-frontend-platform
 /public/app/types/ @grafana/grafana-frontend-platform
 /public/app/types/alerting.ts @grafana/alerting-frontend
+/public/app/types/unified-alerting-dto.ts @grafana/alerting-frontend
 /public/dashboards/ @grafana/dashboards-squad
 /public/gazetteer/ @ryantxu
 /public/img/ @grafana/grafana-frontend-platform
@@ -485,7 +497,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/test/ @grafana/grafana-frontend-platform
 /public/test/helpers/alertingRuleEditor.tsx @grafana/alerting-frontend
 /public/views/ @grafana/grafana-frontend-platform
-/public/views/swagger.html @grafana/backend-platform
+/public/views/swagger.html @grafana/grafana-backend-group

 /public/app/features/explore/Logs/ @grafana/observability-logs

@@ -495,9 +507,9 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /public/app/features/explore/FlameGraph/ @grafana/observability-traces-and-profiling
 /public/app/features/explore/TraceView/ @grafana/observability-traces-and-profiling

-/public/api-merged.json @grafana/backend-platform
-/public/api-enterprise-spec.json @grafana/backend-platform
-/public/openapi3.json @grafana/backend-platform
+/public/api-merged.json @grafana/grafana-backend-group
+/public/api-enterprise-spec.json @grafana/grafana-backend-group
+/public/openapi3.json @grafana/grafana-backend-group
 /public/app/angular/ @torkelo
 /public/app/app.ts @grafana/frontend-ops
 /public/app/dev.ts @grafana/frontend-ops
@@ -509,7 +521,7 @@ playwright.config.ts @grafana/plugins-platform-frontend



-/scripts/benchmark-access-control.sh @grafana/identity-access-team
+/scripts/benchmark-access-control.sh @grafana/access-squad
 /scripts/check-breaking-changes.sh @grafana/plugins-platform-frontend
 /scripts/ci-* @grafana/grafana-release-guild
 /scripts/circle-* @grafana/grafana-release-guild
@@ -533,7 +545,11 @@ playwright.config.ts @grafana/plugins-platform-frontend
 /scripts/cleanup-husky.sh @grafana/frontend-ops
 /scripts/verify-repo-update/ @grafana/grafana-release-guild
 /scripts/generate-icon-bundle.js @grafana/plugins-platform-frontend @grafana/grafana-frontend-platform
+/scripts/generate-rtk-apis.ts @grafana/grafana-frontend-platform
+/scripts/generate-alerting-rtk-apis.ts @grafana/alerting-frontend
 /scripts/levitate-parse-json-report.js @grafana/plugins-platform-frontend
+/scripts/levitate-show-affected-plugins.js @grafana/plugins-platform-frontend
+/scripts/codemods/explicit-barrel-imports.cjs @grafana/frontend-ops

 /scripts/**/generate-transformations* @grafana/dataviz-squad
 /scripts/webpack/ @grafana/frontend-ops
@@ -553,57 +569,62 @@ playwright.config.ts @grafana/plugins-platform-frontend
 # Core datasources
 /public/app/plugins/datasource/dashboard/ @grafana/dashboards-squad
 /public/app/plugins/datasource/cloudwatch/ @grafana/aws-datasources
-/public/app/plugins/datasource/elasticsearch/ @grafana/observability-logs
+/public/app/plugins/datasource/elasticsearch/ @grafana/aws-datasources
 /public/app/plugins/datasource/grafana/ @grafana/grafana-frontend-platform
 /public/app/plugins/datasource/grafana-testdata-datasource/ @grafana/plugins-platform-frontend
 /public/app/plugins/datasource/azuremonitor/ @grafana/partner-datasources
-/public/app/plugins/datasource/graphite/ @grafana/observability-metrics
-/public/app/plugins/datasource/influxdb/ @grafana/observability-metrics
-/public/app/plugins/datasource/jaeger/ @grafana/observability-traces-and-profiling
+/public/app/plugins/datasource/graphite/ @grafana/partner-datasources
+/public/app/plugins/datasource/influxdb/ @grafana/partner-datasources
+/public/app/plugins/datasource/jaeger/ @grafana/oss-big-tent
 /public/app/plugins/datasource/loki/ @grafana/observability-logs
 /public/app/plugins/datasource/mixed/ @grafana/dashboards-squad
 /public/app/plugins/datasource/mssql/ @grafana/partner-datasources
 /public/app/plugins/datasource/mysql/ @grafana/oss-big-tent
-/public/app/plugins/datasource/opentsdb/ @grafana/observability-metrics
+/public/app/plugins/datasource/opentsdb/ @grafana/partner-datasources
 /public/app/plugins/datasource/grafana-postgresql-datasource/ @grafana/oss-big-tent
 /public/app/plugins/datasource/prometheus/ @grafana/observability-metrics
 /public/app/plugins/datasource/cloud-monitoring/ @grafana/partner-datasources
-/public/app/plugins/datasource/zipkin/ @grafana/observability-traces-and-profiling
+/public/app/plugins/datasource/zipkin/ @grafana/oss-big-tent
 /public/app/plugins/datasource/tempo/ @grafana/observability-traces-and-profiling
 /public/app/plugins/datasource/grafana-pyroscope-datasource/ @grafana/observability-traces-and-profiling
-/public/app/plugins/datasource/parca/ @grafana/observability-traces-and-profiling
+/public/app/plugins/datasource/parca/ @grafana/oss-big-tent
 /public/app/plugins/datasource/alertmanager/ @grafana/alerting-squad

 # Grafana Sharing Squad
+/public/app/features/dashboard-scene/sharing/ @grafana/sharing-squad
 /public/app/features/dashboard/components/ShareModal/ @grafana/sharing-squad
 /public/app/features/manage-dashboards/components/PublicDashboardListTable/ @grafana/sharing-squad
 /public/app/features/dashboard/containers/PublicDashboardPage.tsx @grafana/sharing-squad
 /public/app/features/manage-dashboards/components/SnapshotListTable.tsx @grafana/sharing-squad
+/pkg/api/render.go @grafana/sharing-squad
 /pkg/services/dashboardsnapshots/ @grafana/sharing-squad
 /pkg/services/publicdashboards/ @grafana/sharing-squad
+/pkg/services/rendering/ @grafana/sharing-squad

 # SSE - Server Side Expressions
 /pkg/expr/ @grafana/observability-metrics

 # Cloud middleware
-/grafana-mixin/ @grafana/hosted-grafana-team
+/grafana-mixin/ @grafana/grafana-backend-services-squad

 # Grafana authentication and authorization
-/pkg/login/ @grafana/identity-access-team
-/pkg/services/accesscontrol/ @grafana/identity-access-team
+/pkg/login/ @grafana/identity-squad
+/pkg/services/accesscontrol/ @grafana/access-squad
 /pkg/services/anonymous/ @grafana/identity-access-team
-/pkg/services/auth/ @grafana/identity-access-team
-/pkg/services/authn/ @grafana/identity-access-team
-/pkg/services/signingkeys/ @grafana/identity-access-team
-/pkg/services/dashboards/accesscontrol.go @grafana/identity-access-team
-/pkg/services/datasources/guardian/ @grafana/identity-access-team
-/pkg/services/guardian/ @grafana/identity-access-team
-/pkg/services/ldap/ @grafana/identity-access-team
-/pkg/services/login/ @grafana/identity-access-team
-/pkg/services/loginattempt/ @grafana/identity-access-team
+/pkg/services/auth/ @grafana/identity-squad
+/pkg/services/authn/ @grafana/identity-squad
+/pkg/services/authz/ @grafana/access-squad
+/pkg/services/signingkeys/ @grafana/identity-squad
+/pkg/services/dashboards/accesscontrol.go @grafana/access-squad
+/pkg/services/datasources/guardian/ @grafana/access-squad
+/pkg/services/guardian/ @grafana/access-squad
+/pkg/services/ldap/ @grafana/identity-squad
+/pkg/services/login/ @grafana/identity-squad
+/pkg/services/loginattempt/ @grafana/identity-squad
 /pkg/services/extsvcauth/ @grafana/identity-access-team
-/pkg/services/oauthtoken/ @grafana/identity-access-team
-/pkg/services/serviceaccounts/ @grafana/identity-access-team
+/pkg/services/oauthtoken/ @grafana/identity-squad
+/pkg/services/serviceaccounts/ @grafana/identity-squad
+/public/app/core/components/RolePicker/ @grafana/access-squad

 # Support bundles
 /public/app/features/support-bundles/ @grafana/identity-access-team
@@ -612,6 +633,7 @@ playwright.config.ts @grafana/plugins-platform-frontend
 # Grafana Operator Experience Team
 /pkg/services/caching/ @grafana/grafana-operator-experience-squad
 /pkg/services/cloudmigration/ @grafana/grafana-operator-experience-squad
+/pkg/services/gcom/ @grafana/grafana-operator-experience-squad

 # Feature toggles
 /pkg/services/featuremgmt/ @grafana/grafana-backend-services-squad
@@ -626,6 +648,7 @@ embed.go @grafana/grafana-as-code
 /pkg/kinds/ @grafana/grafana-as-code
 /pkg/registry/ @grafana/grafana-as-code
 /pkg/registry/apis/ @grafana/grafana-app-platform-squad
+/pkg/registry/apis/alerting @grafana/grafana-app-platform-squad @grafana/alerting-backend
 /pkg/codegen/ @grafana/grafana-as-code
 /pkg/codegen/generators @grafana/grafana-as-code
 /pkg/kinds/*/*_gen.go @grafana/grafana-as-code
@@ -646,11 +669,15 @@ embed.go @grafana/grafana-as-code
 /.github/pr-commands.json @marefr
 /.github/renovate.json5 @grafana/frontend-ops
 /.github/teams.yml @armandgrillet
-/.github/workflows/alerting-swagger-gen.yml @grafana/alerting-backend-product
-/.github/workflows/auto-milestone.yml @grafana/grafana-release-guild
-/.github/workflows/backport.yml @grafana/grafana-release-guild
-/.github/workflows/bump-version.yml @grafana/grafana-release-guild
-/.github/workflows/close-milestone.yml @grafana/grafana-release-guild
+/.github/workflows/alerting-swagger-gen.yml @grafana/alerting-backend
+/.github/workflows/auto-milestone.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/backport.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/bump-version.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/close-milestone.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/release-pr.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/release-comms.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/migrate-prs.yml @grafana/grafana-developer-enablement-squad
+/.github/workflows/create-next-release-branch.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/codeowners-validator.yml @tolzhabayev
 /.github/workflows/codeql-analysis.yml @DanCech
 /.github/workflows/commands.yml @torkelo
@@ -679,20 +706,22 @@ embed.go @grafana/grafana-as-code
 /.github/workflows/stale.yml @grafana/grafana-release-guild
 /.github/workflows/update-changelog.yml @grafana/grafana-release-guild
 /.github/workflows/update-make-docs.yml @grafana/docs-tooling
-/.github/workflows/snyk.yml @grafana/security-team
 /.github/workflows/scripts/kinds/verify-kinds.go @grafana/platform-cat
 /.github/workflows/publish-kinds-next.yml @grafana/platform-cat
 /.github/workflows/publish-kinds-release.yml @grafana/platform-cat
 /.github/workflows/verify-kinds.yml @grafana/platform-cat
 /.github/workflows/dashboards-issue-add-label.yml @grafana/dashboards-squad
-/.github/workflows/ephemeral-instances-pr-comment.yml @grafana/grafana-operator-experience-squad
-/.github/workflows/ephemeral-instances-pr-opened-closed.yml @grafana/grafana-operator-experience-squad
+/.github/workflows/ephemeral-instances-pr-comment.yml @grafana/grafana-backend-services-squad
 /.github/workflows/create-security-patch-from-security-mirror.yml @grafana/grafana-release-guild
 /.github/workflows/core-plugins-build-and-release.yml @grafana/plugins-platform-frontend @grafana/plugins-platform-backend
 /.github/workflows/i18n-crowdin-upload.yml @grafana/grafana-frontend-platform
 /.github/workflows/i18n-crowdin-download.yml @grafana/grafana-frontend-platform
-/.github/workflows/feature-toggle-cleanup.yml @tolzhabayev
-/.github/workflows/scripts/feature-toggle-cleanup/feature-toggle-cleanup.js @tolzhabayev
+/.github/workflows/pr-go-workspace-check.yml @grafana/grafana-app-platform-squad
+/.github/workflows/run-scenes-e2e.yml @grafana/dashboards-squad
+/.github/workflows/go-lint.yml @grafana/grafana-backend-services-squad
+/.github/workflows/trivy-scan.yml @grafana/grafana-backend-services-squad
+/.github/workflows/changelog.yml @zserge
+/.github/workflows/actions/changelog @zserge

 # Generated files not requiring owner approval
 /packages/grafana-data/src/types/featureToggles.gen.ts @grafanabot
@@ -704,10 +733,10 @@ embed.go @grafana/grafana-as-code
 # Conf
 /conf/defaults.ini @torkelo
 /conf/sample.ini @torkelo
-/conf/ldap.toml @grafana/identity-access-team
-/conf/ldap_multiple.toml @grafana/identity-access-team
-/conf/provisioning/access-control/ @grafana/identity-access-team
-/conf/provisioning/alerting/ @grafana/alerting-backend-product
+/conf/ldap.toml @grafana/identity-squad
+/conf/ldap_multiple.toml @grafana/identity-squad
+/conf/provisioning/access-control/ @grafana/access-squad
+/conf/provisioning/alerting/ @grafana/alerting-backend
 /conf/provisioning/dashboards/ @grafana/dashboards-squad
 /conf/provisioning/datasources/ @grafana/plugins-platform-backend
 /conf/provisioning/plugins/ @grafana/plugins-platform-backend
--- a/.github/ISSUE_TEMPLATE/3-data_source_request.yaml
+++ b/.github/ISSUE_TEMPLATE/3-data_source_request.yaml
@@ -0,0 +1,45 @@
+---
+name: New data source request
+description: Raise a request for a new data source plugin
+title: "[New Data Source]: <name-of-service>"
+labels:
+  - area/datasource,type/new-plugin-request
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for requesting a new data source plugin!
+
+        We greatly appreciate feedback from our community about which new data sources would be beneficial. 
+        
+        Grafana Labs regularly reviews these requests and uses them to inform our prioritization. Note: we cannot offer any guarantees on whether we or our community will build a given data source.
+        
+        Please check our [roadmap](https://github.com/orgs/grafana/projects/619?pane=info) for existing requests and subscribe to stay informed of our plans. If no request exists, please fill out the following information.
+
+        Please do not request support or file bug reports and feature requests for existing plugins here.
+        - For support, please use the community support resources [here](https://grafana.com/help/).
+        - Please consider the `New Bug Report` or `Feature Requests` [issue templates](https://github.com/grafana/grafana/issues/new/choose) for other requests.
+  - type: textarea
+    id: background
+    attributes:
+      label: Background
+      description: Tell us about the service you would like to see integrated as a data source
+      placeholder: ACME_DB is an open source time-series database that is used by many organizations to store their metrics data. It is a popular choice for monitoring and observability.
+    validations:
+      required: true
+  - type: textarea
+    id: use_case
+    attributes:
+      label: Use case
+      description: Describe any key requirements or data you would need surfaced, ideally including why they are useful for you.
+      placeholder: My team uses ACME_DB as the application database to monitor our produciton workloads, so we'd like to alert on it and visualize ACME_DB data next to our logs and traces in Grafana.
+    validations:
+      required: true
+  - type: checkboxes
+    attributes:
+      label: Contribution
+      description: If you are interested in creating the data source yourself and contributing to the [plugin catalog](https://grafana.com/grafana/plugins/), please fill in the following
+      options:
+        - label: Are you looking to create the plugin?
+        - label: Are you affiliated with the project/product the data source integrates with?
+        - label: Does the plugin integrate with a commercial product?
--- a/.github/ISSUE_TEMPLATE/3-grafana_ui_component.md
+++ b/.github/ISSUE_TEMPLATE/3-grafana_ui_component.md
@@ -1,39 +0,0 @@
---
-name: '@grafana/ui component request'
-about: Suggest a component for the @grafana/ui package
-labels: 'area/grafana/ui'
---
-
-<!-- 
-By using this template you will make it easier for us to make sure that documentation and implementation stays up to date for every component in @grafana/ui
-
-Thank you!
-->
-
-**Why is this component needed**:
-<!-- Explain your use case -->
-___
- - [ ] Is/could it be used in more than one place in Grafana?
-
-**Where is/could it be used?**:
-
-___
- [ ] Post screenshots possible.
- [ ] It has a single use case.
- [ ] It is/could be used in multiple places.
-
-**Implementation** (Checklist meant for the person implementing the component)
-
- [ ] Component has a story in Storybook.
- [ ] Props and naming follows [our style guide](https://github.com/grafana/grafana/blob/main/contribute/style-guides/frontend.md).
- [ ] It is extendable (rest props are spread, styles with className work, and so on).
- [ ] Uses [theme for spacing, colors, and so on](https://github.com/grafana/grafana/blob/main/contribute/style-guides/themes.md).
- [ ] Works with both light and dark theme.
-
-**Documentation**
-
- [ ] Properties are documented.
- [ ] Use cases are described.
- [ ] Code examples for the different use cases.
- [ ] Dos and don'ts.
- [ ] Styling guidelines, specific color usage (if applicable).
--- a/.github/ISSUE_TEMPLATE/4-UX-design.yaml
+++ b/.github/ISSUE_TEMPLATE/4-UX-design.yaml
@@ -1,43 +0,0 @@
-name: UX design issue
-description: Create an issue for delivering wireframes, mockups or other design solutions.
-title: "UX: "
-labels: ["type/ux"]
-body:
-  - type: textarea
-    id: background
-    attributes:
-      label: "Background / Why we're doing this"
-      description: Describe the problem and background of the issue. This could include research insights that inform the design changes, unmet user needs, or other usability issues.
-      placeholder: Add UI improvements to make Grafana Alerting alert creation easier based on usability test results.
-    validations:
-      required: true
-  - type: dropdown
-    attributes:
-      label: Is there existing research for this?
-      description: Please link research results or insights in the Background section if you have any. If no research was conducted, you might want to consider usability testing your design later.
-      options: [
-        "Yes, I have linked it", 
-        "No research yet"
-      ]
-    validations:
-      required: true
-  - type: textarea
-    id: problems-or-tasks
-    attributes:
-      label: Problems or tasks
-      description: Describe problems the new design should solve or tasks the user needs to complete.
-      placeholder: 
-      value: |
-        - A problem we're trying to solve
-        - A task the user needs to accomplish
-        - …
-    validations:
-      required: false
-  - type: textarea
-    attributes:
-      label: Deliverables
-      description: Add a checklist of deliverables here. You can later add links to each deliverable.
-      value: |
-          - Figma mockup
-          - Miro board
-          - …
--- a/.github/ISSUE_TEMPLATE/4-staff_issues.md
+++ b/.github/ISSUE_TEMPLATE/4-staff_issues.md
--- a/.github/ISSUE_TEMPLATE/5-chore.md
+++ b/.github/ISSUE_TEMPLATE/5-chore.md
@@ -1,17 +0,0 @@
---
-name: Chore
-about: Create an issue for a chore needing completion
-labels: 'type: chore'
---
-
-<!--
-Please use this template to create your chore issue. You can use this template if you spot an out-of-date README, discover a misspelling, or happen upon a deeply nested 7-layer for-loop that could be better handled another way. Please use this template for your non-bug related fixes/updates/refactors.
-
- Questions should be posted to: https://community.grafana.com
- Use query inspector to troubleshoot issues: https://bit.ly/2XNF6YS
- How to record and attach gif: https://bit.ly/2Mi8T6K
-->
-
-**What is the chore?**:
-
-**Is there anything else we need to know?**:
--- a/.github/ISSUE_TEMPLATE/8-Saga_contribution.yaml
+++ b/.github/ISSUE_TEMPLATE/8-Saga_contribution.yaml
@@ -1,65 +0,0 @@
---
-name: Saga contribution template
-description: Contribute to the design system.
-title: "Saga: "
-labels:
-  - area/grafana/ui, design-system 
-body:
-  - type: markdown
-    attributes:
-      value: |
-        By using this template, you help expand our component and pattern solutions within the design system and let others reuse your work! You can contribute bug or design defect fixes, component, and pattern enhancements, or even net-new components! This template brings visibility to the great work everyone already does and in turn helps reduce duplicate efforts.
-        Thank you!
-  - type: checkboxes
-    attributes:
-      label: What type of contribution is this?
-      description: null
-      options:
-        - label: Fix - bug, design defect, typo, documentation conciseness
-        - label: Unification - combining similar components/patterns into a single
-            solution
-        - label: Proposal - net-new component, additions, variants
-    validations:
-      required: true
-  - type: textarea
-    id: background
-    attributes:
-      label: Why is this needed?
-      description: Explain the use case and where it can be used.
-      placeholder: null
-    validations:
-      required: true
-  - type: textarea
-    id: use_case
-    attributes:
-      label: Where is this or where can it be used?
-      description: Explain the current/future use case, be sure to include areas of impact
-      placeholder: null
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Deliverables
-      description: Add a checklist of deliverables here. You can later add links to
-        each deliverable.
-      value: |
-        - Figma mockup
-        - Storybook story
-        - …
-  - type: checkboxes
-    attributes:
-      label: Contribution guiding principles
-      description: Use this checklist of guiding principles to ensure your
-        contribution makes Grafana a better product
-      options:
-        - label: Universal - not specific to a single product feature; able to be used
-            product-wide
-        - label: Accessible - inclusive to all types of users and assistive tools
-        - label: Flexible - thoughtfully built and designed to solve various
-            configurations and situations
-        - label: Coherent - follows existing visual styling and patterns
-        - label: Defined - documented clearly and concisely for ease of understanding
-        - label: Distinct - solves a unique gap or problem that cannot be solved with
-            current solutions
-    validations:
-        required: false
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -47,4 +47,4 @@ Fixes #
 Please check that:
 - [ ] It works as expected from a user's perspective.
 - [ ] If this is a pre-GA feature, it is behind a feature toggle.
- [ ] The docs are updated, and if this is a [notable improvement](https://grafana.com/docs/writers-toolkit/writing-guide/contribute-release-notes/#how-to-determine-if-content-belongs-in-a-whats-new-document), it's added to our [What's New](https://grafana.com/docs/writers-toolkit/writing-guide/contribute-release-notes/) doc.
+- [ ] The docs are updated, and if this is a [notable improvement](https://grafana.com/docs/writers-toolkit/contribute/release-notes/#how-to-determine-if-content-belongs-in-whats-new), it's added to our [What's New](https://grafana.com/docs/writers-toolkit/contribute/release-notes/) doc.
--- a/.github/bot.md
+++ b/.github/bot.md
@@ -4,8 +4,8 @@ The bot is configured via [commands.json](https://github.com/grafana/grafana/blo

 Comment commands:

-* Write the word `/duplicate #<number>`  anywhere in a comment and the bot  will add the correct label and standard message.
-* Write the word `/needsMoreInfo`  anywhere in a comment and the bot will add the correct label and standard message.
+* Write the word `/duplicate #<number>` anywhere in a comment and the bot will add the correct label and standard message.
+* Write the word `/needsMoreInfo` anywhere in a comment and the bot will add the correct label and standard message.

 Label commands:

--- a/.github/commands.json
+++ b/.github/commands.json
@@ -1,198 +1,198 @@
 [
  {
-    "type":"label",
-    "name":"bot/question",
-    "addLabel":"type/question",
-    "removeLabel":"bot/question",
-    "action":"close",
-    "comment":"Please ask your question on [community.grafana.com/](https://community.grafana.com/). To avoid having your issue closed in the future, please read our [CONTRIBUTING](https://github.com/grafana/grafana/blob/main/CONTRIBUTING.md) guidelines.\n\nHappy graphing!"
+    "type": "label",
+    "name": "bot/question",
+    "addLabel": "type/question",
+    "removeLabel": "bot/question",
+    "action": "close",
+    "comment": "Please ask your question on [community.grafana.com/](https://community.grafana.com/). To avoid having your issue closed in the future, please read our [CONTRIBUTING](https://github.com/grafana/grafana/blob/main/CONTRIBUTING.md) guidelines.\n\nHappy graphing!"
  },
  {
-    "type":"comment",
-    "name":"duplicate",
-    "allowUsers":[],
-    "action":"close",
-    "addLabel":"type/duplicate"
+    "type": "comment",
+    "name": "duplicate",
+    "allowUsers": [],
+    "action": "close",
+    "addLabel": "type/duplicate"
  },
  {
-    "type":"label",
-    "name":"bot/duplicate",
-    "addLabel":"type/duplicate",
-    "removeLabel":"bot/duplicate",
-    "action":"close",
-    "comment":"Thanks for creating this issue! It looks like this has already been reported by another user. We’ve closed this in favor of the existing one. Please consider adding any details you think is missing to that issue.\n\nTo avoid having your issue closed in the future, please read our [CONTRIBUTING](https://github.com/grafana/grafana/blob/main/CONTRIBUTING.md) guidelines.\n\nHappy graphing!"
+    "type": "label",
+    "name": "bot/duplicate",
+    "addLabel": "type/duplicate",
+    "removeLabel": "bot/duplicate",
+    "action": "close",
+    "comment": "Thanks for creating this issue! It looks like this has already been reported by another user. We’ve closed this in favor of the existing one. Please consider adding any details you think is missing to that issue.\n\nTo avoid having your issue closed in the future, please read our [CONTRIBUTING](https://github.com/grafana/grafana/blob/main/CONTRIBUTING.md) guidelines.\n\nHappy graphing!"
  },
  {
-    "type":"comment",
-    "name":"needsMoreInfo",
-    "allowUsers":[],
-    "action":"updateLabels",
-    "addLabel":"bot/needs more info"
+    "type": "comment",
+    "name": "needsMoreInfo",
+    "allowUsers": [],
+    "action": "updateLabels",
+    "addLabel": "bot/needs more info"
  },
  {
-    "type":"label",
-    "name":"bot/needs more info",
-    "action":"updateLabels",
-    "addLabel":"needs more info",
-    "removeLabel":"bot/needs more info",
-    "comment":"Thanks for creating this issue! We think it's missing some basic information. \r\n\r\nFollow the issue template and add additional information that will help us replicate the problem. \r\nFor data visualization issues: \r\n- Query results from the inspect drawer (data tab & query inspector)\r\n- Panel settings can be extracted in the panel inspect drawer JSON tab\r\n\r\nFor dashboard related issues: \r\n- Dashboard JSON can be found in the dashboard settings JSON model view\r\n\r\nFor authentication, provisioning and alerting issues, Grafana server logs are useful. \r\n\r\nHappy graphing!"
+    "type": "label",
+    "name": "bot/needs more info",
+    "action": "updateLabels",
+    "addLabel": "needs more info",
+    "removeLabel": "bot/needs more info",
+    "comment": "Thanks for creating this issue! We think it's missing some basic information. \r\n\r\nFollow the issue template and add additional information that will help us replicate the problem. \r\nFor data visualization issues: \r\n- Query results from the inspect drawer (data tab & query inspector)\r\n- Panel settings can be extracted in the panel inspect drawer JSON tab\r\n\r\nFor dashboard related issues: \r\n- Dashboard JSON can be found in the dashboard settings JSON model view\r\n\r\nFor authentication, provisioning and alerting issues, Grafana server logs are useful. \r\n\r\nHappy graphing!"
  },
  {
-    "type":"label",
-    "name":"bot/no new info",
-    "action":"close",
-    "removeLabel":"needs more info",
-    "comment":"We've closed this issue since it needs more information and hasn't had any activity recently. We can re-open it after you you add more information. To avoid having your issue closed in the future, please read our [CONTRIBUTING](https://github.com/grafana/grafana/blob/main/CONTRIBUTING.md) guidelines.\n\nHappy graphing!"
+    "type": "label",
+    "name": "bot/no new info",
+    "action": "close",
+    "removeLabel": "needs more info",
+    "comment": "We've closed this issue since it needs more information and hasn't had any activity recently. We can re-open it after you you add more information. To avoid having your issue closed in the future, please read our [CONTRIBUTING](https://github.com/grafana/grafana/blob/main/CONTRIBUTING.md) guidelines.\n\nHappy graphing!"
  },
  {
-    "type":"label",
-    "name":"bot/close feature request",
-    "action":"close",
-    "addLabel":"not implemented",
-    "comment":"This feature request has been open for a long time with few received upvotes or comments, so we are closing it. We're trying to limit open GitHub issues in order to better track planned work and features.  \r\n\r\nThis doesn't mean that we'll never ever implement it or that we will never accept a PR for it. A closed issue can still attract upvotes and act as a ticket to track feature demand\/interest. \r\n\r\nThank You to you for taking the time to create this issue!"
+    "type": "label",
+    "name": "bot/close feature request",
+    "action": "close",
+    "addLabel": "not implemented",
+    "comment": "This feature request has been open for a long time with few received upvotes or comments, so we are closing it. We're trying to limit open GitHub issues in order to better track planned work and features.  \r\n\r\nThis doesn't mean that we'll never ever implement it or that we will never accept a PR for it. A closed issue can still attract upvotes and act as a ticket to track feature demand\/interest. \r\n\r\nThank You to you for taking the time to create this issue!"
  },
  {
-    "type":"label",
-    "name":"area/plugins-catalog",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/76"
+    "type": "label",
+    "name": "area/plugins-catalog",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/76"
    }
  },
  {
-    "type":"label",
-    "name":"type/docs",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/69"
+    "type": "label",
+    "name": "type/docs",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/69"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Azure",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/190"
+    "type": "label",
+    "name": "datasource/Azure",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/190"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/CloudWatch",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/97"
+    "type": "label",
+    "name": "datasource/CloudWatch",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/97"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/CloudWatch Logs",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/97"
+    "type": "label",
+    "name": "datasource/CloudWatch Logs",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/97"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/GoogleCloudMonitoring",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/190"
+    "type": "label",
+    "name": "datasource/GoogleCloudMonitoring",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/190"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Prometheus",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/112"
+    "type": "label",
+    "name": "datasource/Prometheus",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/112"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/InfluxDB",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/112"
+    "type": "label",
+    "name": "datasource/InfluxDB",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/190"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Graphite",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/112"
+    "type": "label",
+    "name": "datasource/Graphite",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/190"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/OpenTSDB",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/112"
+    "type": "label",
+    "name": "datasource/OpenTSDB",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/190"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Loki",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/203"
+    "type": "label",
+    "name": "datasource/Loki",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/203"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Tempo",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/221"
+    "type": "label",
+    "name": "datasource/Tempo",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/221"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/grafana-pyroscope",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/221"
+    "type": "label",
+    "name": "datasource/grafana-pyroscope",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/221"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Parca",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/221"
+    "type": "label",
+    "name": "datasource/Parca",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/221"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Elasticsearch",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/203"
+    "type": "label",
+    "name": "datasource/Elasticsearch",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/97"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Jaeger",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/221"
+    "type": "label",
+    "name": "datasource/Jaeger",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/221"
    }
  },
  {
-    "type":"label",
-    "name":"datasource/Zipkin",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/221"
+    "type": "label",
+    "name": "datasource/Zipkin",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/221"
    }
  },
  {
-    "type":"label",
-    "name":"area/explore",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/111"
+    "type": "label",
+    "name": "area/explore",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/111"
    }
  },
  {
@@ -371,14 +371,6 @@
      "url": "https://github.com/orgs/grafana/projects/56"
    }
  },
-  {
-    "type": "label",
-    "name": "area/panel/icon",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "label",
    "name": "area/panel/piechart",
@@ -440,10 +432,26 @@
    "name": "area/panel/table",
    "action": "addToProject",
    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/72"
+      "url": "https://github.com/orgs/grafana/projects/56"
    }
  },
-   {
+  {
+    "type": "label",
+    "name": "area/tooltip",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
+  {
+    "type": "label",
+    "name": "area/legend",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
+  {
    "type": "label",
    "name": "grafana program",
    "action": "addToProject",
@@ -451,4 +459,4 @@
      "url": "https://github.com/orgs/grafana/projects/471"
    }
  }
-]
+]
--- a/.github/issue-opened.json
+++ b/.github/issue-opened.json
@@ -1,9 +1,11 @@
 [
  {
    "type": "author",
-    "memberOf": { "org": "grafana" },
+    "memberOf": {
+      "org": "grafana"
+    },
    "noLabels": true,
    "addLabel": "internal",
    "comment": " please add one or more appropriate labels. Here are some tips:\r\n\r\n- if you are making an issue, TODO, or reminder for yourself or your team, please add one label that best describes the product or feature area. Please also add the issue to your project board. :rocket:\r\n\r\n- if you are making an issue for any other reason (docs typo, you found a bug, etc), please add at least one label that best describes the product or feature that you are discussing (e.g. `area/alerting`, `datasource/loki`, `type/docs`, `type/bug`, etc). [Our issue triage](https://github.com/grafana/grafana/blob/main/ISSUE_TRIAGE.md#3-categorizing-an-issue) doc also provides additional guidance on labeling. :rocket:\r\n\r\n Thank you! :heart:"
  }
-]
+]
--- a/.github/metrics-collector.json
+++ b/.github/metrics-collector.json
@@ -29,4 +29,4 @@
      "query": "is:open is:pull-request"
    }
  ]
-}
+}
--- a/.github/pr-checks.json
+++ b/.github/pr-checks.json
@@ -1,11 +1,4 @@
 [
-  {
-    "type": "check-milestone",
-    "title": "Milestone Check",
-    "targetUrl": "https://github.com/grafana/grafana/blob/main/contribute/merge-pull-request.md#assign-a-milestone",
-    "success": "Milestone set",
-    "failure": "Milestone not set"
-  },
  {
    "type": "check-changelog",
    "title": "Changelog Check",
@@ -27,4 +20,4 @@
    },
    "targetUrl": "https://github.com/grafana/grafana/blob/main/contribute/merge-pull-request.md#include-in-changelog-and-release-notes"
  }
-]
+]
--- a/.github/pr-commands.json
+++ b/.github/pr-commands.json
@@ -2,8 +2,8 @@
  {
    "type": "changedfiles",
    "matches": [
-        "docs/**/*",
-        "contribute/**/*"
+      "docs/**/*",
+      "contribute/**/*"
    ],
    "action": "updateLabel",
    "addLabel": "type/docs"
@@ -11,21 +11,21 @@
  {
    "type": "changedfiles",
    "matches": [
-        "public/**/*",
-        "packages/**/*",
-        "e2e/**/*",
-        "plugins-bundled/**/*",
-        "scripts/build/release-packages.sh",
-        "scripts/circle-release-next-packages.sh",
-        "scripts/ci-frontend-metrics.sh",
-        "scripts/grunt/**/*",
-        "scripts/webpack/**/*",
-        "package.json",
-        "tsconfig.json",
-        "lerna.json",
-        ".prettierrc.js",
-        ".eslintrc",
-        "**/*.mdx"
+      "public/**/*",
+      "packages/**/*",
+      "e2e/**/*",
+      "plugins-bundled/**/*",
+      "scripts/build/release-packages.sh",
+      "scripts/circle-release-next-packages.sh",
+      "scripts/ci-frontend-metrics.sh",
+      "scripts/grunt/**/*",
+      "scripts/webpack/**/*",
+      "package.json",
+      "tsconfig.json",
+      "lerna.json",
+      ".prettierrc.js",
+      ".eslintrc",
+      "**/*.mdx"
    ],
    "action": "updateLabel",
    "addLabel": "area/frontend"
@@ -33,11 +33,11 @@
  {
    "type": "changedfiles",
    "matches": [
-        "**/*.go",
-        "go.mod",
-        "go.sum",
-        "contribute/style-guides/backend.md",
-        "contribute/architecture/backend/**/*"
+      "**/*.go",
+      "go.mod",
+      "go.sum",
+      "contribute/style-guides/backend.md",
+      "contribute/architecture/backend/**/*"
    ],
    "action": "updateLabel",
    "addLabel": "area/backend"
@@ -45,15 +45,17 @@
  {
    "type": "changedfiles",
    "matches": [
-        "pkg/services/sqlstore/migrations/**/*",
-        "**/*_mig.go"
+      "pkg/services/sqlstore/migrations/**/*",
+      "**/*_mig.go"
    ],
    "action": "updateLabel",
    "addLabel": "area/backend/db/migration"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/features/explore/**/*"],
+    "matches": [
+      "public/app/features/explore/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/explore"
  },
@@ -82,384 +84,357 @@
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/azuremonitor/**/*", "pkg/tsdb/azuremonitor/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/azuremonitor/**/*",
+      "pkg/tsdb/azuremonitor/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Azure"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/cloud-monitoring/**/*", "pkg/tsdb/cloud-monitoring/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/cloud-monitoring/**/*",
+      "pkg/tsdb/cloud-monitoring/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/GoogleCloudMonitoring"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/cloudwatch/**/*", "pkg/tsdb/cloudwatch/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/cloudwatch/**/*",
+      "pkg/tsdb/cloudwatch/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/CloudWatch"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/elasticsearch/**/*", "pkg/tsdb/elasticsearch/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/elasticsearch/**/*",
+      "pkg/tsdb/elasticsearch/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Elasticsearch"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/graphite/**/*", "pkg/tsdb/graphite/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/graphite/**/*",
+      "pkg/tsdb/graphite/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Graphite"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/influxdb/**/*", "pkg/tsdb/influx/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/influxdb/**/*",
+      "pkg/tsdb/influx/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/InfluxDB"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/jaeger/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/jaeger/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Jaeger"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/loki/**/*", "pkg/tsdb/loki/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/loki/**/*",
+      "pkg/tsdb/loki/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Loki"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/mssql/**/*", "pkg/tsdb/mssql/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/mssql/**/*",
+      "pkg/tsdb/mssql/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/MSSQL"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/mysql/**/*", "pkg/tsdb/mysql/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/mysql/**/*",
+      "pkg/tsdb/mysql/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/MySQL"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/opentsdb/**/*", "pkg/tsdb/opentsdb/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/opentsdb/**/*",
+      "pkg/tsdb/opentsdb/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/OpenTSDB"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/parca/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/parca/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Parca"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/grafana-pyroscope-datasource/**/*", "pkg/tsdb/grafana-pyroscope-datasource/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/grafana-pyroscope-datasource/**/*",
+      "pkg/tsdb/grafana-pyroscope-datasource/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/grafana-pyroscope"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/grafana-postgresql-datasource/**/*", "pkg/tsdb/grafana-postgresql-datasource/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/grafana-postgresql-datasource/**/*",
+      "pkg/tsdb/grafana-postgresql-datasource/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Postgres"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/prometheus/**/*", "pkg/tsdb/prometheus/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/prometheus/**/*",
+      "pkg/tsdb/prometheus/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Prometheus"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/tempo/**/*", "pkg/tsdb/tempo/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/tempo/**/*",
+      "pkg/tsdb/tempo/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Tempo"
  },
  {
    "type": "changedfiles",
-    "matches": [ "public/app/plugins/datasource/zipkin/**/*"],
+    "matches": [
+      "public/app/plugins/datasource/zipkin/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "datasource/Zipkin"
  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/features/variables/**/*", "public/app/features/templating/**/*"],
+    "matches": [
+      "public/app/features/variables/**/*",
+      "public/app/features/templating/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/dashboard/templating"
  },
  {
    "type": "changedfiles",
-    "matches": ["/pkg/services/ngalert/**/*", "/pkg/services/sqlstore/migrations/ualert/**/*", "/pkg/services/alerting/**/*", "/public/app/features/alerting/**/*", "/pkg/tests/api/alerting/**/*"],
+    "matches": [
+      "/pkg/services/ngalert/**/*",
+      "/pkg/services/sqlstore/migrations/ualert/**/*",
+      "/pkg/services/alerting/**/*",
+      "/public/app/features/alerting/**/*",
+      "/pkg/tests/api/alerting/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/alerting"
  },
  {
    "type": "author",
    "name": "pr/external",
-    "notMemberOf": { "org": "grafana" },
-    "ignoreList": ["renovate[bot]","dependabot[bot]","grafana-delivery-bot[bot]","grafanabot"],
+    "notMemberOf": {
+      "org": "grafana"
+    },
+    "ignoreList": [
+      "renovate[bot]",
+      "dependabot[bot]",
+      "grafana-delivery-bot[bot]",
+      "grafanabot"
+    ],
    "action": "updateLabel",
    "addLabel": "pr/external"
  },
  {
-    "type":"label",
-    "name":"type/docs",
-    "action":"addToProject",
-    "addToProject":{
-      "url":"https://github.com/orgs/grafana/projects/69"
+    "type": "label",
+    "name": "type/docs",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/69"
    }
  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/candlestick/**/*"],
+    "matches": [
+      "public/app/plugins/panel/candlestick/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/candlestick"
  },
-  {
-    "type": "label",
-    "name": "area/panel/candlestick",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/canvas/**/*", "/public/app/features/canvas/**/*"],
+    "matches": [
+      "public/app/plugins/panel/canvas/**/*",
+      "/public/app/features/canvas/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/canvas"
  },
-  {
-    "type": "label",
-    "name": "area/panel/canvas",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/barchart/**/*"],
+    "matches": [
+      "public/app/plugins/panel/barchart/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/barchart"
  },
-  {
-    "type": "label",
-    "name": "area/panel/barchart",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/geomap/**/*", "/public/app/features/geo/**/*"],
+    "matches": [
+      "public/app/plugins/panel/geomap/**/*",
+      "/public/app/features/geo/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/geomap"
  },
-  {
-    "type": "label",
-    "name": "area/panel/geomap",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/graph/**/*", "/packages/grafana-ui/src/components/Graph/**/*", "/packages/grafana-ui/src/components/GraphNG/**/*"],
+    "matches": [
+      "public/app/plugins/panel/graph/**/*",
+      "/packages/grafana-ui/src/components/Graph/**/*",
+      "/packages/grafana-ui/src/components/GraphNG/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/graph"
  },
-  {
-    "type": "label",
-    "name": "area/panel/graph",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/heatmap/**/*"],
+    "matches": [
+      "public/app/plugins/panel/heatmap/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/heatmap"
  },
-  {
-    "type": "label",
-    "name": "area/panel/heatmap",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/histogram/**/*"],
+    "matches": [
+      "public/app/plugins/panel/histogram/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/histogram"
  },
-  {
-    "type": "label",
-    "name": "area/panel/histogram",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/state-timeline/**/*"],
+    "matches": [
+      "public/app/plugins/panel/state-timeline/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/state-timeline"
  },
-  {
-    "type": "label",
-    "name": "area/panel/state-timeline",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/status-history/**/*"],
+    "matches": [
+      "public/app/plugins/panel/status-history/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/status-history"
  },
-  {
-    "type": "label",
-    "name": "area/panel/status-history",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/timeseries/**/*", "/packages/grafana-ui/src/components/TimeSeries/**/*"],
+    "matches": [
+      "public/app/plugins/panel/timeseries/**/*",
+      "/packages/grafana-ui/src/components/TimeSeries/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/timeseries"
  },
-  {
-    "type": "label",
-    "name": "area/panel/timeseries",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/xychart/**/*"],
+    "matches": [
+      "public/app/plugins/panel/xychart/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/xychart"
  },
-  {
-    "type": "label",
-    "name": "area/panel/xychart",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/trend/**/*"],
+    "matches": [
+      "public/app/plugins/panel/trend/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/trend"
  },
-  {
-    "type": "label",
-    "name": "area/panel/trend",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["/packages/grafana-ui/src/components/VizLegend/**/*"],
+    "matches": [
+      "/packages/grafana-ui/src/components/VizLegend/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/legend"
  },
-  {
-    "type": "label",
-    "name": "area/legend",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["/packages/grafana-ui/src/components/VizTooltip/**/*", "public/app/feature/visualization/data-hover/**/*" ],
+    "matches": [
+      "/packages/grafana-ui/src/components/VizTooltip/**/*",
+      "public/app/feature/visualization/data-hover/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/tooltip"
  },
-  {
-    "type": "label",
-    "name": "area/tooltip",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/gauge/**/*", "/packages/grafana-ui/src/components/Gauge/**/*"],
+    "matches": [
+      "public/app/plugins/panel/gauge/**/*",
+      "/packages/grafana-ui/src/components/Gauge/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/gauge"
  },
-  {
-    "type": "label",
-    "name": "area/panel/gauge",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/bargauge/**/*", "/packages/grafana-ui/src/components/BarGauge/**/*"],
+    "matches": [
+      "public/app/plugins/panel/bargauge/**/*",
+      "/packages/grafana-ui/src/components/BarGauge/**/*"
+    ],
    "action": "updateLabel",
-    "addLabel": "area/panel/gauge"
-  },
-  {
-    "type": "label",
-    "name": "area/panel/bargauge",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
+    "addLabel": "area/panel/bargauge"
  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/stat/**/*"],
+    "matches": [
+      "public/app/plugins/panel/stat/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/stat"
  },
-  {
-    "type": "label",
-    "name": "area/panel/stat",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
-  },
  {
    "type": "changedfiles",
-    "matches": ["public/app/plugins/panel/piechart/**/*"],
+    "matches": [
+      "public/app/plugins/panel/piechart/**/*"
+    ],
    "action": "updateLabel",
    "addLabel": "area/panel/piechart"
  },
  {
-    "type": "label",
-    "name": "area/panel/piechart",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/56"
-    }
+    "type": "changedfiles",
+    "matches": [
+      "public/app/plugins/panel/table/**/*",
+      "/packages/grafana-ui/src/components/Table/**/*"
+    ],
+    "action": "updateLabel",
+    "addLabel": "area/panel/table"
  }
-]
+]
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -4,15 +4,20 @@
  ],
  "enabledManagers": ["npm"],
  "ignoreDeps": [
+    "@types/history", // this can be removed entirely when we upgrade history since v5 exposes types directly
    "history", // we should bump this together with react-router-dom (see https://github.com/grafana/grafana/issues/76744)
    "react-router-dom", // we should bump this together with history (see https://github.com/grafana/grafana/issues/76744)
    "loader-utils", // v3 requires upstream changes in ngtemplate-loader. ignore, and remove when we remove angular.
    "monaco-editor", // due to us exposing this via @grafana/ui/CodeEditor's props bumping can break plugins
    "@fingerprintjs/fingerprintjs", // we don't want to bump to v4 due to licensing changes
    "@swc/core", // versions ~1.4.5 contain multiple bugs related to baseUrl resolution breaking builds.
+    "slate", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
+    "slate-react", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
+    "@types/slate-react", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
+    "@types/slate" // we don't want to continue using this on the long run, use Monaco editor instead of Slate
  ],
  "includePaths": ["package.json", "packages/**", "public/app/plugins/**"],
-  "ignorePaths": ["emails/**", "plugins-bundled/**", "**/mocks/**", "packages/grafana-e2e/**"],
+  "ignorePaths": ["emails/**", "plugins-bundled/**", "**/mocks/**"],
  "labels": ["area/frontend", "dependencies", "no-changelog"],
  "postUpdateOptions": ["yarnDedupeHighest"],
  "packageRules": [
--- a/.github/workflows/actions/changelog/action.yml
+++ b/.github/workflows/actions/changelog/action.yml
@@ -0,0 +1,22 @@
+name: Changelog generator
+description: Generates and publishes a changelog for the given release version
+inputs:
+  target:
+    description: Target tag, branch or commit hash for the changelog
+    required: true
+  previous:
+    description: Previous tag, branch or commit hash to start changelog from
+    required: false
+  github_token:
+    description: GitHub token with read/write access to all necessary repositories
+    required: true
+  output_file:
+    description: A file to store resulting changelog markdown
+    required: false
+outputs:
+  changelog:
+    description: Changelog contents between the two given versions in Markdown format
+runs:
+  using: 'node20'
+  main: 'index.js'
+  
--- a/.github/workflows/actions/changelog/index.js
+++ b/.github/workflows/actions/changelog/index.js
@@ -0,0 +1,319 @@
+import { appendFileSync, writeFileSync } from 'fs';
+import { exec as execCallback } from 'node:child_process';
+import { promisify } from 'node:util';
+
+//
+// Github Action core utils: logging (notice + debug log levels), must escape
+// newlines and percent signs
+//
+const escapeData = (s) => s.replace(/%/g, '%25').replace(/\r/g, '%0D').replace(/\n/g, '%0A');
+const LOG = (msg) => console.log(`::notice::${escapeData(msg)}`);
+
+//
+// Semver utils: parse, compare, sort etc (using official regexp)
+// https://regex101.com/r/Ly7O1x/3/
+//
+const semverRegExp =
+  /^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/;
+
+const semverParse = (tag) => {
+  const m = tag.match(semverRegExp);
+  if (!m) {
+    return;
+  }
+  const [_, major, minor, patch, prerelease] = m;
+  return [+major, +minor, +patch, prerelease, tag];
+};
+
+// semverCompare takes two parsed semver tags and comparest them more or less
+// according to the semver specs
+const semverCompare = (a, b) => {
+  for (let i = 0; i < 3; i++) {
+    if (a[i] !== b[i]) {
+      return a[i] < b[i] ? 1 : -1;
+    }
+  }
+  if (a[3] !== b[3]) {
+    return a[3] < b[3] ? 1 : -1;
+  }
+  return 0;
+};
+
+// Using `git tag -l` output find the tag (version) that goes semantically
+// right before the given version. This might not work correctly with some
+// pre-release versions, which is why it's possible to pass previous version
+// into this action explicitly to avoid this step.
+const getPreviousVersion = async (version) => {
+  const exec = promisify(execCallback);
+  const { stdout } = await exec('git tag -l');
+  const prev = stdout
+    .split('\n')
+    .map(semverParse)
+    .filter((tag) => tag)
+    .sort(semverCompare)
+    .find((tag) => semverCompare(tag, semverParse(version)) > 0);
+  if (!prev) {
+    throw `Could not find previous git tag for ${version}`;
+  }
+  return prev[4];
+};
+
+// A helper for Github GraphQL API endpoint
+const graphql = async (ghtoken, query, variables) => {
+  const { env } = process;
+  const results = await fetch('https://api.github.com/graphql', {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${ghtoken}`,
+    },
+    body: JSON.stringify({ query, variables }),
+  });
+  const { data } = await results.json();
+  return data;
+};
+
+// Using Github GraphQL API find the timestamp for the given tag/commit hash.
+// This is required for PR listing, because Github API only takes date/time as
+// a "since" parameter while listing. Currently there is no way to provide two
+// "commitish" items and get a list of PRs in between them.
+const getCommitishDate = async (name, owner, target) => {
+  const result = await graphql(
+    ghtoken,
+    `
+      query getCommitDate($owner: String!, $name: String!, $target: String!) {
+        repository(owner: $owner, name: $name) {
+          object(expression: $target) {
+            ... on Commit {
+              committedDate
+            }
+          }
+        }
+      }
+    `,
+    { name, owner, target }
+  );
+  return result.repository.object.committedDate;
+};
+
+// Using Github GraphQL API get a list of PRs between the two "commitish" items.
+// This resoves the "since" item's timestamp first and iterates over all PRs
+// till "target" using naïve pagination.
+const getHistory = async (name, owner, target, sinceDate) => {
+  LOG(`Fetching ${owner}/${name} PRs since ${sinceDate} till ${target}`);
+  const query = `
+  query findCommitsWithAssociatedPullRequests(
+    $name: String!
+    $owner: String!
+    $target: String!
+    $sinceDate: GitTimestamp
+    $cursor: String
+  ) {
+    repository(name: $name, owner: $owner) {
+      object(expression: $target) {
+        ... on Commit {
+          history(first: 50, since: $sinceDate, after: $cursor) {
+            totalCount
+            pageInfo {
+              hasNextPage
+              endCursor
+            }
+            nodes {
+              id
+              associatedPullRequests(first: 1) {
+                nodes {
+                  title
+                  number
+                  labels(first: 10) {
+                    nodes {
+                      name
+                    }
+                  }
+                  commits(first: 1) {
+                    nodes {
+                      commit {
+                        author {
+                          user {
+                            login
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }`;
+
+  let cursor;
+  let nodes = [];
+  for (;;) {
+    const result = await graphql(ghtoken, query, {
+      name,
+      owner,
+      target,
+      sinceDate,
+      cursor,
+    });
+    LOG(`GraphQL: ${JSON.stringify(result)}`);
+    nodes = [...nodes, ...result.repository.object.history.nodes];
+    const { hasNextPage, endCursor } = result.repository.object.history.pageInfo;
+    if (!hasNextPage) {
+      break;
+    }
+    cursor = endCursor;
+  }
+  return nodes;
+};
+
+// The main function for this action: given two "commitish" items it gets a
+// list of PRs between them and filters/groups the PRs by category (bugfix,
+// feature, deprecation, breaking change and plugin fixes/enhancements).
+//
+// PR grouping relies on Github labels only, not on the PR contents.
+const getChangeLogItems = async (name, owner, sinceDate, to) => {
+  // check if a node contains a certain label
+  const hasLabel = ({ labels }, label) => labels.nodes.some(({ name }) => name === label);
+  // get all the PRs between the two "commitish" items
+  const history = await getHistory(name, owner, to, sinceDate);
+
+  const items = history.flatMap((node) => {
+    // discard PRs without a "changelog" label
+    const changes = node.associatedPullRequests.nodes.filter((PR) => hasLabel(PR, 'add to changelog'));
+    if (changes.length === 0) {
+      return [];
+    }
+    const item = changes[0];
+    const { number, url, labels } = item;
+    const title = item.title.replace(/^\[[^\]]+\]:?\s*/, '');
+    // for changelog PRs try to find a suitable category.
+    // Note that we can not detect "deprecation notices" like that
+    // as there is no suitable label yet.
+    const isBug = /fix/i.test(title) || hasLabel({ labels }, 'type/bug');
+    const isBreaking = hasLabel({ labels }, 'breaking change');
+    const isPlugin =
+      hasLabel({ labels }, 'area/grafana/ui') ||
+      hasLabel({ labels }, 'area/grafana/toolkit') ||
+      hasLabel({ labels }, 'area/grafana/runtime');
+    const author = item.commits.nodes[0].commit.author.user.login;
+    return {
+      repo: name,
+      number,
+      title,
+      author,
+      isBug,
+      isPlugin,
+      isBreaking,
+    };
+  });
+  return items;
+};
+
+// ======================================================
+//                 GENERATE CHANGELOG
+// ======================================================
+
+LOG(`Changelog action started`);
+
+const ghtoken = process.env.GITHUB_TOKEN || process.env.INPUT_GITHUB_TOKEN;
+if (!ghtoken) {
+  throw 'GITHUB_TOKEN is not set and "github_token" input is empty';
+}
+
+const target = process.argv[2] || process.env.INPUT_TARGET;
+LOG(`Target tag/branch/commit: ${target}`);
+
+const previous = process.argv[3] || process.env.INPUT_PREVIOUS || (await getPreviousVersion(target));
+
+LOG(`Previous tag/commit: ${previous}`);
+
+const sinceDate = await getCommitishDate('grafana', 'grafana', previous);
+LOG(`Previous tag/commit timestamp: ${sinceDate}`);
+
+// Get all changelog items from Grafana OSS
+const oss = await getChangeLogItems('grafana', 'grafana', sinceDate, target);
+// Get all changelog items from Grafana Enterprise
+const entr = await getChangeLogItems('grafana-enterprise', 'grafana', sinceDate, target);
+
+LOG(`Found OSS PRs: ${oss.length}`);
+LOG(`Found Enterprise PRs: ${entr.length}`);
+
+// Sort PRs and categorise them into sections
+const changelog = [...oss, ...entr]
+  .sort((a, b) => (a.title < b.title ? -1 : 1))
+  .reduce(
+    (changelog, item) => {
+      if (item.isPlugin) {
+        changelog.plugins.push(item);
+      } else if (item.isBug) {
+        changelog.bugfixes.push(item);
+      } else if (item.isBreaking) {
+        changelog.breaking.push(item);
+      } else {
+        changelog.features.push(item);
+      }
+      return changelog;
+    },
+    {
+      breaking: [],
+      plugins: [],
+      bugfixes: [],
+      features: [],
+    }
+  );
+
+// Convert PR numbers to Github links
+const pullRequestLink = (n) => `[#${n}](https://github.com/grafana/grafana/pull/${n})`;
+// Convert Github user IDs to Github links
+const userLink = (u) => `[@${u}](https://github.com/${u})`;
+
+// Now that we have a changelog - we can render some markdown as an output
+const markdown = (changelog) => {
+  // This convers a list of changelog items into a markdown section with a list of titles/links
+  const section = (title, items) =>
+    items.length === 0
+      ? ''
+      : `### ${title}
+
+${items
+  .map(
+    (item) =>
+      `- ${item.title.replace(/^([^:]*:)/gm, '**$1**')} ${
+        item.repo === 'grafana-enterprise'
+          ? '(Enterprise)'
+          : `${pullRequestLink(item.number)}, ${userLink(item.author)}`
+      }`
+  )
+  .join('\n')}
+  `;
+
+  // Render all present sections for the given changelog
+  return `${section('Features and enhancements', changelog.features)}
+${section('Bug fixes', changelog.bugfixes)}
+${section('Breaking changes', changelog.breaking)}
+${section('Plugin development fixes & changes', changelog.plugins)}
+`;
+};
+
+const md = markdown(changelog);
+
+// Print changelog, mostly for debugging
+LOG(`Resulting markdown: ${md}`);
+
+// Save changelog as an output for this action
+if (process.env.GITHUB_OUTPUT) {
+  LOG(`Output to ${process.env.GITHUB_OUTPUT}`);
+  appendFileSync(process.env.GITHUB_OUTPUT, `changelog<<EOF\n${escapeData(md)}\nEOF`);
+} else {
+  LOG('GITHUB_OUTPUT is not set');
+}
+
+// Save changelog as an output file (if requested)
+if (process.env.INPUT_OUTPUT_FILE) {
+  LOG(`Output to ${process.env.INPUT_OUTPUT_FILE}`);
+  writeFileSync(process.env.INPUT_OUTPUT_FILE, md);
+}
--- a/.github/workflows/actions/changelog/package.json
+++ b/.github/workflows/actions/changelog/package.json
@@ -0,0 +1,6 @@
+{
+  "name": "changelog",
+  "main": "index.js",
+  "type": "module",
+  "description": "changelog generator"
+}
--- a/.github/workflows/alerting-swagger-gen.yml
+++ b/.github/workflows/alerting-swagger-gen.yml
@@ -16,7 +16,7 @@ jobs:
      - name: Set go version
        uses: actions/setup-go@v4
        with:
-          go-version: '1.21.8'
+          go-version-file: go.mod
      - name: Build swagger
        run: |
          make -C pkg/services/ngalert/api/tooling post.json api.json
@@ -32,6 +32,6 @@ jobs:
          branch: update-alerting-swagger-spec
          delete-branch: true
          labels: 'area/alerting,type/docs,no-changelog'
-          team-reviewers: 'grafana/alerting-backend-product'
+          team-reviewers: 'grafana/alerting-backend'
          draft: false

--- a/.github/workflows/auto-milestone.yml
+++ b/.github/workflows/auto-milestone.yml
@@ -1,39 +1,27 @@
 name: Auto-milestone
 on:
-  pull_request:
+  pull_request_target:
    types:
      - opened
      - reopened
      - closed
+      - ready_for_review

+permissions:
+  pull-requests: write
+  contents: write
+
+# Note: this action runs with write permissions on GITHUB_TOKEN even from forks
+# so it must not run untrusted code (such as checking out the pull request)
 jobs:
-  config:
-    runs-on: "ubuntu-latest"
-    outputs:
-      has-secrets: ${{ steps.check.outputs.has-secrets }}
-    steps:
-      - name: "Check for secrets"
-        id: check
-        shell: bash
-        run: |
-          if [ -n "${{ (secrets.GRAFANA_DELIVERY_BOT_APP_ID != '' && secrets.GRAFANA_DELIVERY_BOT_APP_PEM != '') || '' }}" ]; then
-            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
-          fi
-
  main:
-    needs: config
-    if: needs.config.outputs.has-secrets
    runs-on: ubuntu-latest
+    if: github.event.pull_request.draft == false
    steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
-
+      # Note: Github will not trigger other actions from this because it uses
+      # the GITHUB_TOKEN token
      - name: Run auto-milestone
        uses: grafana/grafana-github-actions-go/auto-milestone@main
        with:
          pr: ${{ github.event.pull_request.number }}
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -10,24 +10,18 @@ jobs:
    if: github.repository == 'grafana/grafana'
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout Actions
+      - name: Checkout
        uses: actions/checkout@v4
-        with:
-          repository: "grafana/grafana-github-actions"
-          path: ./actions
-          ref: main
-      - name: Install Actions
-        run: npm install --production --prefix ./actions
      - name: "Generate token"
        id: generate_token
        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
        with:
          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - run: git config --global user.email '132647405+grafana-delivery-bot[bot]@users.noreply.github.com'
+      - run: git config --global user.name 'grafana-delivery-bot[bot]'
+      - run: git remote set-url origin "https://grafana-delivery-bot:${{ steps.generate_token.outputs.token }}@github.com/grafana/grafana.git"
      - name: Run backport
-        uses: ./actions/backport
+        uses: grafana/grafana-github-actions-go/backport@main
        with:
-          metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}}
          token: ${{ steps.generate_token.outputs.token }}
-          labelsToAdd: "backport"
-          title: "[{{base}}] {{originalTitle}}"
--- a/.github/workflows/bump-version.yml
+++ b/.github/workflows/bump-version.yml
@@ -5,74 +5,39 @@ on:
      version:
        description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
        required: true
-env:
-  YARN_ENABLE_IMMUTABLE_INSTALLS: false
+      push:
+        default: true
+        required: false
+      dry_run:
+        default: false
+        required: false
 jobs:
  main:
    runs-on: ubuntu-latest
    steps:
-      # This is a basic workflow to help you get started with Actions
-      - uses: actions-ecosystem/action-regex-match@v2.0.2
-        if: ${{ github.event.inputs.version != '' }}
-        id: regex-match
-        with:
-          text: ${{ github.event.inputs.version }}
-          regex: '^(\d+.\d+).\d+(?:-(?:(preview\d?)|(pre)))?$'
-      - uses: actions-ecosystem/action-regex-match@v2.0.2
-        if: ${{ inputs.version_call != '' }}
-        id: regex-match-version-call
-        with:
-          text: ${{ inputs.version_call }}
-          regex: '^(\d+.\d+).\d+(?:-(?:(preview\d?)|(pre)))?$'
-      - name: Validate input version
-        if: ${{ steps.regex-match.outputs.match == '' && github.event.inputs.version != '' }}
-        run: |
-          echo "The input version format is not correct, please respect:\
-          major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. \
-          example: 7.4.3, 7.4.3-preview or 7.4.3-preview1"
-          exit 1
-      - name: Validate input version call
-        if: ${{ inputs.version_call != '' && steps.regex-match-version-call.outputs.match == '' }}
-        run: |
-          echo "The input version format is not correct, please respect:\
-          major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. \
-          example: 7.4.3, 7.4.3-preview or 7.4.3-preview1"
-          exit 1
-
-      - uses: actions/checkout@v4
-
-      - name: Set intermedia variables
-        id: intermedia
-        run: |
-          echo "short_ref=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
-          echo "check_passed=false" >> $GITHUB_OUTPUT
-          echo "branch_name=v${{steps.regex-match.outputs.group1}}" >> $GITHUB_OUTPUT
-          echo "branch_exist=$(git ls-remote --heads https://github.com/grafana/grafana.git v${{ steps.regex-match.outputs.group1 }}.x | wc -l)" >> $GITHUB_OUTPUT
-
-      - name: Checkout Actions
+      - name: Checkout Grafana
        uses: actions/checkout@v4
+      - name: Update package.json versions
+        uses: ./pkg/build/actions/bump-version
        with:
-          repository: "grafana/grafana-github-actions"
-          path: ./actions
-          ref: main
-      # Go is required for also updating the schema versions as part of the precommit hook:
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '1.20'
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '18'
-      - name: Install Actions
-        run: npm install --production --prefix ./actions
-      - name: "Generate token"
+          version: ${{ inputs.version }}
+      - if: ${{ inputs.push }}
+        name: Generate token
        id: generate_token
        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
        with:
          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
-      - name: Run bump version (manually invoked)
-        uses: ./actions/bump-version
-        with:
-          token: ${{ steps.generate_token.outputs.token }}
-          metricsWriteAPIKey: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
-          precommit_make_target: gen-cue
+      - if: ${{ inputs.push }}
+        name: Push & Create PR
+        run: |
+          git config --local user.name "github-actions[bot]"
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local --add --bool push.autoSetupRemote true
+          git checkout -b "bump-version/${{ github.run_id }}/${{ inputs.version }}"
+          git add .
+          git commit -m "bump version ${{ inputs.version }}"
+          git push
+          gh pr create --dry-run=${{ inputs.dry_run }} -l "type/ci" -l "no-changelog" -B "${{ github.ref_name }}" --title "Release: Bump version to ${{ inputs.version }}" --body "Updated version to ${{ inputs.version }}"
+        env:
+          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@@ -0,0 +1,139 @@
+name: Generate changelog
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+        description: 'Target release version (semver, git tag, branch or commit)'
+      target:
+        required: true
+        type: string
+        description: 'The base branch that these changes are being merged into'
+      dry_run:
+        required: false
+        default: false
+        type: boolean
+      latest:
+        required: false
+        default: false
+        type: boolean
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID:
+        required: true
+      GRAFANA_DELIVERY_BOT_APP_PEM:
+        required: true
+
+  workflow_dispatch:
+    inputs:
+      version:
+        type: string
+        required: true
+        description: 'Target release version (semver, git tag, branch or commit)'
+      target:
+        required: true
+        type: string
+        description: 'The base branch that these changes are being merged into'
+      dry_run:
+        required: false
+        default: false
+        type: boolean
+      latest:
+        required: false
+        default: false
+        type: boolean
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: "Checkout Grafana repo"
+        uses: "actions/checkout@v4"
+        with:
+          ref: main
+          sparse-checkout: |
+            .github/workflows
+            CHANGELOG.md
+            .nvmrc
+            .prettierignore
+            .prettierrc.js
+          fetch-depth: 0
+          fetch-tags: true
+      - name: Setup nodejs environment
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+      - name: "Configure git user"
+        run: |
+          git config --local user.name "github-actions[bot]"
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local --add --bool push.autoSetupRemote true
+      - name: "Create branch"
+        run: git checkout -b "changelog/${{ github.run_id }}/${{ inputs.version }}"
+      - name: "Generate changelog"
+        id: changelog
+        uses: ./.github/workflows/actions/changelog
+        with:
+          github_token: ${{ steps.generate_token.outputs.token }}
+          target: v${{ inputs.version }}
+          output_file: changelog_items.md
+      - name: "Patch CHANGELOG.md"
+        run: |
+          # Prepare CHANGELOG.md content with version delimiters
+          (
+            echo
+            echo "# ${{ inputs.version}} ($(date '+%F'))"
+            echo
+            cat changelog_items.md
+          ) > CHANGELOG.part
+
+          # Check if a version exists in the changelog
+          if grep -q "<!-- ${{ inputs.version}} START" CHANGELOG.md ; then
+            # Replace the content between START and END delimiters
+            echo "Version ${{ inputs.version }} is found in the CHANGELOG.md, patching contents..."
+            sed -i -e '/${{ inputs.version }} START/,/${{ inputs.version }} END/{//!d;}' \
+                   -e '/${{ inputs.version }} START/r CHANGELOG.part' CHANGELOG.md
+          else
+            # Prepend changelog part to the main changelog file
+            echo "Version ${{ inputs.version }} not found in the CHANGELOG.md"
+            (
+              echo "<!-- ${{ inputs.version }} START -->"
+              cat CHANGELOG.part
+              echo "<!-- ${{ inputs.version }} END -->"
+              cat CHANGELOG.md
+            ) > CHANGELOG.tmp
+            mv CHANGELOG.tmp CHANGELOG.md
+          fi
+
+          git diff CHANGELOG.md
+
+      - name: "Prettify CHANGELOG.md"
+        run: npx prettier --write CHANGELOG.md
+      - name: "Commit changelog changes"
+        run: git add CHANGELOG.md && git commit --allow-empty -m "Update changelog" CHANGELOG.md
+      - name: "git push"
+        if: ${{ inputs.dry_run }} != true
+        run: git push
+      - name: "Create changelog PR"
+        run: >
+          gh pr create \
+            --dry-run=${{ inputs.dry_run }} \
+            --label "no-backport" \
+            --label "no-changelog" \
+            -B "${{ inputs.target }}" \
+            --title "Release: update changelog for ${{ inputs.version }}" \
+            --body "Changelog changes for release ${{ inputs.version }}"
+        env:
+          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -25,6 +25,7 @@ jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
+    if: github.repository == 'grafana/grafana'

    strategy:
      fail-fast: false
@@ -47,7 +48,7 @@ jobs:
      name: Set go version
      uses: actions/setup-go@v4
      with:
-        go-version: '1.21.8'
+        go-version-file: go.mod

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
@@ -67,4 +68,3 @@ jobs:

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
-      if: github.repository == 'grafana/grafana'
--- a/.github/workflows/community-release.yml
+++ b/.github/workflows/community-release.yml
@@ -1,25 +1,46 @@
 name: Create community release post
 on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        required: true
+        description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
+      dry_run:
+        type: boolean
+        required: false
+        default: false
+        description: When enabled, this workflow will print a preview instead of creating an actual post.
+    secrets:
+      GRAFANA_MISC_STATS_API_KEY:
+        required: true
+      GRAFANABOT_FORUM_KEY:
+        required: true
  workflow_dispatch:
    inputs:
      version:
+        type: string
        required: true
        description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
+      dry_run:
+        type: boolean
+        required: false
+        default: false
+        description: When enabled, this workflow will print a preview instead of creating an actual post.
+
+permissions:
+  contents: read
+
 jobs:
  main:
    runs-on: ubuntu-latest
    steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
      - name: Run community-release (manually invoked)
        uses: grafana/grafana-github-actions-go/community-release@main
        with:
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{ secrets.GITHUB_TOKEN }}
          version: ${{ inputs.version }}
          metrics_api_key: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
          community_api_key: ${{ secrets.GRAFANABOT_FORUM_KEY }}
          community_api_username: grafanabot
+          dry_run: ${{ inputs.dry_run }}
--- a/.github/workflows/create-next-release-branch.yml
+++ b/.github/workflows/create-next-release-branch.yml
@@ -0,0 +1,53 @@
+name: Create next release branch
+on:
+  workflow_call:
+    inputs:
+      ownerRepo:
+        type: string
+        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
+        required: true
+      source:
+        description: The release branch to increment (eg providing `release-11.2.3` will result in `release-11.2.4` being created)
+        type: string
+        required: true
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID:
+        required: true
+      GRAFANA_DELIVERY_BOT_APP_PEM:
+        required: true
+    outputs:
+      branch:
+        description: The new branch that was created
+        value: ${{ jobs.main.outputs.branch }}
+  workflow_dispatch:
+    inputs:
+      ownerRepo:
+        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
+      source:
+        description: The release branch to increment (eg providing `release-11.2.3` will result in `release-11.2.4` being created)
+        type: string
+        required: true
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID:
+        required: true
+      GRAFANA_DELIVERY_BOT_APP_PEM:
+        required: true
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    outputs:
+      branch: ${{ steps.branch.outputs.branch }}
+    steps:
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: Create release branch
+        id: branch
+        uses: grafana/grafana-github-actions-go/bump-release@main
+        with:
+          ownerRepo: ${{ inputs.ownerRepo }}
+          source: ${{ inputs.source }}
+          token: ${{ steps.generate_token.outputs.token }}
--- a/.github/workflows/create-security-patch-from-security-mirror.yml
+++ b/.github/workflows/create-security-patch-from-security-mirror.yml
@@ -11,6 +11,7 @@ on:
    branches:
      - "main"
      - "v*.*.*"
+      - "release-*.*.*"

 # This is run before the pull request has been merged, so we'll run against the src branch
 jobs:
--- a/.github/workflows/detect-breaking-changes-levitate.yml
+++ b/.github/workflows/detect-breaking-changes-levitate.yml
@@ -110,6 +110,9 @@ jobs:
    needs: ['buildPR', 'buildBase']
    env:
      GITHUB_STEP_NUMBER: 8
+    permissions:
+      contents: 'read'
+      id-token: 'write'

    steps:
      - uses: actions/checkout@v4
@@ -133,6 +136,29 @@ jobs:
      - name: Unzip artifact from base
        run: unzip -j base_built_packages.zip -d ./base && rm base_built_packages.zip

+      - id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
+          service_account: ${{ secrets.LEVITATE_SA }}
+
+      - name: 'Set up Cloud SDK'
+        uses: 'google-github-actions/setup-gcloud@v2'
+        with:
+          version: '>= 363.0.0'
+          project_id: 'grafanalabs-global'
+          install_components: 'bq'
+
+        # This step is needed to generate a detailed levitate report
+      - name: Set up gcloud project
+        run: |
+          unset CLOUDSDK_CORE_PROJECT
+          unset GCLOUD_PROJECT
+          unset GCP_PROJECT
+          unset GOOGLE_CLOUD_PROJECT
+
+          gcloud config set project grafanalabs-global
+
      - name: Get link for the Github Action job
        id: job
        uses: actions/github-script@v6
@@ -253,7 +279,7 @@ jobs:
      - name: Post to Slack
        id: slack
        if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && env.HAS_SECRETS
-        uses: slackapi/slack-github-action@v1.24.0
+        uses: slackapi/slack-github-action@v1.26.0
        with:
          payload: |
            {
--- a/.github/workflows/doc-validator.yml
+++ b/.github/workflows/doc-validator.yml
@@ -1,13 +1,18 @@
 name: "doc-validator"
 on:
-  pull_request:
-    paths: ["docs/sources/**"]
  workflow_dispatch:
+    inputs:
+      include:
+        description: |
+          Regular expression that matches paths to include in linting.
+
+          For example: docs/sources/(?:alerting|fundamentals)/.+\.md
+        required: true
 jobs:
  doc-validator:
    runs-on: "ubuntu-latest"
    container:
-      image: "grafana/doc-validator:v4.1.1"
+      image: "grafana/doc-validator:v5.2.0"
    steps:
      - name: "Checkout code"
        uses: "actions/checkout@v4"
@@ -15,15 +20,7 @@ jobs:
        # Only run doc-validator on specific directories.
        run: >
          doc-validator
-          '--include=^docs/sources/(?:alerting|fundamentals|getting-started|introduction|setup-grafana|upgrade-guide|whatsnew/whats-new-in-v(?:9|10))/.+\.md$'
+          '--include=${{ inputs.include }}'
          '--skip-checks=^(?:image.+|canonical-does-not-match-pretty-URL)$'
          ./docs/sources
          /docs/grafana/latest
-          | reviewdog
-          -f=rdjsonl
-          --fail-on-error
-          --filter-mode=nofilter
-          --name=doc-validator
-          --reporter=github-pr-review
-        env:
-          REVIEWDOG_GITHUB_API_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/ephemeral-instances-pr-comment.yml
+++ b/.github/workflows/ephemeral-instances-pr-comment.yml
@@ -1,7 +1,9 @@
-name: 'Ephemeral instances: PR comment'
+name: 'Ephemeral instances'
 on:
  issue_comment:
    types: [created]
+  pull_request:
+    types: [closed]
 jobs:
  config:
    runs-on: "ubuntu-latest"
@@ -26,18 +28,11 @@ jobs:
  handle-pull-request-event:
    needs: config
    if: needs.config.outputs.has-secrets &&
-        github.event.sender.type == 'User' &&
-        github.event.issue.pull_request &&
-        startsWith(github.event.comment.body, '/deploy-to-hg')
+        ${{ github.event.issue.pull_request && (startsWith(github.event.comment.body, '/deploy-to-hg') || github.event.action == 'closed') }}
    runs-on:
      labels: ubuntu-latest-8-cores
    continue-on-error: true
    steps:
-      - name: Setup Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '>=1.20'
-
      - name: Generate a GitHub app installation token
        id: generate_token
        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
@@ -53,21 +48,14 @@ jobs:
          ref: main
          path: ephemeral

-      - name: Run action
-        env:
-          GITHUB_EVENT: ${{ toJson(github.event)}}
-        run: |
-          GRAFANA_VERSION=10.1.0
-
-          cd $GITHUB_WORKSPACE/ephemeral/src
-          go run . \
-            -GITHUB_TOKEN="${{ steps.generate_token.outputs.token }}" \
-            -GITHUB_EVENT="$GITHUB_EVENT" \
-            -GITHUB_TRIGGERING_ACTOR="${{ github.triggering_actor }}" \
-            -GCOM_HOST="${{ secrets.EI_GCOM_HOST }}" \
-            -GCOM_TOKEN="${{ secrets.EI_GCOM_TOKEN }}" \
-            -HOSTED_GRAFANA_IMAGE_TAG="$GRAFANA_VERSION-ephemeral-oss-${{ github.event.issue.number}}-${{ github.run_number }}-${{ github.run_attempt }}" \
-            -REGISTRY="${{ secrets.EI_EPHEMERAL_INSTANCES_REGISTRY }}" \
-            -GRAFANA_VERSION="$GRAFANA_VERSION" \
-            -GCP_SERVICE_ACCOUNT_KEY_BASE64="${{ secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 }}" \
-            -EPHEMERAL_ORG_ID="${{ secrets.EI_EPHEMERAL_ORG_ID }}" || true
+      - name: build and deploy ephemeral instance
+        uses: ./ephemeral
+        with:
+          github-token:  ${{ steps.generate_token.outputs.token }}
+          gcom-host: ${{ secrets.EI_GCOM_HOST }}
+          gcom-token: ${{ secrets.EI_GCOM_TOKEN }}
+          registry: "${{ secrets.EI_EPHEMERAL_INSTANCES_REGISTRY }}"
+          gcp-service-account-key: "${{ secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 }}"
+          ephemeral-org-id: "${{ secrets.EI_EPHEMERAL_ORG_ID }}"
+          oss-or-enterprise: oss
+          verbose: true
--- a/.github/workflows/ephemeral-instances-pr-opened-closed.yml
+++ b/.github/workflows/ephemeral-instances-pr-opened-closed.yml
@@ -1,69 +0,0 @@
-name: 'Ephemeral instances: PR opened/closed'
-on:
-  pull_request:
-      types: [opened, reopened, closed]
-jobs:
-  config:
-    runs-on: "ubuntu-latest"
-    outputs:
-      has-secrets: ${{ steps.check.outputs.has-secrets }}
-    steps:
-      - name: "Check for secrets"
-        id: check
-        shell: bash
-        run: |
-          if [ -n "${{ (secrets.EI_APP_ID != '' &&
-                        secrets.EI_APP_PRIVATE_KEY != '' &&
-                        secrets.EI_GCOM_HOST != '' &&
-                        secrets.EI_GCOM_TOKEN != '' &&
-                        secrets.EI_EPHEMERAL_INSTANCES_REGISTRY != '' &&
-                        secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 != '' &&
-                        secrets.EI_EPHEMERAL_ORG_ID != ''
-                        ) || '' }}" ]; then
-            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
-          fi
-
-  handle-pull-request-event:
-    needs: config
-    if: needs.config.outputs.has-secrets
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    steps:
-      - name: Setup Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: '>=1.20'
-
-      - name: Generate a GitHub app installation token
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.EI_APP_ID }}
-          private_key: ${{ secrets.EI_APP_PRIVATE_KEY }}
-
-      - name: Checkout ephemeral instances repository
-        uses: actions/checkout@v4
-        with:
-          repository: grafana/ephemeral-grafana-instances-github-action
-          token: ${{ steps.generate_token.outputs.token }}
-          ref: main
-          path: ephemeral
-
-      - name: Run action
-        env:
-          GITHUB_EVENT: ${{ toJson(github.event)}}
-        run: |
-          GRAFANA_VERSION=10.1.0
-
-          cd $GITHUB_WORKSPACE/ephemeral/src
-          go run . \
-            -GITHUB_TOKEN="${{ steps.generate_token.outputs.token }}" \
-            -GITHUB_EVENT="$GITHUB_EVENT" \
-            -GITHUB_TRIGGERING_ACTOR="${{ github.triggering_actor }}" \
-            -GCOM_HOST="${{ secrets.EI_GCOM_HOST }}" \
-            -GCOM_TOKEN="${{ secrets.EI_GCOM_TOKEN }}" \
-            -HOSTED_GRAFANA_IMAGE_TAG="unused" \
-            -REGISTRY="${{ secrets.EI_EPHEMERAL_INSTANCES_REGISTRY }}" \
-            -GRAFANA_VERSION="$GRAFANA_VERSION" \
-            -GCP_SERVICE_ACCOUNT_KEY_BASE64="${{ secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 }}" \
-            -EPHEMERAL_ORG_ID="${{ secrets.EI_EPHEMERAL_ORG_ID }}" || true
--- a/.github/workflows/feature-toggle-cleanup.yml
+++ b/.github/workflows/feature-toggle-cleanup.yml
@@ -1,28 +0,0 @@
-name: Feature Toggle Cleanup
-
-on:
-  workflow_dispatch:
-  schedule:
-      # * is a special character in YAML so you have to quote this string
-      - cron:  '30 10 * * *'
-jobs:
-    feature-toggle-cleanup:
-        runs-on: ubuntu-latest
-        # This check is here to prevent this workflow from running on forks.    
-        if: github.repository == 'grafana/grafana'
-        steps:
-            - name: Check out the code
-              uses: actions/checkout@v3
-            - uses: actions/setup-node@v4
-              with:
-                node-version: "20.x"
-            - run: npm install csv-parse
-            - name: Parse CVS file to see which Feature Toggles should be notified about
-              id: parse-csv-file
-              uses: actions/github-script@v7
-              env:
-                    FEATURE_TOGGLES_CSV_FILE_PATH: "pkg/services/featuremgmt/toggles_gen.csv"
-              with:
-                    script: |
-                        const { default: cleanupFeatureFlags } = await import('${{ github.workspace }}/.github/workflows/scripts/feature-toggle-cleanup/feature-toggle-cleanup.mjs')                        
-                        await cleanupFeatureFlags({github, context, core})
--- a/.github/workflows/github-release.yml
+++ b/.github/workflows/github-release.yml
@@ -1,27 +1,49 @@
 name: Create or update GitHub release
 on:
+  workflow_call:
+    inputs:
+      version:
+        required: true
+        description: Needs to match, exactly, the name of a milestone (NO v prefix)
+        type: string
+      latest:
+        required: false
+        default: "0"
+        description: Mark this release as latest (`1`) or not (`0`, default)
+        type: string
+      dry_run:
+        required: false
+        default: false
+        type: boolean
  workflow_dispatch:
    inputs:
      version:
        required: true
        description: Needs to match, exactly, the name of a milestone (NO v prefix)
+        type: string
      latest:
        required: false
+        default: "0"
        description: Mark this release as latest (`1`) or not (`0`, default)
+        type: string
+      dry_run:
+        required: false
+        default: false
+        type: boolean
+
+permissions:
+  # contents: write allows the action(s) to create github releases
+  contents: write
+
 jobs:
  main:
    runs-on: ubuntu-latest
    steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
      - name: Create GitHub release (manually invoked)
        uses: grafana/grafana-github-actions-go/github-release@main
        with:
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{ secrets.GITHUB_TOKEN }}
          version: ${{ inputs.version }}
          metrics_api_key: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
          latest: ${{ inputs.latest }}
+          dry_run: ${{ inputs.dry_run }}
--- a/.github/workflows/go-lint.yml
+++ b/.github/workflows/go-lint.yml
@@ -0,0 +1,30 @@
+name: golangci-lint
+on:
+  push:
+    paths:
+      - pkg/**
+      - .github/workflows/go-lint.yml
+      - go.*
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  lint-go:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+      - run: make gen-go
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.64.2
+          args: |
+            --verbose $(go list -m -f '{{.Dir}}' | xargs -I{} sh -c 'test ! -f {}/.nolint && echo {}/...')
+          install-mode: binary
--- a/.github/workflows/i18n-crowdin-download.yml
+++ b/.github/workflows/i18n-crowdin-download.yml
@@ -18,6 +18,13 @@ jobs:
        with:
          ref: ${{ github.head_ref }}

+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_PEM }}
+
      - name: Download sources
        id: crowdin-download
        uses: crowdin/github-action@v1
@@ -53,18 +60,10 @@ jobs:
          github_user_name: "github-actions[bot]"
          github_user_email: "41898282+github-actions[bot]@users.noreply.github.com"
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

-      - name: Generate token
-        if: steps.crowdin-download.outputs.pull_request_url
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_PEM }}
-
      - name: Get pull request ID
        if: steps.crowdin-download.outputs.pull_request_url
        shell: bash
@@ -74,7 +73,7 @@ jobs:
          pr_id=$(gh pr view ${{ steps.crowdin-download.outputs.pull_request_url }} --json id -q .id)
          echo "PULL_REQUEST_ID=$pr_id" >> "$GITHUB_ENV"
        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}

      - name: Get project board ID
        uses: octokit/graphql-action@v2.x
@@ -110,7 +109,6 @@ jobs:
                }
              }
            }
-
        env:
          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}

@@ -119,4 +117,4 @@ jobs:
        if: steps.crowdin-download.outputs.pull_request_url
        with:
          pr: ${{ steps.crowdin-download.outputs.pull_request_number }}
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.generate_token.outputs.token }}
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@@ -86,7 +86,7 @@ jobs:

      - name: "Send Slack notification"
        if: ${{ (env.CHANNEL != 'null') && ((env.USER_FOUND == 'false') || (env.TEAM != 'null')) }}
-        uses: slackapi/slack-github-action@v1.24.0
+        uses: slackapi/slack-github-action@v1.26.0
        with:
          payload: >
            {
--- a/.github/workflows/migrate-prs.yml
+++ b/.github/workflows/migrate-prs.yml
@@ -0,0 +1,60 @@
+name: Migrate open PRs
+# Migrate open PRs from a superseded release branch to the current release branch and notify authors
+on: 
+  workflow_call:
+    inputs:
+      from:
+        description: 'The base branch to check for open PRs'
+        required: true
+        type: string
+      to:
+        description: 'The base branch to migrate open PRs to'
+        required: true
+        type: string
+      ownerRepo:
+        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
+        required: true
+        type: string
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID:
+        required: true
+      GRAFANA_DELIVERY_BOT_APP_PEM:
+        required: true
+  workflow_dispatch:
+    inputs:
+      from:
+        description: 'The base branch to check for open PRs'
+        required: true
+        type: string
+      to:
+        description: 'The base branch to migrate open PRs to'
+        required: true
+        type: string
+      ownerRepo:
+        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
+        required: true
+        type: string
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID:
+        required: true
+      GRAFANA_DELIVERY_BOT_APP_PEM:
+        required: true
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: Migrate PRs
+        uses: grafana/grafana-github-actions-go/migrate-open-prs@main
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          ownerRepo: ${{ inputs.ownerRepo }}
+          from: ${{ inputs.from }}
+          to: ${{ inputs.to }}
+          binary_release_tag: 'dev'
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -9,6 +9,7 @@ on:
      - labeled
      - unlabeled
      - edited
+      - auto_merge_enabled
  issues:
    types:
      - milestoned
--- a/.github/workflows/pr-codeql-analysis-go.yml
+++ b/.github/workflows/pr-codeql-analysis-go.yml
@@ -14,6 +14,7 @@ jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
+    if: github.repository == 'grafana/grafana'

    steps:
    - name: "Generate token"
@@ -35,7 +36,7 @@ jobs:
    - name: Set go version
      uses: actions/setup-go@v4
      with:
-        go-version: '1.21.8'
+        go-version-file: go.mod

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
@@ -50,4 +51,3 @@ jobs:

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
-      if: github.repository == 'grafana/grafana'
--- a/.github/workflows/pr-codeql-analysis-javascript.yml
+++ b/.github/workflows/pr-codeql-analysis-javascript.yml
@@ -16,6 +16,7 @@ jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
+    if: github.repository == 'grafana/grafana'

    steps:
    - name: Checkout repository
@@ -33,4 +34,3 @@ jobs:

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
-      if: github.repository == 'grafana/grafana'
--- a/.github/workflows/pr-codeql-analysis-python.yml
+++ b/.github/workflows/pr-codeql-analysis-python.yml
@@ -14,6 +14,7 @@ jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
+    if: github.repository == 'grafana/grafana'

    steps:
    - name: Checkout repository
@@ -31,4 +32,3 @@ jobs:

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
-      if: github.repository == 'grafana/grafana'
--- a/.github/workflows/pr-go-workspace-check.yml
+++ b/.github/workflows/pr-go-workspace-check.yml
@@ -0,0 +1,33 @@
+name: "Go Workspace Check"
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [main]
+
+jobs:
+  check:
+    name: Go Workspace Check
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set go version
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: go.mod
+
+    - name: Update workspace
+      run: make update-workspace
+
+    - name: Check for go mod & workspace changes 
+      run: |
+        if ! git diff --exit-code --quiet; then
+          echo "Changes detected:"
+          git diff
+          echo "Please run 'make update-workspace' and commit the changes."
+          echo "If there is a change in enterprise dependencies, please update pkg/extensions/main.go."
+          exit 1
+        fi
--- a/.github/workflows/pr-patch-check-event.yml
+++ b/.github/workflows/pr-patch-check-event.yml
@@ -0,0 +1,58 @@
+# Owned by grafana-delivery-squad
+# Intended to be dropped into the base repo Ex: grafana/grafana
+name: Dispatch check for patch conflicts
+run-name: dispatch-check-patch-conflicts-${{ github.base_ref }}-${{ github.head_ref }}
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - "main"
+      - "v*.*.*"
+      - "release-*"
+
+# Since this is run on a pull request, we want to apply the patches intended for the
+# target branch onto the source branch, to verify compatibility before merging.
+jobs:
+  dispatch-job:
+    env:
+      HEAD_REF: ${{ github.head_ref }}
+      BASE_REF: ${{ github.base_ref }}
+      REPO: ${{ github.repository }}
+      SENDER: ${{ github.event.sender.login }}
+      SHA: ${{ github.sha }}
+      PR_COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
+        with:
+          # App needs Actions: Read/Write for the grafana/security-patch-actions repo
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+
+      - name: "Dispatch job"
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ steps.generate_token.outputs.token }}
+          script: |
+            const {HEAD_REF, BASE_REF, REPO, SENDER, SHA, PR_COMMIT_SHA} = process.env;
+
+            await github.rest.actions.createWorkflowDispatch({
+                owner: 'grafana',
+                repo: 'security-patch-actions',
+                workflow_id: 'test-patches-event.yml',
+                ref: 'main',
+                inputs: {
+                  src_repo: REPO,
+                  src_ref: HEAD_REF,
+                  src_merge_sha: SHA,
+                  src_pr_commit_sha: PR_COMMIT_SHA,
+                  patch_repo: REPO + '-security-patches',
+                  patch_ref: BASE_REF,
+                  triggering_github_handle: SENDER
+                }
+            })
--- a/.github/workflows/pr-patch-check.yml
+++ b/.github/workflows/pr-patch-check.yml
@@ -1,27 +0,0 @@
-# Owned by grafana-release-guild
-# Intended to be dropped into the base repo Ex: grafana/grafana
-name: Check for patch conflicts
-run-name: check-patch-conflicts-${{ github.base_ref }}-${{ github.head_ref }}
-on:
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - synchronize
-    branches:
-      - "main"
-      - "v*.*.*"
-      - "release-*"
-
-# Since this is run on a pull request, we want to apply the patches intended for the
-# target branch onto the source branch, to verify compatibility before merging.
-jobs:
-  trigger_downstream_patch_check:
-    uses: grafana/security-patch-actions/.github/workflows/test-patches.yml@main
-    if: github.repository == 'grafana/grafana'
-    with:
-      src_repo: "${{ github.repository }}"
-      src_ref: "${{ github.head_ref }}" # this is the source branch name, Ex: "feature/newthing"
-      patch_repo: "${{ github.repository }}-security-patches"
-      patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
-    secrets: inherit
--- a/.github/workflows/publish-kinds-next.yml
+++ b/.github/workflows/publish-kinds-next.yml
@@ -36,7 +36,7 @@ jobs:
      - name: "Setup Go"
        uses: "actions/setup-go@v4"
        with:
-          go-version: '1.21.8'
+          go-version-file: go.mod

      - name: "Verify kinds"
        run: go run .github/workflows/scripts/kinds/verify-kinds.go
--- a/.github/workflows/publish-kinds-release.yml
+++ b/.github/workflows/publish-kinds-release.yml
@@ -39,7 +39,7 @@ jobs:
      - name: "Setup Go"
        uses: "actions/setup-go@v4"
        with:
-          go-version: '1.21.8'
+          go-version-file: go.mod

      - name: "Verify kinds"
        run: go run .github/workflows/scripts/kinds/verify-kinds.go
--- a/.github/workflows/publish-technical-documentation-next.yml
+++ b/.github/workflows/publish-technical-documentation-next.yml
@@ -1,38 +1,21 @@
-name: "publish-technical-documentation-next"
+name: publish-technical-documentation-next

 on:
  push:
    branches:
-      - "main"
+      - main
    paths:
      - "docs/sources/**"
  workflow_dispatch:
 jobs:
  sync:
    if: github.repository == 'grafana/grafana'
-    runs-on: "ubuntu-latest"
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
    steps:
-      - name: "Checkout Grafana repo"
-        uses: "actions/checkout@v4"
-
-      - name: "Clone website-sync Action"
-        # WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
-        # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
-        # GitHub administrator to update the organization secret.
-        # The IT helpdesk can update the organization secret.
-        run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"
-
-      - name: "Publish to website repository (next)"
-        uses: "./.github/actions/website-sync"
-        id: "publish-next"
+      - uses: actions/checkout@v4
+      - uses: grafana/writers-toolkit/publish-technical-documentation@publish-technical-documentation/v1
        with:
-          repository: "grafana/website"
-          branch: "master"
-          host: "github.com"
-          # PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
-          # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
-          # GitHub administrator to update the organization secret.
-          # The IT helpdesk can update the organization secret.
-          github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
-          source_folder: "docs/sources"
-          target_folder: "content/docs/grafana/next"
+          website_directory: content/docs/grafana/next
--- a/.github/workflows/publish-technical-documentation-release.yml
+++ b/.github/workflows/publish-technical-documentation-release.yml
@@ -1,9 +1,9 @@
-name: "publish-technical-documentation-release"
+name: publish-technical-documentation-release

 on:
  push:
    branches:
-      - v[0-9]+.[0-9]+.x
+      - release-[0-9]+.[0-9]+.[0-9]+
    tags:
      - v[0-9]+.[0-9]+.[0-9]+
    paths:
@@ -12,63 +12,18 @@ on:
 jobs:
  sync:
    if: github.repository == 'grafana/grafana'
-    runs-on: "ubuntu-latest"
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
    steps:
-      - name: "Checkout Grafana repo"
-        uses: "actions/checkout@v4"
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
-
-      - name: "Checkout Actions library"
-        uses: "actions/checkout@v4"
+      - uses: grafana/writers-toolkit/publish-technical-documentation-release@publish-technical-documentation-release/v2
        with:
-          repository: "grafana/grafana-github-actions"
-          path: "./actions"
-
-      - name: "Install Actions from library"
-        run: "npm install --production --prefix ./actions"
-
-      - name: "Determine if there is a matching release tag"
-        id: "has-matching-release-tag"
-        uses: "./actions/has-matching-release-tag"
-        with:
-          ref_name: "${{ github.ref_name }}"
-          release_tag_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$"
-          release_branch_regexp: "^v(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.x$"
-
-      - name: "Determine technical documentation version"
-        if: "steps.has-matching-release-tag.outputs.bool == 'true'"
-        uses: "./actions/docs-target"
-        id: "target"
-        with:
-          ref_name: "${{ github.ref_name }}"
-
-      - name: "Clone website-sync Action"
-        if: "steps.has-matching-release-tag.outputs.bool == 'true'"
-        # WEBSITE_SYNC_TOKEN is a fine-grained GitHub Personal Access Token that expires.
-        # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
-        # GitHub administrator to update the organization secret.
-        # The IT helpdesk can update the organization secret.
-        run: "git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.WEBSITE_SYNC_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync"
-
-      - name: "Switch to HEAD of version branch for tags"
-        # Tags aren't necessarily made to the HEAD of the version branch.
-        # The documentation to be published is always on the HEAD of the version branch.
-        if: "steps.has-matching-release-tag.outputs.bool == 'true' && github.ref_type == 'tag'"
-        run: "git switch --detach origin/${{ steps.target.outputs.target }}.x"
-
-      - name: "Publish to website repository (release)"
-        if: "steps.has-matching-release-tag.outputs.bool == 'true'"
-        uses: "./.github/actions/website-sync"
-        id: "publish-release"
-        with:
-          repository: "grafana/website"
-          branch: "master"
-          host: "github.com"
-          # PUBLISH_TO_WEBSITE_TOKEN is a fine-grained GitHub Personal Access Token that expires.
-          # It must be regenerated in the grafanabot GitHub account and requires a Grafana organization
-          # GitHub administrator to update the organization secret.
-          # The IT helpdesk can update the organization secret.
-          github_pat: "grafanabot:${{ secrets.PUBLISH_TO_WEBSITE_TOKEN }}"
-          source_folder: "docs/sources"
-          target_folder: "content/docs/grafana/${{ steps.target.outputs.target }}"
+          release_tag_regexp: "^v(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)$"
+          release_branch_regexp: "^release-(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)$"
+          release_branch_with_patch_regexp: "^release-(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)$"
+          website_directory: content/docs/grafana
+          version_suffix: ""
--- a/.github/workflows/release-comms.yml
+++ b/.github/workflows/release-comms.yml
@@ -0,0 +1,126 @@
+# This workflow runs whenever the release PR is merged. It includes post-release communication processes like
+# posting to slack, the website, community forums, etc.
+# Only things that happen after a release is completed and all of the necessary code changes (like the changelog) are made.
+name: Post-release
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        required: false
+        default: true
+        type: boolean
+      version:
+        required: true
+      latest:
+        type: boolean
+        default: false
+  pull_request:
+    types:
+    - closed
+    branches:
+    - 'main'
+    - 'release-*.*.*'
+
+jobs:
+  setup:
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/')) }}
+    name: Setup and establish latest
+    outputs:
+      version: ${{ steps.output.outputs.version }}
+      release_branch: ${{ steps.output.outputs.release_branch }}
+      dry_run: ${{ steps.output.outputs.dry_run }}
+      latest: ${{ steps.output.outputs.latest }}
+    runs-on: ubuntu-latest
+    steps:
+      # The github-release action expects a `LATEST` value of a string of either '1' or '0'
+    - if: ${{ github.event_name == 'workflow_dispatch' }}
+      run: |
+        echo setting up GITHUB_ENV for ${{ github.event_name }}
+        echo "VERSION=${{ inputs.version }}" >> $GITHUB_ENV
+        echo "DRY_RUN=${{ inputs.dry_run }}" >> $GITHUB_ENV
+        echo "LATEST=${{ inputs.latest && '1' || '0' }}" >> $GITHUB_ENV
+    - if: ${{ github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') }}
+      run: |
+        echo "VERSION=$(echo ${{ github.head_ref }} | sed -e 's/release\/.*\///g')" >> $GITHUB_ENV
+        echo "DRY_RUN=${{ contains(github.event.pull_request.labels.*.name, 'release/dry-run') }}" >> $GITHUB_ENV
+        echo "LATEST=${{ contains(github.event.pull_request.labels.*.name, 'release/latest') && '1' || '0' }}" >> $GITHUB_ENV
+    - id: output
+      run: |
+        echo "dry_run: $DRY_RUN"
+        echo "latest: $LATEST"
+        echo "version: $VERSION"
+
+        echo "release_branch=$(echo $VERSION | sed -s 's/^v/release-/g')" >> "$GITHUB_OUTPUT"
+        echo "dry_run=$DRY_RUN" >> "$GITHUB_OUTPUT"
+        echo "latest=$LATEST" >> "$GITHUB_OUTPUT"
+        echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+  create_next_release_branch_grafana:
+    name: Create next release branch (Grafana)
+    needs: setup
+    uses: ./.github/workflows/create-next-release-branch.yml
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+    with:
+      ownerRepo: 'grafana/grafana'
+      source: ${{ needs.setup.outputs.release_branch }}
+  create_next_release_branch_enterprise:
+    name: Create next release branch (Grafana Enterprise)
+    needs: setup
+    uses: ./.github/workflows/create-next-release-branch.yml
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+    with:
+      ownerRepo: 'grafana/grafana-enterprise'
+      source: ${{ needs.setup.outputs.release_branch }}
+  migrate_prs_grafana:
+    needs:
+      - setup
+      - create_next_release_branch_grafana
+    uses: ./.github/workflows/migrate-prs.yml
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+    with:
+      ownerRepo: 'grafana/grafana'
+      from: ${{ needs.setup.outputs.release_branch }}
+      to: ${{ needs.create_next_release_branch_grafana.outputs.branch }}
+  migrate_prs_enterprise:
+    needs:
+      - setup
+      - create_next_release_branch_enterprise
+    uses: ./.github/workflows/migrate-prs.yml
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+    with:
+      ownerRepo: 'grafana/grafana-enterprise'
+      from: ${{ needs.setup.outputs.release_branch }}
+      to: ${{ needs.create_next_release_branch_enterprise.outputs.branch }}
+  post_changelog_on_forum:
+    needs: setup
+    uses: ./.github/workflows/community-release.yml
+    secrets:
+      GRAFANA_MISC_STATS_API_KEY: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
+      GRAFANABOT_FORUM_KEY: ${{ secrets.GRAFANABOT_FORUM_KEY }}
+    with:
+      version: ${{ needs.setup.outputs.version }}
+      dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}
+  create_github_release:
+    # a github release requires a git tag
+    # The github-release action retrieves the changelog using the /repos/grafana/grafana/contents/CHANGELOG.md API
+    # endpoint.
+    needs: setup
+    uses: ./.github/workflows/github-release.yml
+    with:
+      version: ${{ needs.setup.outputs.version }}
+      dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}
+      latest: ${{ needs.setup.outputs.latest }}
+  post_on_slack:
+    needs: setup
+    runs-on: ubuntu-latest
+    steps:
+    - run: |
+        echo announce on slack that ${{ needs.setup.outputs.version }} has been released
+        echo dry run: ${{ needs.setup.outputs.dry_run }}
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -0,0 +1,173 @@
+# This workflow creates a new PR in Grafana which is triggered after a release is completed.
+# It should include all code changes that are needed after a release is done. This includes the changelog update and
+# version bumps, but could include more in the future.
+# Please refrain from including any processes that do not result in code changes in this workflow. Instead, they should
+# either be triggered in the release promotion process or in the release comms process (that is triggered by merging
+# this PR).
+name: Grafana Release PR
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        required: true
+        type: string
+        description: The version of Grafana that is being released
+      target:
+        required: true
+        type: string
+        description: The release branch pattern (eg v9.5.x) that these changes are being merged into
+      backport:
+        required: false
+        type: string
+        description: Branch to backport these changes to
+      dry_run:
+        required: false
+        default: false
+        type: boolean
+      latest:
+        required: false
+        default: false
+        type: boolean
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  push-changelog-to-main:
+    name: Create PR to main to update the changelog
+    uses: ./.github/workflows/changelog.yml
+    with:
+      version: ${{ inputs.version }}
+      latest: ${{ inputs.latest }}
+      dry_run: ${{ inputs.dry_run }}
+      target: main
+    secrets:
+      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+  create-prs:
+    name: Create Release PR
+    runs-on: ubuntu-latest
+    if: github.repository == 'grafana/grafana'
+    steps:
+      - name: Generate bot token
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: Get release branch
+        id: branch
+        uses: grafana/grafana-github-actions-go/latest-release-branch@main
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          ownerRepo: 'grafana/grafana'
+          pattern: ${{ inputs.target }}
+      - name: Checkout Grafana
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.branch.outputs.branch }}
+          fetch-depth: 0
+          fetch-tags: true
+      - name: Checkout Grafana (main)
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: '0'
+          fetch-tags: 'false'
+          path: .grafana-main
+      - name: Setup nodejs environment
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .nvmrc
+      - name: Configure git user
+        run: |
+          git config --local user.name "github-actions[bot]"
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local --add --bool push.autoSetupRemote true
+
+      - name: Create branch
+        run: git checkout -b "release/${{ github.run_id }}/${{ inputs.version }}"
+      - name: Generate changelog
+        id: changelog
+        uses: ./.grafana-main/.github/workflows/actions/changelog
+        with:
+          github_token: ${{ steps.generate_token.outputs.token }}
+          target: v${{ inputs.version }}
+          output_file: changelog_items.md
+      - name: Patch CHANGELOG.md
+        run: |
+          # Prepare CHANGELOG.md content with version delimiters
+          (
+            echo
+            echo "# ${{ inputs.version}} ($(date '+%F'))"
+            echo
+            cat changelog_items.md
+          ) > CHANGELOG.part
+
+          # Check if a version exists in the changelog
+          if grep -q "<!-- ${{ inputs.version}} START" CHANGELOG.md ; then
+            # Replace the content between START and END delimiters
+            echo "Version ${{ inputs.version }} is found in the CHANGELOG.md, patching contents..."
+            sed -i -e '/${{ inputs.version }} START/,/${{ inputs.version }} END/{//!d;}' \
+                   -e '/${{ inputs.version }} START/r CHANGELOG.part' CHANGELOG.md
+          else
+            # Prepend changelog part to the main changelog file
+            echo "Version ${{ inputs.version }} not found in the CHANGELOG.md"
+            (
+              echo "<!-- ${{ inputs.version }} START -->"
+              cat CHANGELOG.part
+              echo "<!-- ${{ inputs.version }} END -->"
+              cat CHANGELOG.md
+            ) > CHANGELOG.tmp
+            mv CHANGELOG.tmp CHANGELOG.md
+          fi
+
+          rm -f CHANGELOG.part changelog_items.md
+
+          git diff CHANGELOG.md
+      - name: "Prettify CHANGELOG.md"
+        run: npx prettier --write CHANGELOG.md
+      - name: Commit CHANGELOG.md changes
+        run: git add CHANGELOG.md && git commit --allow-empty -m "Update changelog" CHANGELOG.md
+
+      - name: Update package.json versions
+        uses: ./.grafana-main/pkg/build/actions/bump-version
+        with:
+          version: 'patch'
+
+      - name: Add package.json changes
+        run: |
+          git add package.json lerna.json yarn.lock packages public
+          git commit -m "Update version to ${{ inputs.version }}"
+
+      - name: Git push
+        if: ${{ inputs.dry_run }} != true
+        run: git push --set-upstream origin release/${{ github.run_id }}/${{ inputs.version }}
+
+      - name: Create PR without backports
+        if: "${{ inputs.backport == '' }}"
+        run: >
+          gh pr create \
+            $( [ "x${{ inputs.latest }}" == "xtrue" ] && printf %s '-l "release/latest"') \
+            -l "no-changelog" \
+            --dry-run=${{ inputs.dry_run }} \
+            -B "${{ steps.branch.outputs.branch }}" \
+            --title "Release: ${{ inputs.version }}" \
+            --body "These code changes must be merged after a release is complete"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create PR with backports
+        if: "${{ inputs.backport != '' }}"
+        run: >
+          gh pr create \
+            $( [ "x${{ inputs.latest }}" == "xtrue" ] && printf %s '-l "release/latest"') \
+            -l "product-approved" \
+            -l "no-changelog" \
+            --dry-run=${{ inputs.dry_run }} \
+            -B "${{ steps.branch.outputs.branch }}" \
+            --title "Release: ${{ inputs.version }}" \
+            --body "These code changes must be merged after a release is complete"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/run-scenes-e2e.yml
+++ b/.github/workflows/run-scenes-e2e.yml
@@ -0,0 +1,47 @@
+name: Run dashboard scenes e2e
+
+on:
+  schedule:
+    - cron: "0 8 * * 1-5" # every day at 08:00UTC on weekdays
+  # push # uncomment for test run during PR
+
+env:
+  ARCH: linux-amd64
+
+jobs:
+  dashboard-scenes-e2e:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Pin Go version to mod file
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - run: go version
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - name: Install dependencies
+        run: yarn install --immutable
+      - name: Build grafana
+        run: make build
+      - name: Install Cypress dependencies
+        uses: cypress-io/github-action@v6
+        with: 
+          runTests: false
+      - name: Run dashboard scenes e2e
+        run: yarn e2e:scenes
+      - name: "Send Slack notification"
+        if: ${{ failure() }}
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          payload: >
+            {
+              "icon_emoji": ":this-is-fine-fire:",
+              "username": "Dashboard scenes e2e tests failed",
+              "text": "Link to run: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}",
+              "channel": "#grafana-dashboards-squad"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
--- a/.github/workflows/scripts/feature-toggle-cleanup/feature-toggle-cleanup.js
+++ b/.github/workflows/scripts/feature-toggle-cleanup/feature-toggle-cleanup.js
@@ -1,38 +0,0 @@
-import { parse } from 'csv-parse/sync';
-import fs from 'fs';
-
-/***
- * Feauture Flag Structure example
- *  Name: 'disableEnvelopeEncryption',
-    Stage: 'GA',
-    Owner: '@grafana/grafana-as-code',
-    Created: '2022-05-24',
-    requiresDevMode: 'false',
-    RequiresLicense: 'false',
-    RequiresRestart: 'false',
-    FrontendOnly: 'false'
- * 
- */
-
-
-export default function cleanupFeatureFlags() {
-	const today = new Date();
-	const sixMonthAgo = today.setMonth(today.getMonth() - 6);
-	const inputFileContents = fs.readFileSync(process.env.FEATURE_TOGGLES_CSV_FILE_PATH);
-	const parsedFeatureFlags = parse(inputFileContents, {
-		columns: true,
-		skip_empty_lines: true,
-		cast: true,
-		cast_date: true,
-	  });
-
-	// Here we can have the custom logic of how to handle what type of feature flag - e.g. GA can be treated differently than experimental and so on.
-	for (const flag of parsedFeatureFlags) {
-		if (flag.Created < sixMonthAgo) {
-			console.log(`The flag ${flag.Name} was created more than 6 months ago. It should be checked.`);
-			console.log(flag);
-		}
-	}
-	
-
-}
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -1,14 +0,0 @@
-name: Snyk Monitor Scanning
-on:
- release:
-   types: [published] 
- push:
-    branches:
-      - 'main' 
- workflow_dispatch:
-
-jobs:
-  snyk-scan-ci:
-    uses: 'grafana/security-github-actions/.github/workflows/snyk_monitor.yml@main'
-    secrets:
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
--- a/.github/workflows/sync-mirror-event.yml
+++ b/.github/workflows/sync-mirror-event.yml
@@ -0,0 +1,43 @@
+# Owned by grafana-delivery-squad
+# Intended to be dropped into the base repo, Ex: grafana/grafana
+name: Dispatch sync to mirror
+run-name: dispatch-sync-to-mirror-${{ github.ref_name }}
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "v*.*.*"
+      - "release-*"
+
+# This is run after the pull request has been merged, so we'll run against the target branch
+jobs:
+  dispatch-job:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
+        with:
+          # App needs Actions: Read/Write for the grafana/security-patch-actions repo
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+
+      - uses: actions/github-script@v7
+        if: github.repository == 'grafana/grafana'
+        with:
+          github-token: ${{ steps.generate_token.outputs.token }}
+          script: |
+            await github.rest.actions.createWorkflowDispatch({
+                owner: 'grafana',
+                repo: 'security-patch-actions',
+                workflow_id: 'mirror-branch-and-apply-patches-event.yml',
+                ref: 'main',
+                inputs: {
+                  src_ref: "${{ github.ref_name }}",
+                  src_repo: "${{ github.repository }}",
+                  src_sha: "${{ github.sha }}",
+                  dest_repo: "${{ github.repository }}-security-mirror",
+                  patch_repo: "${{ github.repository }}-security-patches"
+                }
+            })
--- a/.github/workflows/sync-mirror.yml
+++ b/.github/workflows/sync-mirror.yml
@@ -1,25 +0,0 @@
-# Owned by grafana-release-guild
-# Intended to be dropped into the base repo, Ex: grafana/grafana
-name: Sync to mirror
-run-name: sync-to-mirror-${{ github.ref_name }}
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-      - "v*.*.*"
-      - "release-*"
-
-# This is run after the pull request has been merged, so we'll run against the target branch
-jobs:
-  trigger_downstream_patch_mirror:
-    concurrency: patch-mirror-${{ github.ref_name }}
-    uses: grafana/security-patch-actions/.github/workflows/mirror-branch-and-apply-patches.yml@main
-    if: github.repository == 'grafana/grafana'
-    with:
-      ref: "${{ github.ref_name }}" # this is the target branch name, Ex: "main"
-      src_repo: "${{ github.repository }}"
-      dest_repo: "${{ github.repository }}-security-mirror"
-      patch_repo: "${{ github.repository }}-security-patches"
-    secrets: inherit
-
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -0,0 +1,54 @@
+name: Trivy Scan
+on:
+  pull_request:
+    # only run on PRs where go.mod/go.sum/etc have been updated
+    paths:
+      - go.*
+  push:
+    branches:
+      - main
+    paths:
+      - go.*
+
+jobs:
+  trivy-scan:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run Trivy vulnerability scanner (table output)
+      uses: aquasecurity/trivy-action@0.24.0
+      with:
+        # scan the filesystem, rather than building a Docker image prior - the
+        # downside is we won't catch dependencies that are only installed in the
+        # image, but the upside is we'll only catch vulnerabilities that are
+        # explicitly in the our dependencies
+        scan-type: 'fs'
+        scanners: 'vuln'
+        format: 'table'
+        exit-code: 1
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+        trivyignores: .trivyignore
+        # for the PR check, ignore JS-related issues
+        skip-files: 'yarn.lock,package.json'
+    - name: Run Trivy vulnerability scanner (SARIF)
+      uses: aquasecurity/trivy-action@0.24.0
+      with:
+        scan-type: 'fs'
+        scanners: 'vuln'
+        # Note: The SARIF format ignores severity and uploads all vulns for
+        # later triage. The table-format step above is used to fail the build
+        # if there are any critical or high vulnerabilities.
+        # See https://github.com/aquasecurity/trivy-action/issues/95
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        trivyignores: .trivyignore
+      if: always() && github.repository == 'grafana/grafana'
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: 'trivy-results.sarif'
+      if: always() && github.repository == 'grafana/grafana'
--- a/.github/workflows/verify-kinds.yml
+++ b/.github/workflows/verify-kinds.yml
@@ -18,7 +18,7 @@ jobs:
      - name: "Setup Go"
        uses: "actions/setup-go@v4"
        with:
-          go-version: '1.21.8'
+          go-version-file: go.mod

      - name: "Verify kinds"
        run: go run .github/workflows/scripts/kinds/verify-kinds.go
--- a/.gitignore
+++ b/.gitignore
@@ -87,6 +87,7 @@ example-apiserver/
 /devenv/docker/blocks/tempo/tempo-data/
 /devenv/docker/ha-test-unified-alerting/logs/webhook/dumps/
 /devenv/docker/ha-test-unified-alerting/logs/webhook/webhook-listener.log
+/devenv/docker/blocks/auth/openldap/certs/

 conf/custom.ini

@@ -216,3 +217,6 @@ public/app/plugins/**/dist/

 # Go coverage files created with go test -cover -coverprogile=something.out ...
 *.out
+
+# Locally enabling the Go race detector until we can globally do so
+.go-race-enabled-locally
--- a/.golangci.toml
+++ b/.golangci.toml
@@ -1,207 +0,0 @@
-[run]
-timeout = "10m"
-
-[linters-settings.goconst]
-min-len = 5
-min-occurrences = 5
-
-[linters-settings.exhaustive]
-default-signifies-exhaustive = true
-
-[linters-settings.revive]
-ignore-generated-header = false
-severity = "warning"
-confidence = 3
-
-[linters-settings.depguard.rules.main]
-allow = [] # allow all
-deny = [
-  { pkg = "io/ioutil", desc = "Deprecated: As of Go 1.16, the same functionality is now provided by package io or package os, and those implementations should be preferred in new code. See the specific function documentation for details." },
-  { pkg = "gopkg.in/yaml.v2", desc = "Grafana packages are not allowed to depend on gopkg.in/yaml.v2 as gopkg.in/yaml.v3 is now available" },
-  { pkg = "github.com/pkg/errors", desc = "Deprecated: Go 1.13 supports the functionality provided by pkg/errors in the standard library." },
-  { pkg = "github.com/xorcare/pointer", desc = "Use pkg/util.Pointer instead, which is a generic one-liner alternative" },
-  { pkg = "github.com/gofrs/uuid", desc = "Use github.com/google/uuid instead, which we already depend on." },
-]
-
-[linters-settings.depguard.rules.coreplugins]
-deny = [
-  { pkg = "github.com/grafana/grafana/pkg/api", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/cmd", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/cuectx", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/extensions", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/kinds", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/middleware", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/modules", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/registry", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/services", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/build", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/codegen", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/events", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/ifaces", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/kindsysreport", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/mocks", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/plugins", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/setting", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/util", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/bus", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/components", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/expr", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/infra", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/login", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/models", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/server", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/tests", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/web", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-  { pkg = "github.com/grafana/grafana/pkg/tsdb/intervalv2", desc = "Core plugins are not allowed to depend on Grafana core packages" },
-]
-files = [
-  "**/pkg/tsdb/grafana-pyroscope-datasource/*",
-  "**/pkg/tsdb/grafana-pyroscope-datasource/**/*",
-  "**/pkg/tsdb/grafana-testdata-datasource/*",
-  "**/pkg/tsdb/grafana-testdata-datasource/**/*",
-  "**/pkg/tsdb/azuremonitor/*",
-  "**/pkg/tsdb/azuremonitor/**/*",
-  "**/pkg/tsdb/cloud-monitoring/*",
-  "**/pkg/tsdb/cloud-monitoring/**/*",
-  "**/pkg/tsdb/parca/*",
-  "**/pkg/tsdb/parca/**/*",
-  "**/pkg/tsdb/tempo/*",
-  "**/pkg/tsdb/tempo/**/*",
-  "**/pkg/tsdb/cloudwatch/*",
-  "**/pkg/tsdb/cloudwatch/**/*",
-]
-
-[linters-settings.gocritic]
-enabled-checks = ["ruleguard"]
-[linters-settings.gocritic.settings.ruleguard]
-rules = "pkg/ruleguard.rules.go"
-
-[linters-settings.nakedret]
-max-func-lines = 60
-
-[linters]
-disable-all = true
-enable = [
-  "bodyclose",
-  "depguard",
-  "dogsled",
-  "errcheck",
-  # "gochecknoinits",
-  "goconst",
-  # "gocritic", # Temporarily disabled on 2022-09-09, running into weird bug "ruleguard: execution error: used Run() with an empty rule set; forgot to call Load() first?"
-  "goimports",
-  "goprintffuncname",
-  "gosec",
-  "gosimple",
-  "govet",
-  "ineffassign",
-  "misspell",
-  "nakedret",
-  "exportloopref",
-  "staticcheck",
-  "stylecheck",
-  "typecheck",
-  "unconvert",
-  "unused",
-  "whitespace",
-  "gocyclo",
-  "exhaustive",
-  "typecheck",
-  "asciicheck",
-  "errorlint",
-  "revive",
-]
-
-# Disabled linters (might want them later)
-# "unparam"
-# "rowserrcheck" # The linter doesn't detect that both Scan and Close also returns the error message returned by Err.
-
-[issues]
-exclude-use-default = false
-
-# Enable when appropriate
-# Poorly chosen identifier
-[[issues.exclude-rules]]
-linters = ["stylecheck"]
-text = "ST1003"
-
-# Enable when appropriate
-# Dot imports that aren't in external test packages are discouraged.
-[[issues.exclude-rules]]
-linters = ["stylecheck"]
-text = "ST1001"
-
-# Enable when appropriate
-# http.CloseNotifier has been deprecated since Go 1.11 and an alternative has been available since Go 1.7: We currently need it in pkg/web/response_writer.go.
-[[issues.exclude-rules]]
-linters = ["staticcheck"]
-text = "SA1019: http.CloseNotifier"
-
-# strings.Title has been deprecated since Go 1.18 and an alternative has been available since Go 1.0: The rule Title uses for word boundaries does not handle Unicode punctuation properly.
-# Use golang.org/x/text/cases instead.
-[[issues.exclude-rules]]
-linters = ["staticcheck"]
-text = "SA1019: strings.Title"
-
-[[issues.exclude-rules]]
-linters = ["staticcheck"]
-text = "use fake service and real access control evaluator instead"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "G108"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "G110"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "G201"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "G202"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "G306"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "401"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "402"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "501"
-
-[[issues.exclude-rules]]
-linters = ["gosec"]
-text = "404"
-
-[[issues.exclude-rules]]
-linters = ["misspell"]
-text = "Unknwon` is a misspelling of `Unknown"
-
-[[issues.exclude-rules]]
-linters = ["errorlint"]
-text = "non-wrapping format verb for fmt.Errorf"
-
-# TODO: Enable
-[[issues.exclude-rules]]
-linters = ["stylecheck"]
-text = "ST1000"
-
-# TODO: Enable
-[[issues.exclude-rules]]
-linters = ["stylecheck"]
-text = "ST1020"
-
-# TODO: Enable
-[[issues.exclude-rules]]
-linters = ["stylecheck"]
-text = "ST1021"
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,298 @@
+run:
+  timeout: 10m
+  concurrency: 10
+  allow-parallel-runners: true
+linters-settings:
+  exhaustive:
+    default-signifies-exhaustive: true
+  revive:
+    ignore-generated-header: false
+    severity: warning
+    confidence: 3
+  depguard:
+    rules:
+      main:
+        allow: []
+        deny:
+          - pkg: io/ioutil
+            desc: >-
+              Deprecated: As of Go 1.16, the same functionality is now provided
+              by package io or package os, and those implementations should be
+              preferred in new code. See the specific function documentation for
+              details.
+          - pkg: gopkg.in/yaml.v2
+            desc: >-
+              Grafana packages are not allowed to depend on gopkg.in/yaml.v2 as
+              gopkg.in/yaml.v3 is now available
+          - pkg: github.com/pkg/errors
+            desc: >-
+              Deprecated: Go 1.13 supports the functionality provided by
+              pkg/errors in the standard library.
+          - pkg: github.com/xorcare/pointer
+            desc: >-
+              Use pkg/util.Pointer instead, which is a generic one-liner
+              alternative
+          - pkg: github.com/gofrs/uuid
+            desc: 'Use github.com/google/uuid instead, which we already depend on.'
+          - pkg: github.com/bmizerany/assert
+            desc: >-
+              Use github.com/stretchr/testify/assert instead, which we already
+              depend on.
+      coreplugins:
+        deny:
+          - pkg: github.com/grafana/grafana/pkg/api
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/cmd
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/cuectx
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/extensions
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/kinds
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/middleware
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/modules
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/registry
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/services
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/build
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/codegen
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/events
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/ifaces
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/kindsysreport
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/mocks
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/plugins
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/setting
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/util
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/bus
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/components
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/expr
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/infra
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/login
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/models
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/server
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/tests
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/web
+            desc: Core plugins are not allowed to depend on Grafana core packages
+          - pkg: github.com/grafana/grafana/pkg/tsdb/intervalv2
+            desc: Core plugins are not allowed to depend on Grafana core packages
+        files:
+          - '**/pkg/tsdb/grafana-pyroscope-datasource/*'
+          - '**/pkg/tsdb/grafana-pyroscope-datasource/**/*'
+          - '**/pkg/tsdb/grafana-testdata-datasource/*'
+          - '**/pkg/tsdb/grafana-testdata-datasource/**/*'
+          - '**/pkg/tsdb/azuremonitor/*'
+          - '**/pkg/tsdb/azuremonitor/**/*'
+          - '**/pkg/tsdb/cloud-monitoring/*'
+          - '**/pkg/tsdb/cloud-monitoring/**/*'
+          - '**/pkg/tsdb/mysql/*'
+          - '**/pkg/tsdb/mysql/**/*'
+          - '**/pkg/tsdb/parca/*'
+          - '**/pkg/tsdb/parca/**/*'
+          - '**/pkg/tsdb/tempo/*'
+          - '**/pkg/tsdb/tempo/**/*'
+          - '**/pkg/tsdb/cloudwatch/*'
+          - '**/pkg/tsdb/cloudwatch/**/*'
+      apiserver:
+        list-mode: lax
+        allow:
+          - github.com/grafana/grafana/pkg/apimachinery
+          - github.com/grafana/grafana/pkg/apiserver
+        deny:
+          - pkg: github.com/grafana/grafana/pkg
+            desc: apiserver is not allowed to import grafana core
+        files:
+          - '**/pkg/apiserver/*'
+          - '**/pkg/apiserver/**/*'
+      apimachinery:
+        list-mode: lax
+        allow:
+          - github.com/grafana/grafana/pkg/apimachinery
+        deny:
+          - pkg: github.com/grafana/grafana/pkg
+            desc: apimachinery is not allowed to import grafana core
+        files:
+          - '**/pkg/apimachinery/*'
+          - '**/pkg/apimachinery/**/*'
+      aggregator:
+        list-mode: lax
+        allow:
+          - github.com/grafana/grafana/pkg/aggregator
+          - github.com/grafana/grafana/pkg/semconv
+          - github.com/grafana/grafana/pkg/apimachinery
+        deny:
+          - pkg: github.com/grafana/grafana/pkg
+            desc: apimachinery is not allowed to import grafana core
+        files:
+          - ./pkg/aggregator/*
+          - ./pkg/aggregator/**/*
+      promlib:
+        list-mode: lax
+        deny:
+          - pkg: github.com/grafana/grafana/pkg
+            desc: promlib is not allowed to import grafana core
+        allow:
+          - github.com/grafana/grafana/pkg/promlib
+        files:
+          - '**/pkg/promlib/**/*'
+      storage-unified-resource:
+        list-mode: lax
+        allow:
+          - github.com/grafana/grafana/pkg/apimachinery
+        deny:
+          - pkg: github.com/grafana/grafana/pkg
+            desc: pkg/storage/unified/resource is not allowed to import grafana core
+        files:
+          - ./pkg/storage/unified/resource/*
+          - ./pkg/storage/unified/resource/**/*
+      storage-unified-apistore:
+        list-mode: lax
+        allow:
+          - github.com/grafana/grafana/pkg/apimachinery
+          - github.com/grafana/grafana/pkg/apiserver
+          - github.com/grafana/grafana/pkg/unified/resource
+        deny:
+          - pkg: github.com/grafana/grafana/pkg
+            desc: pkg/storage/unified/apistore is not allowed to import grafana core
+        files:
+          - ./pkg/storage/unified/apistore/*
+          - ./pkg/storage/unified/apistore/**/*
+      apps-playlist:
+        list-mode: lax
+        allow: []
+        deny:
+          - pkg: github.com/grafana/grafana/pkg
+            desc: apps/playlist is not allowed to import grafana core
+        files:
+          - ./apps/playlist/*
+          - ./apps/playlist/**/*
+  gocritic:
+    enabled-checks:
+      - ruleguard
+    settings:
+      ruleguard:
+        rules: pkg/ruleguard.rules.go
+  misspell:
+    ignore-words:
+      - Unknwon
+      - Creater
+  nakedret:
+    max-func-lines: 60
+linters:
+  disable-all: true
+  enable:
+    - asciicheck
+    - bodyclose
+    - depguard
+    - dogsled
+    - errcheck
+    - errorlint
+    - exhaustive
+    - gocyclo
+    - goimports
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - ineffassign
+    - misspell
+    - nakedret
+    - prealloc
+    - revive
+    - staticcheck
+    - stylecheck
+    - unconvert
+    - unused
+    - whitespace
+issues:
+  exclude-use-default: false
+  max-same-issues: 0
+  exclude-dirs:
+    - devenv
+    - scripts
+  exclude-rules:
+    - linters:
+        - stylecheck
+      text: ST1003
+    - linters:
+        - stylecheck
+      text: ST1001
+    - linters:
+        - staticcheck
+      text: 'SA1019: http.CloseNotifier'
+    - linters:
+        - staticcheck
+      text: 'SA1019: strings.Title'
+    - linters:
+        - staticcheck
+      text: 'SA1019: "go.opentelemetry.io/otel/exporters/jaeger"'
+    - linters:
+        - staticcheck
+      text: use fake service and real access control evaluator instead
+    - linters:
+        - gosec
+      text: G108
+    - linters:
+        - gosec
+      text: G110
+    - linters:
+        - gosec
+      text: G115
+    - linters:
+        - gosec
+      text: G201
+    - linters:
+        - gosec
+      text: G202
+    - linters:
+        - gosec
+      text: G306
+    - linters:
+        - gosec
+      text: '401'
+    - linters:
+        - gosec
+      text: '402'
+    - linters:
+        - gosec
+      text: '501'
+    - linters:
+        - gosec
+      text: '404'
+    - linters:
+        - errorlint
+      text: non-wrapping format verb for fmt.Errorf
+    - linters:
+        - stylecheck
+      text: ST1000
+    - linters:
+        - stylecheck
+      text: ST1020
+    - linters:
+        - stylecheck
+      text: ST1021
+    - linters:
+        - gosec
+      path: (.+)_test\.go
+      text: G601
+
--- a/.pa11yci-pr.conf.js
+++ b/.pa11yci-pr.conf.js
@@ -34,7 +34,7 @@ var dashboardSettings = [
    wait: 500,
    rootElement: '.main-view',
    // TODO: improve the accessibility of the permission tab https://github.com/grafana/grafana/issues/77203
-    threshold: 11,
+    threshold: 5,
  },
  {
    url: '${HOST}/d/O6f11TZWk/panel-tests-bar-gauge?orgId=1&editview=dashboard_json',
@@ -64,7 +64,7 @@ var config = {
      url: '${HOST}/login',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 13,
+      threshold: 0,
    },
    {
      url: '${HOST}/login',
@@ -76,13 +76,13 @@ var config = {
        "click element button[data-testid='data-testid Login button']",
        "wait for element button[data-testid='data-testid Skip change password button'] to be visible",
      ],
-      threshold: 15,
+      threshold: 2,
      rootElement: '.main-view',
    },
    {
      url: '${HOST}/?orgId=1',
      wait: 500,
-      threshold: 3,
+      threshold: 0,
    },
    {
      url: '${HOST}/d/O6f11TZWk/panel-tests-bar-gauge',
@@ -95,7 +95,7 @@ var config = {
      url: '${HOST}/?orgId=1&search=open',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 3,
+      threshold: 0,
    },
    {
      url: '${HOST}/alerting/list',
@@ -109,43 +109,43 @@ var config = {
      url: '${HOST}/datasources',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 3,
+      threshold: 0,
    },
    {
      url: '${HOST}/org/users',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 1,
+      threshold: 0,
    },
    {
      url: '${HOST}/org/teams',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 1,
+      threshold: 0,
    },
    {
      url: '${HOST}/plugins',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 3,
+      threshold: 0,
    },
    {
      url: '${HOST}/org',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 1,
+      threshold: 0,
    },
    {
      url: '${HOST}/org/apikeys',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 4,
+      threshold: 2,
    },
    {
      url: '${HOST}/dashboards',
      wait: 500,
      rootElement: '.main-view',
-      threshold: 1,
+      threshold: 0,
    },
  ],
 };
--- a/.prettierignore
+++ b/.prettierignore
@@ -19,10 +19,6 @@ vendor
 # TS generate from cue by cuetsy
 **/*.gen.ts

-# Auto-generated internationalization files
-public/locales/_build/
-public/locales/**/*.js
-
 # Auto-generated theme files
 theme.light.generated.json
 theme.dark.generated.json
--- a/.trivyignore
+++ b/.trivyignore
@@ -0,0 +1,5 @@
+# See https://aquasecurity.github.io/trivy/v0.48/docs/configuration/filtering/#trivyignore
+
+# Adding CVE in grafana-plugin-sdk-go to exclusions as it does not have direct impact on the product
+# and updating library version requires complex changes in the codebase
+CVE-2024-8986
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -9,7 +9,7 @@
      "program": "${workspaceFolder}/pkg/cmd/grafana/",
      "env": {},
      "cwd": "${workspaceFolder}",
-      "args": ["server", "--homepath", "${workspaceFolder}", "--packaging", "dev"]
+      "args": ["server", "--homepath", "${workspaceFolder}", "--packaging", "dev", "cfg:app_mode=development"]
    },
    {
      "name": "Run API Server (testdata)",
@@ -19,9 +19,44 @@
      "program": "${workspaceFolder}/pkg/cmd/grafana/",
      "env": {},
      "cwd": "${workspaceFolder}",
-      "args": ["apiserver", 
-          "--secure-port=8443", 
-          "--runtime-config=testdata.datasource.grafana.app/v0alpha1=true"]
+      "args": ["apiserver", "--secure-port=8443", "--runtime-config=testdata.datasource.grafana.app/v0alpha1=true"]
+    },
+    {
+      "name": "Run API Server (query-localhost)",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}/pkg/cmd/grafana/",
+      "env": {},
+      "cwd": "${workspaceFolder}",
+      "args": [
+        "apiserver",
+        "--secure-port=8443",
+        "--runtime-config=query.grafana.app/v0alpha1=true",
+        "--grafana.authn.signing-keys-url=http://localhost:3000/api/signing-keys/keys",
+        "--hg-url=http://localhost:3000",
+        "--hg-key=$HGAPIKEY"
+      ]
+    },
+    {
+      "name": "Run Server (query GRPC Storage Server)",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}/pkg/cmd/grafana/",
+      "env": { "GF_GRAFANA_APISERVER_STORAGE_TYPE": "unified-grpc" },
+      "cwd": "${workspaceFolder}",
+      "args": ["server", "--homepath", "${workspaceFolder}", "--packaging", "dev"]
+    },
+    {
+      "name": "Run Storage Server",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}/pkg/cmd/grafana/",
+      "env": { "GF_DEFAULT_TARGET": "storage-server", "GF_SERVER_HTTP_PORT": "3001" },
+      "cwd": "${workspaceFolder}",
+      "args": ["server", "target", "--homepath", "${workspaceFolder}", "--packaging", "dev"]
    },
    {
      "name": "Attach to Chrome",
@@ -31,14 +66,16 @@
      "webRoot": "${workspaceFolder}"
    },
    {
-      "name": "Debug Jest test",
+      "name": "Debug UI test",
      "type": "node",
      "request": "launch",
      "runtimeExecutable": "yarn",
      "runtimeArgs": ["run", "jest", "--runInBand", "${file}"],
      "console": "integratedTerminal",
      "internalConsoleOptions": "neverOpen",
-      "port": 9229
+      "env": {
+        "NODE_ENV": "test"
+      }
    },
    {
      "name": "Debug Go test",
--- a/.yarn/patches/@storybook-blocks-npm-7.4.5-5a2374564a.patch
+++ b/.yarn/patches/@storybook-blocks-npm-7.4.5-5a2374564a.patch
--- a/.yarn/patches/@storybook-blocks-npm-8.1.6-892f57a6d7.patch
+++ b/.yarn/patches/@storybook-blocks-npm-8.1.6-892f57a6d7.patch
--- a/.yarn/patches/react-grid-layout-npm-1.4.4-4024c5395b.patch
+++ b/.yarn/patches/react-grid-layout-npm-1.4.4-4024c5395b.patch
@@ -0,0 +1,121 @@
+diff --git a/build/GridItem.js b/build/GridItem.js
+index 0a700da9f1180ca532e32e04dc7ea50f2e67b96c..a2e4673fa1133aeaa4018cc01312ca386c3395f5 100644
+--- a/build/GridItem.js
+++ b/build/GridItem.js
+@@ -5,6 +5,7 @@ Object.defineProperty(exports, "__esModule", {
+ });
+ exports.default = void 0;
+ var _react = _interopRequireDefault(require("react"));
+var _reactDOM = require("react-dom");
+ var _propTypes = _interopRequireDefault(require("prop-types"));
+ var _reactDraggable = require("react-draggable");
+ var _reactResizable = require("react-resizable");
+@@ -147,8 +148,10 @@ class GridItem extends _react.default.Component /*:: <Props, State>*/{
+       const pTop = parentRect.top / transformScale;
+       newPosition.left = cLeft - pLeft + offsetParent.scrollLeft;
+       newPosition.top = cTop - pTop + offsetParent.scrollTop;
+-      this.setState({
+-        dragging: newPosition
+      _reactDOM.flushSync(() => {
+        this.setState({
+          dragging: newPosition
+        });
+       });
+ 
+       // Call callback with this data
+@@ -213,8 +216,10 @@ class GridItem extends _react.default.Component /*:: <Props, State>*/{
+         top,
+         left
+       };
+-      this.setState({
+-        dragging: newPosition
+      _reactDOM.flushSync(() => {
+        this.setState({
+          dragging: newPosition
+        });
+       });
+ 
+       // Call callback with this data
+@@ -261,8 +266,10 @@ class GridItem extends _react.default.Component /*:: <Props, State>*/{
+         top,
+         left
+       };
+-      this.setState({
+-        dragging: null
+      _reactDOM.flushSync(() => {
+        this.setState({
+          dragging: null
+        });
+       });
+       const {
+         x,
+@@ -485,8 +492,10 @@ class GridItem extends _react.default.Component /*:: <Props, State>*/{
+     let updatedSize = size;
+     if (node) {
+       updatedSize = (0, _utils.resizeItemInDirection)(handle, position, size, containerWidth);
+-      this.setState({
+-        resizing: handlerName === "onResizeStop" ? null : updatedSize
+      _reactDOM.flushSync(() => {
+        this.setState({
+          resizing: handlerName === "onResizeStop" ? null : updatedSize
+        });
+       });
+     }
+ 
+diff --git a/lib/GridItem.jsx b/lib/GridItem.jsx
+index dbe41f92388f19d3e476690fa0ee5584ab9d5bb4..1e4713667cd7dadd6618fe06176804a02ee3ccc2 100644
+--- a/lib/GridItem.jsx
+++ b/lib/GridItem.jsx
+@@ -1,5 +1,6 @@
+ // @flow
+ import React from "react";
+import { flushSync } from "react-dom";
+ import PropTypes from "prop-types";
+ import { DraggableCore } from "react-draggable";
+ import { Resizable } from "react-resizable";
+@@ -459,7 +460,9 @@ export default class GridItem extends React.Component<Props, State> {
+     const pTop = parentRect.top / transformScale;
+     newPosition.left = cLeft - pLeft + offsetParent.scrollLeft;
+     newPosition.top = cTop - pTop + offsetParent.scrollTop;
+-    this.setState({ dragging: newPosition });
+    flushSync(() => {
+      this.setState({ dragging: newPosition });
+    });
+ 
+     // Call callback with this data
+     const { x, y } = calcXY(
+@@ -516,7 +519,9 @@ export default class GridItem extends React.Component<Props, State> {
+     }
+ 
+     const newPosition: PartialPosition = { top, left };
+-    this.setState({ dragging: newPosition });
+    flushSync(() => {
+      this.setState({ dragging: newPosition });
+    });
+ 
+     // Call callback with this data
+     const { containerPadding } = this.props;
+@@ -549,7 +554,9 @@ export default class GridItem extends React.Component<Props, State> {
+     const { w, h, i, containerPadding } = this.props;
+     const { left, top } = this.state.dragging;
+     const newPosition: PartialPosition = { top, left };
+-    this.setState({ dragging: null });
+    flushSync(() => {
+      this.setState({ dragging: null });
+    });
+ 
+     const { x, y } = calcXY(
+       this.getPositionParams(),
+@@ -605,8 +612,10 @@ export default class GridItem extends React.Component<Props, State> {
+         size,
+         containerWidth
+       );
+-      this.setState({
+-        resizing: handlerName === "onResizeStop" ? null : updatedSize
+      flushSync(() => {
+        this.setState({
+          resizing: handlerName === "onResizeStop" ? null : updatedSize
+        });
+       });
+     }
+ 
--- a/.yarn/releases/yarn-4.1.0.cjs
+++ b/.yarn/releases/yarn-4.1.0.cjs
--- a/.yarn/releases/yarn-4.4.0.cjs
+++ b/.yarn/releases/yarn-4.4.0.cjs
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -7,9 +7,6 @@ enableTelemetry: false
 nodeLinker: node-modules

 packageExtensions:
-  '@storybook/core-common@7.4.5':
-    dependencies:
-      '@storybook/react-webpack5': 7.4.5
  'croact-css-styled@1.1.9':
    dependencies:
      croact: 1.0.4
@@ -24,29 +21,16 @@ packageExtensions:
    peerDependencies:
      react: 17.0.1
      react-dom: 17.0.1
-  react-compat-css-styled@1.0.8:
-    dependencies:
-      react-simple-compat: 1.2.2
-  react-icons@2.2.7:
-    peerDependencies:
-      prop-types: '*'
-  react-resizable@3.0.4:
-    peerDependencies:
-      react-dom: 17.0.1
-  '@msagl/drawing@*':
-    dependencies:
-      queue-typescript: "^1.0.1"
-      "@esfx/collections-sortedmap": "^1.0.0"

 plugins:
  - path: .yarn/plugins/@yarnpkg/plugin-outdated.cjs
    spec: 'https://mskelton.dev/yarn-outdated/v2'

-yarnPath: .yarn/releases/yarn-4.1.0.cjs
+yarnPath: .yarn/releases/yarn-4.4.0.cjs
 # Uncomment the following lines if you want to use Verdaccio local npm registry. Read more at packages/README.md
-# npmScopes:
-#   grafana:
-#     npmRegistryServer: http://localhost:4873
-
-# unsafeHttpWhitelist:
-#   - 'localhost'
+#npmScopes:
+# grafana:
+#   npmRegistryServer: http://localhost:4873
+#
+#unsafeHttpWhitelist:
+# - 'localhost'
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/67
+++ b/67
@@ -1,38 +1,44 @@
 # syntax=docker/dockerfile:1

-ARG BASE_IMAGE=alpine:3.19.1
+# to maintain formatting of multiline commands in vscode, add the following to settings.json:
+# "docker.languageserver.formatter.ignoreMultilineInstructions": true
+
+ARG BASE_IMAGE=alpine:3.21
 ARG JS_IMAGE=node:20-alpine
 ARG JS_PLATFORM=linux/amd64
-ARG GO_IMAGE=golang:1.21.8-alpine
+ARG GO_IMAGE=golang:1.24.2-alpine

+# Default to building locally
 ARG GO_SRC=go-builder
 ARG JS_SRC=js-builder

-FROM --platform=${JS_PLATFORM} ${JS_IMAGE} as js-builder
+# Javascript build stage
+FROM --platform=${JS_PLATFORM} ${JS_IMAGE} AS js-builder

 ENV NODE_OPTIONS=--max_old_space_size=8000

 WORKDIR /tmp/grafana

-COPY package.json yarn.lock .yarnrc.yml ./
+COPY package.json project.json nx.json yarn.lock .yarnrc.yml ./
 COPY .yarn .yarn
 COPY packages packages
 COPY plugins-bundled plugins-bundled
 COPY public public
+COPY LICENSE ./

 RUN apk add --no-cache make build-base python3

 RUN yarn install --immutable

 COPY tsconfig.json .eslintrc .editorconfig .browserslistrc .prettierrc.js ./
-COPY public public
 COPY scripts scripts
 COPY emails emails

 ENV NODE_ENV production
 RUN yarn build

-FROM ${GO_IMAGE} as go-builder
+# Golang build stage
+FROM ${GO_IMAGE} AS go-builder

 ARG COMMIT_SHA=""
 ARG BUILD_BRANCH=""
@@ -40,12 +46,12 @@ ARG GO_BUILD_TAGS="oss"
 ARG WIRE_TAGS="oss"
 ARG BINGO="true"

-# This is required to allow building on arm64 due to https://github.com/golang/go/issues/22040
-RUN apk add --no-cache binutils-gold
-
-# Install build dependencies
 RUN if grep -i -q alpine /etc/issue; then \
-      apk add --no-cache gcc g++ make git; \
+      apk add --no-cache \
+          # This is required to allow building on arm64 due to https://github.com/golang/go/issues/22040
+          binutils-gold \
+          # Install build dependencies
+          gcc g++ make git; \
    fi

 WORKDIR /tmp/grafana
@@ -57,7 +63,11 @@ COPY .bingo .bingo
 COPY pkg/util/xorm/go.* pkg/util/xorm/
 COPY pkg/apiserver/go.* pkg/apiserver/
 COPY pkg/apimachinery/go.* pkg/apimachinery/
+COPY pkg/build/go.* pkg/build/
+COPY pkg/build/wire/go.* pkg/build/wire/
 COPY pkg/promlib/go.* pkg/promlib/
+COPY pkg/storage/unified/resource/go.* pkg/storage/unified/resource/
+COPY pkg/semconv/go.* pkg/semconv/

 RUN go mod download
 RUN if [[ "$BINGO" = "true" ]]; then \
@@ -76,14 +86,14 @@ COPY pkg pkg
 COPY scripts scripts
 COPY conf conf
 COPY .github .github
-COPY LICENSE ./

 ENV COMMIT_SHA=${COMMIT_SHA}
 ENV BUILD_BRANCH=${BUILD_BRANCH}

 RUN make build-go GO_BUILD_TAGS=${GO_BUILD_TAGS} WIRE_TAGS=${WIRE_TAGS}

-FROM ${BASE_IMAGE} as tgz-builder
+# From-tarball build stage
+FROM ${BASE_IMAGE} AS tgz-builder

 WORKDIR /tmp/grafana

@@ -95,8 +105,8 @@ COPY ${GRAFANA_TGZ} /tmp/grafana.tar.gz
 RUN tar x -z -f /tmp/grafana.tar.gz --strip-components=1

 # helpers for COPY --from
-FROM ${GO_SRC} as go-src
-FROM ${JS_SRC} as js-src
+FROM ${GO_SRC} AS go-src
+FROM ${JS_SRC} AS js-src

 # Final stage
 FROM ${BASE_IMAGE}
@@ -131,19 +141,20 @@ RUN if grep -i -q alpine /etc/issue; then \
    fi

 # glibc support for alpine x86_64 only
+# docker run --rm --env STDOUT=1 sgerrand/glibc-builder 2.40 /usr/glibc-compat > glibc-bin-2.40.tar.gz
+ARG GLIBC_VERSION=2.40
+
 RUN if grep -i -q alpine /etc/issue && [ `arch` = "x86_64" ]; then \
-      wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
-      wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.35-r0/glibc-2.35-r0.apk \
-        -O /tmp/glibc-2.35-r0.apk && \
-      wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.35-r0/glibc-bin-2.35-r0.apk \
-        -O /tmp/glibc-bin-2.35-r0.apk && \
-      apk add --force-overwrite --no-cache /tmp/glibc-2.35-r0.apk /tmp/glibc-bin-2.35-r0.apk && \
-      rm -f /lib64/ld-linux-x86-64.so.2 && \
-      ln -s /usr/glibc-compat/lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 && \
-      rm -f /tmp/glibc-2.35-r0.apk && \
-      rm -f /tmp/glibc-bin-2.35-r0.apk && \
-      rm -f /lib/ld-linux-x86-64.so.2 && \
-      rm -f /etc/ld.so.cache; \
+      wget -qO- "https://dl.grafana.com/glibc/glibc-bin-$GLIBC_VERSION.tar.gz" | tar zxf - -C / \
+        usr/glibc-compat/lib/ld-linux-x86-64.so.2 \
+        usr/glibc-compat/lib/libc.so.6 \
+        usr/glibc-compat/lib/libdl.so.2 \
+        usr/glibc-compat/lib/libm.so.6 \
+        usr/glibc-compat/lib/libpthread.so.0 \
+        usr/glibc-compat/lib/librt.so.1 \
+        usr/glibc-compat/lib/libresolv.so.2 && \
+      mkdir /lib64 && \
+      ln -s /usr/glibc-compat/lib/ld-linux-x86-64.so.2 /lib64; \
    fi

 COPY --from=go-src /tmp/grafana/conf ./conf
@@ -178,7 +189,7 @@ RUN if [ ! $(getent group "$GF_GID") ]; then \

 COPY --from=go-src /tmp/grafana/bin/grafana* /tmp/grafana/bin/*/grafana* ./bin/
 COPY --from=js-src /tmp/grafana/public ./public
-COPY --from=go-src /tmp/grafana/LICENSE ./
+COPY --from=js-src /tmp/grafana/LICENSE ./

 EXPOSE 3000

--- a/LICENSING.md
+++ b/LICENSING.md
@@ -10,7 +10,6 @@ The following directories and their subdirectories are licensed under Apache-2.0

 ```
 packages/grafana-data/
-packages/grafana-e2e/
 packages/grafana-e2e-selectors/
 packages/grafana-runtime/
 packages/grafana-ui/
--- a/141
+++ b/141
@@ -7,29 +7,37 @@ WIRE_TAGS = "oss"
 -include local/Makefile
 include .bingo/Variables.mk

-.PHONY: all deps-go deps-js deps build-go build-backend build-server build-cli build-js build build-docker-full build-docker-full-ubuntu lint-go golangci-lint test-go test-js gen-ts test run run-frontend clean devenv devenv-down protobuf drone help gen-go gen-cue fix-cue gen-feature-toggles
-
 GO = go
-GO_FILES ?= ./pkg/... ./pkg/apiserver/... ./pkg/apimachinery/... ./pkg/promlib/...
+GO_VERSION = 1.24.2
+GO_LINT_FILES ?= $(shell ./scripts/go-workspace/golangci-lint-includes.sh)
+GO_TEST_FILES ?= $(shell ./scripts/go-workspace/test-includes.sh)
 SH_FILES ?= $(shell find ./scripts -name *.sh)
+GO_RACE  := $(shell [ -n "$(GO_RACE)" -o -e ".go-race-enabled-locally" ] && echo 1 )
+GO_RACE_FLAG := $(if $(GO_RACE),-race)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_DEV),-dev)
 GO_BUILD_FLAGS += $(if $(GO_BUILD_TAGS),-build-tags=$(GO_BUILD_TAGS))
+GO_BUILD_FLAGS += $(GO_RACE_FLAG)

 targets := $(shell echo '$(sources)' | tr "," " ")

 GO_INTEGRATION_TESTS := $(shell find ./pkg -type f -name '*_test.go' -exec grep -l '^func TestIntegration' '{}' '+' | grep -o '\(.*\)/' | sort -u)

+.PHONY: all
 all: deps build

 ##@ Dependencies

+.PHONY: deps-go
 deps-go: ## Install backend dependencies.
-	$(GO) run build.go setup
+	$(GO) run $(GO_RACE_FLAG) build.go setup

+.PHONY: deps-js
 deps-js: node_modules ## Install frontend dependencies.

+.PHONY: deps
 deps: deps-js ## Install all dependencies.

+.PHONY: node_modules
 node_modules: package.json yarn.lock ## Install node modules.
 	@echo "install frontend dependencies"
 	YARN_ENABLE_PROGRESS_BARS=false yarn install --immutable
@@ -47,17 +55,20 @@ $(MERGED_SPEC_TARGET): swagger-oss-gen swagger-enterprise-gen $(NGALERT_SPEC_TAR
 	# known conflicts DsPermissionType, AddApiKeyCommand, Json, Duration (identical models referenced by both specs)
 	$(SWAGGER) mixin -q $(SPEC_TARGET) $(ENTERPRISE_SPEC_TARGET) $(NGALERT_SPEC_TARGET) --ignore-conflicts -o $(MERGED_SPEC_TARGET)

+.PHONY: swagger-oss-gen
 swagger-oss-gen: $(SWAGGER) ## Generate API Swagger specification
 	@echo "re-generating swagger for OSS"
 	rm -f $(SPEC_TARGET)
 	SWAGGER_GENERATE_EXTENSION=false $(SWAGGER) generate spec -q -m -w pkg/server -o $(SPEC_TARGET) \
 	-x "github.com/grafana/grafana/pkg/services/ngalert/api/tooling/definitions" \
+	-x "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options" \
 	-x "github.com/prometheus/alertmanager" \
 	-i pkg/api/swagger_tags.json \
 	--exclude-tag=alpha \
 	--exclude-tag=enterprise

 # this file only exists if enterprise is enabled
+.PHONY: swagger-enterprise-gen
 ENTERPRISE_EXT_FILE = pkg/extensions/ext.go
 ifeq ("$(wildcard $(ENTERPRISE_EXT_FILE))","") ## if enterprise is not enabled
 swagger-enterprise-gen:
@@ -68,17 +79,21 @@ swagger-enterprise-gen: $(SWAGGER) ## Generate API Swagger specification
 	rm -f $(ENTERPRISE_SPEC_TARGET)
 	SWAGGER_GENERATE_EXTENSION=false $(SWAGGER) generate spec -q -m -w pkg/server -o $(ENTERPRISE_SPEC_TARGET) \
 	-x "github.com/grafana/grafana/pkg/services/ngalert/api/tooling/definitions" \
+	-x "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2/options" \
 	-x "github.com/prometheus/alertmanager" \
 	-i pkg/api/swagger_tags.json \
 	--exclude-tag=alpha \
 	--include-tag=enterprise
 endif

+.PHONY: swagger-gen
 swagger-gen: gen-go $(MERGED_SPEC_TARGET) swagger-validate

+.PHONY: swagger-validate
 swagger-validate: $(MERGED_SPEC_TARGET) $(SWAGGER) ## Validate API spec
 	$(SWAGGER) validate --skip-warnings $(<)

+.PHONY: swagger-clean
 swagger-clean:
 	rm -f $(SPEC_TARGET) $(MERGED_SPEC_TARGET) $(OAPI_SPEC_TARGET)

@@ -97,15 +112,37 @@ lefthook-uninstall: $(LEFTHOOK)
 ##@ OpenAPI 3
 OAPI_SPEC_TARGET = public/openapi3.json

+.PHONY: openapi3-gen
 openapi3-gen: swagger-gen ## Generates OpenApi 3 specs from the Swagger 2 already generated
-	$(GO) run scripts/openapi3/openapi3conv.go $(MERGED_SPEC_TARGET) $(OAPI_SPEC_TARGET)
+	$(GO) run $(GO_RACE_FLAG) scripts/openapi3/openapi3conv.go $(MERGED_SPEC_TARGET) $(OAPI_SPEC_TARGET)
+
+##@ Internationalisation
+.PHONY: i18n-extract-enterprise
+ENTERPRISE_FE_EXT_FILE = public/app/extensions/index.ts
+ifeq ("$(wildcard $(ENTERPRISE_FE_EXT_FILE))","") ## if enterprise is not enabled
+i18n-extract-enterprise:
+	@echo "Skipping i18n extract for Enterprise: not enabled"
+else
+i18n-extract-enterprise:
+	@echo "Extracting i18n strings for Enterprise"
+	yarn run i18next --config public/locales/i18next-parser-enterprise.config.cjs
+	node ./public/locales/pseudo.mjs --mode enterprise
+endif
+
+.PHONY: i18n-extract
+i18n-extract: i18n-extract-enterprise
+	@echo "Extracting i18n strings for OSS"
+	yarn run i18next --config public/locales/i18next-parser.config.cjs
+	node ./public/locales/pseudo.mjs --mode oss

 ##@ Building
+.PHONY: gen-cue
 gen-cue: ## Do all CUE/Thema code generation
 	@echo "generate code from .cue files"
 	go generate ./kinds/gen.go
 	go generate ./public/app/plugins/gen.go

+.PHONY: gen-feature-toggles
 gen-feature-toggles:
 ## First go test run fails because it will re-generate the feature toggles.
 ## Second go test run will compare the generated files and pass.
@@ -117,34 +154,47 @@ gen-feature-toggles:
 		go test -v ./pkg/services/featuremgmt/...; \
 	fi

-gen-go: $(WIRE)
+.PHONY: gen-go
+gen-go:
 	@echo "generate go files"
-	$(WIRE) gen -tags $(WIRE_TAGS) ./pkg/server
+	$(GO) run $(GO_RACE_FLAG) ./pkg/build/wire/cmd/wire/main.go gen -tags $(WIRE_TAGS) ./pkg/server

+.PHONY: fix-cue
 fix-cue: $(CUE)
 	@echo "formatting cue files"
 	$(CUE) fix kinds/**/*.cue
 	$(CUE) fix public/app/plugins/**/**/*.cue

+.PHONY: gen-jsonnet
 gen-jsonnet:
 	go generate ./devenv/jsonnet

-build-go: gen-go ## Build all Go binaries.
+.PHONY: update-workspace
+update-workspace:
+	@echo "updating workspace"
+	bash scripts/go-workspace/update-workspace.sh
+
+.PHONY: build-go
+build-go: gen-go update-workspace ## Build all Go binaries.
 	@echo "build go files"
 	$(GO) run build.go $(GO_BUILD_FLAGS) build

+.PHONY: build-backend
 build-backend: ## Build Grafana backend.
 	@echo "build backend"
 	$(GO) run build.go $(GO_BUILD_FLAGS) build-backend

+.PHONY: build-server
 build-server: ## Build Grafana server.
 	@echo "build server"
 	$(GO) run build.go $(GO_BUILD_FLAGS) build-server

+.PHONY: build-cli
 build-cli: ## Build Grafana CLI application.
 	@echo "build grafana-cli"
 	$(GO) run build.go $(GO_BUILD_FLAGS) build-cli

+.PHONY: build-js
 build-js: ## Build frontend assets.
 	@echo "build frontend"
 	yarn run build
@@ -152,6 +202,7 @@ build-js: ## Build frontend assets.

 PLUGIN_ID ?=

+.PHONY: build-plugin-go
 build-plugin-go: ## Build decoupled plugins
 	@echo "build plugin $(PLUGIN_ID)"
 	@cd pkg/tsdb; \
@@ -161,11 +212,19 @@ build-plugin-go: ## Build decoupled plugins
 	fi; \
 	mage -v buildplugin $(PLUGIN_ID)

+.PHONY: build
 build: build-go build-js ## Build backend and frontend.

-run: $(BRA) ## Build and run web server on filesystem changes.
+.PHONY: run
+run: $(BRA) ## Build and run web server on filesystem changes. See /.bra.toml for configuration.
 	$(BRA) run

+.PHONY: run-go
+run-go: ## Build and run web server immediately.
+	$(GO) run -race $(if $(GO_BUILD_TAGS),-build-tags=$(GO_BUILD_TAGS)) \
+		./pkg/cmd/grafana -- server -profile -profile-addr=127.0.0.1 -profile-port=6000 -packaging=dev cfg:app_mode=development
+
+.PHONY: run-frontend
 run-frontend: deps-js ## Fetch js dependencies and watch frontend for rebuild
 	yarn start

@@ -177,62 +236,67 @@ test-go: test-go-unit test-go-integration
 .PHONY: test-go-unit
 test-go-unit: ## Run unit tests for backend with flags.
 	@echo "test backend unit tests"
-	go list -f '{{.Dir}}/...' -m | xargs \
-	$(GO) test -short -covermode=atomic -timeout=30m 
+	printf '$(GO_TEST_FILES)' | xargs \
+	$(GO) test $(GO_RACE_FLAG) -short -covermode=atomic -timeout=30m

 .PHONY: test-go-integration
 test-go-integration: ## Run integration tests for backend with flags.
 	@echo "test backend integration tests"
-	$(GO) test -count=1 -run "^TestIntegration" -covermode=atomic -timeout=5m $(GO_INTEGRATION_TESTS)
+	$(GO) test $(GO_RACE_FLAG) -count=1 -run "^TestIntegration" -covermode=atomic -timeout=5m $(GO_INTEGRATION_TESTS)

 .PHONY: test-go-integration-alertmanager
 test-go-integration-alertmanager: ## Run integration tests for the remote alertmanager (config taken from the mimir_backend block).
 	@echo "test remote alertmanager integration tests"
 	$(GO) clean -testcache
 	AM_URL=http://localhost:8080 AM_TENANT_ID=test \
-	$(GO) test -count=1 -run "^TestIntegrationRemoteAlertmanager" -covermode=atomic -timeout=5m ./pkg/services/ngalert/...
+	$(GO) test $(GO_RACE_FLAG) -count=1 -run "^TestIntegrationRemoteAlertmanager" -covermode=atomic -timeout=5m ./pkg/services/ngalert/...

 .PHONY: test-go-integration-postgres
 test-go-integration-postgres: devenv-postgres ## Run integration tests for postgres backend with flags.
 	@echo "test backend integration postgres tests"
 	$(GO) clean -testcache
 	GRAFANA_TEST_DB=postgres \
-	$(GO) test -p=1 -count=1 -run "^TestIntegration" -covermode=atomic -timeout=10m $(GO_INTEGRATION_TESTS)
+	$(GO) test $(GO_RACE_FLAG) -p=1 -count=1 -run "^TestIntegration" -covermode=atomic -timeout=10m $(GO_INTEGRATION_TESTS)

 .PHONY: test-go-integration-mysql
 test-go-integration-mysql: devenv-mysql ## Run integration tests for mysql backend with flags.
 	@echo "test backend integration mysql tests"
 	GRAFANA_TEST_DB=mysql \
-	$(GO) test -p=1 -count=1 -run "^TestIntegration" -covermode=atomic -timeout=10m $(GO_INTEGRATION_TESTS)
+	$(GO) test $(GO_RACE_FLAG) -p=1 -count=1 -run "^TestIntegration" -covermode=atomic -timeout=10m $(GO_INTEGRATION_TESTS)

 .PHONY: test-go-integration-redis
 test-go-integration-redis: ## Run integration tests for redis cache.
 	@echo "test backend integration redis tests"
 	$(GO) clean -testcache
-	REDIS_URL=localhost:6379 $(GO) test -run IntegrationRedis -covermode=atomic -timeout=2m $(GO_INTEGRATION_TESTS)
+	REDIS_URL=localhost:6379 $(GO) test $(GO_RACE_FLAG) -run IntegrationRedis -covermode=atomic -timeout=2m $(GO_INTEGRATION_TESTS)

 .PHONY: test-go-integration-memcached
 test-go-integration-memcached: ## Run integration tests for memcached cache.
 	@echo "test backend integration memcached tests"
 	$(GO) clean -testcache
-	MEMCACHED_HOSTS=localhost:11211 $(GO) test -run IntegrationMemcached -covermode=atomic -timeout=2m $(GO_INTEGRATION_TESTS)
+	MEMCACHED_HOSTS=localhost:11211 $(GO) test $(GO_RACE_FLAG) -run IntegrationMemcached -covermode=atomic -timeout=2m $(GO_INTEGRATION_TESTS)

+.PHONY: test-js
 test-js: ## Run tests for frontend.
 	@echo "test frontend"
 	yarn test

+.PHONY: test
 test: test-go test-js ## Run all tests.

 ##@ Linting
+.PHONY: golangci-lint
 golangci-lint: $(GOLANGCI_LINT)
 	@echo "lint via golangci-lint"
 	$(GOLANGCI_LINT) run \
-		--config .golangci.toml \
-		$(GO_FILES)
+		--config .golangci.yml \
+		$(GO_LINT_FILES)

-lint-go: golangci-lint ## Run all code checks for backend. You can use GO_FILES to specify exact files to check
+.PHONY: lint-go
+lint-go: golangci-lint ## Run all code checks for backend. You can use GO_LINT_FILES to specify exact files to check

 # with disabled SC1071 we are ignored some TCL,Expect `/usr/bin/env expect` scripts
+.PHONY: shellcheck
 shellcheck: $(SH_FILES) ## Run checks for shell scripts.
 	@docker run --rm -v "$$PWD:/mnt" koalaman/shellcheck:stable \
 	$(SH_FILES) -e SC1071 -e SC2162
@@ -242,6 +306,7 @@ shellcheck: $(SH_FILES) ## Run checks for shell scripts.
 TAG_SUFFIX=$(if $(WIRE_TAGS)!=oss,-$(WIRE_TAGS))
 PLATFORM=linux/amd64

+.PHONY: build-docker-full
 build-docker-full: ## Build Docker image for development.
 	@echo "build docker container"
 	tar -ch . | \
@@ -255,6 +320,7 @@ build-docker-full: ## Build Docker image for development.
 	--tag grafana/grafana$(TAG_SUFFIX):dev \
 	$(DOCKER_BUILD_ARGS)

+.PHONY: build-docker-full-ubuntu
 build-docker-full-ubuntu: ## Build Docker image based on Ubuntu for development.
 	@echo "build docker container"
 	tar -ch . | \
@@ -266,7 +332,7 @@ build-docker-full-ubuntu: ## Build Docker image based on Ubuntu for development.
 	--build-arg COMMIT_SHA=$$(git rev-parse HEAD) \
 	--build-arg BUILD_BRANCH=$$(git rev-parse --abbrev-ref HEAD) \
 	--build-arg BASE_IMAGE=ubuntu:22.04 \
-	--build-arg GO_IMAGE=golang:1.21.8 \
+	--build-arg GO_IMAGE=golang:$(GO_VERSION) \
 	--tag grafana/grafana$(TAG_SUFFIX):dev-ubuntu \
 	$(DOCKER_BUILD_ARGS)

@@ -274,6 +340,7 @@ build-docker-full-ubuntu: ## Build Docker image based on Ubuntu for development.

 # create docker-compose file with provided sources and start them
 # example: make devenv sources=postgres,auth/openldap
+.PHONY: devenv
 ifeq ($(sources),)
 devenv:
 	@printf 'You have to define sources for this command \nexample: make devenv sources=postgres,openldap\n'
@@ -287,15 +354,18 @@ devenv: devenv-down ## Start optional services, e.g. postgres, prometheus, and e
 	docker-compose up -d --build
 endif

+.PHONY: devenv-down
 devenv-down: ## Stop optional services.
 	@cd devenv; \
 	test -f docker-compose.yaml && \
 	docker-compose down || exit 0;

+.PHONY: devenv-postgres
 devenv-postgres:
 	@cd devenv; \
 	sources=postgres_tests

+.PHONY: devenv-mysql
 devenv-mysql:
 	@cd devenv; \
 	sources=mysql_tests
@@ -307,18 +377,23 @@ devenv-mysql:
 # go-gettable dependency and so getting it installed can be inconvenient.
 #
 # If you are working on changes to protobuf interfaces you may either use
-# this target or run the individual scripts below directly.
+# this target or run the individual scripts below directly
+.PHONY: protobuf
 protobuf: ## Compile protobuf definitions
 	bash scripts/protobuf-check.sh
-	bash pkg/plugins/backendplugin/pluginextensionv2/generate.sh
-	bash pkg/plugins/backendplugin/secretsmanagerplugin/generate.sh
-	bash pkg/services/store/entity/generate.sh
+	go install google.golang.org/protobuf/cmd/protoc-gen-go
+	go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.4.0
+	buf generate pkg/plugins/backendplugin/pluginextensionv2 --template pkg/plugins/backendplugin/pluginextensionv2/buf.gen.yaml
+	buf generate pkg/plugins/backendplugin/secretsmanagerplugin --template pkg/plugins/backendplugin/secretsmanagerplugin/buf.gen.yaml
+	buf generate pkg/storage/unified/resource --template pkg/storage/unified/resource/buf.gen.yaml

+.PHONY: clean
 clean: ## Clean up intermediate build artifacts.
 	@echo "cleaning"
 	rm -rf node_modules
 	rm -rf public/build

+.PHONY: gen-ts
 gen-ts:
 	@echo "generating TypeScript definitions"
 	go get github.com/tkrajina/typescriptify-golang-structs/typescriptify@v0.1.7
@@ -328,6 +403,7 @@ gen-ts:
 # This repository's configuration is protected (https://readme.drone.io/signature/).
 # Use this make target to regenerate the configuration YAML files when
 # you modify starlark files.
+.PHONY: drone
 drone: $(DRONE)
 	bash scripts/drone/env-var-check.sh
 	$(DRONE) starlark --format
@@ -335,11 +411,26 @@ drone: $(DRONE)
 	$(DRONE) --server https://drone.grafana.net sign --save grafana/grafana

 # Generate an Emacs tags table (https://www.gnu.org/software/emacs/manual/html_node/emacs/Tags-Tables.html) for Starlark files.
+.PHONY: scripts/drone/TAGS
 scripts/drone/TAGS: $(shell find scripts/drone -name '*.star')
 	etags --lang none --regex="/def \(\w+\)[^:]+:/\1/" --regex="/\s*\(\w+\) =/\1/" $^ -o $@

+.PHONY: format-drone
 format-drone:
 	buildifier --lint=fix -r scripts/drone

+.PHONY: go-race-is-enabled
+go-race-is-enabled:
+	@if [ -n "$(GO_RACE)" ]; then \
+		echo "The Go race detector is enabled locally, yey!"; \
+	else \
+		echo "The Go race detector is NOT enabled locally, boo!"; \
+	fi;
+
+.PHONY: enable-go-race
+enable-go-race:
+	@touch .go-race-enabled-locally
+
+.PHONY: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
--- a/WORKFLOW.md
+++ b/WORKFLOW.md
@@ -14,7 +14,7 @@ Team members and their access to repositories is maintained through [GitHub team

 Examples of proposed changes are overarching architecture, component design, and specific code or graphical elements. Proposed changes SHOULD cover the big picture and intention, but individual parts SHOULD be split into the smallest possible changes. Changes SHOULD be based on and target the main branch. Depending on size of the proposed change, each change SHOULD be discussed, in increasing order of change size and complexity:

- Directly in a RR (Pull Request) - this MAY be done, but SHOULD not be the common case.
+- Directly in a PR (Pull Request) - this MAY be done, but SHOULD not be the common case.
 - Issue
 - Developer mailing list
 - Design document, shared via Google Docs, accessible to at least all team members.
--- a/apps/alerting/notifications/cue.mod/module.cue
+++ b/apps/alerting/notifications/cue.mod/module.cue
@@ -0,0 +1 @@
+module:"notifications"
--- a/apps/alerting/notifications/receiver.cue
+++ b/apps/alerting/notifications/receiver.cue
@@ -0,0 +1,32 @@
+package core
+
+receiver: {
+	kind:  "Receiver"
+	group: "notifications"
+	apiResource: {
+		groupOverride: "notifications.alerting.grafana.app"
+	}
+	codegen: {
+		frontend: false
+		backend:  true
+	}
+	pluralName: "Receivers"
+	current:    "v0alpha1"
+	versions: {
+		"v0alpha1": {
+			schema: {
+				#Integration: {
+					uid?: string
+					type: string
+					disableResolveMessage?: bool
+					settings: bytes
+					secureFields?: [string]: bool
+				}
+				spec: {
+					title: string
+					integrations : [...#Integration]
+				}
+			}
+		}
+	}
+}
--- a/apps/alerting/notifications/timeInterval.cue
+++ b/apps/alerting/notifications/timeInterval.cue
@@ -0,0 +1,37 @@
+package core
+
+timeInterval: {
+	kind:  "TimeInterval"
+	group: "notifications"
+	apiResource: {
+		groupOverride: "notifications.alerting.grafana.app"
+	}
+	codegen: {
+		frontend: false
+		backend:  true
+	}
+	pluralName: "TimeIntervals"
+	current:    "v0alpha1"
+	versions: {
+		"v0alpha1": {
+			schema: {
+				#TimeRange: {
+					start_time: string
+					end_time: string
+				}
+				#Interval: {
+					times?: [...#TimeRange]
+					weekdays?: [...string]
+					days_of_month?: [...string]
+					months?: [...string]
+					years?: [...string]
+					location?: string
+				}
+				spec: {
+					name: string
+					time_intervals: [...#Interval]
+				}
+			}
+		}
+	}
+}
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -65,6 +65,7 @@ enable_gzip = false
 # https certs & key file
 cert_file =
 cert_key =
+cert_pass =

 # Certificates file watch interval
 certs_watch_interval =
@@ -104,6 +105,14 @@ address = "127.0.0.1:10000"
 use_tls = false
 cert_file =
 key_file =
+# this will log the request and response for each unary gRPC call
+enable_logging = false
+
+# Maximum size of a message that can be received in bytes. If not set, uses the gRPC default (4MiB).
+max_recv_msg_size =
+
+# Maximum size of a message that can be sent in bytes. If not set, uses the gRPC default (unlimited).
+max_send_msg_size =

 #################################### Database ############################
 [database]
@@ -137,7 +146,7 @@ log_queries =
 # For "mysql", use either "true", "false", or "skip-verify".
 ssl_mode = disable

-# For "postregs", use either "1" to enable or "0" to disable SNI
+# For "postgres", use either "1" to enable or "0" to disable SNI
 ssl_sni =

 # Database drivers may support different transaction isolation levels.
@@ -304,6 +313,9 @@ application_insights_endpoint_url =
 # Controls if the UI contains any links to user feedback forms
 feedback_links_enabled = true

+# Static context that is being added to analytics events
+reporting_static_context =
+
 #################################### Security ############################
 [security]
 # disable creation of admin user on first start of grafana
@@ -394,6 +406,9 @@ csrf_always_check = false
 # Comma-separated list of plugins ids that won't be loaded inside the frontend sandbox
 disable_frontend_sandbox_for_plugins = grafana-incident-app

+# Comma-separated list of paths for POST/PUT URL in actions. Empty will allow anything that is not on the same origin
+actions_allow_post_url =
+
 [security.encryption]
 # Defines the time-to-live (TTL) for decrypted data encryption keys stored in memory (cache).
 # Please note that small values may cause performance issues due to a high frequency decryption operations.
@@ -417,9 +432,6 @@ external_snapshot_name = Publish to snapshots.raintank.io
 # creating and deleting snapshots.
 public_mode = false

-# remove expired snapshot
-snapshot_remove_expired = true
-
 #################################### Dashboards ##################

 [dashboards]
@@ -482,8 +494,8 @@ verify_email_enabled = false
 login_default_org_id =

 # Background text for the user field on the login page
-login_hint = email or username
-password_hint = password
+login_hint =
+password_hint =

 # Default UI theme ("dark" or "light" or "system")
 default_theme = dark
@@ -511,6 +523,9 @@ user_invite_max_lifetime_duration = 24h
 # The duration in time a verification email, used to update the email address of a user, remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 1h (1 hour).
 verification_email_max_lifetime_duration = 1h

+# Frequency of updating a user's last seen time. The minimum supported duration is 5m (5 minutes). The maximum supported duration is 1h (1 hour)
+last_seen_update_interval = 15m
+
 # Enter a comma-separated list of usernames to hide them in the Grafana UI. These users are shown to Grafana admins and to themselves.
 hidden_users =

@@ -639,6 +654,7 @@ team_ids =
 allowed_organizations =
 role_attribute_path =
 role_attribute_strict = false
+org_mapping =
 allow_assign_grafana_admin = false
 skip_org_role_sync = false
 tls_skip_verify_insecure = false
@@ -666,6 +682,7 @@ allowed_domains =
 allowed_groups =
 role_attribute_path =
 role_attribute_strict = false
+org_mapping =
 allow_assign_grafana_admin = false
 skip_org_role_sync = false
 tls_skip_verify_insecure = false
@@ -695,6 +712,7 @@ hosted_domain =
 allowed_groups =
 role_attribute_path =
 role_attribute_strict = false
+org_mapping =
 allow_assign_grafana_admin = false
 skip_org_role_sync = true
 tls_skip_verify_insecure = false
@@ -745,6 +763,7 @@ allowed_domains =
 allowed_groups =
 allowed_organizations =
 role_attribute_strict = false
+org_mapping =
 allow_assign_grafana_admin = false
 force_use_graph_api = false
 tls_skip_verify_insecure = false
@@ -773,6 +792,8 @@ allowed_domains =
 allowed_groups =
 role_attribute_path =
 role_attribute_strict = false
+org_attribute_path =
+org_mapping =
 allow_assign_grafana_admin = false
 skip_org_role_sync = false
 tls_skip_verify_insecure = false
@@ -799,6 +820,8 @@ login_attribute_path =
 name_attribute_path =
 role_attribute_path =
 role_attribute_strict = false
+org_attribute_path =
+org_mapping =
 groups_attribute_path =
 id_token_attribute_name =
 team_ids_attribute_path =
@@ -852,6 +875,8 @@ enable_login_token = false
 header_name =
 email_claim =
 username_claim =
+email_attribute_path =
+username_attribute_path =
 jwk_set_url =
 jwk_set_file =
 cache_ttl = 60m
@@ -865,7 +890,6 @@ auto_sign_up = false
 url_login = false
 allow_assign_grafana_admin = false
 skip_org_role_sync = false
-signout_redirect_url =

 #################################### Auth LDAP ###########################
 [auth.ldap]
@@ -910,6 +934,10 @@ forward_settings_to_plugins = cloudwatch, grafana-athena-datasource, grafana-red
 # Default value is AzureCloud (i.e. public cloud)
 cloud = AzureCloud

+# A customized list of Azure cloud settings and properties, used by data sources which need this information when run in non-standard azure environments
+# When specified, this list will replace the default cloud list of AzureCloud, AzureChinaCloud, AzureUSGovernment and AzureGermanCloud
+clouds_config =
+
 # Specifies whether Grafana hosted in Azure service with Managed Identity configured (e.g. Azure Virtual Machines instance)
 # If enabled, the managed identity can be used for authentication of Grafana in Azure services
 # Disabled by default, needs to be explicitly enabled
@@ -961,10 +989,19 @@ user_identity_client_id =
 # By default is the same as used in AAD authentication or can be set to another application (for OBO flow)
 user_identity_client_secret =

+# Allows the usage of a custom token request assertion when Grafana is behind an authentication proxy
+# In most cases this will not need to be used. To enable this set the value to "username"
+# The default is empty and any other value will not enable this functionality
+username_assertion =
+
 # Set the plugins that will receive Azure settings for each request (via plugin context)
 # By default this will include all Grafana Labs owned Azure plugins, or those that make use of Azure settings (Azure Monitor, Azure Data Explorer, Prometheus, MSSQL).
 forward_settings_to_plugins = grafana-azure-monitor-datasource, prometheus, grafana-azure-data-explorer-datasource, mssql

+# Specifies whether Entra password auth can be used for the MSSQL data source
+# Disabled by default, needs to be explicitly enabled
+azure_entra_password_credentials_enabled = false
+
 #################################### Role-based Access Control ###########
 [rbac]
 # If enabled, cache permissions in a in memory cache
@@ -1083,6 +1120,9 @@ instrumentations_console_enabled = false
 # Should webvitals instrumentation be enabled, only affects Grafana Javascript Agent
 instrumentations_webvitals_enabled = false

+# Should tracing instrumentation be enabled, only affects Grafana Javascript Agent
+instrumentations_tracing_enabled = false
+
 # level of internal logging for debugging Grafana Javascript Agent.
 # possible values are: 0 = OFF, 1 = ERROR, 2 = WARN, 3 = INFO, 4 = VERBOSE
 # more details: https://github.com/grafana/faro-web-sdk/blob/v1.3.7/docs/sources/tutorials/quick-start-browser.md#how-to-activate-debugging
@@ -1142,6 +1182,11 @@ global_correlations = -1
 # This is not strictly enforced yet, but will be enforced over time.
 alerting_rule_group_rules = 100

+# Limit the number of query evaluation results per alert rule.
+# If the condition query of an alert rule produces more results than this limit,
+# the evaluation results in an error.
+alerting_rule_evaluation_results = -1
+
 #################################### Unified Alerting ####################
 [unified_alerting]
 # Enable the Alerting sub-system and interface.
@@ -1150,6 +1195,9 @@ enabled =
 # Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled.
 disabled_orgs =

+# Specify how long to wait for the alerting service to initialize
+initialization_timeout = 30s
+
 # Specify the frequency of polling for admin config changes.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 admin_config_poll_interval = 60s
@@ -1158,7 +1206,18 @@ admin_config_poll_interval = 60s
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 alertmanager_config_poll_interval = 60s

-# The redis server address that should be connected to.
+# Maximum number of active and pending silences that a tenant can have at once. Default: 0 (no limit).
+alertmanager_max_silences_count =
+
+# Maximum silence size in bytes. Default: 0 (no limit).
+alertmanager_max_silence_size_bytes =
+
+# Set to true when using redis in cluster mode.
+ha_redis_cluster_mode_enabled = false
+
+# The redis server address(es) that should be connected to.
+# Can either be a single address, or if using redis in cluster mode,
+# the cluster configuration address or a comma-separated list of addresses.
 ha_redis_address =

 # The username that should be used to authenticate with the redis server.
@@ -1181,6 +1240,34 @@ ha_redis_peer_name =
 # The maximum number of simultaneous redis connections.
 ha_redis_max_conns = 5

+# Enable TLS on the client used to communicate with the redis server. This should be set to true
+# if using any of the other ha_redis_tls_* fields.
+ha_redis_tls_enabled = false
+
+# Path to the PEM-encoded TLS client certificate file used to authenticate with the redis server.
+# Required if using Mutual TLS.
+ha_redis_tls_cert_path =
+
+# Path to the PEM-encoded TLS private key file. Also requires the client certificate to be configured.
+# Required if using Mutual TLS.
+ha_redis_tls_key_path =
+
+# Path to the PEM-encoded CA certificates file. If not set, the host's root CA certificates are used.
+ha_redis_tls_ca_path =
+
+# Overrides the expected name of the redis server certificate.
+ha_redis_tls_server_name =
+
+# Skips validating the redis server certificate.
+ha_redis_tls_insecure_skip_verify =
+
+# Overrides the default TLS cipher suite list.
+ha_redis_tls_cipher_suites =
+
+# Overrides the default minimum TLS version.
+# Allowed values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
+ha_redis_tls_min_version =
+
 # Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port.
 ha_listen_address = "0.0.0.0:9094"

@@ -1206,6 +1293,10 @@ ha_label =
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ha_gossip_interval = 200ms

+# Length of time to attempt to reconnect to a lost peer. Recommended to be short (<15m) when Grafana is running in a Kubernetes cluster.
+# The string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
+ha_reconnect_timeout = 6h
+
 # The interval between gossip full state syncs. Setting this interval lower (more frequent) will increase convergence speeds
 # across larger clusters at the expense of increased bandwidth usage.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
@@ -1238,6 +1329,12 @@ state_periodic_save_interval = 5m
 # Rules will evaluate in sync.
 disable_jitter = false

+# Retention period for Alertmanager notification log entries.
+notification_log_retention = 5d
+
+# Duration for which a resolved alert state transition will continue to be sent to the Alertmanager.
+resolved_alert_retention = 15m
+
 [unified_alerting.screenshots]
 # Enable screenshots in notifications. You must have either installed the Grafana image rendering
 # plugin, or set up Grafana to use a remote rendering service.
@@ -1315,6 +1412,12 @@ loki_basic_auth_password =
 # Optional max query length for queries sent to Loki. Default is 721h which matches the default Loki value.
 loki_max_query_length = 721h

+# For "loki" only.
+# Maximum size in bytes for queries sent to Loki. This limit is applied to user provided filters as well as system defined ones, e.g. applied by access control.
+# If filter exceeds the limit, API returns error with code "alerting.state-history.loki.requestTooLong".
+# Default is 64kb
+loki_max_query_size = 65536
+
 [unified_alerting.state_history.external_labels]
 # Optional extra labels to attach to outbound state history records or log streams.
 # Any number of label key-value-pairs can be provided.
@@ -1333,6 +1436,23 @@ max_age =
 # Configures max number of alert annotations that Grafana stores. Default value is 0, which keeps all alert annotations.
 max_annotations_to_keep =

+[recording_rules]
+# Target URL (including write path) for recording rules.
+url =
+
+# Optional username for basic authentication on recording rule write requests. Can be left blank to disable basic auth
+basic_auth_username =
+
+# Optional assword for basic authentication on recording rule write requests. Can be left blank.
+basic_auth_password =
+
+# Request timeout for recording rule writes.
+timeout = 10s
+
+# Optional custom headers to include in recording rule write requests.
+[recording_rules.custom_headers]
+# exampleHeader = exampleValue
+
 # NOTE: this configuration options are not used yet.
 [remote.alertmanager]

@@ -1390,6 +1510,9 @@ max_annotations_to_keep =
 # Enable the Explore section
 enabled = true

+# set the default offset for the time picker
+defaultTimeOffset = 1h
+
 #################################### Help #############################
 [help]
 # Enable the Help section
@@ -1415,6 +1538,11 @@ concurrent_query_limit =
 # Enable the Query history
 enabled = true

+#################################### Short Links #############################
+[short_links]
+# Short links which are never accessed will be deleted as cleanup. Time is in days. Default is 7 days. Max is 365. 0 means they will be deleted approximately every 10 minutes.
+expire_time = 7
+
 #################################### Internal Grafana Metrics ############
 # Metrics available at HTTP URL /metrics and /metrics/plugins/:pluginId
 [metrics]
@@ -1448,6 +1576,7 @@ url = https://grafana.com
 [grafana_com]
 url = https://grafana.com
 api_url = https://grafana.com/api
+sso_api_token = ""

 #################################### Distributed tracing ############
 # Opentracing is deprecated use opentelemetry instead
@@ -1622,6 +1751,9 @@ ha_engine_address = "127.0.0.1:6379"
 # ha_engine_password allows setting an optional password to authenticate with the engine
 ha_engine_password = ""

+# ha_prefix is a prefix for keys in the HA engine. It's used to separate keys for different Grafana instances.
+ha_prefix =
+
 #################################### Grafana Image Renderer Plugin ##########################
 [plugin.grafana-image-renderer]
 # Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert.
@@ -1821,3 +1953,32 @@ enabled = true
 [cloud_migration]
 # Set to true to enable target-side migration UI
 is_target = false
+# Token used to send requests to grafana com
+gcom_api_token = ""
+# How long to wait for a request sent to gms to start a snapshot to complete
+start_snapshot_timeout = 5s
+# How long to wait for a request sent to gms to validate a key to complete
+validate_key_timeout = 5s
+# How long to wait for a request sent to gms to get a snapshot status to complete
+get_snapshot_status_timeout = 5s
+# How long to wait for a request sent to gms to create a presigned upload url
+create_upload_url_timeout = 5s
+# How long to wait for a request sent to gms to report an event
+report_event_timeout = 5s
+# How long to wait for a request to fetch an instance to complete
+fetch_instance_timeout = 5s
+# How long to wait for a request to create an access policy to complete
+create_access_policy_timeout = 5s
+# How long to wait for a request to create to fetch an access policy to complete
+fetch_access_policy_timeout = 5s
+# How long to wait for a request to create to delete an access policy to complete
+delete_access_policy_timeout = 5s
+# The domain name used to access cms
+domain = grafana.net
+# Folder used to store snapshot files. Defaults to the home dir
+snapshot_folder = ""
+# Link to form to give feedback on the feature
+feedback_url = https://docs.google.com/forms/d/e/1FAIpQLSeEE33vhbSpR8A8S1A1ocZ1ByVRRwiRl1GZr2FSrEer_tSa8w/viewform?usp=sf_link
+# How frequently should the frontend UI poll for changes while resources are migrating
+frontend_poll_interval = 2s
+
--- a/conf/ldap.toml
+++ b/conf/ldap.toml
@@ -11,10 +11,11 @@ port = 389
 use_ssl = false
 # If set to true, use LDAP with STARTTLS instead of LDAPS
 start_tls = false
-# The value of an accepted TLS cipher. By default, this value is empty. Example value: ["TLS_AES_256_GCM_SHA384"])
+# The value of an accepted TLS cipher. By default, this value is empty. Example value: ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"])
 # For a complete list of supported ciphers and TLS versions, refer to: https://go.dev/src/crypto/tls/cipher_suites.go
+# Starting with Grafana v11.0 only ciphers with ECDHE support are accepted for TLS 1.2 connections.
 tls_ciphers = []
-# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.1, TLS1.2, TLS1.3.
+# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.1 (only for Grafana v10.4 or older), TLS1.2, TLS1.3.
 min_tls_version = ""
 # set to true if you want to skip ssl cert validation
 ssl_skip_verify = false
--- a/conf/provisioning/alerting/sample.yaml
+++ b/conf/provisioning/alerting/sample.yaml
@@ -191,7 +191,7 @@ apiVersion: 1
 #   - orgID: 1
 #     # <string, required> name of the template, must be unique
 #     name: my_first_template
-#     # <string, required> content of the the template
+#     # <string, required> content of the template
 #     template: Alerting with a custome text template

 # # List of templates that should be deleted
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -31,13 +31,13 @@
 # Protocol (http, https, h2, socket)
 ;protocol = http

-# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken
+# Minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken
 ;min_tls_version = ""

 # The ip address to bind to, empty will bind to all interfaces
 ;http_addr =

-# The http port  to use
+# The http port to use
 ;http_port = 3000

 # The public facing domain name used to access grafana from a browser
@@ -67,6 +67,9 @@
 ;cert_file =
 ;cert_key =

+# optional password to be used to decrypt key file
+;cert_pass =
+
 # Certificates file watch interval
 ;certs_watch_interval =

@@ -94,6 +97,10 @@
 #exampleHeader1 = exampleValue1
 #exampleHeader2 = exampleValue2

+[environment]
+# Sets whether the local file system is available for Grafana to use. Default is true for backward compatibility.
+;local_file_system_available = true
+
 #################################### GRPC Server #########################
 ;[grpc_server]
 ;network = "tcp"
@@ -101,6 +108,10 @@
 ;use_tls = false
 ;cert_file =
 ;key_file =
+;max_recv_msg_size =
+;max_send_msg_size =
+# this will log the request and response for each unary gRPC call
+;enable_logging = false

 #################################### Database ####################################
 [database]
@@ -114,16 +125,27 @@
 ;user = root
 # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
 ;password =
-
 # Use either URL or the previous fields to configure the database
 # Example: mysql://user:secret@host:port/database
 ;url =

+# Max idle conn setting default is 2
+;max_idle_conn = 2
+
+# Max conn setting default is 0 (mean not set)
+;max_open_conn =
+
+# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
+;conn_max_lifetime = 14400
+
+# Set to true to log the sql calls and execution times.
+;log_queries =
+
 # For "postgres", use either "disable", "require" or "verify-full"
 # For "mysql", use either "true", "false", or "skip-verify".
 ;ssl_mode = disable

-# For "postregs", use either "1" to enable or "0" to disable SNI
+# For "postgres", use either "1" to enable or "0" to disable SNI
 ;ssl_sni =

 # Database drivers may support different transaction isolation levels.
@@ -140,18 +162,6 @@
 # For "sqlite3" only, path relative to data_path setting
 ;path = grafana.db

-# Max idle conn setting default is 2
-;max_idle_conn = 2
-
-# Max conn setting default is 0 (mean not set)
-;max_open_conn =
-
-# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
-;conn_max_lifetime = 14400
-
-# Set to true to log the sql calls and execution times.
-;log_queries =
-
 # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
 ;cache_mode = private

@@ -161,7 +171,7 @@
 # For "mysql" and "postgres" only. Lock the database for the migrations, default is true.
 ;migration_locking = true

-# For "mysql" and "postgres" only if migrationLocking is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" and "postgres" only. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 ;locking_attempt_timeout_sec = 0

 # For "sqlite" only. How many times to retry query in case of database is locked failures. Default is 0 (disabled).
@@ -173,11 +183,6 @@
 # Set to true to add metrics and tracing for database queries.
 ;instrument_queries = false

-################################### Data sources #########################
-[datasources]
-# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API.
-;datasource_limit = 5000
-
 #################################### Cache server #############################
 [remote_cache]
 # Either "redis", "memcached" or "database" default is "database"
@@ -298,9 +303,18 @@
 # Intercom secret, optional, used to hash user_id before passing to Intercom via Rudderstack
 ;intercom_secret =

+# Application Insights connection string. Specify an URL string to enable this feature.
+;application_insights_connection_string =
+
+# Optional. Specifies an Application Insights endpoint URL where the endpoint string is wrapped in backticks ``.
+;application_insights_endpoint_url =
+
 # Controls if the UI contains any links to user feedback forms
 ;feedback_links_enabled = true

+# Static context that is being added to analytics events
+;reporting_static_context = grafanaInstance=12, os=linux
+
 #################################### Security ####################################
 [security]
 # disable creation of admin user on first start of grafana
@@ -381,6 +395,7 @@
 # $NONCE in the template includes a random nonce.
 # $ROOT_PATH is server.root_url without the protocol.
 ;content_security_policy_report_only_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
+
 # Controls if old angular plugins are supported or not.
 ;angular_support_enabled = false

@@ -396,6 +411,9 @@
 # Comma-separated list of plugins ids that won't be loaded inside the frontend sandbox
 ;disable_frontend_sandbox_for_plugins =

+# Comma-separated list of paths for POST/PUT URL in actions. Empty will allow anything that is not on the same origin
+;actions_allow_post_url =
+
 [security.encryption]
 # Defines the time-to-live (TTL) for decrypted data encryption keys stored in memory (cache).
 # Please note that small values may cause performance issues due to a high frequency decryption operations.
@@ -419,10 +437,7 @@
 # creating and deleting snapshots.
 ;public_mode = false

-# remove expired snapshot
-;snapshot_remove_expired = true
-
-#################################### Dashboards History ##################
+#################################### Dashboards ##################
 [dashboards]
 # Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
 ;versions_to_keep = 20
@@ -434,6 +449,30 @@
 # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
 ;default_home_dashboard_path =

+################################### Data sources #########################
+[datasources]
+# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API.
+;datasource_limit = 5000
+
+# Number of queries to be executed concurrently. Only for the datasource supports concurrency.
+# For now only Loki and InfluxDB (with influxql) are supporting concurrency behind the feature flags.
+# Check datasource documentations for enabling concurrency.
+;concurrent_query_count = 10
+
+################################### SQL Data Sources #####################
+[sql_datasources]
+# Default maximum number of open connections maintained in the connection pool
+# when connecting to SQL based data sources
+;max_open_conns_default = 100
+
+# Default maximum number of idle connections maintained in the connection pool
+# when connecting to SQL based data sources
+;max_idle_conns_default = 100
+
+# Default maximum connection lifetime used when connecting
+# to SQL based data sources.
+;max_conn_lifetime_default = 14400
+
 #################################### Users ###############################
 [users]
 # disable user signup / registration
@@ -461,7 +500,7 @@
 ;login_hint = email or username
 ;password_hint = password

-# Default UI theme ("dark" or "light")
+# Default UI theme ("dark", "light" or "system")
 ;default_theme = dark

 # Default UI language (supported IETF language tag, such as en-US)
@@ -487,6 +526,9 @@
 # The duration in time a verification email, used to update the email address of a user, remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 1h (1 hour).
 ;verification_email_max_lifetime_duration = 1h

+# Frequency of updating a user's last seen time. The minimum supported duration is 5m (5 minutes). The maximum supported duration is 1h (1 hour).
+;last_seen_update_interval = 15m
+
 # Enter a comma-separated list of users login to hide them in the Grafana UI. These users are shown to Grafana admins and themselves.
 ; hidden_users =

@@ -556,9 +598,6 @@
 # Set to true to enable Azure authentication option for HTTP-based datasources.
 ;azure_auth_enabled = false

-# Set to skip the organization role from JWT login and use system's role assignment instead.
-; skip_org_role_sync = false
-
 # Use email lookup in addition to the unique ID provided by the IdP
 ;oauth_allow_insecure_email_lookup = false

@@ -587,6 +626,9 @@
 # mask the Grafana version number for unauthenticated users
 ;hide_version = false

+# number of devices in total
+;device_limit =
+
 #################################### GitHub Auth ##########################
 [auth.github]
 ;name = GitHub
@@ -606,8 +648,15 @@
 ;allowed_organizations =
 ;role_attribute_path =
 ;role_attribute_strict = false
+;org_mapping =
 ;allow_assign_grafana_admin = false
 ;skip_org_role_sync = false
+;tls_skip_verify_insecure = false
+;tls_client_cert =
+;tls_client_key =
+;tls_client_ca =
+# GitHub OAuth apps does not provide refresh tokens and the access tokens never expires.
+;use_refresh_token = false

 #################################### GitLab Auth #########################
 [auth.gitlab]
@@ -627,6 +676,7 @@
 ;allowed_groups =
 ;role_attribute_path =
 ;role_attribute_strict = false
+;org_mapping =
 ;allow_assign_grafana_admin = false
 ;skip_org_role_sync = false
 ;tls_skip_verify_insecure = false
@@ -634,6 +684,7 @@
 ;tls_client_key =
 ;tls_client_ca =
 ;use_pkce = true
+;use_refresh_token = true

 #################################### Google Auth ##########################
 [auth.google]
@@ -655,9 +706,15 @@
 ;allowed_groups =
 ;role_attribute_path =
 ;role_attribute_strict = false
+;org_mapping =
 ;allow_assign_grafana_admin = false
 ;skip_org_role_sync = false
+;tls_skip_verify_insecure = false
+;tls_client_cert =
+;tls_client_key =
+;tls_client_ca =
 ;use_pkce = true
+;use_refresh_token = true

 #################################### Grafana.com Auth ####################
 [auth.grafana_com]
@@ -671,6 +728,7 @@
 ;scopes = user:email
 ;allowed_organizations =
 ;skip_org_role_sync = false
+;use_refresh_token = false

 #################################### Azure AD OAuth #######################
 [auth.azuread]
@@ -689,10 +747,12 @@
 ;allowed_groups =
 ;allowed_organizations =
 ;role_attribute_strict = false
+;org_mapping =
 ;allow_assign_grafana_admin = false
 ;use_pkce = true
 # prevent synchronizing users organization roles
 ;skip_org_role_sync = false
+;use_refresh_token = true

 #################################### Okta OAuth #######################
 [auth.okta]
@@ -711,14 +771,22 @@
 ;allowed_groups =
 ;role_attribute_path =
 ;role_attribute_strict = false
+; org_attribute_path =
+; org_mapping =
 ;allow_assign_grafana_admin = false
 ;skip_org_role_sync = false
+;tls_skip_verify_insecure = false
+;tls_client_cert =
+;tls_client_key =
+;tls_client_ca =
 ;use_pkce = true
+;use_refresh_token = true

 #################################### Generic OAuth ##########################
 [auth.generic_oauth]
-;enabled = false
 ;name = OAuth
+;icon = signin
+;enabled = false
 ;allow_sign_up = true
 ;auto_login = false
 ;client_id = some_id
@@ -729,7 +797,11 @@
 ;email_attribute_path =
 ;login_attribute_path =
 ;name_attribute_path =
+;role_attribute_path =
+;role_attribute_strict = false
+;groups_attribute_path =
 ;id_token_attribute_name =
+;team_ids_attribute_path
 ;auth_url = https://foo.bar/login/oauth/authorize
 ;token_url = https://foo.bar/login/oauth/access_token
 ;api_url = https://foo.bar/user
@@ -738,9 +810,8 @@
 ;allowed_domains =
 ;team_ids =
 ;allowed_organizations =
-;role_attribute_path =
-;role_attribute_strict = false
-;groups_attribute_path =
+;org_attribute_path =
+;org_mapping =
 ;team_ids_attribute_path =
 ;tls_skip_verify_insecure = false
 ;tls_client_cert =
@@ -749,6 +820,8 @@
 ;use_pkce = false
 ;auth_style =
 ;allow_assign_grafana_admin = false
+;skip_org_role_sync = false
+;use_refresh_token = false

 #################################### Basic Auth ##########################
 [auth.basic]
@@ -772,9 +845,12 @@
 #################################### Auth JWT ##########################
 [auth.jwt]
 ;enabled = true
+;enable_login_token = false
 ;header_name = X-JWT-Assertion
 ;email_claim = sub
 ;username_claim = sub
+;email_attribute_path = jmespath.email
+;username_attribute_path = jmespath.username
 ;jwk_set_url = https://foo.bar/.well-known/jwks.json
 ;jwk_set_file = /path/to/jwks.json
 ;cache_ttl = 60m
@@ -783,11 +859,13 @@
 # Use in conjunction with key_file in case the JWT token's header specifies a key ID in "kid" field
 ;key_id = some-key-id
 ;role_attribute_path =
-;groups_attribute_path =
 ;role_attribute_strict = false
+;groups_attribute_path =
 ;auto_sign_up = false
 ;url_login = false
 ;allow_assign_grafana_admin = false
+;skip_org_role_sync = false
+;signout_redirect_url =

 #################################### Auth LDAP ##########################
 [auth.ldap]
@@ -833,6 +911,22 @@
 # Default value is AzureCloud (i.e. public cloud)
 ;cloud = AzureCloud

+# A customized list of Azure cloud settings and properties, used by data sources which need this information when run in non-standard azure environments
+# When specified, this list will replace the default cloud list of AzureCloud, AzureChinaCloud, AzureUSGovernment and AzureGermanCloud
+;clouds_config = `[
+;		{
+;			"name":"CustomCloud1",
+;			"displayName":"Custom Cloud 1",
+;			"aadAuthority":"https://login.cloud1.contoso.com/",
+;			"properties":{
+;				"azureDataExplorerSuffix": ".kusto.windows.cloud1.contoso.com",
+;				"logAnalytics":            "https://api.loganalytics.cloud1.contoso.com",
+;				"portal":                  "https://portal.azure.cloud1.contoso.com",
+;				"prometheusResourceId":    "https://prometheus.monitor.azure.cloud1.contoso.com",
+;				"resourceManager":         "https://management.azure.cloud1.contoso.com"
+;			}
+;		}]`
+
 # Specifies whether Grafana hosted in Azure service with Managed Identity configured (e.g. Azure Virtual Machines instance)
 # If enabled, the managed identity can be used for authentication of Grafana in Azure services
 # Disabled by default, needs to be explicitly enabled
@@ -884,10 +978,19 @@
 # By default is the same as used in AAD authentication or can be set to another application (for OBO flow)
 ;user_identity_client_secret =

+# Allows the usage of a custom token request assertion when Grafana is behind an authentication proxy
+# In most cases this will not need to be used. To enable this set the value to "username"
+# The default is empty and any other value will not enable this functionality
+;username_assertion =
+
 # Set the plugins that will receive Azure settings for each request (via plugin context)
 # By default this will include all Grafana Labs owned Azure plugins, or those that make use of Azure settings (Azure Monitor, Azure Data Explorer, Prometheus, MSSQL).
 ;forward_settings_to_plugins = grafana-azure-monitor-datasource, prometheus, grafana-azure-data-explorer-datasource, mssql

+# Specifies whether Entra password auth can be used for the MSSQL data source
+# Disabled by default, needs to be explicitly enabled
+;azure_entra_password_credentials_enabled = false
+
 #################################### Role-based Access Control ###########
 [rbac]
 ;permission_cache = true
@@ -1010,6 +1113,9 @@
 # Should webvitals instrumentation be enabled, only affects Grafana Javascript Agent
 ;instrumentations_webvitals_enabled = false

+# Should tracing instrumentation be enabled, only affects Grafana Javascript Agent
+;instrumentations_tracing_enabled = false
+
 # Api Key, only applies to Grafana Javascript Agent provider
 ;api_key = testApiKey

@@ -1054,6 +1160,9 @@
 # global limit of alerts
 ;global_alert_rule = -1

+# global limit of files uploaded to the SQL DB
+;global_file = 1000
+
 # global limit of correlations
 ; global_correlations = -1

@@ -1061,6 +1170,11 @@
 # This is not strictly enforced yet, but will be enforced over time.
 ;alerting_rule_group_rules = 100

+# Limit the number of query evaluation results per alert rule.
+# If the condition query of an alert rule produces more results than this limit,
+# the evaluation results in an error.
+;alerting_rule_evaluation_results = -1
+
 #################################### Unified Alerting ####################
 [unified_alerting]
 #Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed.```
@@ -1069,6 +1183,9 @@
 # Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled.
 ;disabled_orgs =

+# Specify how long to wait for the alerting service to initialize
+;initialization_timeout = 30s
+
 # Specify the frequency of polling for admin config changes.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;admin_config_poll_interval = 60s
@@ -1077,7 +1194,19 @@
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;alertmanager_config_poll_interval = 60s

-# The redis server address that should be connected to.
+
+# Maximum number of active and pending silences that a tenant can have at once. Default: 0 (no limit).
+;alertmanager_max_silences_count =
+
+# Maximum silence size in bytes. Default: 0 (no limit).
+;alertmanager_max_silence_size_bytes =
+
+# Set to true when using redis in cluster mode.
+;ha_redis_cluster_mode_enabled = false
+
+# The redis server address(es) that should be connected to.
+# Can either be a single address, or if using redis in cluster mode,
+# the cluster configuration address or a comma-separated list of addresses.
 ;ha_redis_address =

 # The username that should be used to authenticate with the redis server.
@@ -1097,6 +1226,37 @@
 # provided, a random one will be generated.
 ;ha_redis_peer_name =

+# The maximum number of simultaneous redis connections.
+# ha_redis_max_conns = 5
+
+# Enable TLS on the client used to communicate with the redis server. This should be set to true
+# if using any of the other ha_redis_tls_* fields.
+# ha_redis_tls_enabled = false
+
+# Path to the PEM-encoded TLS client certificate file used to authenticate with the redis server.
+# Required if using Mutual TLS.
+# ha_redis_tls_cert_path =
+
+# Path to the PEM-encoded TLS private key file. Also requires the client certificate to be configured.
+# Required if using Mutual TLS.
+# ha_redis_tls_key_path =
+
+# Path to the PEM-encoded CA certificates file. If not set, the host's root CA certificates are used.
+# ha_redis_tls_ca_path =
+
+# Overrides the expected name of the redis server certificate.
+# ha_redis_tls_server_name =
+
+# Skips validating the redis server certificate.
+# ha_redis_tls_insecure_skip_verify =
+
+# Overrides the default TLS cipher suite list.
+# ha_redis_tls_cipher_suites =
+
+# Overrides the default minimum TLS version.
+# Allowed values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
+# ha_redis_tls_min_version =
+
 # Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port. The default value is `0.0.0.0:9094`.
 ;ha_listen_address = "0.0.0.0:9094"

@@ -1122,6 +1282,10 @@
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;ha_gossip_interval = "200ms"

+# Length of time to attempt to reconnect to a lost peer. Recommended to be short (<15m) when Grafana is running in a Kubernetes cluster.
+# The string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
+;ha_reconnect_timeout = 6h
+
 # The interval between gossip full state syncs. Setting this interval lower (more frequent) will increase convergence speeds
 # across larger clusters at the expense of increased bandwidth usage.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
@@ -1154,6 +1318,41 @@
 # Rules will evaluate in sync.
 ;disable_jitter = false

+# Retention period for Alertmanager notification log entries.
+;notification_log_retention = 5d
+
+# Duration for which a resolved alert state transition will continue to be sent to the Alertmanager.
+;resolved_alert_retention = 15m
+
+[unified_alerting.screenshots]
+# Enable screenshots in notifications. You must have either installed the Grafana image rendering
+# plugin, or set up Grafana to use a remote rendering service.
+# For more information on configuration options, refer to [rendering].
+;capture = false
+
+# The timeout for capturing screenshots. If a screenshot cannot be captured within the timeout then
+# the notification is sent without a screenshot. The maximum duration is 30 seconds. This timeout
+# should be less than the minimum Interval of all Evaluation Groups to avoid back pressure on alert
+# rule evaluation.
+;capture_timeout = 10s
+
+# The maximum number of screenshots that can be taken at the same time. This option is different from
+# concurrent_render_request_limit as max_concurrent_screenshots sets the number of concurrent screenshots
+# that can be taken at the same time for all firing alerts where as concurrent_render_request_limit sets
+# the total number of concurrent screenshots across all Grafana services.
+;max_concurrent_screenshots = 5
+
+# Uploads screenshots to the local Grafana server or remote storage such as Azure, S3 and GCS. Please
+# see [external_image_storage] for further configuration options. If this option is false then
+# screenshots will be persisted to disk for up to temp_data_lifetime.
+;upload_external_image_storage = false
+
+[unified_alerting.reserved_labels]
+# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
+# For example: `disabled_labels=grafana_folder`
+disabled_labels =
+
+
 [unified_alerting.reserved_labels]
 # Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
 # For example: `disabled_labels=grafana_folder`
@@ -1208,6 +1407,12 @@
 # Optional max query length for queries sent to Loki. Default is 721h which matches the default Loki value.
 ; loki_max_query_length = 360h

+# For "loki" only.
+# Maximum size in bytes for queries sent to Loki. This limit is applied to user provided filters as well as system defined ones, e.g. applied by access control.
+# If filter exceeds the limit, API returns error with code "alerting.state-history.loki.requestTooLong".
+# Default is 64kb
+;loki_max_query_size = 65536
+
 [unified_alerting.state_history.external_labels]
 # Optional extra labels to attach to outbound state history records or log streams.
 # Any number of label key-value-pairs can be provided.
@@ -1224,6 +1429,24 @@ max_age =
 # Configures max number of alert annotations that Grafana stores. Default value is 0, which keeps all alert annotations.
 max_annotations_to_keep =

+#################################### Recording Rules #####################
+[recording_rules]
+# Target URL (including write path) for recording rules.
+url =
+
+# Optional username for basic authentication on recording rule write requests. Can be left blank to disable basic auth
+basic_auth_username =
+
+# Optional assword for basic authentication on recording rule write requests. Can be left blank.
+basic_auth_password =
+
+# Request timeout for recording rule writes.
+timeout = 30s
+
+# Optional custom headers to include in recording rule write requests.
+[recording_rules.custom_headers]
+# exampleHeader = exampleValue
+
 #################################### Annotations #########################
 [annotations]
 # Configures the batch size for the annotation clean-up job. This setting is used for dashboard, API, and alert annotations.
@@ -1284,6 +1507,11 @@ max_annotations_to_keep =
 # Enable the Query history
 ;enabled = true

+#################################### Short Links #############################
+[short_links]
+# Short links which are never accessed will be deleted as cleanup. Time is in days. Default is 7 days. Max is 365. 0 means they will be deleted approximately every 10 minutes.
+;expire_time = 7
+
 #################################### Internal Grafana Metrics ##########################
 # Metrics available at HTTP URL /metrics and /metrics/plugins/:pluginId
 [metrics]
@@ -1317,6 +1545,8 @@ max_annotations_to_keep =
 [grafana_com]
 ;url = https://grafana.com
 ;api_url = https://grafana.com/api
+# Grafana instance - Grafana.com integration SSO API token
+;sso_api_token = ""

 #################################### Distributed tracing ############
 # Opentracing is deprecated use opentelemetry instead
@@ -1389,14 +1619,16 @@ max_annotations_to_keep =

 [external_image_storage.webdav]
 ;url =
-;public_url =
 ;username =
 ;password =
+;public_url =

 [external_image_storage.gcs]
 ;key_file =
 ;bucket =
 ;path =
+;enable_signed_urls = false
+;signed_url_expiration =

 [external_image_storage.azure_blob]
 ;account_name =
@@ -1423,6 +1655,12 @@ max_annotations_to_keep =
 # Default is 5m. This should be more than enough for most deployments.
 # Change the value only if image rendering is failing and you see `Failed to get the render key from cache` in Grafana logs.
 ;render_key_lifetime = 5m
+# Default width for panel screenshot
+;default_image_width = 1000
+# Default height for panel screenshot
+;default_image_height = 500
+# Default scale for panel screenshot
+;default_image_scale = 1

 [panels]
 # If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
@@ -1473,6 +1711,9 @@ max_annotations_to_keep =
 # ha_engine_password allows setting an optional password to authenticate with the engine
 ;ha_engine_password = ""

+# ha_prefix is a prefix for keys in the HA engine. It's used to separate keys for different Grafana instances.
+;ha_prefix =
+
 #################################### Grafana Image Renderer Plugin ##########################
 [plugin.grafana-image-renderer]
 # Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert.
@@ -1502,6 +1743,10 @@ max_annotations_to_keep =
 # Default is false. This can be useful to enable (true) when troubleshooting.
 ;rendering_dumpio =

+# Instruct headless browser instance whether to register metrics for the duration of every rendering step. Default is false.
+# This can be useful to enable (true) when optimizing the rendering mode settings to improve the plugin performance or when troubleshooting.
+;rendering_timing_metrics =
+
 # Additional arguments to pass to the headless browser instance. Default is --no-sandbox. The list of Chromium flags can be found
 # here (https://peter.sh/experiments/chromium-command-line-switches/). Multiple arguments is separated with comma-character.
 ;rendering_args =
@@ -1535,14 +1780,6 @@ max_annotations_to_keep =
 ;grpc_host =
 ;grpc_port =

-[support_bundles]
-# Enable support bundle creation (default: true)
-#enabled = true
-# Only server admins can generate and view support bundles (default: true)
-#server_admin_only = true
-# If set, bundles will be encrypted with the provided public keys separated by whitespace
-#public_keys = ""
-
 [enterprise]
 # Path to a valid Grafana Enterprise license.jwt file
 ;license_path =
@@ -1595,6 +1832,15 @@ max_annotations_to_keep =
 # Enable or disable loading other base map layers
 ;enable_custom_baselayers = true

+#################################### Support Bundles #####################################
+[support_bundles]
+# Enable support bundle creation (default: true)
+#enabled = true
+# Only server admins can generate and view support bundles (default: true)
+#server_admin_only = true
+# If set, bundles will be encrypted with the provided public keys separated by whitespace
+#public_keys = ""
+
 # Move an app plugin referenced by its id (including all its pages) to a specific navigation section
 [navigation.app_sections]
 # The following will move an app plugin with the id of `my-app-id` under the `cfg` section
@@ -1635,3 +1881,36 @@ max_annotations_to_keep =
 [public_dashboards]
 # Set to false to disable public dashboards
 ;enabled = true
+
+###################################### Cloud Migration ######################################
+[cloud_migration]
+# Set to true to enable target-side migration UI
+;is_target = false
+# Token used to send requests to grafana com
+;gcom_api_token = ""
+# How long to wait for a request sent to gms to start a snapshot to complete
+;start_snapshot_timeout = 5s
+# How long to wait for a request sent to gms to validate a key to complete
+;validate_key_timeout = 5s
+# How long to wait for a request sent to gms to get a snapshot status to complete
+;get_snapshot_status_timeout = 5s
+# How long to wait for a request sent to gms to create a presigned upload url
+;create_upload_url_timeout = 5s
+# How long to wait for a request sent to gms to report an event
+;report_event_timeout = 5s
+# How long to wait for a request to fetch an instance to complete
+;fetch_instance_timeout = 5s
+# How long to wait for a request to create an access policy to complete
+;create_access_policy_timeout = 5s
+# How long to wait for a request to create to fetch an access policy to complete
+;fetch_access_policy_timeout = 5s
+# How long to wait for a request to create to delete an access policy to complete
+;delete_access_policy_timeout = 5s
+# The domain name used to access cms
+;domain = grafana-dev.net
+# Folder used to store snapshot files. Defaults to the home dir
+;snapshot_folder = ""
+# Link to form to give feedback on the feature
+;feedback_url = ""
+# How frequently should the frontend UI poll for changes while resources are migrating
+;frontend_poll_interval = 2s
--- a/contribute/ISSUE_TRIAGE.md
+++ b/contribute/ISSUE_TRIAGE.md
@@ -1,20 +1,11 @@
 # Triage issues

-The main goal of issue triage is to categorize all incoming Grafana issues and make sure each issue has all basic information needed for anyone else to understand and be able to start working on it.
+The main goal of issue triage is to categorize all incoming Grafana issues and make sure each issue has all the essential information needed for anyone to understand and be able to start working on it.

-> **Note:** This information is for Grafana project Maintainers, Owners, and Admins. If you are a Contributor, then you will not be able to perform most of the tasks in this topic.
+> **Note:** This information is for Grafana project Maintainers, Owners, and Admins. If you are a Contributor, then you won't be able to perform most of the tasks in this topic.

 The core maintainers of the Grafana project are responsible for categorizing all incoming issues and delegating any critical or important issue to other maintainers. Currently, one maintainer each week is responsible. Besides that part, triage provides an important way to contribute to an open source project.

-Triage helps ensure issues resolve quickly by:
-
- Ensuring the issue's intent and purpose is conveyed precisely. This is necessary because it can be difficult for an issue to explain how an end user experiences a problem and what actions they took.
- Giving a contributor the information they need before they commit to resolving an issue.
- Lowering the issue count by preventing duplicate issues.
- Streamlining the development process by preventing duplicate discussions.
-
-If you don't have the knowledge or time to code, consider helping with triage. The community will thank you for saving them time by spending some of yours.
-
 ## Simplified flowchart diagram of the issue triage process

 <!-- https://textik.com/#610afa78553def29 -->
@@ -68,33 +59,44 @@ If you don't have the knowledge or time to code, consider helping with triage. T

 ```

-## 1. Find uncategorized issues
+## Key functions of issue triage
+
+Triage helps ensure issues resolve quickly by:
+
+- Ensuring the issue's intent and purpose is conveyed precisely. This is necessary because it can be difficult for an issue to explain how an end user experiences a problem and what actions they took.
+- Giving a contributor the information they need before they commit to resolving an issue.
+- Lowering the issue count by preventing duplicate issues.
+- Streamlining the development process by preventing duplicate discussions.
+
+If you don't have the knowledge or time to code, consider helping with triage. The community will thank you for saving them time by spending some of yours.
+
+### 1. Find uncategorized issues

 To get started with issue triage and finding issues that haven't been triaged you have two alternatives.

-### Browse unlabeled issues
+#### Browse unlabeled issues

-The easiest and straight forward way of getting started and finding issues that haven't been triaged is to browse [unlabeled issues](https://github.com/grafana/grafana/issues?q=is%3Aopen+is%3Aissue+no%3Alabel) and starting from the bottom and working yourself to the top.
+The easiest and most straightforward way of getting started and finding issues that haven't been triaged is to browse [unlabeled issues](https://github.com/grafana/grafana/issues?q=is%3Aopen+is%3Aissue+no%3Alabel), and then work on them starting from the bottom to the top.

-### Subscribe to all notifications
+#### Subscribe to all notifications

 The more advanced, but recommended way is to subscribe to all notifications from this repository which means that all new issues, pull requests, comments and important status changes are sent to your configured email address. Read this [guide](https://help.github.com/en/articles/watching-and-unwatching-repositories#watching-a-single-repository) for help with setting this up.

-It's highly recommended that you setup filters to automatically remove emails from the inbox and label/categorize them accordingly to make it easy for you to understand when you need to act upon a notification or where to look for finding issues that haven't been triaged etc.
+It's highly recommended that you set up filters to automatically remove emails from the inbox and label them accordingly. When issues are properly categorized you can easily understand when you need to act upon a notification or where to look to find issues that haven't been triaged.

 Instructions for setting up filters in Gmail can be found [here](#setting-up-gmail-filters). Another alternative is to use [Trailer](https://github.com/ptsochantaris/trailer) or similar software.

-## 2. Ensure the issue contains basic information
+### 2. Ensure the issue contains basic information

-Before triaging an issue very far, make sure that the issue's author provided the standard issue information. This will help you make an educated recommendation on how to categorize the issue. The Grafana project utilizes [GitHub issue templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository) to guide contributors to provide standard information that must be included for each type of template or type of issue.
+Before triaging an issue very far, make sure that the issue's author provided the standard information. This helps you make an educated recommendation on how to categorize the issue. The Grafana project uses [GitHub issue templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository) to guide contributors to provide standard information that must be included for each type of template or type of issue.

-### Standard issue information that must be included
+#### Standard issue information that must be included

-Given a certain [issue template](https://github.com/grafana/grafana/issues/new/choose) have been used by the issue author or depending how the issue is perceived by the issue triage responsible, the following should help you understand what standard issue information that must be included.
+Grafana uses various [issue templates](https://github.com/grafana/grafana/issues/new/choose) to collect information from the issue reporter. The following list describes the standard information that is included.

-#### Bug reports
+##### Bug reports

-Should explain what happened, what was expected and how to reproduce it together with any additional information that may help giving a complete picture of what happened such as screenshots, [query inspector](https://community.grafana.com/t/using-grafanas-query-inspector-to-troubleshoot-issues/2630) output and any environment related information that's applicable and/or maybe related to the reported problem:
+Bug reports should explain what happened, what was expected, and how to reproduce it. Also, it should include additional information that may help giving a complete picture of what happened such as screenshots, [query inspector](https://community.grafana.com/t/using-grafanas-query-inspector-to-troubleshoot-issues/2630) output, and any relevant information about the environment. For example:

 - Grafana version:
 - Data source type & version:
@@ -103,250 +105,249 @@ Should explain what happened, what was expected and how to reproduce it together
 - Grafana plugins:
 - Others:

-#### Enhancement requests
+##### Enhancement requests

-Prior to August, 2023, community-submitted feature requests were submitted as [Github discussions](https://github.com/grafana/grafana/discussions). These are now submitted using the [feature request issue template](https://github.com/grafana/grafana/issues/new?assignees=&labels=type%2Ffeature-request&projects=&template=1-feature_requests.md).
+> **Note:** Prior to August, 2023, community-submitted feature requests were submitted as [Github discussions](https://github.com/grafana/grafana/discussions). These are now submitted using the [feature request issue template](https://github.com/grafana/grafana/issues/new?assignees=&labels=type%2Ffeature-request&projects=&template=1-feature_requests.md).

-When submitting an enhancement request we ask that users focus on the problem they'd like to solve and why it’s a problem rather than focusing on the solution itself. To facilitate this the feature requests template includes the following:
+When submitting an enhancement request we ask that users focus on the problem they'd like to solve and why it’s a problem rather than focusing on the solution itself. To facilitate these objectives, the feature requests template includes the following:

 - What would you like to be added?:
 - Why is this needed (describe your use case and goals)\*\*?:

-#### Accessibility issues
+##### Accessibility issues

-This is a mix between a bug report and enhancement request but focused on accessibility issues to help make Grafana improve keyboard navigation, screen-reader support and being accessible to everyone. The report should include relevant [WCAG criteria](https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0), if applicable.
+This is a mix between a bug report and enhancement request but focused on accessibility issues to help make Grafana improve keyboard navigation, screen-reader support, and general accessibility. The report should include relevant [WCAG criteria](https://www.w3.org/WAI/WCAG21/quickref/?versions=2.0), if applicable.

 Grafana Labs is dedicated to improving our graphical user interfaces and overall experience so that our product becomes usable and accessible for people with disabilities as well as anyone else. Learn more about Grafana's commitment to [A11y](https://grafana.com/accessibility/) (accessibility).

-#### Support requests
+##### Support requests

 In general, if the issue description and title is perceived as a question no more information is needed. See how to categorize these requests [here](#support-requests-1).

-### Good practices
+#### Good practices

-To make it easier for everyone to understand and find issues they're searching for it's suggested as a general rule of thumbs to:
+To make it easier for everyone to understand and find issues a good rule of thumbs is to:

- Make sure that issue titles are named to explain the subject of the issue, has a correct spelling and doesn't include irrelevant information and/or sensitive information.
- Make sure that issue descriptions doesn't include irrelevant information, information from template that haven't been filled out and/or sensitive information.
- Do your best effort to change title and description or request suggested changes by adding a comment.
+- Make sure that issue titles are named to explain the subject of the issue, are spelled correctly, and don't include irrelevant or sensitive information.
+- Make sure that issue descriptions don't include irrelevant information, information from a template that hasn't been filled out, or sensitive information.
+- Do your best effort to change the title and description or request suggested changes by adding a comment.

-> **Note:** Above rules is applicable to both new and existing issues of the Grafana project.
+#### Do you have all the information needed to categorize an issue?

-### Do you have all the information needed to categorize an issue?
-
-Depending on the issue, you might not feel all this information is needed. Use your best judgement. If you cannot triage an issue using what its author provided, explain kindly to the author that they must provide the above information to clarify the problem. Label issue with `needs more info` and add any related `area/*` or `datasource/*` labels. Alternatively, use `bot/needs more info` label and the Grafana bot will request it for you.
+Depending on the issue, you might not feel all this information is needed. Use your best judgement. If you cannot triage an issue using what its author provided, explain kindly to the author that they must provide the previously mentioned information to clarify the problem. Label issue with `needs more info` and add any related `area/*` or `datasource/*` labels. Alternatively, use `bot/needs more info` label and the Grafana bot will request it for you.

 If the author provides the standard information, but you are still unable to triage the issue, request additional information. Do this kindly and politely because you are asking for more of the author's time.

-If the author does not respond to the requested information within the timespan of a week, close the issue with a kind note stating that the author can request for the issue to be reopened when the necessary information is provided.
+If the author does not respond to the requested information within a week, close the issue with a kind note stating that the author can request for the issue to be reopened when the necessary information is provided.

-When you feel you have all the information needed you're ready to [categorizing the issue](#3-categorizing-an-issue).
+When you feel you have all the information needed, then you're ready to [categorize the issue](#3-categorize-an-issue).

-If you receive a notification with additional information provided, but you are not anymore on issue triage and you feel you do not have time to handle it, you should delegate it to the current person on issue triage.
+If you receive a notification with additional information provided, but you aren't on issue triage anymore and you feel you don't have time to handle it, you should delegate it to the current person on issue triage.

-## 3. Categorizing an issue
+### 3. Categorize an issue

-An issue can have multiple of the following labels. Typically, a properly categorized issue should at least have:
+An issue can have multiple labels. Typically, a properly categorized issue should at least have these labels:

 - One label identifying its type (`type/*`).
 - One or multiple labels identifying the functional areas of interest or component (`area/*`) and/or data source (`datasource/*`), if applicable.

-| Label                    | Description                                                               |
-| ------------------------ | ------------------------------------------------------------------------- |
-| `type/bug`               | A feature isn't working as expected given design or documentation.        |
-| `type/feature-request`   | Request for a new feature or enhancement.                                 |
-| `type/docs`              | Documentation problem or enhancement.                                     |
-| `type/accessibility`     | Accessibility problem or enhancement.                                     |
-| `type/question`          | Issue is a question or is perceived as such.                              |
-| `type/duplicate`         | An existing issue of the same subject/request have already been reported. |
-| `type/works-as-intended` | A reported bug works as intended/by design.                               |
-| `type/build-packaging`   | Build or packaging problem or enhancement.                                |
-| `area/*`                 | Subject is related to a functional area of interest or component.         |
-| `datasource/*`           | Subject is related to a core data source plugin.                          |
+| Label                    | Description                                                         |
+| ------------------------ | ------------------------------------------------------------------- |
+| `type/bug`               | A feature isn't working as expected given design, or documentation. |
+| `type/feature-request`   | Request for a new feature, or enhancement.                          |
+| `type/docs`              | Documentation problem, or enhancement.                              |
+| `type/accessibility`     | Accessibility problem, or enhancement.                              |
+| `type/question`          | Issue is a question or is perceived as such.                        |
+| `type/duplicate`         | An existing issue of the same subject has already been reported.    |
+| `type/works-as-intended` | A reported bug works as intended (that is, by design).              |
+| `type/build-packaging`   | Build or packaging problem, or enhancement.                         |
+| `area/*`                 | Subject is related to a functional area of interest, or component.  |
+| `datasource/*`           | Subject is related to a core data source plugin.                    |

-### Duplicate issues
+#### Duplicate issues

 Make sure it's not a duplicate by searching existing issues using related terms from the issue title and description. If you think you know there is an existing issue, but can't find it, please reach out to one of the maintainers and ask for help. If you identify that the issue is a duplicate of an existing issue:

 1. Add a comment `/duplicate of #<issue number>`. GitHub will recognize this and add some additional context to the issue activity.
-2. The Grafana bot will do the rest, adding the correct label and closing comment
-3. Add `type/duplicate` label. Optionally add any related `area/*` or `datasource/*` labels.
+1. The Grafana bot will do the rest, adding the correct label and a closing comment.
+1. Add the `type/duplicate` label. Optionally, you may add any related `area/*` or `datasource/*` labels.

-### Bug reports
+#### Bug reports

 If it's not perfectly clear that it's an actual bug, quickly try to reproduce it.

-**It's a bug/it can be reproduced:**
+**It can be reproduced:**

 1. Add a comment describing detailed steps for how to reproduce it, if applicable.
-2. Label the issue `type/bug` and at least one `area/*` or `datasource/*` label.
-3. If you know that maintainers wont be able to put any resources into it for some time then label the issue with `help wanted` and optionally `beginner friendly` together with pointers on which code to update to fix the bug. This should signal to the community that we would appreciate any help we can get to resolve this.
-4. Move on to [prioritizing the issue](#4-prioritization-of-issues).
+1. Label the issue `type/bug` and at least one `area/*` or `datasource/*` label.
+1. If you know that maintainers won't be able to put any resources into it for some time then label the issue with `help wanted` and optionally `beginner friendly` together with pointers on which code to update to fix the bug. This should signal to the community that we would appreciate any help we can get to resolve this.
+1. Move on to [prioritizing the issue](#4-prioritization-of-issues).

 **It can't be reproduced:**

 1. Either [ask for more information](#2-ensure-the-issue-contains-basic-information) needed to investigate it more thoroughly.
-2. Either [delegate further investigations](#investigation-of-issues) to someone else.
+1. Either [delegate further investigations](#investigation-of-issues) to someone else.

-**It works as intended/by design:**
+**It works as intended (that is, by design):**

 1. Kindly and politely add a comment explaining briefly why we think it works as intended and close the issue.
-2. Label the issue `type/works-as-intended`.
+1. Label the issue `type/works-as-intended`.

-### Enhancement/feature?
+#### Enhancement or feature request?

 1. Label the issue `type/feature-request` and add at least one `area/*` or `datasource/*` label.
-2. Make sure the submitter has justified why this feature requests is important.
+1. Make sure the submitter has justified why this feature requests is important.

-### Documentation issue?
+#### Documentation issue?

 First, evaluate if the documentation makes sense to be included in the Grafana project:

- Is this something we want/can maintain as a project?
- Is this referring to usage of some specific integration/tool and in that case is that a popular use case in combination with Grafana?
- If unsure, kindly and politely add a comment explaining that we would need [upvotes](https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments) to identify that lots of other users want/need this.
+- Is this something we want and can maintain as a project?
+- Is this referring to usage of some specific integration and in that case is that a popular use case in combination with Grafana?
+- If unsure, kindly and politely add a comment explaining that we would need [upvotes](https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments) to identify that lots of other users want or need this.

 Second, label the issue `type/docs` and at least one `area/*` or `datasource/*` label.

 **Minor typo/error/lack of information:**

-There's a minor typo/error/lack of information that adds a lot of confusion for users and given the amount of work is a big win to make sure fixing it:
+There's a minor typo, error, or lack of information that adds a lot of confusion for users and is a big win to fix it:

 1. Either update the documentation yourself and open a pull request.
-2. Either delegate the work to someone else by assigning that person to the issue and add the issue to next major/minor milestone.
+1. Either delegate the work to someone else by assigning that person to the issue. Note that the milestone is automatically assigned and usually doesn't need to be manually edited.

 **Major error/lack of information:**

 1. Label the issue with `help wanted` and `beginner friendly`, if applicable, to signal that we find this important to fix and we would appreciate any help we can get from the community.
-2. Move on to [prioritizing the issue](#4-prioritization-of-issues).
+1. Move on to [prioritizing the issue](#4-prioritization-of-issues).

-### Accessibility issues
+#### Accessibility issues

 1. Label the issue `type/accessibility` and at least one `area/*` or `datasource/*` label.

-### Support requests
+#### Support requests

 1. Kindly and politely direct the issue author to the [community site](https://community.grafana.com/) and explain that GitHub is mainly used for tracking bugs and feature requests. If possible, it's usually a good idea to add some pointers to the issue author's question.
-2. Label the issue with `bot/question`. The Grafana bot will automatically close the issue, and it will add the type/question label for you.
+1. Label the issue with `bot/question`. The Grafana bot will automatically close the issue, and it will add the type/question label for you.

-## 4. Prioritization of issues
+### 4. Prioritization of issues

-In general bugs and enhancement issues should be labeled with a priority.
+In general, bugs and enhancement issues should be labeled with a priority.

-This is the most difficult thing with triaging issues since it requires a lot of knowledge, context and experience before being able to think of and start feel comfortable adding a certain priority label.
+This is the most difficult thing with triaging issues since it requires a lot of knowledge, context and experience before it is possible to skillfully add a specific priority label.

-The key here is asking for help and discuss issues to understand how more experienced project members think and reason. By doing that you learn more and eventually be more and more comfortable with prioritizing issues.
+The key here is to ask for help and discuss issues to understand how more experienced project members think and reason. By doing that you learn more and eventually be more and more comfortable with prioritizing issues.

 In case there is an uncertainty around the prioritization of an issue, please ask the maintainers for help.

-| Label                             | Description                                                                                                              |
-| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------ |
-| `priority/critical`               | Highest priority. Must be actively worked on as someone's top priority right now.                                        |
-| `priority/support-subscription`   | This is important for one or several customers having a paid Grafana support subscription.                               |
-| `priority/important-soon`         | Must be staffed and worked on either currently, or very soon, ideally in time for the next release.                      |
-| `priority/important-longterm`     | Important over the long term, but may not be staffed and/or may need multiple releases to complete.                      |
-| `priority/nice-to-have`           | It's a good idea, but not scheduled for any release.                                                                     |
-| `priority/awaiting-more-evidence` | Lowest priority. Possibly useful, but not yet enough interest in it.                                                     |
-| `priority/unscheduled`            | Something to look into before and to be discussed during the planning of the next (upcoming) major/minor stable release. |
+| Label                             | Description                                                                                                   |
+| --------------------------------- | ------------------------------------------------------------------------------------------------------------- |
+| `priority/critical`               | Highest priority. Must be actively worked on as someone's top priority right now.                             |
+| `priority/support-subscription`   | This is important for one or several customers having a paid Grafana support subscription.                    |
+| `priority/important-soon`         | Must be staffed and worked on either currently, or very soon, ideally in time for the next release.           |
+| `priority/important-longterm`     | Important over the long term, but may need multiple releases to complete.                                     |
+| `priority/nice-to-have`           | It's a good idea, but not scheduled for any release.                                                          |
+| `priority/awaiting-more-evidence` | Lowest priority. Possibly useful, but not yet enough interest in it.                                          |
+| `priority/unscheduled`            | Something to look into before and to be discussed during the planning of the next major/minor stable release. |

 **Critical bugs**

-1. If a bug has been categorized and any of the following criteria apply, the bug should be labeled as critical and must be actively worked on as someone's top priority right now.
+1. If a bug has been categorized and any of the following criteria apply, the bug should be labeled as critical and must be actively worked on as someone's top priority right now:

   - Results in any data loss
   - Critical security or performance issues
   - Problem that makes a feature unusable
-   - Multiple users experience a severe problem affecting their business, users etc.
+   - Multiple users experience a severe problem affecting their business, user experience, and so on.

-2. Label the issue `priority/critical`.
-3. If applicable, label the issue `priority/support-subscription`.
-4. Add the issue to the next upcoming patch release milestone. Create a new milestone if there are none.
-5. Escalate the problem to the maintainers.
-6. Assign or ask a maintainer for help assigning someone to make this issue their top priority right now.
+1. Label the issue `priority/critical`.
+1. If applicable, label the issue `priority/support-subscription`.
+1. Add the issue to the next upcoming patch release milestone. Create a new milestone if there are none.
+1. Escalate the problem to the maintainers.
+1. Assign or ask a maintainer for help assigning someone to make this issue their top priority right now.

 **Important short-term**

 1. Label the issue `priority/important-soon`.
-2. If applicable, label the issue `priority/support-subscription`.
-3. Add the issue to the next upcoming patch or major/minor stable release milestone. Ask maintainers for help if unsure if it's a patch or not. Create a new milestone if there are none.
-4. Make sure to add the issue to a suitable backlog of a GitHub project and prioritize it or assign someone to work on it now or very soon.
-5. Consider requesting [help from the community](#5-requesting-help-from-the-community), even though it may be problematic given a short amount of time until it should be released.
+1. If applicable, label the issue `priority/support-subscription`.
+1. Add the issue to the next upcoming patch or major/minor stable release milestone. Ask maintainers for help if unsure if it's a patch or not. Create a new milestone if there are none.
+1. Make sure to add the issue to a suitable backlog of a GitHub project and prioritize it or assign someone to work on it now or very soon.
+1. Consider requesting [help from the community](#5-requesting-help-from-the-community), even though it may be problematic given a short amount of time until it should be released.

 **Important long-term**

 1. Label the issue `priority/important-longterm`.
-2. Consider requesting [help from the community](#5-requesting-help-from-the-community).
+1. Consider requesting [help from the community](#5-requesting-help-from-the-community).

 **Nice to have**

 1. Label the issue `priority/nice-to-have`.
-2. Consider requesting [help from the community](#5-requesting-help-from-the-community).
+1. Consider requesting [help from the community](#5-requesting-help-from-the-community).

 **Not critical, but unsure?**

 1. Label the issue `priority/unscheduled`.
-2. Consider requesting [help from the community](#5-requesting-help-from-the-community).
+1. Consider requesting [help from the community](#5-request-help-from-the-community).

-## 5. Requesting help from the community
+### 5. Request help from the community

-Depending on the issue and/or priority, it's always a good idea to consider signalling to the community that help from community is appreciated and needed in case an issue is not prioritized to be worked on by maintainers. Use your best judgement. In general, requesting help from the community means that a contribution has a good chance of getting accepted and merged.
+It's generally a good idea to consider signaling to the community that help is appreciated and needed in case an issue isn't prioritized to be worked on by maintainers. Use your best judgement. In general, requesting help from the community means that a contribution has a good chance of getting accepted and merged.

-In many cases the issue author or community as a whole is more suitable to contribute changes since they're experts in their domain. It's also quite common that someone has tried to get something to work using the documentation without success and made an effort to get it to work and/or reached out to the [community site](https://community.grafana.com/) to get the missing information. Particularly in these areas it's more likely that there exist experts in their own domain and it is usually a good idea to request help from contributors:
+In many cases the issue author or community as a whole is more suitable to contribute changes since they're experts in their domain. It's also quite common that someone has tried to get something to work using the documentation without success, made an effort to get it to work, reached out to the [community site](https://community.grafana.com/) to get the missing information, or some combination of these things.
+
+In certain areas there probably exist domain experts who may be able to help:

 - Database setups
 - Authentication like OAuth providers and LDAP setups
- Platform specific things
+- Platform-specific things
 - Reverse proxy setups
 - Alert notifiers

 1. Kindly and politely add a comment to signal to users subscribed to updates of the issue.
   - Explain that the issue would be nice to get resolved, but it isn't prioritized to work on by maintainers for an unforeseen future.
-   - If possible or applicable, try to help contributors getting starting by adding pointers and references to what code/files need to be changed and/or ideas of a good way to solve/implement the issue.
-2. Label the issue with `help wanted`.
-3. If applicable, label the issue with `beginner friendly` to denote that the issue is suitable for a beginner to work on.
-4. If possible, try to estimate the amount of work by adding `effort/small`, `effort/medium` or `effort/large`.
+   - If possible or applicable, try to help contributors getting starting by adding pointers and references to what code needs to be changed. Note any suggests for good ways of solving or implementing the issue.
+1. Label the issue with `help wanted`.
+1. If applicable, label the issue with `beginner friendly` to denote that the issue is suitable for a beginner to work on.
+1. If possible, try to estimate the amount of work by adding `effort/small`, `effort/medium` or `effort/large`.

-## Investigation of issues
+### Investigation of issues

-When an issue has all basic information provided, but the triage responsible haven't been able to reproduce the reported problem at a first glance, the issue is labeled [`triage/needs-confirmation`](https://github.com/grafana/grafana/labels/triage%2Fneeds-confirmation). Depending on the perceived severity and/or number of [upvotes](https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments), the investigation will either be delegated to another maintainer for further investigation or put on hold until someone else (maintainer or contributor) picks it up and eventually starts investigating it.
+When an issue has all basic information provided, but the triage responsible hasn't been able to reproduce the reported problem at a first glance, the issue is labeled [`triage/needs-confirmation`](https://github.com/grafana/grafana/labels/triage%2Fneeds-confirmation). Depending on the perceived severity and/or number of [upvotes](https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments), the investigation will either be delegated to another maintainer for further investigation or put on hold until someone else (maintainer or contributor) picks it up and eventually starts investigating it.

-Investigating issues can be a very time consuming task, especially for the maintainers, given the huge number of combinations of plugins, data sources, platforms, databases, browsers, tools, hardware, integrations, versions and cloud services, etc that are being used with Grafana. There is a certain number of combinations that are more common than others, and these are in general easier for maintainers to investigate.
+Investigating issues can be a very time consuming task, especially for the maintainers, given the huge number of combinations of plugins, data sources, platforms, databases, browsers, hardware, integrations, cloud services, and so on, that are used with Grafana. There are a certain number of combinations that are more common than others, and these are in general easier for maintainers to investigate.

 For some other combinations it may not be possible at all for a maintainer to setup a proper test environment to investigate the issue. In these cases we really appreciate any help we can get from the community. Otherwise, the issue is highly likely to be closed.

-Even if you don't have the time or knowledge to investigate an issue we highly recommend that you [upvote](https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments) the issue if you happen to have the same problem. If you have further details that may help investigating the issue please provide as much information as possible.
+Even if you don't have the time or knowledge to investigate an issue we highly recommend that you [upvote](https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments) the issue if you happen to have the same problem. If you have further details that may help investigating the issue, please provide as much information as possible.

-## Automation
+### Automation

 We have some automation that triggers on comments or labels being added to issues. Many of these automated behaviors are defined in [commands.json](https://github.com/grafana/grafana/blob/main/.github/commands.json). Or in other [GitHub Actions](https://github.com/grafana/grafana/tree/main/.github/workflows)

-[Read more on bot actions](https://github.com/grafana/grafana/blob/main/.github/bot.md)
+To learn more about bot actions, refer to our [bot documentation](https://github.com/grafana/grafana/blob/main/.github/bot.md).

-## External PRs
+### External PRs

-Part of issue triage should also be triaging of external PRs. Main goal should be to make sure PRs from external contributors have an owner/reviewer and are not forgotten.
+Part of issue triage should also be triaging of external PRs. The main goal should be to make sure PRs from external contributors have an owner and aren't forgotten.

-1. Check new external PRs which do not have a reviewer. You can easily search for pull requests made by external contributors by using the label: `pr/external` in your [query search](https://github.com/grafana/grafana/pulls?q=is%3Aopen+is%3Apr+label%3Apr%2Fexternal) Note: external PRs are automatically labeled with `pr/external` upon creation.
-2. Check if there is a link to an existing issue. The link to a existing issue should be in the description section, underneath “Which issue(s) does this PR fix?:”.
-3. If not and you know which issue it is solving, add the link yourself, otherwise ask the author to link the issue or create one.
-4. Assign a reviewer based on who was handling the linked issue or what code or feature does the PR touches (look at who was the last to make changes there if all else fails).
+1. Check new external PRs which don't have a reviewer. You can easily search for pull requests made by external contributors by using the label: `pr/external` in your [query search](https://github.com/grafana/grafana/pulls?q=is%3Aopen+is%3Apr+label%3Apr%2Fexternal) Note: external PRs are automatically labeled with `pr/external` upon creation.
+1. Check if there is a link to an existing issue. The link to a existing issue should be in the description section, underneath “Which issue(s) does this PR fix?:”. If not, and you know which issue it is solving, add the link yourself. Otherwise, ask the author to link the issue or create one.
+1. Assign a reviewer based on who was handling the linked issue or what code or feature the PR touches (if all else fails, look at who was the last to make changes).

-## Appendix
+### Appendix

-### Setting up Gmail filters
+#### Setting up Gmail filters

-If you're using Gmail it's highly recommended that you setup filters to automatically remove email from the inbox and label them accordingly to make it easy for you to understand when you need to act upon a notification or process all incoming issues that haven't been triaged.
+If you're using Gmail, a best practice is to set up filters to automatically remove emails from the inbox and label them to make it easy for you to understand when you need to act upon a notification. You should be able to promptly process all incoming issues that haven't been triaged.

-This may be setup by personal preference, but here's a working configuration for reference.
+This may be set up by personal preference, but here's a working configuration for reference:

 1. Follow instructions in [gist](https://gist.github.com/marefr/9167c2e31466f6316c1cba118874e74f)
-2. In Gmail, go to Settings -> Filters and Blocked Addresses
-3. Import filters -> select xml file -> Open file
-4. Review filters
-5. Optional, Check Apply new filters to existing email
-6. Create filters
+1. In Gmail, go to **Settings** -> **Filters and Blocked Addresses**.
+1. On the menu, select **Import filters**, then select and open the XML file.
+1. Review the filters.
+1. Optional: Select **Apply new filters to existing email**.
+1. Create filters.

-This will give you a structure of labels in the sidebar similar to the following:
+This gives you a structure of labels in the sidebar similar to the following:

 ```
 - Inbox
@@ -359,6 +360,5 @@ This will give you a structure of labels in the sidebar similar to the following
  - Grafana
 ```

- All notifications you’ll need to read/take action on show up as unread in GitHub (mine) and its sub-labels.
- All other notifications you don’t need to take action on show up as unread in GitHub (other) and its sub-labels
-  - This is convenient for issue triage and to follow the activity in the Grafana project.
+- All notifications you’ll need to take action on should show up as unread in **GitHub (mine)** and its sub-labels.
+- All notifications you don’t need to take action on show up as unread in **GitHub (other)** and its sub-labels.
--- a/contribute/README.md
+++ b/contribute/README.md
@@ -1,18 +1,24 @@
-# Contribute
+# Contribute to the Grafana project

-This directory contains guides for contributors to the Grafana project.
+We're excited that you're considering making a contribution to the Grafana project! This is the place to find guides for contributors to our open-source project.
+
+These are some good resources to explore for developers:

 - [Create a pull request](create-pull-request.md)
- [Contribute to our documentation](../contribute/documentation/README.md)
 - [Developer guide](developer-guide.md)
 - [Triage issues](triage-issues.md)
 - [Merge a pull request](merge-pull-request.md)
 - [Making changes to the CI pipeline](drone-pipeline.md)
 - [Breaking changes in frontend APIs](./breaking-changes-guide/breaking-changes-guide.md)

-The `style-guides` directory contains style guides for the Grafana software project and documentation.
+Learn how to create great documentation and apps for Grafana:

- [Backend style guide](backend/style-guide.md) for how to style and format backend functionality and code.
- [Frontend style guide](style-guides/frontend.md) for how to style and format the user-facing functionality and code.
- [Redux framework](style-guides/redux.md) for designing the Grafana redux framework.
- [Themes style guide](style-guides/themes.md) for designing and updating Grafana themes.
+- [Developer portal](https://grafana.com/developers/) - Find resources for creating apps and plugins to Grafana.
+- [Contribute to our documentation](../contribute/documentation/README.md) - Learn how to write and style Grafana documentation.
+
+Find style guides for the Grafana software project:
+
+- [Backend style guide](backend/style-guide.md) - Learn how to style and format backend functionality and code.
+- [Frontend style guide](style-guides/frontend.md) - Learn how to style and format the user-facing functionality and code.
+- [Redux framework](style-guides/redux.md) - Design the Grafana Redux framework.
+- [Themes style guide](style-guides/themes.md) - Design and update Grafana themes.
--- a/Show More
+++ b/Show More