[v10.3.x] chore: bump Go to 1.21.8 (#83936)

chore: bump Go to 1.21.8 (#83927)

* chore: bump Go to 1.21.8

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* bump workflows too

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

---------

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
(cherry picked from commit 01fb2cff62)

.betterer.ts

@@ -5,13 +5,11 @@ import path from 'path';
 import { glob } from 'glob';
 
 // Why are we ignoring these?
-// They're all deprecated/being removed so doesn't make sense to fix types
+// They're all deprecated/being removed soon so doesn't make sense to fix types
 const eslintPathsToIgnore = [
-  'packages/grafana-ui/src/graveyard', // will be removed alongside angular in Grafana 12
-  'public/app/angular', // will be removed in Grafana 12
-  'public/app/plugins/panel/graph', // will be removed alongside angular in Grafana 12
-  'public/app/plugins/panel/table-old', // will be removed alongside angular in Grafana 12
-  'e2e/test-plugins',
+  'packages/grafana-e2e', // deprecated.
+  'public/app/angular', // will be removed in Grafana 11
+  'public/app/plugins/panel/graph', // will be removed alongside angular
 ];
 
 // Avoid using functions that report the position of the issues, as this causes a lot of merge conflicts
@@ -22,9 +20,10 @@ export default {
       .exclude(new RegExp(eslintPathsToIgnore.join('|'))),
   'no undocumented stories': () => countUndocumentedStories().include('**/!(*.internal).story.tsx'),
   'no gf-form usage': () =>
-    regexp(/gf-form/gm, 'gf-form usage has been deprecated. Use a component from @grafana/ui or custom CSS instead.')
-      .include('**/*.{ts,tsx,html}')
-      .exclude(new RegExp('packages/grafana-ui/src/themes/GlobalStyles')),
+    regexp(
+      /gf-form/gm,
+      'gf-form usage has been deprecated. Use a component from @grafana/ui or custom CSS instead.'
+    ).include('**/*.{ts,tsx,html}'),
 };
 
 function countUndocumentedStories() {
@@ -32,16 +31,9 @@ function countUndocumentedStories() {
     await Promise.all(
       filePaths.map(async (filePath) => {
         // look for .mdx import in the story file
-        const mdxImportRegex = new RegExp("^import.*\\.mdx';$", 'gm');
-        // Looks for the "autodocs" string in the file
-        const autodocsStringRegex = /autodocs/;
-
+        const regex = new RegExp("^import.*.mdx';$", 'gm');
         const fileText = await fs.readFile(filePath, 'utf8');
-
-        const hasMdxImport = mdxImportRegex.test(fileText);
-        const hasAutodocsString = autodocsStringRegex.test(fileText);
-        // If both .mdx import and autodocs string are missing, add an issue
-        if (!hasMdxImport && !hasAutodocsString) {
+        if (!regex.test(fileText)) {
           // In this case the file contents don't matter:
           const file = fileTestResult.addFile(filePath, '');
           // Add the issue to the first character of the file:
@@ -76,87 +68,68 @@ function regexp(pattern: RegExp, issueMessage: string) {
 
 function countEslintErrors() {
   return new BettererFileTest(async (filePaths, fileTestResult, resolver) => {
-    // Just bail early if there's no files to test. Prevents trying to get the base config from failing
-    if (filePaths.length === 0) {
-      return;
-    }
-
     const { baseDirectory } = resolver;
     const cli = new ESLint({ cwd: baseDirectory });
 
-    // Get the base config to set up parsing etc correctly
-    // this is by far the slowest part of this code. It takes eslint about 2 seconds just to find the config
-    const baseConfig = await cli.calculateConfigForFile(filePaths[0]);
+    const eslintConfigFiles = await glob('**/.eslintrc');
+    const eslintConfigMainPaths = eslintConfigFiles.map((file) => path.resolve(path.dirname(file)));
 
     const baseRules: Partial<Linter.RulesRecord> = {
       '@emotion/syntax-preference': [2, 'object'],
       '@typescript-eslint/no-explicit-any': 'error',
       '@grafana/no-aria-label-selectors': 'error',
-      'no-restricted-imports': [
-        'error',
-        {
-          patterns: [
-            {
-              group: ['@grafana/ui*', '*/Layout/*'],
-              importNames: ['Layout', 'HorizontalGroup', 'VerticalGroup'],
-              message: 'Use Stack component instead.',
-            },
-          ],
-        },
-      ],
     };
 
-    const config: Linter.Config = {
-      ...baseConfig,
-      rules: baseRules,
-
-      // Be careful when specifying overrides for the same rules as in baseRules - it will... override
-      // the same rule, not merge them with different configurations
-      overrides: [
-        {
-          files: ['**/*.{ts,tsx}'],
-          excludedFiles: ['*.{test,spec}.{ts,tsx}', '**/__mocks__/**', '**/public/test/**'],
-          rules: {
-            '@typescript-eslint/consistent-type-assertions': ['error', { assertionStyle: 'never' }],
-          },
-        },
-
-        {
-          files: ['public/app/**/*.{ts,tsx}'],
-          rules: {
-            'no-barrel-files/no-barrel-files': 'error',
-          },
-        },
-        {
-          files: ['public/**/*.tsx', 'packages/grafana-ui/**/*.tsx'],
-          excludedFiles: [
-            'public/app/plugins/**',
-            '*.story.tsx',
-            '*.{test,spec}.{ts,tsx}',
-            '**/__mocks__/**',
-            'public/test/**',
-          ],
-          rules: {
-            '@grafana/no-untranslated-strings': 'error',
-          },
-        },
-      ],
+    const nonTestFilesRules: Partial<Linter.RulesRecord> = {
+      ...baseRules,
+      '@typescript-eslint/consistent-type-assertions': ['error', { assertionStyle: 'never' }],
     };
 
-    const runner = new ESLint({
-      baseConfig: config,
-      useEslintrc: false,
-      cwd: baseDirectory,
-    });
+    // group files by eslint config file
+    // this will create two file groups for each eslint config file
+    // one for test files and one for non-test files
+    const fileGroups: Record<string, string[]> = {};
 
-    const lintResults = await runner.lintFiles(Array.from(filePaths));
-    lintResults
-      .filter((lintResult) => lintResult.source)
-      .forEach(({ messages, filePath }) => {
-        const file = fileTestResult.addFile(filePath, '');
-        messages.forEach((message, index) => {
-          file.addIssue(0, 0, message.message, `${index}`);
-        });
+    for (const filePath of filePaths) {
+      let configPath = eslintConfigMainPaths.find((configPath) => filePath.startsWith(configPath)) ?? '';
+      const isTestFile =
+        filePath.endsWith('.test.tsx') ||
+        filePath.endsWith('.test.ts') ||
+        filePath.includes('__mocks__') ||
+        filePath.includes('public/test/');
+
+      if (isTestFile) {
+        configPath += '-test';
+      }
+      if (!fileGroups[configPath]) {
+        fileGroups[configPath] = [];
+      }
+      fileGroups[configPath].push(filePath);
+    }
+
+    for (const configPath of Object.keys(fileGroups)) {
+      const rules = configPath.endsWith('-test') ? baseRules : nonTestFilesRules;
+      // this is by far the slowest part of this code. It takes eslint about 2 seconds just to find the config
+      const linterOptions = (await cli.calculateConfigForFile(fileGroups[configPath][0])) as Linter.Config;
+      const runner = new ESLint({
+        baseConfig: {
+          ...linterOptions,
+          rules: rules,
+        },
+        useEslintrc: false,
+        cwd: baseDirectory,
       });
+      const lintResults = await runner.lintFiles(fileGroups[configPath]);
+      lintResults
+        .filter((lintResult) => lintResult.source)
+        .forEach((lintResult) => {
+          const { messages } = lintResult;
+          const filePath = lintResult.filePath;
+          const file = fileTestResult.addFile(filePath, '');
+          messages.forEach((message, index) => {
+            file.addIssue(0, 0, message.message, `${index}`);
+          });
+        });
+    }
   });
 }

.bingo/Variables.mk

@@ -1,8 +1,13 @@
-# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.9. DO NOT EDIT.
+# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.8. DO NOT EDIT.
 # All tools are designed to be build inside $GOBIN.
 BINGO_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
 GOPATH ?= $(shell go env GOPATH)
-GOBIN  ?= $(firstword $(subst :, ,${GOPATH}))/bin
+ifeq ($(OS),Windows_NT)
+	PATHSEP := $(if $(COMSPEC),;,:)
+	GOBIN  ?= $(firstword $(subst $(PATHSEP), ,$(subst \,/,${GOPATH})))/bin
+else
+	GOBIN  ?= $(firstword $(subst :, ,${GOPATH}))/bin
+endif
 GO     ?= $(shell which go)
 
 # Below generated variables ensure that every time a tool under each variable is invoked, the correct version
@@ -35,11 +40,11 @@ $(DRONE): $(BINGO_DIR)/drone.mod
 	@echo "(re)installing $(GOBIN)/drone-v1.5.0"
 	@cd $(BINGO_DIR) && GOWORK=off CGO_ENABLED=0 $(GO) build -mod=mod -modfile=drone.mod -o=$(GOBIN)/drone-v1.5.0 "github.com/drone/drone-cli/drone"
 
-GOLANGCI_LINT := $(GOBIN)/golangci-lint-v1.64.2
+GOLANGCI_LINT := $(GOBIN)/golangci-lint-v1.53.3
 $(GOLANGCI_LINT): $(BINGO_DIR)/golangci-lint.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/golangci-lint-v1.64.2"
-	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=golangci-lint.mod -o=$(GOBIN)/golangci-lint-v1.64.2 "github.com/golangci/golangci-lint/cmd/golangci-lint"
+	@echo "(re)installing $(GOBIN)/golangci-lint-v1.53.3"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=golangci-lint.mod -o=$(GOBIN)/golangci-lint-v1.53.3 "github.com/golangci/golangci-lint/cmd/golangci-lint"
 
 JB := $(GOBIN)/jb-v0.5.1
 $(JB): $(BINGO_DIR)/jb.mod
@@ -53,9 +58,15 @@ $(LEFTHOOK): $(BINGO_DIR)/lefthook.mod
 	@echo "(re)installing $(GOBIN)/lefthook-v1.4.8"
 	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=lefthook.mod -o=$(GOBIN)/lefthook-v1.4.8 "github.com/evilmartians/lefthook"
 
-SWAGGER := $(GOBIN)/swagger-v0.30.6-0.20240310114303-db51e79a0e37
+SWAGGER := $(GOBIN)/swagger-v0.30.2
 $(SWAGGER): $(BINGO_DIR)/swagger.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/swagger-v0.30.6-0.20240310114303-db51e79a0e37"
-	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=swagger.mod -o=$(GOBIN)/swagger-v0.30.6-0.20240310114303-db51e79a0e37 "github.com/go-swagger/go-swagger/cmd/swagger"
+	@echo "(re)installing $(GOBIN)/swagger-v0.30.2"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=swagger.mod -o=$(GOBIN)/swagger-v0.30.2 "github.com/go-swagger/go-swagger/cmd/swagger"
+
+WIRE := $(GOBIN)/wire-v0.5.0
+$(WIRE): $(BINGO_DIR)/wire.mod
+	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
+	@echo "(re)installing $(GOBIN)/wire-v0.5.0"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=wire.mod -o=$(GOBIN)/wire-v0.5.0 "github.com/google/wire/cmd/wire"
 

.bingo/golangci-lint.mod

@@ -1,5 +1,5 @@
 module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
 
-go 1.24.3
+go 1.20
 
-require github.com/golangci/golangci-lint v1.64.2 // cmd/golangci-lint
+require github.com/golangci/golangci-lint v1.53.3 // cmd/golangci-lint

.bingo/swagger.mod

@@ -2,4 +2,4 @@ module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
 
 go 1.18
 
-require github.com/go-swagger/go-swagger v0.30.6-0.20240310114303-db51e79a0e37 // cmd/swagger
+require github.com/go-swagger/go-swagger v0.30.2 // cmd/swagger

.bingo/swagger.sum

@@ -42,13 +42,8 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
-github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
-github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
@@ -56,8 +51,6 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
-github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
@@ -80,13 +73,9 @@ github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw
 github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
-github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -94,71 +83,49 @@ github.com/go-openapi/analysis v0.21.2 h1:hXFrOYFHUAMQdu6zwAiKKJHJQ8kqZs1ux/ru1P
 github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
 github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
 github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
-github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
-github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=
 github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.2 h1:dxy7PGTqEh94zj2E3h1cUmQQWiM1+aeCROfAr02EmK8=
 github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
 github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc=
 github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
-github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w=
-github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE=
 github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
 github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
-github.com/go-openapi/inflect v0.21.0 h1:FoBjBTQEcbg2cJUWX6uwL9OyIW8eqc9k4KhN4lfbeYk=
-github.com/go-openapi/inflect v0.21.0/go.mod h1:INezMuUu7SJQc2AyR3WO0DqqYUJSj8Kb4hBd7WtjlAw=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
-github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/jsonreference v0.19.6 h1:UBIxjkht+AWIgYzCDSv2GN+E/togfwXUJFRTWhl2Jjs=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
-github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
 github.com/go-openapi/loads v0.21.0 h1:jYtUO4wwP7psAweisP/MDoOpdzsYEESdoPcsWjHDR68=
 github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
 github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
 github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=
-github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=
 github.com/go-openapi/runtime v0.21.1 h1:/KIG00BzA2x2HRStX2tnhbqbQdPcFlkgsYCiNY20FZs=
 github.com/go-openapi/runtime v0.24.1 h1:Sml5cgQKGYQHF+M7yYSHaH1eOjvTykrddTE/KtQVjqo=
 github.com/go-openapi/runtime v0.24.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
-github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=
-github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc=
 github.com/go-openapi/spec v0.20.4 h1:O8hJrt0UMnhHcluhIdUgCLRWyM2x7QkBXRvOs7m+O1M=
 github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
 github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
 github.com/go-openapi/spec v0.20.7 h1:1Rlu/ZrOCCob0n+JKKJAWhNWMPW8bOZRg8FJaY+0SKI=
 github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
-github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
 github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
 github.com/go-openapi/strfmt v0.21.1 h1:G6s2t5V5kGCHLVbSdZ/6lI8Wm4OzoPFkc3/cjAsKQrM=
 github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o=
 github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=
-github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
-github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-openapi/validate v0.20.3 h1:GZPPhhKSZrE8HjB4eEkoYAZmoWA4+tCemSgINH1/vKw=
 github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-openapi/validate v0.22.0 h1:b0QecH6VslW/TxtpKgzpO1SNG7GU2FsaqKdP1E2T50Y=
 github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
-github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
-github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-stack/stack v1.8.1 h1:ntEHSVwIt7PNXNpgPmVfMrNhLtgjlmnZha2kOpuRiDw=
 github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
@@ -166,10 +133,6 @@ github.com/go-swagger/go-swagger v0.29.0 h1:z3YoZtLvS1Y8TE/PCat1VypcZxM0IgKLt0Nv
 github.com/go-swagger/go-swagger v0.29.0/go.mod h1:Z4GJzI+bHKKkGB2Ji1rawpi3/ldXX8CkzGIa9HAC5EE=
 github.com/go-swagger/go-swagger v0.30.2 h1:23odPUyQZdkNFZZSBJ3mqYYcdh+LnuReEbdWN18OMRo=
 github.com/go-swagger/go-swagger v0.30.2/go.mod h1:neDPes8r8PCz2JPvHRDj8BTULLh4VJUt7n6MpQqxhHM=
-github.com/go-swagger/go-swagger v0.30.6-0.20240310114303-db51e79a0e37 h1:KFcZmKdZmapAog2+eL1buervAYrYolBZk7fMecPPDmo=
-github.com/go-swagger/go-swagger v0.30.6-0.20240310114303-db51e79a0e37/go.mod h1:i1/E+d8iPNReSE7y04FaVu5OPKB3il5cn+T1Egogg3I=
-github.com/go-swagger/go-swagger v0.30.6-0.20240418033037-c46c303aaa02 h1:J6YiT/eg3gAfKMdVCkWXe6khsO+nxa8W4URZ4AUqzbA=
-github.com/go-swagger/go-swagger v0.30.6-0.20240418033037-c46c303aaa02/go.mod h1:i1/E+d8iPNReSE7y04FaVu5OPKB3il5cn+T1Egogg3I=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
 github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
 github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
@@ -248,15 +211,11 @@ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm4
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
-github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
-github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@@ -264,16 +223,11 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
-github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
@@ -292,8 +246,6 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -301,8 +253,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
 github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
-github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
@@ -333,9 +283,6 @@ github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3v
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
-github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI=
-github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -350,32 +297,18 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
-github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
-github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
-github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
-github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/spf13/afero v1.8.0 h1:5MmtuhAgYeU6qpa7w7bP0dv6MBYuup0vekhSpSkoq60=
 github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
 github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
-github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
-github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
-github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -385,12 +318,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk=
 github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
 github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
-github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
-github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -399,12 +329,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.3.0 h1:mjC+YW8QpAdXibNi+vNWgzmgBH4+5l5dCXv8cNysBLI=
 github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs=
-github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
-github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9rrstGQ=
 github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM=
@@ -418,7 +345,6 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
 go.mongodb.org/mongo-driver v1.8.2 h1:8ssUXufb90ujcIvR6MyE1SchaNj0SFxsakiZgxIyrMk=
@@ -426,16 +352,12 @@ go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCu
 go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
 go.mongodb.org/mongo-driver v1.10.1 h1:NujsPveKwHaWuKUer/ceo9DzEe7HIj1SlJ6uvXZG0S4=
 go.mongodb.org/mongo-driver v1.10.1/go.mod h1:z4XpeoU6w+9Vht+jAFyLgVrD+jGSQQe0+CBWFHNiHt8=
-go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
-go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
-go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -447,14 +369,10 @@ golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -465,8 +383,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -493,8 +409,6 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
-golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -530,8 +444,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220121210141-e204ce36a2ba h1:6u6sik+bn/y7vILcYkK3iwTBWN7WtBvB0+SZswQnbf8=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -553,9 +465,6 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -602,17 +511,11 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
 golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -623,9 +526,6 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -683,8 +583,6 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
 golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
-golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -785,8 +683,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.66.3 h1:jRskFVxYaMGAMUbN0UZ7niA9gzL9B49DOqE78vg0k3w=
 gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
 gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

.bingo/variables.env

@@ -1,4 +1,4 @@
-# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.9. DO NOT EDIT.
+# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.8. DO NOT EDIT.
 # All tools are designed to be build inside $GOBIN.
 # Those variables will work only until 'bingo get' was invoked, or if tools were installed via Makefile's Variables.mk.
 GOBIN=${GOBIN:=$(go env GOBIN)}
@@ -14,11 +14,13 @@ CUE="${GOBIN}/cue-v0.5.0"
 
 DRONE="${GOBIN}/drone-v1.5.0"
 
-GOLANGCI_LINT="${GOBIN}/golangci-lint-v1.64.2"
+GOLANGCI_LINT="${GOBIN}/golangci-lint-v1.53.3"
 
 JB="${GOBIN}/jb-v0.5.1"
 
 LEFTHOOK="${GOBIN}/lefthook-v1.4.8"
 
-SWAGGER="${GOBIN}/swagger-v0.30.6-0.20240310114303-db51e79a0e37"
+SWAGGER="${GOBIN}/swagger-v0.30.2"
+
+WIRE="${GOBIN}/wire-v0.5.0"
 

.bingo/wire.mod

@@ -0,0 +1,5 @@
+module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
+
+go 1.16
+
+require github.com/google/wire v0.5.0 // cmd/wire

.bingo/wire.sum

@@ -0,0 +1,13 @@
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/subcommands v1.0.1 h1:/eqq+otEXm5vhfBrbREPCSVQbvofip6kIz+mX5TUH7k=
+github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8=
+github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b h1:NVD8gBK33xpdqCaZVVtd6OFJp+3dxkXuz7+U7KaVN6s=
+golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=

.bra.toml

@@ -2,7 +2,7 @@
 init_cmds = [
   ["GO_BUILD_DEV=1", "make", "build-go"],
   ["make", "gen-jsonnet"],
-  ["./bin/grafana", "server", "-profile", "-profile-addr=127.0.0.1", "-profile-port=6000", "-profile-block-rate=1", "-profile-mutex-rate=5", "-packaging=dev", "cfg:app_mode=development"]
+  ["./bin/grafana", "server", "-packaging=dev", "cfg:app_mode=development"]
 ]
 watch_all = true
 follow_symlinks = true
@@ -18,5 +18,5 @@ build_delay = 1500
 cmds = [
   ["GO_BUILD_DEV=1", "make", "build-go"],
   ["make", "gen-jsonnet"],
-  ["./bin/grafana", "server", "-profile", "-profile-addr=127.0.0.1", "-profile-port=6000", "-profile-block-rate=1", "-profile-mutex-rate=5", "-packaging=dev", "cfg:app_mode=development"]
+  ["./bin/grafana", "server", "-packaging=dev", "cfg:app_mode=development"]
 ]

.changelog-archive/CHANGELOG.2.md

@@ -105,7 +105,7 @@
 - Notice to makers/users of custom data sources, there is a minor breaking change in 2.2 that
   require an update to custom data sources for them to work in 2.2. [Read this doc](https://github.com/grafana/grafana/tree/master/docs/sources/datasources/plugin_api.md) for more on the
   data source api change.
-- Data source api changes, [PLUGIN_CHANGES.md](https://github.com/grafana/grafana/blob/main/public/app/plugins/PLUGIN_CHANGES.md)
+- Data source api changes, [PLUGIN_CHANGES.md](https://github.com/grafana/grafana/blob/master/public/app/plugins/PLUGIN_CHANGES.md)
 - The duplicate query function used in data source editors is changed, and moveMetricQuery function was renamed
 
 **Tech (Note for devs)**

.changelog-archive/CHANGELOG.3.md

@@ -198,7 +198,7 @@ slack channel (link to slack channel in readme).
 
 ### Breaking changes
 
-- **Plugin API**: Both data source and panel plugin api (and plugin.json schema) have been updated, requiring an update to plugins. See [plugin api](https://github.com/grafana/grafana/blob/main/public/app/plugins/plugin_api.md) for more info.
+- **Plugin API**: Both data source and panel plugin api (and plugin.json schema) have been updated, requiring an update to plugins. See [plugin api](https://github.com/grafana/grafana/blob/master/public/app/plugins/plugin_api.md) for more info.
 - **InfluxDB 0.8.x** The data source for the old version of influxdb (0.8.x) is no longer included in default builds, but can easily be installed via improved plugin system, closes [#3523](https://github.com/grafana/grafana/issues/3523)
 - **KairosDB** The data source is no longer included in default builds, but can easily be installed via improved plugin system, closes [#3524](https://github.com/grafana/grafana/issues/3524)
 - **Templating**: Templating value formats (glob/regex/pipe etc) are now handled automatically and not specified by the user, this makes variable values possible to reuse in many contexts. It can in some edge cases break existing dashboards that have template variables that do not reload on dashboard load. To fix any issue just go into template variable options and update the variable (so it's values are reloaded.).

.changelog-archive/CHANGELOG.4.md

@@ -100,7 +100,7 @@ See [security announcement](https://community.grafana.com/t/grafana-5-2-3-and-4-
 ## Tech
 
 - **Go**: Grafana is now built using golang 1.9
-- **Webpack**: Changed from systemjs to webpack (see readme or building from source guide for new build instructions). Systemjs is still used to load plugins but now plugins can only import a limited set of dependencies. See [PLUGIN_DEV.md](https://github.com/grafana/grafana/blob/main/PLUGIN_DEV.md) for more details on how this can effect some plugins.
+- **Webpack**: Changed from systemjs to webpack (see readme or building from source guide for new build instructions). Systemjs is still used to load plugins but now plugins can only import a limited set of dependencies. See [PLUGIN_DEV.md](https://github.com/grafana/grafana/blob/master/PLUGIN_DEV.md) for more details on how this can effect some plugins.
 
 # 4.5.2 (2017-09-22)
 

.changelog-archive/CHANGELOG.6.md

@@ -1291,4 +1291,4 @@ repo on July 1st. Make sure you have switched to the new repo by then. The new r
 - **Text Panel**: The text panel does no longer by default allow unsanitized HTML. [#4117](https://github.com/grafana/grafana/issues/4117). This means that if you have text panels with scripts tags they will no longer work as before. To enable unsafe javascript execution in text panels enable the settings `disable_sanitize_html` under the section `[panels]` in your Grafana ini file, or set env variable `GF_PANELS_DISABLE_SANITIZE_HTML=true`.
 - **Dashboard**: Panel property `minSpan` replaced by `maxPerRow`. Dashboard migration will automatically migrate all dashboard panels using the `minSpan` property to the new `maxPerRow` property [#12991](https://github.com/grafana/grafana/pull/12991)
 
-For older release notes, refer to the [CHANGELOG_ARCHIVE.md](https://github.com/grafana/grafana/blob/main/CHANGELOG_ARCHIVE.md)
+For older release notes, refer to the [CHANGELOG_ARCHIVE.md](https://github.com/grafana/grafana/blob/master/CHANGELOG_ARCHIVE.md)

.changelog-archive/CHANGELOG.7.md

@@ -544,7 +544,7 @@ Issue [#29407](https://github.com/grafana/grafana/issues/29407)
 
 We have upgraded AngularJS from version 1.6.6 to 1.8.2. Due to this upgrade some old angular plugins might stop working and will require a small update. This is due to the deprecation and removal of pre-assigned bindings. So if your custom angular controllers expect component bindings in the controller constructor you need to move this code to an `$onInit` function. For more details on how to migrate AngularJS code open the [migration guide](https://docs.angularjs.org/guide/migration) and search for **pre-assigning bindings**.
 
-In order not to break all angular panel plugins and data sources we have some custom [angular inject behavior](https://github.com/grafana/grafana/blob/main/public/app/core/injectorMonkeyPatch.ts) that makes sure that bindings for these controllers are still set before constructor is called so many old angular panels and data source plugins will still work. Issue [#28736](https://github.com/grafana/grafana/issues/28736)
+In order not to break all angular panel plugins and data sources we have some custom [angular inject behavior](https://github.com/grafana/grafana/blob/master/public/app/core/injectorMonkeyPatch.ts) that makes sure that bindings for these controllers are still set before constructor is called so many old angular panels and data source plugins will still work. Issue [#28736](https://github.com/grafana/grafana/issues/28736)
 
 ### Deprecations
 
@@ -1288,8 +1288,8 @@ This option to group query variable values into groups by tags has been an exper
 - **Datasource/Loki**: Support for [deprecated Loki endpoints](https://github.com/grafana/loki/blob/master/docs/api.md#lokis-http-api) has been removed.
 - **Backend plugins**: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to [Upgrade Grafana](https://grafana.com/docs/grafana/latest/installation/upgrading/#upgrading-to-v7-0) for more information.
 - **Docker**: Our Ubuntu based images have been upgraded to Ubuntu [20.04 LTS](https://releases.ubuntu.com/20.04/).
-- **@grafana/ui**: Forms migration notice, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/CHANGELOG.md)
-- **@grafana/ui**: Select API change for creating custom values, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/CHANGELOG.md)
+- **@grafana/ui**: Forms migration notice, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/master/packages/grafana-ui/CHANGELOG.md)
+- **@grafana/ui**: Select API change for creating custom values, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/master/packages/grafana-ui/CHANGELOG.md)
 
 **Deprecation warnings**
 
@@ -1304,7 +1304,7 @@ Not just visualizing data from anywhere, in Grafana 7 you can transform it too.
 
 Data transformations will provide a common set of data operations that were previously duplicated as custom features in many panels or data sources but are now an integral part of the Grafana data processing pipeline and something all data sources and panels can take advantage of.
 
-In Grafana 7.0 we have a shared data model for both time series and table data that we call [DataFrame](https://github.com/grafana/grafana/blob/main/docs/sources/plugins/developing/dataframe.md). A DataFrame is like a table with columns but we refer to columns as fields. A time series is simply a DataFrame with two fields (time & value).
+In Grafana 7.0 we have a shared data model for both time series and table data that we call [DataFrame](https://github.com/grafana/grafana/blob/master/docs/sources/plugins/developing/dataframe.md). A DataFrame is like a table with columns but we refer to columns as fields. A time series is simply a DataFrame with two fields (time & value).
 
 **Transformations shipping in 7.0**
 
@@ -1414,7 +1414,7 @@ We have also extended the time zone options so you can select any of the standar
 ### Features / Enhancements
 
 - **Docker**: Upgrade to Alpine 3.11. [#24056](https://github.com/grafana/grafana/pull/24056), [@aknuds1](https://github.com/aknuds1)
-- **Forms**: Remove Forms namespace [BREAKING]. Will cause all `Forms` imports to stop working. See migration guide in [@grafana/ui changelog](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/CHANGELOG.md)[#24378](https://github.com/grafana/grafana/pull/24378), [@tskarhed](https://github.com/tskarhed)
+- **Forms**: Remove Forms namespace [BREAKING]. Will cause all `Forms` imports to stop working. See migration guide in [@grafana/ui changelog](https://github.com/grafana/grafana/blob/master/packages/grafana-ui/CHANGELOG.md)[#24378](https://github.com/grafana/grafana/pull/24378), [@tskarhed](https://github.com/tskarhed)
 
 ### Bug Fixes
 
@@ -1429,7 +1429,7 @@ We have also extended the time zone options so you can select any of the standar
 - **Removed PhantomJS**: PhantomJS was deprecated in [Grafana v6.4](https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/#phantomjs-deprecation) and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the [Grafana Image Renderer plugin](https://grafana.com/grafana/plugins/grafana-image-renderer).
 - **Docker**: Our Ubuntu based images have been upgraded to Ubuntu [20.04 LTS](https://releases.ubuntu.com/20.04/).
 - **Dashboard**: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds.
-- **@grafana/ui**: Forms migration notice, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/CHANGELOG.md)
+- **@grafana/ui**: Forms migration notice, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/master/packages/grafana-ui/CHANGELOG.md)
 - **Interval calculation**: There is now a new option `Max data points` that controls the auto interval `$__interval` calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set `$__interval` to a dynamic value that is time range agnostic. For example if you set `Max data points` to 10 Grafana will dynamically set `$__interval` by dividing the current time range by 10.
 - **Datasource/Loki**: Support for [deprecated Loki endpoints](https://github.com/grafana/loki/blob/master/docs/api.md#lokis-http-api) has been removed.
 
@@ -1484,8 +1484,8 @@ We have also extended the time zone options so you can select any of the standar
 - **Removed PhantomJS**: PhantomJS was deprecated in [Grafana v6.4](https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/#phantomjs-deprecation) and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the [Grafana Image Renderer plugin](https://grafana.com/grafana/plugins/grafana-image-renderer).
 - **Docker**: Our Ubuntu based images have been upgraded to Ubuntu [20.04 LTS](https://releases.ubuntu.com/20.04/).
 - **Dashboard**: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds.
-- **@grafana/ui**: Forms migration notice, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/CHANGELOG.md)
-- **@grafana/ui**: Select API change for creating custom values, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/CHANGELOG.md)
+- **@grafana/ui**: Forms migration notice, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/master/packages/grafana-ui/CHANGELOG.md)
+- **@grafana/ui**: Select API change for creating custom values, see [@grafana/ui changelog](https://github.com/grafana/grafana/blob/master/packages/grafana-ui/CHANGELOG.md)
 - **Interval calculation**: There is now a new option `Max data points` that controls the auto interval `$__interval` calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set `$__interval` to a dynamic value that is time range agnostic. For example if you set `Max data points` to 10 Grafana will dynamically set `$__interval` by dividing the current time range by 10.
 - **Datasource/Loki**: Support for [deprecated Loki endpoints](https://github.com/grafana/loki/blob/master/docs/api.md#lokis-http-api) has been removed.
 

.codespellignore

@@ -0,0 +1,6 @@
+aks
+eror
+iam
+wan
+[Operato Windrose](https://grafana.com/grafana/plugins/operato-windrose-panel/)
+sergent

.drone.star

@@ -17,11 +17,18 @@ load(
     "publish_npm_pipelines",
     "publish_packages_pipeline",
 )
-load("scripts/drone/events/rrc-patch.star", "rrc_patch_pipelines")
+load(
+    "scripts/drone/pipelines/ci_images.star",
+    "publish_ci_windows_test_image_pipeline",
+)
 load(
     "scripts/drone/pipelines/publish_images.star",
     "publish_image_pipelines_public",
 )
+load(
+    "scripts/drone/pipelines/windows.star",
+    "windows_test_backend",
+)
 load(
     "scripts/drone/rgm.star",
     "rgm",
@@ -32,13 +39,17 @@ def main(_ctx):
     return (
         pr_pipelines() +
         main_pipelines() +
-        rrc_patch_pipelines() +
         publish_image_pipelines_public() +
         publish_artifacts_pipelines("public") +
         publish_npm_pipelines() +
         publish_packages_pipeline() +
         rgm() +
+        [windows_test_backend({
+            "event": ["promote"],
+            "target": ["test-windows"],
+        }, "oss", "testing")] +
         integration_test_pipelines() +
+        publish_ci_windows_test_image_pipeline() +
         cronjobs() +
         secrets()
     )

.eslintignore

@@ -13,8 +13,6 @@ node_modules
 /public/lib/monaco
 /scripts/grafana-server/tmp
 vendor
-e2e/test-plugins
-playwright-report
 
 # TS generate from cue by cuetsy
 **/*.gen.ts

.eslintrc

@@ -1,25 +1,13 @@
 {
-  "extends": ["@grafana/eslint-config", "plugin:react/jsx-runtime"],
+  "extends": ["@grafana/eslint-config"],
   "root": true,
-  "plugins": [
-    "@emotion",
-    "lodash",
-    "jest",
-    "import",
-    "jsx-a11y",
-    "@grafana",
-    "no-barrel-files",
-    // Included so betterer doesn't fail when processing all files,
-    // as other parts of the code use testing-library plugin
-    "testing-library",
-  ],
+  "plugins": ["@emotion", "lodash", "jest", "import", "jsx-a11y", "@grafana"],
   "settings": {
     "import/internal-regex": "^(app/)|(@grafana)",
-    "import/external-module-folders": ["node_modules", ".yarn"],
+    "import/external-module-folders": ["node_modules", ".yarn"]
   },
   "rules": {
     "@grafana/no-border-radius-literal": "error",
-    "@grafana/no-unreduced-motion": "error",
     "react/prop-types": "off",
     // need to ignore emotion's `css` prop, see https://github.com/jsx-eslint/eslint-plugin-react/blob/master/docs/rules/no-unknown-property.md#rule-options
     "react/no-unknown-property": ["error", { "ignore": ["css"] }],
@@ -31,8 +19,8 @@
       {
         "groups": [["builtin", "external"], "internal", "parent", "sibling", "index"],
         "newlines-between": "always",
-        "alphabetize": { "order": "asc" },
-      },
+        "alphabetize": { "order": "asc" }
+      }
     ],
     "no-restricted-imports": [
       "error",
@@ -41,43 +29,47 @@
           {
             "name": "react-redux",
             "importNames": ["useDispatch", "useSelector"],
-            "message": "Please import from app/types instead.",
+            "message": "Please import from app/types instead."
           },
           {
             "name": "react-i18next",
             "importNames": ["Trans", "t"],
-            "message": "Please import from app/core/internationalization instead",
+            "message": "Please import from app/core/internationalization instead"
           },
-        ],
-      },
+          {
+            "name": "@grafana/e2e",
+            "message": "@grafana/e2e is deprecated. Please import from ./e2e/utils instead"
+          }
+        ]
+      }
     ],
 
     // Use typescript's no-redeclare for compatibility with overrides
     "no-redeclare": "off",
-    "@typescript-eslint/no-redeclare": ["error"],
+    "@typescript-eslint/no-redeclare": ["error"]
   },
   "overrides": [
     {
       "files": ["packages/grafana-ui/src/components/uPlot/**/*.{ts,tsx}"],
       "rules": {
         "react-hooks/rules-of-hooks": "off",
-        "react-hooks/exhaustive-deps": "off",
-      },
+        "react-hooks/exhaustive-deps": "off"
+      }
     },
     {
       "files": ["packages/grafana-ui/src/components/ThemeDemos/**/*.{ts,tsx}"],
       "rules": {
         "@emotion/jsx-import": "off",
         "react/jsx-uses-react": "off",
-        "react/react-in-jsx-scope": "off",
-      },
+        "react/react-in-jsx-scope": "off"
+      }
     },
     {
       "files": ["public/dashboards/scripted*.js"],
       "rules": {
         "no-redeclare": "error",
-        "@typescript-eslint/no-redeclare": "off",
-      },
+        "@typescript-eslint/no-redeclare": "off"
+      }
     },
     {
       "extends": ["plugin:jsx-a11y/recommended"],
@@ -90,57 +82,33 @@
         "jsx-a11y/no-autofocus": [
           "error",
           {
-            "ignoreNonDOM": true,
-          },
+            "ignoreNonDOM": true
+          }
         ],
         "jsx-a11y/label-has-associated-control": [
           "error",
           {
             "controlComponents": ["NumberInput"],
-            "depth": 2,
-          },
-        ],
-      },
+            "depth": 2
+          }
+        ]
+      }
     },
     {
       "files": [
-        "public/app/plugins/datasource/azuremonitor/*.{ts,tsx}",
-        "public/app/plugins/datasource/azuremonitor/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloud-monitoring/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloud-monitoring/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-postgresql-datasource/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-postgresql-datasource/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-pyroscope-datasource/*.{ts,tsx}",
-        "public/app/plugins/datasource/grafana-pyroscope-datasource/**/*.{ts,tsx}",
         "public/app/plugins/datasource/grafana-testdata-datasource/*.{ts,tsx}",
         "public/app/plugins/datasource/grafana-testdata-datasource/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/jaeger/*.{ts,tsx}",
-        "public/app/plugins/datasource/jaeger/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/mysql/*.{ts,tsx}",
-        "public/app/plugins/datasource/mysql/**/*.{ts,tsx}",
+        "public/app/plugins/datasource/azuremonitor/*.{ts,tsx}",
+        "public/app/plugins/datasource/azuremonitor/**/*.{ts,tsx}",
         "public/app/plugins/datasource/parca/*.{ts,tsx}",
-        "public/app/plugins/datasource/parca/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/tempo/*.{ts,tsx}",
-        "public/app/plugins/datasource/tempo/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/*.{ts,tsx}",
-        "public/app/plugins/datasource/loki/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/*.{ts,tsx}",
-        "public/app/plugins/datasource/elasticsearch/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloudwatch/*.{ts,tsx}",
-        "public/app/plugins/datasource/cloudwatch/**/*.{ts,tsx}",
-        "public/app/plugins/datasource/zipkin/*.{ts,tsx}",
-        "public/app/plugins/datasource/zipkin/**/*.{ts,tsx}",
+        "public/app/plugins/datasource/parca/**/*.{ts,tsx}"
       ],
       "settings": {
         "import/resolver": {
           "node": {
-            "extensions": [".ts", ".tsx"],
-          },
-        },
+            "extensions": [".ts", ".tsx"]
+          }
+        }
       },
       "rules": {
         "import/no-restricted-paths": [
@@ -149,14 +117,14 @@
             "zones": [
               {
                 "target": "./public/app/plugins",
-                "from": "./public",
-                "except": ["./app/plugins"],
-                "message": "Core plugins are not allowed to depend on Grafana core packages",
-              },
-            ],
-          },
-        ],
-      },
-    },
-  ],
+                "from": "./public/app",
+                "except": ["./plugins"],
+                "message": "Core plugins are not allowed to depend on Grafana core packages"
+              }
+            ]
+          }
+        ]
+      }
+    }
+  ]
 }

.github/ISSUE_TEMPLATE/3-data_source_request.yaml

@@ -1,45 +0,0 @@
----
-name: New data source request
-description: Raise a request for a new data source plugin
-title: "[New Data Source]: <name-of-service>"
-labels:
-  - area/datasource,type/new-plugin-request
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thank you for requesting a new data source plugin!
-
-        We greatly appreciate feedback from our community about which new data sources would be beneficial. 
-        
-        Grafana Labs regularly reviews these requests and uses them to inform our prioritization. Note: we cannot offer any guarantees on whether we or our community will build a given data source.
-        
-        Please check our [roadmap](https://github.com/orgs/grafana/projects/619?pane=info) for existing requests and subscribe to stay informed of our plans. If no request exists, please fill out the following information.
-
-        Please do not request support or file bug reports and feature requests for existing plugins here.
-        - For support, please use the community support resources [here](https://grafana.com/help/).
-        - Please consider the `New Bug Report` or `Feature Requests` [issue templates](https://github.com/grafana/grafana/issues/new/choose) for other requests.
-  - type: textarea
-    id: background
-    attributes:
-      label: Background
-      description: Tell us about the service you would like to see integrated as a data source
-      placeholder: ACME_DB is an open source time-series database that is used by many organizations to store their metrics data. It is a popular choice for monitoring and observability.
-    validations:
-      required: true
-  - type: textarea
-    id: use_case
-    attributes:
-      label: Use case
-      description: Describe any key requirements or data you would need surfaced, ideally including why they are useful for you.
-      placeholder: My team uses ACME_DB as the application database to monitor our produciton workloads, so we'd like to alert on it and visualize ACME_DB data next to our logs and traces in Grafana.
-    validations:
-      required: true
-  - type: checkboxes
-    attributes:
-      label: Contribution
-      description: If you are interested in creating the data source yourself and contributing to the [plugin catalog](https://grafana.com/grafana/plugins/), please fill in the following
-      options:
-        - label: Are you looking to create the plugin?
-        - label: Are you affiliated with the project/product the data source integrates with?
-        - label: Does the plugin integrate with a commercial product?

.github/ISSUE_TEMPLATE/3-grafana_ui_component.md

@@ -0,0 +1,39 @@
+---
+name: '@grafana/ui component request'
+about: Suggest a component for the @grafana/ui package
+labels: 'area/grafana/ui'
+---
+
+<!-- 
+By using this template you will make it easier for us to make sure that documentation and implementation stays up to date for every component in @grafana/ui
+
+Thank you!
+-->
+
+**Why is this component needed**:
+<!-- Explain your use case -->
+___
+ - [ ] Is/could it be used in more than one place in Grafana?
+
+**Where is/could it be used?**:
+
+___
+- [ ] Post screenshots possible.
+- [ ] It has a single use case.
+- [ ] It is/could be used in multiple places.
+
+**Implementation** (Checklist meant for the person implementing the component)
+
+- [ ] Component has a story in Storybook.
+- [ ] Props and naming follows [our style guide](https://github.com/grafana/grafana/blob/main/contribute/style-guides/frontend.md).
+- [ ] It is extendable (rest props are spread, styles with className work, and so on).
+- [ ] Uses [theme for spacing, colors, and so on](https://github.com/grafana/grafana/blob/main/contribute/style-guides/themes.md).
+- [ ] Works with both light and dark theme.
+
+**Documentation**
+
+- [ ] Properties are documented.
+- [ ] Use cases are described.
+- [ ] Code examples for the different use cases.
+- [ ] Dos and don'ts.
+- [ ] Styling guidelines, specific color usage (if applicable).

.github/ISSUE_TEMPLATE/4-UX-design.yaml

@@ -0,0 +1,43 @@
+name: UX design issue
+description: Create an issue for delivering wireframes, mockups or other design solutions.
+title: "UX: "
+labels: ["type/ux"]
+body:
+  - type: textarea
+    id: background
+    attributes:
+      label: "Background / Why we're doing this"
+      description: Describe the problem and background of the issue. This could include research insights that inform the design changes, unmet user needs, or other usability issues.
+      placeholder: Add UI improvements to make Grafana Alerting alert creation easier based on usability test results.
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: Is there existing research for this?
+      description: Please link research results or insights in the Background section if you have any. If no research was conducted, you might want to consider usability testing your design later.
+      options: [
+        "Yes, I have linked it", 
+        "No research yet"
+      ]
+    validations:
+      required: true
+  - type: textarea
+    id: problems-or-tasks
+    attributes:
+      label: Problems or tasks
+      description: Describe problems the new design should solve or tasks the user needs to complete.
+      placeholder: 
+      value: |
+        - A problem we're trying to solve
+        - A task the user needs to accomplish
+        - …
+    validations:
+      required: false
+  - type: textarea
+    attributes:
+      label: Deliverables
+      description: Add a checklist of deliverables here. You can later add links to each deliverable.
+      value: |
+          - Figma mockup
+          - Miro board
+          - …

.github/ISSUE_TEMPLATE/5-chore.md

@@ -0,0 +1,17 @@
+---
+name: Chore
+about: Create an issue for a chore needing completion
+labels: 'type: chore'
+---
+
+<!--
+Please use this template to create your chore issue. You can use this template if you spot an out-of-date README, discover a misspelling, or happen upon a deeply nested 7-layer for-loop that could be better handled another way. Please use this template for your non-bug related fixes/updates/refactors.
+
+- Questions should be posted to: https://community.grafana.com
+- Use query inspector to troubleshoot issues: https://bit.ly/2XNF6YS
+- How to record and attach gif: https://bit.ly/2Mi8T6K
+-->
+
+**What is the chore?**:
+
+**Is there anything else we need to know?**:

.github/ISSUE_TEMPLATE/8-Saga_contribution.yaml

@@ -0,0 +1,65 @@
+---
+name: Saga contribution template
+description: Contribute to the design system.
+title: "Saga: "
+labels:
+  - area/grafana/ui, design-system 
+body:
+  - type: markdown
+    attributes:
+      value: |
+        By using this template, you help expand our component and pattern solutions within the design system and let others reuse your work! You can contribute bug or design defect fixes, component, and pattern enhancements, or even net-new components! This template brings visibility to the great work everyone already does and in turn helps reduce duplicate efforts.
+        Thank you!
+  - type: checkboxes
+    attributes:
+      label: What type of contribution is this?
+      description: null
+      options:
+        - label: Fix - bug, design defect, typo, documentation conciseness
+        - label: Unification - combining similar components/patterns into a single
+            solution
+        - label: Proposal - net-new component, additions, variants
+    validations:
+      required: true
+  - type: textarea
+    id: background
+    attributes:
+      label: Why is this needed?
+      description: Explain the use case and where it can be used.
+      placeholder: null
+    validations:
+      required: true
+  - type: textarea
+    id: use_case
+    attributes:
+      label: Where is this or where can it be used?
+      description: Explain the current/future use case, be sure to include areas of impact
+      placeholder: null
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Deliverables
+      description: Add a checklist of deliverables here. You can later add links to
+        each deliverable.
+      value: |
+        - Figma mockup
+        - Storybook story
+        - …
+  - type: checkboxes
+    attributes:
+      label: Contribution guiding principles
+      description: Use this checklist of guiding principles to ensure your
+        contribution makes Grafana a better product
+      options:
+        - label: Universal - not specific to a single product feature; able to be used
+            product-wide
+        - label: Accessible - inclusive to all types of users and assistive tools
+        - label: Flexible - thoughtfully built and designed to solve various
+            configurations and situations
+        - label: Coherent - follows existing visual styling and patterns
+        - label: Defined - documented clearly and concisely for ease of understanding
+        - label: Distinct - solves a unique gap or problem that cannot be solved with
+            current solutions
+    validations:
+        required: false

.github/PULL_REQUEST_TEMPLATE.md

@@ -47,4 +47,4 @@ Fixes #
 Please check that:
 - [ ] It works as expected from a user's perspective.
 - [ ] If this is a pre-GA feature, it is behind a feature toggle.
-- [ ] The docs are updated, and if this is a [notable improvement](https://grafana.com/docs/writers-toolkit/contribute/release-notes/#how-to-determine-if-content-belongs-in-whats-new), it's added to our [What's New](https://grafana.com/docs/writers-toolkit/contribute/release-notes/) doc.
+- [ ] The docs are updated, and if this is a [notable improvement](https://grafana.com/docs/writers-toolkit/writing-guide/contribute-release-notes/#how-to-determine-if-content-belongs-in-a-whats-new-document), it's added to our [What's New](https://grafana.com/docs/writers-toolkit/writing-guide/contribute-release-notes/) doc.

.github/actions/changelog/action.yml

@@ -1,22 +0,0 @@
-name: Changelog generator
-description: Generates and publishes a changelog for the given release version
-inputs:
-  target:
-    description: Target tag, branch or commit hash for the changelog
-    required: true
-  previous:
-    description: Previous tag, branch or commit hash to start changelog from
-    required: false
-  github_token:
-    description: GitHub token with read/write access to all necessary repositories
-    required: true
-  output_file:
-    description: A file to store resulting changelog markdown
-    required: false
-outputs:
-  changelog:
-    description: Changelog contents between the two given versions in Markdown format
-runs:
-  using: 'node20'
-  main: 'index.js'
-  

.github/actions/changelog/index.js

@@ -1,325 +0,0 @@
-import { appendFileSync, writeFileSync } from 'fs';
-import { exec as execCallback } from 'node:child_process';
-import { promisify } from 'node:util';
-
-//
-// Github Action core utils: logging (notice + debug log levels), must escape
-// newlines and percent signs
-//
-const escapeData = (s) => s.replace(/%/g, '%25').replace(/\r/g, '%0D').replace(/\n/g, '%0A');
-const LOG = (msg) => console.log(`::notice::${escapeData(msg)}`);
-
-//
-// Semver utils: parse, compare, sort etc (using official regexp)
-// https://regex101.com/r/Ly7O1x/3/
-//
-const semverRegExp =
-  /^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$/;
-
-const semverParse = (tag) => {
-  const m = tag.match(semverRegExp);
-  if (!m) {
-    return;
-  }
-  const [_, major, minor, patch, prerelease] = m;
-  return [+major, +minor, +patch, prerelease, tag];
-};
-
-// semverCompare takes two parsed semver tags and comparest them more or less
-// according to the semver specs
-const semverCompare = (a, b) => {
-  for (let i = 0; i < 3; i++) {
-    if (a[i] !== b[i]) {
-      return a[i] < b[i] ? 1 : -1;
-    }
-  }
-  if (a[3] !== b[3]) {
-    return a[3] < b[3] ? 1 : -1;
-  }
-  return 0;
-};
-
-// Using `git tag -l` output find the tag (version) that goes semantically
-// right before the given version. This might not work correctly with some
-// pre-release versions, which is why it's possible to pass previous version
-// into this action explicitly to avoid this step.
-const getPreviousVersion = async (version) => {
-  const exec = promisify(execCallback);
-  const { stdout } = await exec('git tag -l');
-  const prev = stdout
-    .split('\n')
-    .map(semverParse)
-    .filter((tag) => tag)
-    .sort(semverCompare)
-    .find((tag) => semverCompare(tag, semverParse(version)) > 0);
-  if (!prev) {
-    throw `Could not find previous git tag for ${version}`;
-  }
-  return prev[4];
-};
-
-// A helper for Github GraphQL API endpoint
-const graphql = async (ghtoken, query, variables) => {
-  const { env } = process;
-  const results = await fetch('https://api.github.com/graphql', {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      Authorization: `Bearer ${ghtoken}`,
-    },
-    body: JSON.stringify({ query, variables }),
-  });
-
-  const res = await results.json();
-
-  LOG(
-    JSON.stringify({
-      status: results.status,
-      text: results.statusText,
-    })
-  );
-
-  return res.data;
-};
-
-// Using Github GraphQL API find the timestamp for the given tag/commit hash.
-// This is required for PR listing, because Github API only takes date/time as
-// a "since" parameter while listing. Currently there is no way to provide two
-// "commitish" items and get a list of PRs in between them.
-const getCommitishDate = async (name, owner, target) => {
-  const result = await graphql(
-    ghtoken,
-    `
-      query getCommitDate($owner: String!, $name: String!, $target: String!) {
-        repository(owner: $owner, name: $name) {
-          object(expression: $target) {
-            ... on Commit {
-              committedDate
-            }
-          }
-        }
-      }
-    `,
-    { name, owner, target }
-  );
-  return result.repository.object.committedDate;
-};
-
-// Using Github GraphQL API get a list of PRs between the two "commitish" items.
-// This resoves the "since" item's timestamp first and iterates over all PRs
-// till "target" using naïve pagination.
-const getHistory = async (name, owner, from, to) => {
-  LOG(`Fetching ${owner}/${name} PRs between ${from} and ${to}`);
-  const query = `
-  query findCommitsWithAssociatedPullRequests(
-    $name: String!
-    $owner: String!
-    $from: String!
-    $to: String!
-    $cursor: String
-  ) {
-    repository(name: $name, owner: $owner) {
-      ref(qualifiedName: $from) {
-        compare(headRef: $to) {
-          commits(first: 25, after: $cursor) {
-            totalCount
-            pageInfo {
-              hasNextPage
-              endCursor
-            }
-            nodes {
-              id
-              associatedPullRequests(first: 1) {
-                nodes {
-                  title
-                  number
-                  labels(first: 10) {
-                    nodes {
-                      name
-                    }
-                  }
-                  commits(first: 1) {
-                    nodes {
-                      commit {
-                        author {
-                          user {
-                            login
-                          }
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-            }
-          }
-        }
-      }
-    }
-  }`;
-
-  let cursor;
-  let nodes = [];
-  for (;;) {
-    const result = await graphql(ghtoken, query, {
-      name,
-      owner,
-      from,
-      to,
-      cursor,
-    });
-    LOG(`GraphQL: ${JSON.stringify(result)}`);
-    nodes = [...nodes, ...result.repository.ref.compare.commits.nodes];
-    const { hasNextPage, endCursor } = result.repository.ref.compare.commits.pageInfo;
-    if (!hasNextPage) {
-      break;
-    }
-    cursor = endCursor;
-  }
-  return nodes;
-};
-
-// The main function for this action: given two "commitish" items it gets a
-// list of PRs between them and filters/groups the PRs by category (bugfix,
-// feature, deprecation, breaking change and plugin fixes/enhancements).
-//
-// PR grouping relies on Github labels only, not on the PR contents.
-const getChangeLogItems = async (name, owner, from, to) => {
-  // check if a node contains a certain label
-  const hasLabel = ({ labels }, label) => labels.nodes.some(({ name }) => name === label);
-  // get all the PRs between the two "commitish" items
-  const history = await getHistory(name, owner, from, to);
-
-  const items = history.flatMap((node) => {
-    // discard PRs without a "changelog" label
-    const changes = node.associatedPullRequests.nodes.filter((PR) => hasLabel(PR, 'add to changelog'));
-    if (changes.length === 0) {
-      return [];
-    }
-    const item = changes[0];
-    const { number, url, labels } = item;
-    const title = item.title.replace(/^\[[^\]]+\]:?\s*/, '');
-    // for changelog PRs try to find a suitable category.
-    // Note that we can not detect "deprecation notices" like that
-    // as there is no suitable label yet.
-    const isBug = /fix/i.test(title) || hasLabel({ labels }, 'type/bug');
-    const isBreaking = hasLabel({ labels }, 'breaking change');
-    const isPlugin =
-      hasLabel({ labels }, 'area/grafana/ui') ||
-      hasLabel({ labels }, 'area/grafana/toolkit') ||
-      hasLabel({ labels }, 'area/grafana/runtime');
-    const author = item.commits.nodes[0].commit.author.user?.login;
-    return {
-      repo: name,
-      number,
-      title,
-      author,
-      isBug,
-      isPlugin,
-      isBreaking,
-    };
-  });
-  return items;
-};
-
-// ======================================================
-//                 GENERATE CHANGELOG
-// ======================================================
-
-LOG(`Changelog action started`);
-
-const ghtoken = process.env.GITHUB_TOKEN || process.env.INPUT_GITHUB_TOKEN;
-if (!ghtoken) {
-  throw 'GITHUB_TOKEN is not set and "github_token" input is empty';
-}
-
-const target = process.argv[2] || process.env.INPUT_TARGET;
-LOG(`Target tag/branch/commit: ${target}`);
-
-const previous = process.argv[3] || process.env.INPUT_PREVIOUS || (await getPreviousVersion(target));
-
-LOG(`Previous tag/commit: ${previous}`);
-
-// Get all changelog items from Grafana OSS
-const oss = await getChangeLogItems('grafana', 'grafana', previous, target);
-// Get all changelog items from Grafana Enterprise
-const entr = await getChangeLogItems('grafana-enterprise', 'grafana', previous, target);
-
-LOG(`Found OSS PRs: ${oss.length}`);
-LOG(`Found Enterprise PRs: ${entr.length}`);
-
-// Sort PRs and categorise them into sections
-const changelog = [...oss, ...entr]
-  .sort((a, b) => (a.title < b.title ? -1 : 1))
-  .reduce(
-    (changelog, item) => {
-      if (item.isPlugin) {
-        changelog.plugins.push(item);
-      } else if (item.isBug) {
-        changelog.bugfixes.push(item);
-      } else if (item.isBreaking) {
-        changelog.breaking.push(item);
-      } else {
-        changelog.features.push(item);
-      }
-      return changelog;
-    },
-    {
-      breaking: [],
-      plugins: [],
-      bugfixes: [],
-      features: [],
-    }
-  );
-
-// Convert PR numbers to Github links
-const pullRequestLink = (n) => `[#${n}](https://github.com/grafana/grafana/pull/${n})`;
-// Convert Github user IDs to Github links
-const userLink = (u) => `[@${u}](https://github.com/${u})`;
-
-// Now that we have a changelog - we can render some markdown as an output
-const markdown = (changelog) => {
-  // This convers a list of changelog items into a markdown section with a list of titles/links
-  const section = (title, items) =>
-    items.length === 0
-      ? ''
-      : `### ${title}
-
-${items
-  .map(
-    (item) =>
-      `- ${item.title.replace(/^([^:]*:)/gm, '**$1**')} ${
-        item.repo === 'grafana-enterprise'
-          ? '(Enterprise)'
-          : `${pullRequestLink(item.number)}${item.author ? ', ' + userLink(item.author) : ''}`
-      }`
-  )
-  .join('\n')}
-  `;
-
-  // Render all present sections for the given changelog
-  return `${section('Features and enhancements', changelog.features)}
-${section('Bug fixes', changelog.bugfixes)}
-${section('Breaking changes', changelog.breaking)}
-${section('Plugin development fixes & changes', changelog.plugins)}
-`;
-};
-
-const md = markdown(changelog);
-
-// Print changelog, mostly for debugging
-LOG(`Resulting markdown: ${md}`);
-
-// Save changelog as an output for this action
-if (process.env.GITHUB_OUTPUT) {
-  LOG(`Output to ${process.env.GITHUB_OUTPUT}`);
-  appendFileSync(process.env.GITHUB_OUTPUT, `changelog<<EOF\n${escapeData(md)}\nEOF`);
-} else {
-  LOG('GITHUB_OUTPUT is not set');
-}
-
-// Save changelog as an output file (if requested)
-if (process.env.INPUT_OUTPUT_FILE) {
-  LOG(`Output to ${process.env.INPUT_OUTPUT_FILE}`);
-  writeFileSync(process.env.INPUT_OUTPUT_FILE, md);
-}

.github/actions/changelog/package.json

@@ -1,6 +0,0 @@
-{
-  "name": "changelog",
-  "main": "index.js",
-  "type": "module",
-  "description": "changelog generator"
-}

.github/actions/setup-enterprise/action.yml

@@ -1,48 +0,0 @@
-name: 'Setup Grafana Enterprise'
-description: 'Clones and sets up Grafana Enterprise repository for testing'
-
-inputs:
-  github-app-name:
-    description: 'Name of the GitHub App in Vault'
-    required: false
-    default: 'grafana-ci-bot'
-
-runs:
-  using: "composite"
-  steps:
-    - name: Retrieve GitHub App secrets
-      id: get-secrets
-      uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.0.1 # zizmor: ignore[unpinned-uses]
-      with:
-        repo_secrets: |
-          APP_ID=${{ inputs.github-app-name }}:app-id
-          APP_INSTALLATION_ID=${{ inputs.github-app-name }}:app-installation-id
-          PRIVATE_KEY=${{ inputs.github-app-name }}:private-key
-
-    - name: Generate GitHub App token
-      id: generate_token
-      uses: actions/create-github-app-token@v1
-      with:
-        app-id: ${{ env.APP_ID }}
-        private-key: ${{ env.PRIVATE_KEY }}
-        repositories: "grafana-enterprise"
-        owner: "grafana"
-
-    - name: Setup Enterprise
-      shell: bash
-      env:
-        GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-      run: |
-        git clone https://x-access-token:${GH_TOKEN}@github.com/grafana/grafana-enterprise.git ../grafana-enterprise;
-        
-        cd ../grafana-enterprise
-        
-        if git checkout ${GITHUB_HEAD_REF}; then
-          echo "checked out ${GITHUB_HEAD_REF}"
-        elif git checkout ${GITHUB_BASE_REF}; then
-          echo "checked out ${GITHUB_BASE_REF}"
-        else
-          git checkout main
-        fi
-        
-        ./build.sh

.github/actions/setup-grafana-bench/action.yml

@@ -1,45 +0,0 @@
-name: 'Setup Grafana Bench'
-description: 'Sets up and installs Grafana Bench'
-
-inputs:
-  github-app-name:
-    description: 'Name of the GitHub App in Vault'
-    required: false
-    default: 'grafana-ci-bot'
-  branch:
-    description: 'The branch to install from'
-    required: false
-    default: 'main'
-
-runs:
-  using: "composite"
-  steps:
-    - name: Retrieve GitHub App secrets
-      id: get-secrets
-      uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.0.1 # zizmor: ignore[unpinned-uses]
-      with:
-        repo_secrets: |
-          APP_ID=${{ inputs.github-app-name }}:app-id
-          APP_INSTALLATION_ID=${{ inputs.github-app-name }}:app-installation-id
-          PRIVATE_KEY=${{ inputs.github-app-name }}:private-key
-
-    - name: Generate GitHub App token
-      id: generate_token
-      uses: actions/create-github-app-token@v1
-      with:
-        app-id: ${{ env.APP_ID }}
-        private-key: ${{ env.PRIVATE_KEY }}
-        repositories: "grafana-bench"
-        owner: "grafana"
-
-    - name: Setup Bench
-      shell: bash
-      env:
-        GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-        BRANCH: ${{ inputs.branch }}
-      run: |
-        git clone https://x-access-token:${GH_TOKEN}@github.com/grafana/grafana-bench.git ../grafana-bench
-
-        cd ../grafana-bench
-        git switch "$BRANCH"
-        go install .

.github/actions/test-coverage-processor/action.yml

@@ -1,50 +0,0 @@
-name: 'Go Coverage Processor'
-description: 'Process Go test coverage files and generate reports'
-
-inputs:
-  test-type:
-    description: 'Type of test (e.g., be-unit, be-integration)'
-    required: true
-    type: string
-  coverage-file:
-    description: 'Path to the Go coverage file (.cov)'
-    required: true
-    type: string
-  codecov-token:
-    description: 'Token for CodeCov (required for CodeCov reporting)'
-    required: false
-    default: ''
-  codecov-flag:
-    description: 'Flag to categorize the upload to CodeCov'
-    required: false
-    default: ''
-  codecov-name:
-    description: 'Custom name for the upload to CodeCov'
-    required: false
-    default: ''
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Process Go coverage output
-      shell: bash
-      env:
-        COVERAGE_FILE: ${{ inputs.coverage-file }}
-      run: |
-        # Ensure valid coverage file even if empty
-        if [ ! -s "$COVERAGE_FILE" ]; then
-          echo "Coverage file is empty, creating a minimal valid file"
-          echo "mode: set" > "$COVERAGE_FILE"
-        fi
-
-    - name: Report coverage to CodeCov
-      uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5
-      if: inputs.codecov-token != ''
-      with:
-        files: ${{ inputs.coverage-file }}
-        flags: ${{ inputs.codecov-flag || inputs.test-type }}
-        name: ${{ inputs.codecov-name || inputs.test-type }}
-        slug: grafana/grafana
-        # This URL doesn't use the Google auth, but is much more locked down. As such, it requires OIDC or a CodeCov-provided token to do anything.
-        url: https://codecov-webhook.grafana-dev.net
-        token: ${{ inputs.codecov-token }}

.github/bot.md

@@ -4,8 +4,8 @@ The bot is configured via [commands.json](https://github.com/grafana/grafana/blo
 
 Comment commands:
 
-* Write the word `/duplicate #<number>` anywhere in a comment and the bot will add the correct label and standard message.
-* Write the word `/needsMoreInfo` anywhere in a comment and the bot will add the correct label and standard message.
+* Write the word `/duplicate #<number>`  anywhere in a comment and the bot  will add the correct label and standard message.
+* Write the word `/needsMoreInfo`  anywhere in a comment and the bot will add the correct label and standard message.
 
 Label commands:
 

.github/issue-opened.json

@@ -1,11 +1,9 @@
 [
   {
     "type": "author",
-    "memberOf": {
-      "org": "grafana"
-    },
+    "memberOf": { "org": "grafana" },
     "noLabels": true,
     "addLabel": "internal",
-    "comment": " please add one or more appropriate labels. Here are some tips:\r\n\r\n- if you are making an issue, TODO, or reminder for yourself or your team, please add one label that best describes the product or feature area. Please also add the issue to your project board. :rocket:\r\n\r\n- if you are making an issue for any other reason (docs typo, you found a bug, etc), please add at least one label that best describes the product or feature that you are discussing (e.g. `area/alerting`, `datasource/loki`, `type/docs`, `type/bug`, etc). [Our issue triage](https://github.com/grafana/grafana/blob/main/contribute/ISSUE_TRIAGE.md#3-categorize-an-issue) doc also provides additional guidance on labeling. :rocket:\r\n\r\n Thank you! :heart:"
+    "comment": " please add one or more appropriate labels. Here are some tips:\r\n\r\n- if you are making an issue, TODO, or reminder for yourself or your team, please add one label that best describes the product or feature area. Please also add the issue to your project board. :rocket:\r\n\r\n- if you are making an issue for any other reason (docs typo, you found a bug, etc), please add at least one label that best describes the product or feature that you are discussing (e.g. `area/alerting`, `datasource/loki`, `type/docs`, `type/bug`, etc). [Our issue triage](https://github.com/grafana/grafana/blob/main/ISSUE_TRIAGE.md#3-categorizing-an-issue) doc also provides additional guidance on labeling. :rocket:\r\n\r\n Thank you! :heart:"
   }
-]
+]

.github/metrics-collector.json

@@ -29,4 +29,4 @@
       "query": "is:open is:pull-request"
     }
   ]
-}
+}

.github/pr-checks.json

@@ -1,4 +1,11 @@
 [
+  {
+    "type": "check-milestone",
+    "title": "Milestone Check",
+    "targetUrl": "https://github.com/grafana/grafana/blob/main/contribute/merge-pull-request.md#assign-a-milestone",
+    "success": "Milestone set",
+    "failure": "Milestone not set"
+  },
   {
     "type": "check-changelog",
     "title": "Changelog Check",
@@ -20,4 +27,4 @@
     },
     "targetUrl": "https://github.com/grafana/grafana/blob/main/contribute/merge-pull-request.md#include-in-changelog-and-release-notes"
   }
-]
+]

.github/pr-commands.json

@@ -2,8 +2,8 @@
   {
     "type": "changedfiles",
     "matches": [
-      "docs/**/*",
-      "contribute/**/*"
+        "docs/**/*",
+        "contribute/**/*"
     ],
     "action": "updateLabel",
     "addLabel": "type/docs"
@@ -11,21 +11,22 @@
   {
     "type": "changedfiles",
     "matches": [
-      "public/**/*",
-      "packages/**/*",
-      "e2e/**/*",
-      "plugins-bundled/**/*",
-      "scripts/build/release-packages.sh",
-      "scripts/circle-release-next-packages.sh",
-      "scripts/ci-frontend-metrics.sh",
-      "scripts/grunt/**/*",
-      "scripts/webpack/**/*",
-      "package.json",
-      "tsconfig.json",
-      "lerna.json",
-      ".prettierrc.js",
-      ".eslintrc",
-      "**/*.mdx"
+        "public/**/*",
+        "packages/**/*",
+        "e2e/**/*",
+        "plugins-bundled/**/*",
+        "scripts/build/release-packages.sh",
+        "scripts/circle-release-next-packages.sh",
+        "scripts/ci-frontend-metrics.sh",
+        "scripts/grunt/**/*",
+        "scripts/webpack/**/*",
+        "package.json",
+        "tsconfig.json",
+        "lerna.json",
+        ".babelrc",
+        ".prettierrc.js",
+        ".eslintrc",
+        "**/*.mdx"
     ],
     "action": "updateLabel",
     "addLabel": "area/frontend"
@@ -33,11 +34,11 @@
   {
     "type": "changedfiles",
     "matches": [
-      "**/*.go",
-      "go.mod",
-      "go.sum",
-      "contribute/style-guides/backend.md",
-      "contribute/architecture/backend/**/*"
+        "**/*.go",
+        "go.mod",
+        "go.sum",
+        "contribute/style-guides/backend.md",
+        "contribute/architecture/backend/**/*"
     ],
     "action": "updateLabel",
     "addLabel": "area/backend"
@@ -45,17 +46,15 @@
   {
     "type": "changedfiles",
     "matches": [
-      "pkg/services/sqlstore/migrations/**/*",
-      "**/*_mig.go"
+        "pkg/services/sqlstore/migrations/**/*",
+        "**/*_mig.go"
     ],
     "action": "updateLabel",
     "addLabel": "area/backend/db/migration"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/features/explore/**/*"
-    ],
+    "matches": [ "public/app/features/explore/**/*"],
     "action": "updateLabel",
     "addLabel": "area/explore"
   },
@@ -84,357 +83,372 @@
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/azuremonitor/**/*",
-      "pkg/tsdb/azuremonitor/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/azuremonitor/**/*", "pkg/tsdb/azuremonitor/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Azure"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/cloud-monitoring/**/*",
-      "pkg/tsdb/cloud-monitoring/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/cloud-monitoring/**/*", "pkg/tsdb/cloud-monitoring/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/GoogleCloudMonitoring"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/cloudwatch/**/*",
-      "pkg/tsdb/cloudwatch/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/cloudwatch/**/*", "pkg/tsdb/cloudwatch/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/CloudWatch"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/elasticsearch/**/*",
-      "pkg/tsdb/elasticsearch/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/elasticsearch/**/*", "pkg/tsdb/elasticsearch/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Elasticsearch"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/graphite/**/*",
-      "pkg/tsdb/graphite/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/graphite/**/*", "pkg/tsdb/graphite/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Graphite"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/influxdb/**/*",
-      "pkg/tsdb/influx/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/influxdb/**/*", "pkg/tsdb/influx/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/InfluxDB"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/jaeger/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/jaeger"],
     "action": "updateLabel",
     "addLabel": "datasource/Jaeger"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/loki/**/*",
-      "pkg/tsdb/loki/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/loki/**/*", "pkg/tsdb/loki/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Loki"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/mssql/**/*",
-      "pkg/tsdb/mssql/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/mssql/**/*", "pkg/tsdb/mssql/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/MSSQL"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/mysql/**/*",
-      "pkg/tsdb/mysql/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/mysql/**/*", "pkg/tsdb/mysql/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/MySQL"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/opentsdb/**/*",
-      "pkg/tsdb/opentsdb/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/opentsdb/**/*", "pkg/tsdb/opentsdb/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/OpenTSDB"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/parca/**/*"
-    ],
-    "action": "updateLabel",
-    "addLabel": "datasource/Parca"
-  },
-  {
-    "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/grafana-pyroscope-datasource/**/*",
-      "pkg/tsdb/grafana-pyroscope-datasource/**/*"
-    ],
-    "action": "updateLabel",
-    "addLabel": "datasource/grafana-pyroscope"
-  },
-  {
-    "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/grafana-postgresql-datasource/**/*",
-      "pkg/tsdb/grafana-postgresql-datasource/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/grafana-postgresql-datasource/**/*", "pkg/tsdb/grafana-postgresql-datasource/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Postgres"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/prometheus/**/*",
-      "pkg/tsdb/prometheus/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/prometheus/**/*", "pkg/tsdb/prometheus/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Prometheus"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/tempo/**/*",
-      "pkg/tsdb/tempo/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/tempo/**/*", "pkg/tsdb/tempo/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Tempo"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/datasource/zipkin/**/*"
-    ],
+    "matches": [ "public/app/plugins/datasource/zipkin/**/*"],
     "action": "updateLabel",
     "addLabel": "datasource/Zipkin"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/features/variables/**/*",
-      "public/app/features/templating/**/*"
-    ],
+    "matches": ["public/app/features/variables/**/*", "public/app/features/templating/**/*"],
     "action": "updateLabel",
     "addLabel": "area/dashboard/templating"
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "/pkg/services/ngalert/**/*",
-      "/pkg/services/sqlstore/migrations/ualert/**/*",
-      "/pkg/services/alerting/**/*",
-      "/public/app/features/alerting/**/*",
-      "/pkg/tests/api/alerting/**/*"
-    ],
+    "matches": ["/pkg/services/ngalert/**/*", "/pkg/services/sqlstore/migrations/ualert/**/*", "/pkg/services/alerting/**/*", "/public/app/features/alerting/**/*", "/pkg/tests/api/alerting/**/*"],
     "action": "updateLabel",
     "addLabel": "area/alerting"
   },
   {
     "type": "author",
     "name": "pr/external",
-    "notMemberOf": {
-      "org": "grafana"
-    },
-    "ignoreList": [
-      "renovate[bot]",
-      "dependabot[bot]",
-      "grafana-delivery-bot[bot]",
-      "grafanabot"
-    ],
+    "notMemberOf": { "org": "grafana" },
+    "ignoreList": ["renovate[bot]","dependabot[bot]","grafana-delivery-bot[bot]","grafanabot"],
     "action": "updateLabel",
     "addLabel": "pr/external"
   },
   {
-    "type": "label",
-    "name": "type/docs",
-    "action": "addToProject",
-    "addToProject": {
-      "url": "https://github.com/orgs/grafana/projects/69"
+    "type":"label",
+    "name":"type/docs",
+    "action":"addToProject",
+    "addToProject":{
+      "url":"https://github.com/orgs/grafana/projects/69"
     }
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/candlestick/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/candlestick/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/candlestick"
   },
+  {
+    "type": "label",
+    "name": "area/panel/candlestick",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/canvas/**/*",
-      "/public/app/features/canvas/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/canvas/**/*", "/public/app/features/canvas/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/canvas"
   },
+  {
+    "type": "label",
+    "name": "area/panel/canvas",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/barchart/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/barchart/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/barchart"
   },
+  {
+    "type": "label",
+    "name": "area/panel/barchart",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/geomap/**/*",
-      "/public/app/features/geo/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/geomap/**/*", "/public/app/features/geo/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/geomap"
   },
+  {
+    "type": "label",
+    "name": "area/panel/geomap",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/graph/**/*",
-      "/packages/grafana-ui/src/components/Graph/**/*",
-      "/packages/grafana-ui/src/components/GraphNG/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/graph/**/*", "/packages/grafana-ui/src/components/Graph/**/*", "/packages/grafana-ui/src/components/GraphNG/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/graph"
   },
+  {
+    "type": "label",
+    "name": "area/panel/graph",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/heatmap/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/heatmap/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/heatmap"
   },
+  {
+    "type": "label",
+    "name": "area/panel/heatmap",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/histogram/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/histogram/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/histogram"
   },
+  {
+    "type": "label",
+    "name": "area/panel/histogram",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/state-timeline/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/state-timeline/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/state-timeline"
   },
+  {
+    "type": "label",
+    "name": "area/panel/state-timeline",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/status-history/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/status-history/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/status-history"
   },
+  {
+    "type": "label",
+    "name": "area/panel/status-history",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/timeseries/**/*",
-      "/packages/grafana-ui/src/components/TimeSeries/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/timeseries/**/*", "/packages/grafana-ui/src/components/TimeSeries/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/timeseries"
   },
+  {
+    "type": "label",
+    "name": "area/panel/timeseries",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/xychart/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/xychart/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/xychart"
   },
+  {
+    "type": "label",
+    "name": "area/panel/xychart",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/trend/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/trend/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/trend"
   },
+  {
+    "type": "label",
+    "name": "area/panel/trend",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "/packages/grafana-ui/src/components/VizLegend/**/*"
-    ],
+    "matches": ["/packages/grafana-ui/src/components/VizLegend/**/*"],
     "action": "updateLabel",
     "addLabel": "area/legend"
   },
+  {
+    "type": "label",
+    "name": "area/legend",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "/packages/grafana-ui/src/components/VizTooltip/**/*",
-      "public/app/feature/visualization/data-hover/**/*"
-    ],
+    "matches": ["/packages/grafana-ui/src/components/VizTooltip/**/*", "public/app/feature/visualization/data-hover/**/*" ],
     "action": "updateLabel",
     "addLabel": "area/tooltip"
   },
+  {
+    "type": "label",
+    "name": "area/tooltip",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/gauge/**/*",
-      "/packages/grafana-ui/src/components/Gauge/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/gauge/**/*", "/packages/grafana-ui/src/components/Gauge/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/gauge"
   },
   {
-    "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/bargauge/**/*",
-      "/packages/grafana-ui/src/components/BarGauge/**/*"
-    ],
-    "action": "updateLabel",
-    "addLabel": "area/panel/bargauge"
+    "type": "label",
+    "name": "area/panel/gauge",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
   },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/stat/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/bargauge/**/*", "/packages/grafana-ui/src/components/BarGauge/**/*"],
+    "action": "updateLabel",
+    "addLabel": "area/panel/gauge"
+  },
+  {
+    "type": "label",
+    "name": "area/panel/bargauge",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
+  {
+    "type": "changedfiles",
+    "matches": ["public/app/plugins/panel/stat/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/stat"
   },
+  {
+    "type": "label",
+    "name": "area/panel/stat",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
+  },
   {
     "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/piechart/**/*"
-    ],
+    "matches": ["public/app/plugins/panel/piechart/**/*"],
     "action": "updateLabel",
     "addLabel": "area/panel/piechart"
   },
   {
-    "type": "changedfiles",
-    "matches": [
-      "public/app/plugins/panel/table/**/*",
-      "/packages/grafana-ui/src/components/Table/**/*"
-    ],
-    "action": "updateLabel",
-    "addLabel": "area/panel/table"
+    "type": "label",
+    "name": "area/panel/piechart",
+    "action": "addToProject",
+    "addToProject": {
+      "url": "https://github.com/orgs/grafana/projects/56"
+    }
   }
-]
+]

.github/renovate.json5

@@ -4,28 +4,21 @@
   ],
   "enabledManagers": ["npm"],
   "ignoreDeps": [
-    "@types/history", // this can be removed entirely when we upgrade history since v5 exposes types directly
     "history", // we should bump this together with react-router-dom (see https://github.com/grafana/grafana/issues/76744)
     "react-router-dom", // we should bump this together with history (see https://github.com/grafana/grafana/issues/76744)
-    "loader-utils", // v3 requires upstream changes in ngtemplate-loader. ignore, and remove when we remove angular.
     "monaco-editor", // due to us exposing this via @grafana/ui/CodeEditor's props bumping can break plugins
-    "@fingerprintjs/fingerprintjs", // we don't want to bump to v4 due to licensing changes
-    "@swc/core", // versions ~1.4.5 contain multiple bugs related to baseUrl resolution breaking builds.
-    "slate", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
-    "slate-react", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
-    "@types/slate-react", // we don't want to continue using this on the long run, use Monaco editor instead of Slate
-    "@types/slate" // we don't want to continue using this on the long run, use Monaco editor instead of Slate
+    "react-hook-form", // due to us exposing these hooks via @grafana/ui form components bumping can break plugins
   ],
   "includePaths": ["package.json", "packages/**", "public/app/plugins/**"],
-  "ignorePaths": ["emails/**", "plugins-bundled/**", "**/mocks/**"],
+  "ignorePaths": ["emails/**", "plugins-bundled/**", "**/mocks/**", "packages/grafana-e2e/**"],
   "labels": ["area/frontend", "dependencies", "no-changelog"],
   "postUpdateOptions": ["yarnDedupeHighest"],
   "packageRules": [
     {
-      "automerge": true,
-      "matchCurrentVersion": "!/^0/",
       "matchUpdateTypes": ["patch"],
-      "excludePackagePatterns": ["^@?storybook", "^@locker"]
+      "excludePackagePatterns": ["^@?storybook", "^@locker"],
+      "extends": ["schedule:monthly"],
+      "groupName": "Monthly patch updates"
     },
     {
       "matchPackagePatterns": ["^@?storybook"],

.github/workflows/add-to-whats-new.yml

@@ -1,16 +0,0 @@
-name: Add comment about adding a What's new note
-on:
-  pull_request:
-    types: [labeled]
-
-jobs:
-  add-comment:
-    if: ${{ ! github.event.pull_request.head.repo.fork && contains(github.event.pull_request.labels.*.name, 'add to what''s new') }}
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
-        with:
-          message: |
-            Since you've added the `Add to what's new` label, consider drafting a [What's new note](https://admin.grafana.com/content-admin/#/collections/whats-new/new) for this feature.

.github/workflows/alerting-swagger-gen.yml

@@ -13,16 +13,15 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 2
-          persist-credentials: false
       - name: Set go version
-        uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639
+        uses: actions/setup-go@v4
         with:
-          go-version-file: go.mod
+          go-version: '1.21.8'
       - name: Build swagger
         run: |
           make -C pkg/services/ngalert/api/tooling post.json api.json
       - name: Open Pull Request
-        uses: peter-evans/create-pull-request@4e1beaa7521e8b457b572c090b25bd3db56bf1c5
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: "chore: update alerting swagger spec"
@@ -33,5 +32,6 @@ jobs:
           branch: update-alerting-swagger-spec
           delete-branch: true
           labels: 'area/alerting,type/docs,no-changelog'
-          team-reviewers: 'grafana/alerting-backend'
+          team-reviewers: 'grafana/alerting-backend-product'
           draft: false
+

.github/workflows/alerting-update-module.yml

@@ -1,137 +0,0 @@
-name: Update Alerting Module
-
-on:
-  workflow_dispatch:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  update-grafana:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      id-token: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4 # 4.2.2
-        with:
-          persist-credentials: false
-      - name: Check if update branch exists
-        run: |
-          if git ls-remote --heads origin update-alerting-module | grep -q 'update-alerting-module'; then
-            echo "Branch 'update-alerting-module' already exists. There might be an open PR with Grafana updates."
-            echo "Please review and merge/close the existing PR before running this workflow again."
-            exit 1
-          fi
-
-      - name: Setup Go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # 5.3.0
-        with:
-          "go-version-file": "go.mod"
-
-      - name: Extract current commit hash of alerting module
-        id: current-commit
-        run: |
-          FROM_COMMIT=$(go list -m -json github.com/grafana/alerting | jq -r '.Version' | grep -oP '(?<=-)[a-f0-9]+$')
-          echo "from_commit=$FROM_COMMIT" >> $GITHUB_OUTPUT
-
-      - name: Get current branch name
-        id: current-branch-name
-        run: echo "name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_OUTPUT"
-
-      - name: Get latest commit
-        id: latest-commit
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          BRANCH="${{ steps.current-branch-name.outputs.name }}"
-          TO_COMMIT=$(gh api repos/grafana/alerting/commits/$BRANCH  --jq '.sha')
-           if [ -z "$TO_COMMIT" ]; then
-            echo "Branch $BRANCH not found in alerting repo, falling back to main branch"
-            exit 1
-          fi
-          echo "to_commit=$TO_COMMIT" >> $GITHUB_OUTPUT
-
-      - name: Compare commit hashes
-        run: |
-          FROM_COMMIT="${{ steps.current-commit.outputs.from_commit }}"
-          TO_COMMIT="${{ steps.latest-commit.outputs.to_commit }}"
-          
-          # Compare just the length of the shorter hash
-          SHORT_TO_COMMIT="${TO_COMMIT:0:${#FROM_COMMIT}}"
-          
-          if [ "$FROM_COMMIT" = "$SHORT_TO_COMMIT" ]; then
-            echo "Current version ($FROM_COMMIT) is already at latest ($SHORT_TO_COMMIT). No update needed."
-            exit 0
-          fi
-          echo "Updates available: $FROM_COMMIT -> $TO_COMMIT"
-
-      - name: Check for commit history
-        id: check-commits
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          # get all commits that contains 'Alerting:' in the message          
-          ALERTING_COMMITS=$(gh api repos/grafana/alerting/compare/${{ steps.current-commit.outputs.from_commit }}...${{ steps.latest-commit.outputs.to_commit }} \
-            --jq '.commits[].commit.message | split("\n")[0]') || true
-          
-          # Use printf instead of echo -e for better multiline handling
-          printf "%s\n" "$ALERTING_COMMITS"
-          
-          # make the list for markdown and replace PR numbers with links
-          ALERTING_COMMITS_FORMATTED=$(echo "$ALERTING_COMMITS" | while read -r line; do echo "- $line" | sed -E 's/\(#([0-9]+)\)/[#\1](https:\/\/github.com\/grafana\/grafana\/pull\/\1)/g'; done)
-          
-          echo "alerting_commits<<EOF" >> $GITHUB_OUTPUT
-          echo "$ALERTING_COMMITS_FORMATTED" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-
-      - name: Update alerting module
-        env:
-          GOSUMDB: off
-        run: |
-          go get github.com/grafana/alerting@${{ steps.latest-commit.outputs.to_commit }}
-          make update-workspace
-
-      - id: get-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          repo_secrets: |
-            GITHUB_APP_ID=alerting-team:app-id
-            GITHUB_APP_PRIVATE_KEY=alerting-team:private-key
-
-      - name: "Generate token"
-        id: generate_token
-        uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # 1.11.5
-        with:
-          app-id: ${{ env.GITHUB_APP_ID }}
-          private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }}
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # 7.0.6
-        id: create-pr
-        with:
-          token: '${{ steps.generate_token.outputs.token }}'
-          title:  'Alerting: Update alerting module to ${{ steps.latest-commit.outputs.to_commit }}'
-          branch: alerting/update-alerting-module
-          delete-branch: true
-          body: |
-            Updates Grafana Alerting module to latest version.
-
-            Compare changes: https://github.com/grafana/alerting/compare/${{ steps.current-commit.outputs.from_commit }}...${{ steps.latest-commit.outputs.to_commit }}
-            <details>
-            <summary>Commits</summary>
-            
-            ${{ steps.check-commits.outputs.alerting_commits }}
-
-            </details>
-
-            Created by: [GitHub Action Job](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
-      - name: Add PR URL to Summary
-        if: steps.create-pr.outputs.pull-request-url != ''
-        run: |
-          echo "## Pull Request Created" >> $GITHUB_STEP_SUMMARY
-          echo "🔗 [View Pull Request](${{ steps.create-pr.outputs.pull-request-url }})" >> $GITHUB_STEP_SUMMARY

.github/workflows/analytics-events-report.yml

@@ -1,25 +0,0 @@
-name: Analytics Events Report
-
-on:
-  workflow_dispatch:
-
-jobs:
-  generate-report:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-          cache: 'yarn'
-
-      - name: Install dependencies
-        run: yarn install --frozen-lockfile
-
-      - name: Generate analytics report
-        run: yarn analytics-report

.github/workflows/auto-milestone.yml

@@ -1,27 +1,39 @@
 name: Auto-milestone
 on:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - reopened
       - closed
-      - ready_for_review
 
-permissions:
-  pull-requests: write
-  contents: write
-
-# Note: this action runs with write permissions on GITHUB_TOKEN even from forks
-# so it must not run untrusted code (such as checking out the pull request)
 jobs:
-  main:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.draft == false
+  config:
+    runs-on: "ubuntu-latest"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
     steps:
-      # Note: Github will not trigger other actions from this because it uses
-      # the GITHUB_TOKEN token
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.GRAFANA_DELIVERY_BOT_APP_ID != '' && secrets.GRAFANA_DELIVERY_BOT_APP_PEM != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  main:
+    needs: config
+    if: needs.config.outputs.has-secrets
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+
       - name: Run auto-milestone
-        uses: grafana/grafana-github-actions-go/auto-milestone@d4c452f92ed826d515dccf1f62923e537953acd8 # main
+        uses: grafana/grafana-github-actions-go/auto-milestone@main
         with:
           pr: ${{ github.event.pull_request.number }}
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.generate_token.outputs.token }}

.github/workflows/auto-triager/labels.txt

@@ -1,124 +0,0 @@
-area/admin/user
-area/alerting
-area/annotations
-area/auth
-area/auth/ldap
-area/auth/oauth
-area/auth/rbac
-area/auth/serviceaccount
-area/backend
-area/backend/api
-area/backend/db
-area/backend/db/migration
-area/backend/db/mysql
-area/backend/db/postgres
-area/backend/db/sql
-area/backend/db/sqlite
-area/configuration
-area/dashboard/annotations
-area/dashboard/data-links
-area/dashboard/edit
-area/dashboard/folders
-area/dashboard/import
-area/dashboard/kiosk
-area/dashboard/links
-area/dashboard/rows
-area/dashboard/scenes
-area/dashboard/settings
-area/dashboard/snapshot
-area/dashboard/templating
-area/dashboard/timerange
-area/dashboard/tv
-area/dashboard/variable
-area/dashboards/panel
-area/data/export
-area/explore
-area/expressions
-area/field/overrides
-area/frontend/library-panels
-area/frontend/login
-area/image-rendering
-area/internationalization
-area/legend
-area/library-panel
-area/metricsdrilldown
-area/navigation
-area/panel/annotation-list
-area/panel/barchart
-area/panel/bargauge
-area/panel/candlestick
-area/panel/canvas
-area/panel/dashboard-list
-area/panel/edit
-area/panel/edit
-area/panel/field-override
-area/panel/flame-graph
-area/panel/gauge
-area/panel/geomap
-area/panel/heatmap
-area/panel/histogram
-area/panel/logs
-area/panel/node-graph
-area/panel/node-graph
-area/panel/piechart
-area/panel/repeat
-area/panel/singlestat
-area/panel/stat
-area/panel/state-timeline
-area/panel/status-history
-area/panel/table
-area/panel/timeseries
-area/panel/traceview
-area/panel/trend
-area/panel/xychart
-area/permissions
-area/playlist
-area/plugins
-area/plugins-catalog
-area/provisioning
-area/provisioning/datasources
-area/public-dashboards
-area/query-library
-area/recorded-queries
-area/scenes
-area/search
-area/security
-area/streaming
-area/templating/repeating
-area/tooltip
-area/transformations
-datagrid
-datasource/Alertmanager
-datasource/Azure
-datasource/azure-cosmosdb
-datasource/BigQuery
-datasource/CloudWatch
-datasource/CloudWatch Logs
-datasource/CSV
-datasource/Elasticsearch
-datasource/GitHub
-datasource/GoogleCloudMonitoring
-datasource/GoogleSheets
-datasource/grafana-pyroscope
-datasource/Graphite
-datasource/InfluxDB
-datasource/Jaeger
-datasource/JSON
-datasource/Loki
-datasource/MSSQL
-datasource/MySQL
-datasource/OpenSearch
-datasource/OpenTSDB
-datasource/Parca
-datasource/Phlare
-datasource/Postgres
-datasource/Prometheus
-datasource/SiteWIse
-datasource/Splunk
-datasource/Tempo
-datasource/TestDataDB
-datasource/Timestream
-datasource/X-Ray
-datasource/Zabbix
-datasource/Zipkin
-team/grafana-aws-datasources

.github/workflows/auto-triager/prompt.txt

@@ -1,25 +0,0 @@
-You are an expert Grafana issues categorizer.
-
-You are provided with a Grafana issue. Your task is to categorize the issue by analyzing the issue title and description to determine the most relevant category and type from the provided lists. Focus on precision and clarity, selecting only the most pertinent labels based on the issue details. Ensure that your selections reflect the core problem or functionality affected.
-
-The output should be a valid JSON object with the following fields:
-* id (string): The ID of the current issue.
-* categoryLabel (array of strings): The category labels for the current issue, emphasizing key terms and context.
-* typeLabel (array of strings): The type of the current issue, emphasizing clarity and relevance.
-
-**Instructions**:
-1. **Contextual Analysis**: Understand the context and intent behind the issue description. Analyze the overall narrative and relationships between different components within Grafana. Consider dependencies and related components to inform your decision.
-2. **Category and Type Differentiation**: Use language cues and patterns to differentiate between similar categories and types. Provide examples and counterexamples to clarify distinctions. Prioritize primary components over secondary ones unless they are critical to the issue.
-3. **Historical Data Utilization**: Compare current issues with past resolved issues by analyzing similarities in problem descriptions, leveraging patterns to inform categorization. Use historical data to recognize patterns and inform your decision-making.
-4. **Confidence Scoring**: Implement a confidence scoring mechanism to flag issues for review if the confidence is below a predefined threshold. Clearly indicate thresholds for high and low confidence predictions. Provide clarifying questions if data is ambiguous.
-5. **Feedback Loop Integration**: Integrate feedback from incorrect predictions to refine understanding and improve future predictions. Conduct error analysis to identify patterns in misclassifications and adapt your approach accordingly.
-6. **Semantic Analysis**: Evaluate the underlying intent of the issue using semantic analysis, considering broader implications and context. Leverage metadata or historical patterns to improve accuracy.
-7. **Avoid Over-Specification**: Maintain precision and conciseness, avoiding unnecessary details. Prioritize clarity and flag for further review if uncertain.
-8. **Consistent JSON Formatting**: Ensure the output maintains a consistent JSON structure with uniform formatting for readability and scalability.
-
-**Next Steps and Insights**:
-- Suggest potential next steps or resources that could help address the issue, providing actionable insights to enhance user engagement.
-- Regularly test responses against edge cases to ensure robustness and adaptability.
-- Stay updated with changes in category and type lists to remain current.
-
-Provide a brief explanation of the categorization decision, highlighting key terms or context that influenced the choice. Use user-centric language and technical details to ensure the explanation is comprehensive and insightful.

.github/workflows/auto-triager/types.txt

@@ -1,30 +0,0 @@
-type/accessibility
-type/angular-2-react
-type/browser-compatibility
-type/bug
-type/build-packaging
-type/chore
-type/ci
-type/cleanup
-type/codegen
-type/community
-type/debt
-type/design
-type/discussion
-type/docs
-type/duplicate
-type/e2e
-type/epic
-type/feature-request
-type/feature-toggle-enable
-type/feature-toggle-removal
-type/performance
-type/poc
-type/project
-type/proposal
-type/question
-type/refactor
-type/regression
-type/roadmap
-type/tech
-type/ux

.github/workflows/backend-code-checks.yml

@@ -1,73 +0,0 @@
-name: Backend Code Checks
-
-on:
-  pull_request:
-    paths-ignore:
-      - '*.md'
-      - 'docs/**'
-      - 'latest.json'
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '*.md'
-      - 'docs/**'
-      - 'latest.json'
-
-permissions:
-  contents: read
-  id-token: write
-
-jobs:
-  validate-configs:
-    name: Validate Backend Configs
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          # Explicitly set Go version to 1.24.1 to ensure consistent OpenAPI spec generation
-          # The crypto/x509 package has additional fields in Go 1.24.1 that affect the generated specs
-          # This ensures the GHAs environment matches what we use in the Drone pipeline
-          go-version: 1.24.1
-          cache: true
-
-      - name: Verify code generation
-        run: |
-          CODEGEN_VERIFY=1 make gen-cue
-          CODEGEN_VERIFY=1 make gen-jsonnet
-      
-      - name: Validate go.mod
-        run: go run scripts/modowners/modowners.go check go.mod
-
-      # Enterprise setup is needed for complete OpenAPI spec generation
-      # We only do this for internal PRs
-      - name: Setup Grafana Enterprise
-        if: github.event.pull_request.head.repo.fork == false
-        uses: ./.github/actions/setup-enterprise
-        
-      - name: Generate and Validate OpenAPI Specs
-        run: |
-          # For PRs from forks, we'll just run the basic swagger-gen without validation
-          if [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
-            echo "PR is from a fork, skipping enterprise-based validation"
-            make swagger-gen
-            exit 0
-          fi
-          
-          # Clean and regenerate OpenAPI specs
-          make swagger-clean && make openapi3-gen
-          
-          # Check if the generated specs differ from what's in the repository
-          for f in public/api-merged.json public/openapi3.json; do git add $f; done
-          if [ -z "$(git diff --name-only --cached)" ]; then
-            echo "OpenAPI specs are up to date!"
-          else
-            echo "OpenAPI specs are OUT OF DATE!"
-            git diff --cached
-            echo "Please ensure the branch is up-to-date, then regenerate the specification by running make swagger-clean && make openapi3-gen"
-            exit 1
-          fi

.github/workflows/backend-unit-tests.yml

@@ -1,71 +0,0 @@
-name: Backend Unit Tests
-
-on:
-  pull_request:
-    paths-ignore:
-      - 'docs/**'
-      - '**/*.md'
-  push:
-    branches:
-      - main
-      - release-*.*.*
-    paths-ignore:
-      - 'docs/**'
-      - '**/*.md'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
-
-permissions: {}
-
-jobs:
-  grafana:
-    # Run this workflow only for PRs from forks; if it gets merged into `main` or `release-*`, 
-    # the `pr-backend-unit-tests-enterprise` workflow will run instead
-    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true
-    name: Grafana
-    runs-on: ubuntu-latest-8-cores
-    continue-on-error: true
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-      - name: Generate Go code
-        run: make gen-go
-      - name: Run unit tests
-        run: make test-go-unit
-
-  grafana-enterprise:
-    # Run this workflow for non-PR events (like pushes to `main` or `release-*`) OR for internal PRs (PRs not from forks)
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false
-    name: Grafana Enterprise
-    runs-on: ubuntu-latest-8-cores
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-      - name: Setup Enterprise
-        uses: ./.github/actions/setup-enterprise
-        with:
-          github-app-name: 'grafana-ci-bot'
-      - name: Generate Go code
-        run: make gen-go
-      - name: Run unit tests
-        run: make test-go-unit

.github/workflows/backport.yml

@@ -5,28 +5,29 @@ on:
       - closed
       - labeled
 
-permissions:
-  contents: write
-  pull-requests: write
-
 jobs:
   main:
     if: github.repository == 'grafana/grafana'
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4 # 4.2.2
+      - name: Checkout Actions
+        uses: actions/checkout@v4
         with:
-          persist-credentials: false
-      - run: git config --local user.name "github-actions[bot]"
-      - run: git config --local user.email "github-actions[bot]@users.noreply.github.com"
-      - run: git config --local --add --bool push.autoSetupRemote true
-      - name: Set remote URL
-        env:
-          GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git remote set-url origin "https://grafana-delivery-bot:$GIT_TOKEN@github.com/grafana/grafana.git"
+          repository: "grafana/grafana-github-actions"
+          path: ./actions
+          ref: main
+      - name: Install Actions
+        run: npm install --production --prefix ./actions
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
       - name: Run backport
-        uses: grafana/grafana-github-actions-go/backport@main # zizmor: ignore[unpinned-uses]
+        uses: ./actions/backport
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}}
+          token: ${{ steps.generate_token.outputs.token }}
+          labelsToAdd: "backport"
+          title: "[{{base}}] {{originalTitle}}"

.github/workflows/bump-version.yml

@@ -5,43 +5,74 @@ on:
       version:
         description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
         required: true
-      push:
-        default: true
-        required: false
-      dry_run:
-        default: false
-        required: false
-
-permissions:
-  contents: write
-  pull-requests: write
-
+env:
+  YARN_ENABLE_IMMUTABLE_INSTALLS: false
 jobs:
-  bump-version:
+  main:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout Grafana
+      # This is a basic workflow to help you get started with Actions
+      - uses: actions-ecosystem/action-regex-match@v2.0.2
+        if: ${{ github.event.inputs.version != '' }}
+        id: regex-match
+        with:
+          text: ${{ github.event.inputs.version }}
+          regex: '^(\d+.\d+).\d+(?:-(?:(preview\d?)|(pre)))?$'
+      - uses: actions-ecosystem/action-regex-match@v2.0.2
+        if: ${{ inputs.version_call != '' }}
+        id: regex-match-version-call
+        with:
+          text: ${{ inputs.version_call }}
+          regex: '^(\d+.\d+).\d+(?:-(?:(preview\d?)|(pre)))?$'
+      - name: Validate input version
+        if: ${{ steps.regex-match.outputs.match == '' && github.event.inputs.version != '' }}
+        run: |
+          echo "The input version format is not correct, please respect:\
+          major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. \
+          example: 7.4.3, 7.4.3-preview or 7.4.3-preview1"
+          exit 1
+      - name: Validate input version call
+        if: ${{ inputs.version_call != '' && steps.regex-match-version-call.outputs.match == '' }}
+        run: |
+          echo "The input version format is not correct, please respect:\
+          major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. \
+          example: 7.4.3, 7.4.3-preview or 7.4.3-preview1"
+          exit 1
+
+      - uses: actions/checkout@v4
+
+      - name: Set intermedia variables
+        id: intermedia
+        run: |
+          echo "short_ref=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+          echo "check_passed=false" >> $GITHUB_OUTPUT
+          echo "branch_name=v${{steps.regex-match.outputs.group1}}" >> $GITHUB_OUTPUT
+          echo "branch_exist=$(git ls-remote --heads https://github.com/grafana/grafana.git v${{ steps.regex-match.outputs.group1 }}.x | wc -l)" >> $GITHUB_OUTPUT
+
+      - name: Checkout Actions
         uses: actions/checkout@v4
         with:
-          persist-credentials: false
-      - name: Update package.json versions
-        uses: ./pkg/build/actions/bump-version
+          repository: "grafana/grafana-github-actions"
+          path: ./actions
+          ref: main
+      # Go is required for also updating the schema versions as part of the precommit hook:
+      - uses: actions/setup-go@v4
         with:
-          version: ${{ inputs.version }}
-      - if: ${{ inputs.push }}
-        name: Push & Create PR
-        env:
-          VERSION: ${{ inputs.version }}
-          DRY_RUN: ${{ inputs.dry_run }}
-          REF_NAME: ${{ github.ref_name }}
-          RUN_ID: ${{ github.run_id }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git config --local user.name "github-actions[bot]"
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local --add --bool push.autoSetupRemote true
-          git checkout -b "bump-version/${RUN_ID}/${VERSION}"
-          git add .
-          git commit -m "bump version ${VERSION}"
-          git push
-          gh pr create --dry-run=$DRY_RUN -l "type/ci" -l "no-changelog" -B "$REF_NAME" --title "Release: Bump version to ${VERSION}" --body "Updated version to ${VERSION}"
+          go-version: '1.20'
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+      - name: Install Actions
+        run: npm install --production --prefix ./actions
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: Run bump version (manually invoked)
+        uses: ./actions/bump-version
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          metricsWriteAPIKey: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
+          precommit_make_target: gen-cue

.github/workflows/changelog.yml

@@ -1,155 +0,0 @@
-name: Generate changelog
-on:
-  workflow_call:
-    inputs:
-      previous_version:
-        type: string
-        required: false
-        description: 'The release version (semver, git tag, branch or commit) to use for comparison'
-      version:
-        type: string
-        required: true
-        description: 'Target release version (semver, git tag, branch or commit)'
-      target:
-        required: true
-        type: string
-        description: 'The base branch that these changes are being merged into'
-      dry_run:
-        required: false
-        default: false
-        type: boolean
-      latest:
-        required: false
-        default: false
-        type: boolean
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID:
-        required: true
-      GRAFANA_DELIVERY_BOT_APP_PEM:
-        required: true
-
-  workflow_dispatch:
-    inputs:
-      previous_version:
-        type: string
-        required: false
-        description: 'The release version (semver, git tag, branch or commit) to use for comparison'
-      version:
-        type: string
-        required: true
-        description: 'Target release version (semver, git tag, branch or commit)'
-      target:
-        required: true
-        type: string
-        description: 'The base branch that these changes are being merged into'
-      dry_run:
-        required: false
-        default: false
-        type: boolean
-      latest:
-        required: false
-        default: false
-        type: boolean
-
-permissions: {}
-
-jobs:
-  main:
-    env:
-      RUN_ID: ${{ github.run_id }}
-      VERSION: ${{ inputs.version }}
-      PREVIOUS_VERISON: ${{ inputs.previous_version }}
-      TARGET: ${{ inputs.target }}
-      DRY_RUN: ${{ inputs.dry_run }}
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: write
-      pull-requests: write
-    steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
-      - name: "Checkout Grafana repo"
-        uses: "actions/checkout@v4"
-        with:
-          ref: main
-          sparse-checkout: |
-            .github/workflows
-            CHANGELOG.md
-            .nvmrc
-            .prettierignore
-            .prettierrc.js
-          fetch-depth: 0
-          fetch-tags: true
-          persist-credentials: false
-      - name: Setup nodejs environment
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: .nvmrc
-      - name: "Configure git user"
-        run: |
-          git config --local user.name "github-actions[bot]"
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local --add --bool push.autoSetupRemote true
-      - name: "Create branch"
-        run: git checkout -b "changelog/${RUN_ID}/${VERSION}"
-      - name: "Generate changelog"
-        id: changelog
-        uses: ./.github/actions/changelog
-        with:
-          previous: ${{ inputs.previous_version }}
-          github_token: ${{ steps.generate_token.outputs.token }}
-          target: v${{ inputs.version }}
-          output_file: changelog_items.md
-      - name: "Patch CHANGELOG.md"
-        run: |
-          # Prepare CHANGELOG.md content with version delimiters
-          (
-            echo
-            echo "# ${VERSION} ($(date '+%F'))"
-            echo
-            cat changelog_items.md
-          ) > CHANGELOG.part
-
-          # Check if a version exists in the changelog
-          if grep -q "<!-- ${VERSION} START" CHANGELOG.md ; then
-            # Replace the content between START and END delimiters
-            echo "Version ${VERSION} is found in the CHANGELOG.md, patching contents..."
-            sed -i -e "/${VERSION} START/,/${VERSION} END/{//!d;}" \
-                   -e "/${VERSION} START/r CHANGELOG.part" CHANGELOG.md
-          else
-            # Prepend changelog part to the main changelog file
-            echo "Version $VERSION not found in the CHANGELOG.md"
-            (
-              echo "<!-- ${VERSION} START -->"
-              cat CHANGELOG.part
-              echo "<!-- ${VERSION} END -->"
-              cat CHANGELOG.md
-            ) > CHANGELOG.tmp
-            mv CHANGELOG.tmp CHANGELOG.md
-          fi
-
-          git diff CHANGELOG.md
-
-      - name: "Prettify CHANGELOG.md"
-        run: npx prettier --write CHANGELOG.md
-      - name: "Commit changelog changes"
-        run: git add CHANGELOG.md && git commit --allow-empty -m "Update changelog" CHANGELOG.md
-      - name: "git push"
-        if: ${{ inputs.dry_run }} != true
-        run: git push
-      - name: "Create changelog PR"
-        run: >
-          gh pr create \
-            --dry-run=${DRY_RUN} \
-            --label "no-backport" \
-            --label "no-changelog" \
-            -B "${TARGET}" \
-            --title "Release: update changelog for ${VERSION}" \
-            --body "Changelog changes for release ${VERSION}"
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/close-milestone.yml

@@ -0,0 +1,44 @@
+name: Close milestone
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        required: true
+        description: Needs to match, exactly, the name of a milestone
+  workflow_call:
+    inputs:
+      version_call:
+        description: Needs to match, exactly, the name of a milestone
+        required: true
+        type: string
+
+jobs:
+  main:
+    if: github.repository == 'grafana/grafana'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Actions
+        uses: actions/checkout@v4
+        with:
+          repository: "grafana/grafana-github-actions"
+          path: ./actions
+          ref: main
+      - name: Install Actions
+        run: npm install --production --prefix ./actions
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: Close milestone (manually invoked)
+        if: ${{ github.event.inputs.version != '' }}
+        uses: ./actions/close-milestone
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+      - name: Close milestone (workflow invoked)
+        if: ${{ inputs.version_call != '' }}
+        uses: ./actions/close-milestone
+        with:
+          version_call: ${{ inputs.version_call }}
+          token: ${{ steps.generate_token.outputs.token }}

.github/workflows/codeowners-validator.yml

@@ -10,10 +10,8 @@ jobs:
     steps:
       # Checks-out your repository, which is validated in the next step
       - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
       - name: GitHub CODEOWNERS Validator
-        uses: mszostok/codeowners-validator@7f3f5e28c6d7b8dfae5731e54ce2272ca384592f
+        uses: mszostok/codeowners-validator@v0.7.4
         # input parameters
         with:
           # ==== GitHub Auth ====

.github/workflows/codeql-analysis.yml

@@ -3,19 +3,18 @@
 #
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
-name: "CodeQL checks"
+name: "CodeQL"
 
 on:
   workflow_dispatch:
   push:
-    branches: ['**'] # run on all branches
+    branches: [main, v1.8.x, v2.0.x, v2.1.x, v2.6.x, v3.0.x, v3.1.x, v4.0.x, v4.1.x, v4.2.x, v4.3.x, v4.4.x, v4.5.x, v4.6.x, v4.7.x, v5.0.x, v5.1.x, v5.2.x, v5.3.x, v5.4.x, v6.0.x, v6.1.x, v6.2.x, v6.3.x, v6.4.x, v6.5.x, v6.6.x, v6.7.x, v7.0.x, v7.1.x, v7.2.x]
     paths-ignore:
       - '**/*.cue'
       - '**/*.json'
       - '**/*.md'
       - '**/*.txt'
       - '**/*.yml'
-      - pkg/storage/unified/sql/db/dbimpl/db.go # Ignoring warnings on the whole file for now while inline comments is not supported in Go (https://github.com/github/codeql/issues/11427)
   schedule:
     - cron: '0 4 * * 6'
 
@@ -26,8 +25,6 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-    continue-on-error: true # doesn't block PRs from being merged if this fails
-    if: github.repository == 'grafana/grafana'
 
     strategy:
       fail-fast: false
@@ -45,17 +42,16 @@ jobs:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
-        persist-credentials: false
 
     - if: matrix.language == 'go'
       name: Set go version
-      uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639
+      uses: actions/setup-go@v4
       with:
-        go-version-file: go.mod
+        go-version: '1.21.8'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,4 +66,4 @@ jobs:
         make build-go
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v2

.github/workflows/commands.yml

@@ -1,19 +1,11 @@
 name: Run commands when issues are labeled or comments added
-
-# important: this workflow uses a github app that is strictly limited
-# to issues. If you want to change the triggers for this workflow,
-# please review if the permissions are still sufficient.
 on:
   issues:
     types: [labeled, unlabeled]
   issue_comment:
     types: [created]
-
 concurrency:
   group: issue-commands-${{ github.event.issue.number }}
-
-permissions: {}
-
 jobs:
   config:
     runs-on: "ubuntu-latest"
@@ -24,7 +16,7 @@ jobs:
         id: check
         shell: bash
         run: |
-          if [ "${{ github.repository }}" == "grafana/grafana" ] && [ -n "${{ secrets.GRAFANA_MISC_STATS_API_KEY }}" ]; then
+          if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.ISSUE_COMMANDS_TOKEN != '') || '' }}" ]; then
             echo "has-secrets=1" >> "$GITHUB_OUTPUT"
           fi
 
@@ -32,39 +24,18 @@ jobs:
     needs: config
     if: needs.config.outputs.has-secrets
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
     steps:
-      - name: "Get vault secrets"
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_commands_github_bot path in Vault
-          repo_secrets: |
-            GH_APP_ID=plugins_platform_issue_commands_github_bot:app_id
-            GH_APP_PEM=plugins_platform_issue_commands_github_bot:app_pem
-
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ env.GH_APP_ID }}
-          private_key: ${{ env.GH_APP_PEM }}
-
       - name: Checkout Actions
-        uses: actions/checkout@v4 # v4.2.2
+        uses: actions/checkout@v4
         with:
           repository: "grafana/grafana-github-actions"
           path: ./actions
           ref: main
-          persist-credentials: false
-
       - name: Install Actions
         run: npm install --production --prefix ./actions
       - name: Run Commands
         uses: ./actions/commands
         with:
           metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}}
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{secrets.ISSUE_COMMANDS_TOKEN}}
           configPath: commands

.github/workflows/community-release.yml

@@ -1,46 +1,25 @@
 name: Create community release post
 on:
-  workflow_call:
-    inputs:
-      version:
-        type: string
-        required: true
-        description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
-      dry_run:
-        type: boolean
-        required: false
-        default: false
-        description: When enabled, this workflow will print a preview instead of creating an actual post.
-    secrets:
-      GRAFANA_MISC_STATS_API_KEY:
-        required: true
-      GRAFANABOT_FORUM_KEY:
-        required: true
   workflow_dispatch:
     inputs:
       version:
-        type: string
         required: true
         description: 'Needs to match, exactly, the name of a milestone. The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
-      dry_run:
-        type: boolean
-        required: false
-        default: false
-        description: When enabled, this workflow will print a preview instead of creating an actual post.
-
-permissions:
-  contents: read
-
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - name: Run community-release (manually invoked)
-        uses: grafana/grafana-github-actions-go/community-release@main # zizmor: ignore[unpinned-uses]
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: Run community-release (manually invoked)
+        uses: grafana/grafana-github-actions-go/community-release@main
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
           version: ${{ inputs.version }}
           metrics_api_key: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
           community_api_key: ${{ secrets.GRAFANABOT_FORUM_KEY }}
           community_api_username: grafanabot
-          dry_run: ${{ inputs.dry_run }}

.github/workflows/core-plugins-build-and-release.yml

@@ -1,5 +1,3 @@
-name: Build and release core plugins
-
 on:
   workflow_dispatch:
     inputs:
@@ -8,14 +6,7 @@ on:
         required: true
         type: choice
         options:
-          - grafana-azure-monitor-datasource
-          - grafana-pyroscope-datasource
           - grafana-testdata-datasource
-          - jaeger
-          - parca
-          - stackdriver
-          - tempo
-          - zipkin
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}-${{ inputs.plugin_id }}
@@ -33,8 +24,6 @@ permissions:
 
 jobs:
   build-and-publish:
-    env:
-      PLUGIN_ID: ${{ inputs.plugin_id }}
     name: Build and publish ${{ inputs.plugin_id }}
     runs-on: ubuntu-latest
     outputs:
@@ -44,13 +33,11 @@ jobs:
     steps:
       - name: checkout
         uses: actions/checkout@v4
-        with:
-          persist-credentials: false
       - name: Verify inputs
         run: |
-          if [ -z $PLUGIN_ID ]; then echo "Missing plugin ID"; exit 1; fi
+          if [ -z ${{ inputs.plugin_id }} ]; then echo "Missing plugin ID"; exit 1; fi
       - id: get-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
+        uses: grafana/shared-workflows/actions/get-vault-secrets@main
         with:
           # Secrets placed in the ci/repo/grafana/<repo>/<path> path in Vault
           repo_secrets: |
@@ -58,11 +45,11 @@ jobs:
             PLUGINS_GRAFANA_API_KEY=core-plugins-build-and-release:PLUGINS_GRAFANA_API_KEY
             PLUGINS_GCOM_TOKEN=core-plugins-build-and-release:PLUGINS_GCOM_TOKEN
       - name: 'Authenticate to Google Cloud'
-        uses: 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f'
+        uses: 'google-github-actions/auth@v2'
         with:
           credentials_json: '${{ env.PLUGINS_GOOGLE_CREDENTIALS }}'
       - name: 'Set up Cloud SDK'
-        uses: 'google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a'
+        uses: 'google-github-actions/setup-gcloud@v2'
       - name: Setup nodejs environment
         uses: actions/setup-node@v4
         with:
@@ -72,12 +59,7 @@ jobs:
         shell: bash
         id: get_dir
         run: |
-          dir=$(dirname \
-            $(egrep -lir --include=plugin.json --exclude-dir=dist \
-              '"id": "${PLUGIN_ID}"' \
-              public/app/plugins \
-            ) \
-          )
+          dir=$(find public/app/plugins -name ${{ inputs.plugin_id }} -print -quit)
           echo "dir=${dir}" >> $GITHUB_OUTPUT
       - name: Install frontend dependencies
         shell: bash
@@ -89,19 +71,19 @@ jobs:
         working-directory: ${{ steps.get_dir.outputs.dir }}
         run: |
           [ ! -d ./bin ] && mkdir -pv ./bin || true
-          curl -fL -o ./bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v$GRABPL_VERSION/grabpl
+          curl -fL -o ./bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v${{ env.GRABPL_VERSION }}/grabpl
           chmod 0755 ./bin/grabpl
       - name: Check backend
         id: check_backend
         shell: bash
         run: |
-          if egrep -qr --include=main.go 'datasource.Manage\("$PLUGIN_ID"' pkg/tsdb; then
+          if [ -d ./pkg/tsdb/${{ inputs.plugin_id }} ]; then
             echo "has_backend=true" >> $GITHUB_OUTPUT
           else
             echo "has_backend=false" >> $GITHUB_OUTPUT
           fi
       - name: Setup golang environment
-        uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639
+        uses: actions/setup-go@v4
         if: steps.check_backend.outputs.has_backend == 'true'
         with:
           go-version-file: go.mod
@@ -155,7 +137,7 @@ jobs:
             # Release branch, do not add commit hash to version
             command="plugin:build"
           fi
-          yarn $command --scope="@grafana-plugins/$PLUGIN_ID"
+          yarn $command --scope="@grafana-plugins/${{ inputs.plugin_id }}"
           version=$(cat ${{ steps.get_dir.outputs.dir }}/dist/plugin.json | jq -r .info.version)
           echo "version=${version}" >> $GITHUB_OUTPUT
       - name: build:backend
@@ -164,7 +146,7 @@ jobs:
         env:
           VERSION: ${{ steps.build_frontend.outputs.version }}  
         run: |
-          make build-plugin-go PLUGIN_ID=$PLUGIN_ID
+          make build-plugin-go PLUGIN_ID=${{ inputs.plugin_id }}
       - name: package
         working-directory: ${{ steps.get_dir.outputs.dir }}
         run: |
@@ -179,7 +161,7 @@ jobs:
           VERSION: ${{ steps.build_frontend.outputs.version }}  
         run: |
           api_res=$(curl -X 'GET' -H "Authorization: Bearer $GCOM_TOKEN" \
-            '${{ env.GCOM_API}}/api/plugins/$PLUGIN_ID?version=$VERSION' \
+            '${{ env.GCOM_API}}/api/plugins/${{ inputs.plugin_id }}?version=$VERSION' \
             -H 'accept: application/json')
           api_res_code=$(echo $api_res | jq -r .code)
           if [ "$api_res_code" = "NotFound" ]; then
@@ -190,7 +172,7 @@ jobs:
             exit 1
           fi
       - name: store build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: build-artifacts
           path: ${{ steps.get_dir.outputs.dir }}/ci/packages/*.zip
@@ -201,12 +183,11 @@ jobs:
         run: |
           echo "Publish release to Google Cloud Storage:"
           touch ci/packages/windows ci/packages/darwin ci/packages/linux ci/packages/any
-          gsutil -m cp -r ci/packages/*windows* gs://${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/windows
-          gsutil -m cp -r ci/packages/*linux* gs://${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/linux 
-          gsutil -m cp -r ci/packages/*darwin* gs://${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/darwin
-          gsutil -m cp -r ci/packages/*any* gs://${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/any
+          gsutil -m cp -r ci/packages/*windows* gs://${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/windows
+          gsutil -m cp -r ci/packages/*linux* gs://${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/linux 
+          gsutil -m cp -r ci/packages/*darwin* gs://${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/darwin
+          gsutil -m cp -r ci/packages/*any* gs://${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/any
       - name: Publish new plugin version on grafana.com
-        if: steps.check_backend.outputs.has_backend == 'true'
         working-directory: ${{ steps.get_dir.outputs.dir }}
         env:
           GCOM_TOKEN: ${{ env.PLUGINS_GCOM_TOKEN }}
@@ -218,27 +199,27 @@ jobs:
             \"url\": \"https://github.com/grafana/grafana/tree/main/${{ steps.get_dir.outputs.dir }}\",
             \"download\": {
               \"linux-amd64\": {
-                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/linux/$PLUGIN_ID-${VERSION}.linux_amd64.zip\",
+                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/linux/${{ inputs.plugin_id }}-${VERSION}.linux_amd64.zip\",
                 \"md5\": \"$(cat ci/packages/info-linux_amd64.json | jq -r .plugin.md5)\"
               },
               \"linux-arm64\": {
-                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/linux/$PLUGIN_ID-${VERSION}.linux_arm64.zip\",
+                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/linux/${{ inputs.plugin_id }}-${VERSION}.linux_arm64.zip\",
                 \"md5\": \"$(cat ci/packages/info-linux_arm64.json | jq -r .plugin.md5)\"
               },
               \"linux-arm\": {
-                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/linux/$PLUGIN_ID-${VERSION}.linux_arm.zip\",
+                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/linux/${{ inputs.plugin_id }}-${VERSION}.linux_arm.zip\",
                 \"md5\": \"$(cat ci/packages/info-linux_arm.json | jq -r .plugin.md5)\"
               },
               \"windows-amd64\": {
-                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/windows/$PLUGIN_ID-${VERSION}.windows_amd64.zip\",
+                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/windows/${{ inputs.plugin_id }}-${VERSION}.windows_amd64.zip\",
                 \"md5\": \"$(cat ci/packages/info-windows_amd64.json | jq -r .plugin.md5)\"
               },
               \"darwin-amd64\": {
-                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/darwin/$PLUGIN_ID-${VERSION}.darwin_amd64.zip\",
+                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/darwin/${{ inputs.plugin_id }}-${VERSION}.darwin_amd64.zip\",
                 \"md5\": \"$(cat ci/packages/info-darwin_amd64.json | jq -r .plugin.md5)\"
               },
               \"darwin-arm64\": {
-                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/darwin/$PLUGIN_ID-${VERSION}.darwin_arm64.zip\",
+                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/${{ inputs.plugin_id }}/release/${VERSION}/darwin/${{ inputs.plugin_id }}-${VERSION}.darwin_arm64.zip\",
                 \"md5\": \"$(cat ci/packages/info-darwin_arm64.json | jq -r .plugin.md5)\"
               }
             }
@@ -247,27 +228,4 @@ jobs:
             echo "Failed to publish plugin version. Got:"
             echo $result
             exit 1
-          fi
-      - name: Publish new plugin version on grafana.com (frontend only)
-        if: steps.check_backend.outputs.has_backend == 'false'
-        working-directory: ${{ steps.get_dir.outputs.dir }}
-        env:
-          GCOM_TOKEN: ${{ env.PLUGINS_GCOM_TOKEN }}
-          VERSION: ${{ steps.build_frontend.outputs.version }}
-        run: |
-          echo "Publish new plugin version on grafana.com:"
-          echo "Plugin version: ${VERSION}"
-          result=`curl -H "Authorization: Bearer $GCOM_TOKEN" -H "Content-Type: application/json" ${{ env.GCOM_API}}/api/plugins -d "{
-            \"url\": \"https://github.com/grafana/grafana/tree/main/${{ steps.get_dir.outputs.dir }}\",
-            \"download\": {
-              \"any\": {
-                \"url\": \"https://storage.googleapis.com/${{ env.GCP_BUCKET }}/$PLUGIN_ID/release/${VERSION}/any/$PLUGIN_ID-${VERSION}.any.zip\",
-                \"md5\": \"$(cat ci/packages/info-any.json | jq -r .plugin.md5)\"
-              }
-            }
-          }"`
-          if [[ "$(echo $result | jq -r .version)" == "null" ]]; then
-            echo "Failed to publish plugin version. Got:"
-            echo $result
-            exit 1
-          fi
+          fi

.github/workflows/create-next-release-branch.yml

@@ -1,53 +0,0 @@
-name: Create next release branch
-on:
-  workflow_call:
-    inputs:
-      ownerRepo:
-        type: string
-        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
-        required: true
-      source:
-        description: The release branch to increment (eg providing `release-11.2.3` will result in `release-11.2.4` being created)
-        type: string
-        required: true
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID:
-        required: true
-      GRAFANA_DELIVERY_BOT_APP_PEM:
-        required: true
-    outputs:
-      branch:
-        description: The new branch that was created
-        value: ${{ jobs.main.outputs.branch }}
-  workflow_dispatch:
-    inputs:
-      ownerRepo:
-        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
-      source:
-        description: The release branch to increment (eg providing `release-11.2.3` will result in `release-11.2.4` being created)
-        type: string
-        required: true
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID:
-        required: true
-      GRAFANA_DELIVERY_BOT_APP_PEM:
-        required: true
-jobs:
-  main:
-    runs-on: ubuntu-latest
-    outputs:
-      branch: ${{ steps.branch.outputs.branch }}
-    steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
-      - name: Create release branch
-        id: branch
-        uses: grafana/grafana-github-actions-go/bump-release@main # zizmor: ignore[unpinned-uses]
-        with:
-          ownerRepo: ${{ inputs.ownerRepo }}
-          source: ${{ inputs.source }}
-          token: ${{ steps.generate_token.outputs.token }}

.github/workflows/create-security-patch-from-security-mirror.yml

@@ -11,13 +11,12 @@ on:
     branches:
       - "main"
       - "v*.*.*"
-      - "release-*.*.*"
 
 # This is run before the pull request has been merged, so we'll run against the src branch
 jobs:
   trigger_downstream_create_security_patch:
     concurrency: create-patch-${{ github.ref_name }}
-    uses: grafana/security-patch-actions/.github/workflows/create-patch.yml@main # zizmor: ignore[unpinned-uses]
+    uses: grafana/security-patch-actions/.github/workflows/create-patch.yml@main
     if: github.repository == 'grafana/grafana-security-mirror'
     with:
       repo: "${{ github.repository }}"
@@ -25,4 +24,5 @@ jobs:
       patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
       patch_repo: "grafana/grafana-security-patches"
       patch_prefix: "${{ github.event.pull_request.number }}"
-    secrets: inherit # zizmor: ignore[secrets-inherit]
+    secrets: inherit
+

.github/workflows/dashboards-issue-add-label.yml

@@ -3,11 +3,8 @@ on:
   issues:
     types: [opened, closed, edited, reopened, assigned, unassigned, labeled, unlabeled]
 
-permissions:
-  contents: read
-  id-token: write
-
 env:
+  GITHUB_TOKEN: ${{ secrets.ISSUE_COMMANDS_TOKEN }}
   ORGANIZATION: ${{ github.repository_owner }}
   REPO: ${{ github.event.repository.name }}
   TARGET_PROJECT: 202
@@ -16,35 +13,32 @@ env:
 concurrency:
   group: issue-label-when-in-project-${{ github.event.number }}
 jobs:
+  config:
+    runs-on: "ubuntu-latest"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.ISSUE_COMMANDS_TOKEN != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
   main:
-    if: github.repository == 'grafana/grafana'
+    needs: config
+    if: needs.config.outputs.has-secrets
     runs-on: ubuntu-latest
     steps:
-      - name: "Get vault secrets"
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_commands_github_bot path in Vault
-          repo_secrets: |
-            GH_APP_ID=plugins_platform_issue_commands_github_bot:app_id
-            GH_APP_PEM=plugins_platform_issue_commands_github_bot:app_pem
-
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ env.GH_APP_ID }}
-          private_key: ${{ env.GH_APP_PEM }}
+      - name: log in
+        run: gh api user -q .login
       - name: Check if issue is in target project
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          ISSUE_NUMBER: ${{ github.event.issue.number }}
-          TARGET_PROJECT: ${{ env.TARGET_PROJECT }}
         run: |
           gh api graphql -f query='
             query($org: String!, $repo: String!) {
               repository(name: $repo, owner: $org) {
-                issue (number: $ISSUE_NUMBER) {
+                issue (number: ${{ github.event.issue.number }}) {
                   id
                   projectItems(first:20) {
                     nodes {
@@ -57,22 +51,17 @@ jobs:
               }
             }' -f org=$ORGANIZATION -f repo=$REPO > projects_data.json
 
-            echo 'IN_TARGET_PROJ='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number=='"$TARGET_PROJECT"') | .project != null' projects_data.json) >> $GITHUB_ENV
+            echo 'IN_TARGET_PROJ='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.TARGET_PROJECT }}) | .project != null' projects_data.json) >> $GITHUB_ENV
             echo 'ITEM_ID='$(jq '.data.repository.issue.id' projects_data.json) >> $GITHUB_ENV
       - name: Set up label array
         if: env.IN_TARGET_PROJ
-        env:
-          LABEL_IDS: ${{ env.LABEL_IDS }}
         run: |
-          IFS=',' read -ra LABEL_IDs <<< "$LABEL_IDS"
+          IFS=',' read -ra LABEL_IDs <<< "${{ env.LABEL_IDs }}"
           for item in "${LABEL_IDs[@]}"; do
             echo "Item: $item"
           done
       - name: Add label to issue
         if: env.IN_TARGET_PROJ
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          LABEL_IDS: ${{ env.LABEL_IDS }}
         run: |
           gh api graphql -f query='
             mutation ($labelableId: ID!, $labelIds: [ID!]!) {
@@ -81,4 +70,4 @@ jobs:
               ) {
                   clientMutationId
               }
-            }' -f labelableId=$ITEM_ID -f labelIds=$LABEL_IDS
+            }' -f labelableId=$ITEM_ID -f labelIds=${{ env.LABEL_IDs }}

.github/workflows/deploy-pr-preview.yml

@@ -1,31 +0,0 @@
-name: Deploy pr preview
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - closed
-    paths:
-      - "docs/sources/**"
-
-jobs:
-  deploy-pr-preview:
-    if: "!github.event.pull_request.head.repo.fork"
-    uses: grafana/writers-toolkit/.github/workflows/deploy-preview.yml@main # zizmor: ignore[unpinned-uses]
-    with:
-      branch: ${{ github.head_ref }}
-      event_number: ${{ github.event.number }}
-      repo: grafana
-      sha: ${{ github.event.pull_request.head.sha }}
-      sources: |
-        [
-          {
-            "index_file": "content/docs/grafana/_index.md",
-            "relative_prefix": "/docs/grafana/latest/",
-            "repo": "grafana",
-            "source_directory": "docs/sources",
-            "website_directory": "content/docs/grafana/latest"
-          }
-        ]
-      title: ${{ github.event.pull_request.title }}

.github/workflows/detect-breaking-changes-levitate.yml

@@ -1,13 +1,7 @@
 # Only runs if anything under the packages/ directory changes.
----
+
 name: Levitate / Detect breaking changes in PR
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions: {}
-
 on:
   pull_request:
     paths:
@@ -17,129 +11,117 @@ on:
 
 jobs:
   buildPR:
-    name: Build PR packages artifacts
+    name: Build PR
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: './pr'
-    permissions:
-      contents: read
-      id-token: write
 
     steps:
-      - uses: actions/checkout@v4
-        with:
-          path: './pr'
-          persist-credentials: false
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22.11.0
+    - uses: actions/checkout@v4
+      with:
+        path: './pr'
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 20.9.0
 
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run: echo "dir=$(yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
 
-      - name: Restore yarn cache
-        uses: actions/cache@v4
-        id: yarn-cache
-        with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: yarn-cache-folder-${{ hashFiles('**/yarn.lock', '.yarnrc.yml') }}
-          restore-keys: |
-            yarn-cache-folder-
+    - name: Get yarn cache directory path
+      id: yarn-cache-dir-path
+      run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
 
-      - name: Install dependencies
-        run: yarn install --immutable
+    - name: Restore yarn cache
+      uses: actions/cache@v3.3.1
+      id: yarn-cache
+      with:
+        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+        key: yarn-cache-folder-${{ hashFiles('**/yarn.lock', '.yarnrc.yml') }}
+        restore-keys: |
+          yarn-cache-folder-
 
-      - name: Build packages
-        run: yarn packages:build
+    - name: Install dependencies
+      run: yarn install --immutable
 
-      - name: Pack packages
-        run: yarn packages:pack --out ./%s.tgz
+    - name: Build packages
+      run: yarn packages:build
 
-      - name: Zip built tarballed packages
-        run: zip -r ./pr_built_packages.zip ./packages/**/*.tgz
+    - name: Pack packages
+      run: yarn packages:pack --out ./%s.tgz
 
-      - name: Upload build output as artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: buildPr
-          path: './pr/pr_built_packages.zip'
+    - name: Zip built tarballed packages
+      run: zip -r ./pr_built_packages.zip ./packages/**/*.tgz
+
+    - name: Upload build output as artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: buildPr
+        path: './pr/pr_built_packages.zip'
 
   buildBase:
-    name: Build Base packages artifacts
+    name: Build Base
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
     defaults:
       run:
         working-directory: './base'
 
     steps:
-      - uses: actions/checkout@v4
-        with:
-          path: './base'
-          ref: ${{ github.event.pull_request.base.ref }}
+    - uses: actions/checkout@v4
+      with:
+        path: './base'
+        ref: ${{ github.event.pull_request.base.ref }}
 
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22.11.0
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 20.9.0
 
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run: echo "dir=$(yarn config get cacheFolder)" >> "$GITHUB_OUTPUT"
+    - name: Get yarn cache directory path
+      id: yarn-cache-dir-path
+      run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
 
-      - name: Restore yarn cache
-        uses: actions/cache@v4
-        id: yarn-cache
-        with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: yarn-cache-folder-${{ hashFiles('**/yarn.lock', '.yarnrc.yml') }}
-          restore-keys: |
-            yarn-cache-folder-
+    - name: Restore yarn cache
+      uses: actions/cache@v3.3.1
+      id: yarn-cache
+      with:
+        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
+        key: yarn-cache-folder-${{ hashFiles('**/yarn.lock', '.yarnrc.yml') }}
+        restore-keys: |
+          yarn-cache-folder-
 
-      - name: Install dependencies
-        run: yarn install --immutable
+    - name: Install dependencies
+      run: yarn install --immutable
 
-      - name: Build packages
-        run: yarn packages:build
+    - name: Build packages
+      run: yarn packages:build
 
-      - name: Pack packages
-        run: yarn packages:pack --out ./%s.tgz
+    - name: Pack packages
+      run: yarn packages:pack --out ./%s.tgz
 
-      - name: Zip built tarballed packages
-        run: zip -r ./base_built_packages.zip ./packages/**/*.tgz
+    - name: Zip built tarballed packages
+      run: zip -r ./base_built_packages.zip ./packages/**/*.tgz
 
-      - name: Upload build output as artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: buildBase
-          path: './base/base_built_packages.zip'
+    - name: Upload build output as artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: buildBase
+        path: './base/base_built_packages.zip'
 
   Detect:
-    name: Detect breaking changes between PR and base
+    name: Detect breaking changes
     runs-on: ubuntu-latest
     needs: ['buildPR', 'buildBase']
     env:
       GITHUB_STEP_NUMBER: 8
-    permissions:
-      contents: 'read'
-      id-token: 'write'
 
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22.11.0
 
       - name: Get built packages from pr
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: buildPr
 
       - name: Get built packages from base
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: buildBase
 
@@ -149,236 +131,207 @@ jobs:
       - name: Unzip artifact from base
         run: unzip -j base_built_packages.zip -d ./base && rm base_built_packages.zip
 
-      - id: 'auth'
-        uses: 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f'
+      - name: Get link for the Github Action job
+        id: job
+        uses: actions/github-script@v6
         with:
-          workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
-          service_account: ${{ secrets.LEVITATE_SA }}
-          project_id: 'grafanalabs-global'
-
-      - name: 'Set up Cloud SDK'
-        uses: 'google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a'
-        with:
-          version: '>= 363.0.0'
-          project_id: 'grafanalabs-global'
-          install_components: 'bq'
+          script: |
+              const name = 'Detect breaking changes';
+              const script = require('./.github/workflows/scripts/pr-get-job-link.js')
+              await script({name, github, context, core})
 
       - name: Detect breaking changes
         id: breaking-changes
         run: ./scripts/check-breaking-changes.sh
         env:
           FORCE_COLOR: 3
+          GITHUB_JOB_LINK: ${{ steps.job.outputs.link }}
 
       - name: Persisting the check output
         run: |
             mkdir -p ./levitate
-            echo "{ \"exit_code\": ${{ steps.breaking-changes.outputs.is_breaking }}, \"message\": \"${{ steps.breaking-changes.outputs.message }}\", \"pr_number\": \"${{ github.event.pull_request.number }}\" }" > ./levitate/result.json
+            echo "{ \"exit_code\": ${{ steps.breaking-changes.outputs.is_breaking }}, \"message\": \"${{ steps.breaking-changes.outputs.message }}\", \"job_link\": \"${{ steps.job.outputs.link }}#step:${GITHUB_STEP_NUMBER}:1\", \"pr_number\": \"${{ github.event.pull_request.number }}\" }" > ./levitate/result.json
 
       - name: Upload check output as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: levitate
           path: levitate/
 
 
   Report:
-    name: Report breaking changes in PR comment
+    name: Report breaking changes in PR
     runs-on: ubuntu-latest
     needs: ['Detect']
-    permissions:
-      contents: read
-      id-token: write
 
     steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_PEM }}
+        - name: "Generate token"
+          id: generate_token
+          uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+          with:
+            app_id: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_ID }}
+            private_key: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_PEM }}
 
-      - uses: actions/checkout@v4
+        - uses: actions/checkout@v4
 
-      - name: 'Download artifact'
-        uses: actions/download-artifact@v4
-        with:
-          name: levitate
+        - name: 'Download artifact'
+          uses: actions/download-artifact@v3
+          with:
+            name: levitate
 
-      - name: Parsing levitate result
-        uses: actions/github-script@v6
-        id: levitate-run
-        with:
-          script: |
-            const filePath = 'result.json';
-            const script = require('./.github/workflows/scripts/json-file-to-job-output.js');
-            await script({ core, filePath });
+        - name: Parsing levitate result
+          uses: actions/github-script@v6
+          id: levitate-run
+          with:
+            script: |
+              const filePath = 'result.json';
+              const script = require('./.github/workflows/scripts/json-file-to-job-output.js');
+              await script({ core, filePath });
 
-      # Check if label exists
-      - name: Check if "levitate breaking change" label exists
-        id: does-label-exist
-        uses: actions/github-script@v6
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        with:
-          script: |
-            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-            });
-            return labels.some(label => label.name === 'levitate breaking change') ? 1 : 0
+        # Check if label exists
+        - name: Check if "levitate breaking change" label exists
+          id: does-label-exist
+          uses: actions/github-script@v6
+          env:
+            PR_NUMBER: ${{ github.event.pull_request.number }}
+          with:
+            script: |
+              const { data } = await github.rest.issues.listLabelsOnIssue({
+                issue_number: process.env.PR_NUMBER,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+              });
+              const labels = data.map(({ name }) => name);
+              const doesExist = labels.includes('levitate breaking change');
 
-      # put the markdown into a variable
-      - name: Levitate Markdown
-        id: levitate-markdown
-        run: |
-            if [ -f "levitate.md" ]; then
-            {
-              echo 'levitate_markdown<<EOF'
-              cat levitate.md
-              echo EOF
-            } >> "$GITHUB_OUTPUT"
-            else
-              echo "levitate_markdown=No breaking changes detected" >> "$GITHUB_OUTPUT"
-            fi
+              return doesExist ? 1 : 0;
+
+        # put the markdown into a variable
+        - name: Levitate Markdown
+          id: levitate-markdown
+          run: |
+              if [ -f "levitate.md" ]; then
+              {
+                echo 'levitate_markdown<<EOF'
+                cat levitate.md
+                echo EOF
+              } >> $GITHUB_OUTPUT
+              else
+                echo "levitate_markdown=No breaking changes detected" >> $GITHUB_OUTPUT
+              fi
 
 
-      # Comment on the PR
-      - name: Comment on PR
-        if: steps.levitate-run.outputs.exit_code == 1
-        uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728
-        with:
-          header: levitate-breaking-change-comment
-          number: ${{ github.event.pull_request.number }}
-          message: |
-            ⚠️ &nbsp;&nbsp;**Possible breaking changes (md version)**&nbsp;&nbsp; ⚠️
+        # Comment on the PR
+        - name: Comment on PR
+          uses: marocchino/sticky-pull-request-comment@v2
+          with:
+            header: levitate-breaking-change-comment
+            number: ${{ github.event.pull_request.number }}
+            message: |
+              ⚠️ &nbsp;&nbsp;**Possible breaking changes (md version)*** &nbsp;&nbsp ⚠️
 
-            ${{ steps.levitate-markdown.outputs.levitate_markdown }}
+              ${{ steps.levitate-markdown.outputs.levitate_markdown }}
 
-            [Read our guideline](https://github.com/grafana/grafana/blob/main/contribute/breaking-changes-guide/breaking-changes-guide.md)
+              [Read our guideline](https://github.com/grafana/grafana/blob/main/contribute/breaking-changes-guide/breaking-changes-guide.md)
+              [Console output](${{ steps.levitate-run.outputs.job_link }})
+            GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
 
-            * Your pull request merge won't be blocked.
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+        # Remove comment from the PR (no more breaking changes)
+        - name: Remove comment from PR
+          if: steps.levitate-run.outputs.exit_code == 0
+          uses: marocchino/sticky-pull-request-comment@v2
+          with:
+            header: levitate-breaking-change-comment
+            number: ${{ github.event.pull_request.number }}
+            delete: true
+            GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
 
-      # Remove comment from the PR (no more breaking changes)
-      - name: Remove comment from PR
-        if: steps.levitate-run.outputs.exit_code == 0
-        uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728
-        with:
-          header: levitate-breaking-change-comment
-          number: ${{ github.event.pull_request.number }}
-          delete: true
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+        # Posts a notification to Slack if a PR has a breaking change and it did not have a breaking change before
+        - name: Post to Slack
+          id: slack
+          if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && env.HAS_SECRETS
+          uses: slackapi/slack-github-action@v1.24.0
+          with:
+            payload: |
+              {
+                "pr_link": "https://github.com/grafana/grafana/pull/${{ steps.levitate-run.outputs.pr_number }}",
+                "pr_number": "${{ steps.levitate-run.outputs.pr_number }}",
+                "job_link": "${{ steps.levitate-run.outputs.job_link }}",
+                "reporting_job_link": "${{ github.event.workflow_run.html_url }}",
+                "message": "${{ steps.levitate-run.outputs.message }}"
+              }
+          env:
+            SLACK_WEBHOOK_URL: ${{ secrets.SLACK_LEVITATE_WEBHOOK_URL }}
+            HAS_SECRETS: ${{ (github.repository == 'grafana/grafana' || secrets.SLACK_LEVITATE_WEBHOOK_URL != '') || '' }}
 
-      - name: Send Slack Message via Payload
-        id: slack
-        if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && github.repository == 'grafana/grafana'
-        uses: grafana/shared-workflows/actions/send-slack-message@7b628e7352c2dea057c565cc4fcd5564d5f396c0 #v1.0.0
-        with:
-          channel-id: "C031SLFH6G0"
-          payload:  |
-            {
-              "channel": "C031SLFH6G0",
-              "text": ":warning: Possible breaking changes detected in *PR:* <${{ github.event.pull_request.html_url }}|#${{ github.event.pull_request.number }} :warning:",
-              "icon_emoji": ":grot:",
-              "username": "Levitate Bot",
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": "*grafana/grafana* repository has possible breaking changes"
-                  }
-                },
-                {
-                  "type": "section",
-                  "fields": [
-                    {
-                      "type": "mrkdwn",
-                      "text": "*PR:* <${{ github.event.pull_request.html_url }}|#${{ github.event.pull_request.number }}>"
-                    },
-                    {
-                      "type": "mrkdwn",
-                      "text": "*Job:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Job>"
-                    }
-                  ]
-                }
-              ]
-            }
+        # Add the label
+        - name: Add "levitate breaking change" label
+          if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0
+          uses: actions/github-script@v6
+          env:
+            PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
+          with:
+            github-token: ${{ steps.generate_token.outputs.token }}
+            script: |
+              await github.rest.issues.addLabels({
+                issue_number: process.env.PR_NUMBER,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                labels: ['levitate breaking change']
+              })
 
-      # Add the label
-      - name: Add "levitate breaking change" label
-        if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0
-        uses: actions/github-script@v6
-        env:
-          PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
-        with:
-          github-token: ${{ steps.generate_token.outputs.token }}
-          script: |
-            await github.rest.issues.addLabels({
-              issue_number: process.env.PR_NUMBER,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              labels: ['levitate breaking change']
-            })
+        # Remove label (no more breaking changes)
+        - name: Remove "levitate breaking change" label
+          if: steps.levitate-run.outputs.exit_code == 0 && steps.does-label-exist.outputs.result == 1
+          uses: actions/github-script@v6
+          env:
+            PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
+          with:
+            github-token: ${{ steps.generate_token.outputs.token }}
+            script: |
+              await github.rest.issues.removeLabel({
+                issue_number: process.env.PR_NUMBER,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                name: 'levitate breaking change'
+              })
 
-      # Remove label (no more breaking changes)
-      - name: Remove "levitate breaking change" label
-        if: steps.levitate-run.outputs.exit_code == 0 && steps.does-label-exist.outputs.result == 1
-        uses: actions/github-script@v6
-        env:
-          PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
-        with:
-          github-token: ${{ steps.generate_token.outputs.token }}
-          script: |
-            await github.rest.issues.removeLabel({
-              issue_number: process.env.PR_NUMBER,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              name: 'levitate breaking change'
-            })
+        # Add reviewers
+        # This is very weird, the actual request goes through (comes back with a 201), but does not assign the team.
+        # Related issue: https://github.com/renovatebot/renovate/issues/1908
+        - name: Add "grafana/plugins-platform-frontend" as a reviewer
+          if: steps.levitate-run.outputs.exit_code
+          uses: actions/github-script@v6
+          env:
+            PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
+          with:
+            github-token: ${{ steps.generate_token.outputs.token }}
+            script: |
+              await github.rest.pulls.requestReviewers({
+                pull_number: process.env.PR_NUMBER,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                reviewers: [],
+                team_reviewers: ['plugins-platform-frontend']
+              });
 
-      # Add reviewers
-      # This is very weird, the actual request goes through (comes back with a 201), but does not assign the team.
-      # Related issue: https://github.com/renovatebot/renovate/issues/1908
-      - name: Add "grafana/plugins-platform-frontend" as a reviewer
-        if: steps.levitate-run.outputs.exit_code == 1
-        uses: actions/github-script@v6
-        env:
-          PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
-        with:
-          github-token: ${{ steps.generate_token.outputs.token }}
-          script: |
-            await github.rest.pulls.requestReviewers({
-              pull_number: process.env.PR_NUMBER,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              reviewers: [],
-              team_reviewers: ['plugins-platform-frontend']
-            });
+        # Remove reviewers (no more breaking changes)
+        - name: Remove "grafana/plugins-platform-frontend" from the list of reviewers
+          if: steps.levitate-run.outputs.exit_code == 0
+          uses: actions/github-script@v6
+          env:
+            PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
+          with:
+            github-token: ${{ steps.generate_token.outputs.token }}
+            script: |
+              await github.rest.pulls.removeRequestedReviewers({
+                pull_number: process.env.PR_NUMBER,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                reviewers: [],
+                team_reviewers: ['plugins-platform-frontend']
+              });
 
-      # Remove reviewers (no more breaking changes)
-      - name: Remove "grafana/plugins-platform-frontend" from the list of reviewers
-        if: steps.levitate-run.outputs.exit_code == 0
-        uses: actions/github-script@v6
-        env:
-          PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }}
-        with:
-          github-token: ${{ steps.generate_token.outputs.token }}
-          script: |
-            await github.rest.pulls.removeRequestedReviewers({
-              pull_number: process.env.PR_NUMBER,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              reviewers: [],
-              team_reviewers: ['plugins-platform-frontend']
-            });
-
-      - name: Exit
-        run: |
-          if [ "${{ steps.levitate-run.outputs.exit_code }}" -ne 0 ]; then
-            echo "Breaking changes detected. Please check the levitate report in your pull request. This workflow won't block merging."
-          fi
-
-          exit ${{ steps.levitate-run.outputs.exit_code }}
-        shell: bash
+        - name: Exit
+          run: exit ${{ steps.levitate-run.outputs.exit_code }}
+          shell: bash

.github/workflows/doc-validator.yml

@@ -0,0 +1,29 @@
+name: "doc-validator"
+on:
+  pull_request:
+    paths: ["docs/sources/**"]
+  workflow_dispatch:
+jobs:
+  doc-validator:
+    runs-on: "ubuntu-latest"
+    container:
+      image: "grafana/doc-validator:v4.0.0"
+    steps:
+      - name: "Checkout code"
+        uses: "actions/checkout@v4"
+      - name: "Run doc-validator tool"
+        # Only run doc-validator on specific directories.
+        run: >
+          doc-validator
+          '--include=^docs/sources/(?:alerting|fundamentals|getting-started|introduction|setup-grafana|upgrade-guide|whatsnew/whats-new-in-v(?:9|10))/.+\.md$'
+          '--skip-checks=^(?:image.+|canonical-does-not-match-pretty-URL)$'
+          ./docs/sources
+          /docs/grafana/latest
+          | reviewdog
+          -f=rdjsonl
+          --fail-on-error
+          --filter-mode=nofilter
+          --name=doc-validator
+          --reporter=github-pr-review
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/documentation-ci.yml

@@ -1,19 +0,0 @@
-name: Documentation CI
-on:
-  pull_request:
-    branches: ["main"]
-    paths: ["docs/sources/**"]
-  workflow_dispatch:
-jobs:
-  vale:
-    runs-on: ubuntu-latest
-    container:
-      image: grafana/vale:latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - uses: grafana/writers-toolkit/vale-action@vale-action/v1 # zizmor: ignore[unpinned-uses]
-        with:
-          filter: '.Name in ["Grafana.GrafanaCom", "Grafana.WordList", "Grafana.Spelling", "Grafana.ProductPossessives"]'
-          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ephemeral-instances-pr-comment.yml

@@ -1,9 +1,7 @@
-name: 'Ephemeral instances'
+name: 'Ephemeral instances: PR comment'
 on:
   issue_comment:
     types: [created]
-  pull_request:
-    types: [closed]
 jobs:
   config:
     runs-on: "ubuntu-latest"
@@ -28,11 +26,18 @@ jobs:
   handle-pull-request-event:
     needs: config
     if: needs.config.outputs.has-secrets &&
-        ${{ github.event.issue.pull_request && (startsWith(github.event.comment.body, '/deploy-to-hg') || github.event.action == 'closed') }}
+        github.event.sender.type == 'User' &&
+        github.event.issue.pull_request &&
+        startsWith(github.event.comment.body, '/deploy-to-hg')
     runs-on:
       labels: ubuntu-latest-8-cores
     continue-on-error: true
     steps:
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.20'
+
       - name: Generate a GitHub app installation token
         id: generate_token
         uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
@@ -47,16 +52,22 @@ jobs:
           token: ${{ steps.generate_token.outputs.token }}
           ref: main
           path: ephemeral
-          persist-credentials: false
 
-      - name: build and deploy ephemeral instance
-        uses: ./ephemeral
-        with:
-          github-token:  ${{ steps.generate_token.outputs.token }}
-          gcom-host: ${{ secrets.EI_GCOM_HOST }}
-          gcom-token: ${{ secrets.EI_GCOM_TOKEN }}
-          registry: "${{ secrets.EI_EPHEMERAL_INSTANCES_REGISTRY }}"
-          gcp-service-account-key: "${{ secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 }}"
-          ephemeral-org-id: "${{ secrets.EI_EPHEMERAL_ORG_ID }}"
-          oss-or-enterprise: oss
-          verbose: true
+      - name: Run action
+        env:
+          GITHUB_EVENT: ${{ toJson(github.event)}}
+        run: |
+          GRAFANA_VERSION=10.1.0
+
+          cd $GITHUB_WORKSPACE/ephemeral/src
+          go run . \
+            -GITHUB_TOKEN="${{ steps.generate_token.outputs.token }}" \
+            -GITHUB_EVENT="$GITHUB_EVENT" \
+            -GITHUB_TRIGGERING_ACTOR="${{ github.triggering_actor }}" \
+            -GCOM_HOST="${{ secrets.EI_GCOM_HOST }}" \
+            -GCOM_TOKEN="${{ secrets.EI_GCOM_TOKEN }}" \
+            -HOSTED_GRAFANA_IMAGE_TAG="$GRAFANA_VERSION-ephemeral-oss-${{ github.event.issue.number}}-${{ github.run_number }}-${{ github.run_attempt }}" \
+            -REGISTRY="${{ secrets.EI_EPHEMERAL_INSTANCES_REGISTRY }}" \
+            -GRAFANA_VERSION="$GRAFANA_VERSION" \
+            -GCP_SERVICE_ACCOUNT_KEY_BASE64="${{ secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 }}" \
+            -EPHEMERAL_ORG_ID="${{ secrets.EI_EPHEMERAL_ORG_ID }}" || true

.github/workflows/ephemeral-instances-pr-opened-closed.yml

@@ -0,0 +1,69 @@
+name: 'Ephemeral instances: PR opened/closed'
+on:
+  pull_request:
+      types: [opened, reopened, closed]
+jobs:
+  config:
+    runs-on: "ubuntu-latest"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.EI_APP_ID != '' &&
+                        secrets.EI_APP_PRIVATE_KEY != '' &&
+                        secrets.EI_GCOM_HOST != '' &&
+                        secrets.EI_GCOM_TOKEN != '' &&
+                        secrets.EI_EPHEMERAL_INSTANCES_REGISTRY != '' &&
+                        secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 != '' &&
+                        secrets.EI_EPHEMERAL_ORG_ID != ''
+                        ) || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  handle-pull-request-event:
+    needs: config
+    if: needs.config.outputs.has-secrets
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.20'
+
+      - name: Generate a GitHub app installation token
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        with:
+          app_id: ${{ secrets.EI_APP_ID }}
+          private_key: ${{ secrets.EI_APP_PRIVATE_KEY }}
+
+      - name: Checkout ephemeral instances repository
+        uses: actions/checkout@v4
+        with:
+          repository: grafana/ephemeral-grafana-instances-github-action
+          token: ${{ steps.generate_token.outputs.token }}
+          ref: main
+          path: ephemeral
+
+      - name: Run action
+        env:
+          GITHUB_EVENT: ${{ toJson(github.event)}}
+        run: |
+          GRAFANA_VERSION=10.1.0
+
+          cd $GITHUB_WORKSPACE/ephemeral/src
+          go run . \
+            -GITHUB_TOKEN="${{ steps.generate_token.outputs.token }}" \
+            -GITHUB_EVENT="$GITHUB_EVENT" \
+            -GITHUB_TRIGGERING_ACTOR="${{ github.triggering_actor }}" \
+            -GCOM_HOST="${{ secrets.EI_GCOM_HOST }}" \
+            -GCOM_TOKEN="${{ secrets.EI_GCOM_TOKEN }}" \
+            -HOSTED_GRAFANA_IMAGE_TAG="unused" \
+            -REGISTRY="${{ secrets.EI_EPHEMERAL_INSTANCES_REGISTRY }}" \
+            -GRAFANA_VERSION="$GRAFANA_VERSION" \
+            -GCP_SERVICE_ACCOUNT_KEY_BASE64="${{ secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 }}" \
+            -EPHEMERAL_ORG_ID="${{ secrets.EI_EPHEMERAL_ORG_ID }}" || true

.github/workflows/epic-add-to-platform-ux-parent-project.yml

@@ -0,0 +1,149 @@
+name: When epic issues changed in Platform UX squad projects, check if epic is part of specified child projects and update on Platform UX parent project
+
+on:
+  issues:
+    types: [opened, closed, edited, reopened, assigned, unassigned, labeled, unlabeled]
+    labels:
+      - 'type/epic'
+
+env:
+  GH_TOKEN: ${{ secrets.GH_BOT_PROJECTS_ACCESS_TOKEN }}
+  ORGANIZATION: ${{ github.repository_owner }}
+  REPO: ${{ github.event.repository.name }}
+  PARENT_PROJECT: 304
+  CHILD_PROJECT_1: 78
+  CHILD_PROJECT_2: 111
+  CHILD_PROJECT_3: 202
+
+concurrency:
+  group: issue-add-to-parent-project-${{ github.event.number }}
+jobs:
+  config:
+    runs-on: "ubuntu-latest"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.GH_BOT_PROJECTS_ACCESS_TOKEN != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  main:
+    needs: config
+    if: needs.config.outputs.has-secrets && contains(github.event.issue.labels.*.name, 'type/epic')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if issue is in child or parent projects
+        run: |
+          gh api graphql -f query='
+            query($org: String!, $repo: String!) {
+              repository(name: $repo, owner: $org) {
+                issue (number: ${{ github.event.issue.number }}) {
+                  projectItems(first:20) {
+                    nodes {
+                      id,
+                      project {
+                        number,
+                        title
+                      },
+                      fieldValueByName(name:"Status") {
+                        ... on ProjectV2ItemFieldSingleSelectValue {
+                          optionId
+                          name
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }' -f org=$ORGANIZATION -f repo=$REPO > projects_data.json
+
+            echo 'IN_PARENT_PROJ='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .project != null' projects_data.json) >> $GITHUB_ENV
+            echo 'PARENT_PROJ_STATUS_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | select(.fieldValueByName != null) | .fieldValueByName.optionId' projects_data.json) >> $GITHUB_ENV
+            echo 'ITEM_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .id' projects_data.json) >> $GITHUB_ENV
+            echo 'IN_CHILD_PROJ='$(jq 'first(.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.CHILD_PROJECT_1 }} or .project.number==${{ env.CHILD_PROJECT_2 }} or .project.number==${{ env.CHILD_PROJECT_3 }}) | .project != null)' projects_data.json) >> $GITHUB_ENV
+            echo 'CHILD_PROJ_STATUS='$(jq -r '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.CHILD_PROJECT_1 }} or .project.number==${{ env.CHILD_PROJECT_2 }} or .project.number==${{ env.CHILD_PROJECT_3 }}) | select(.fieldValueByName != null) | .fieldValueByName.name' projects_data.json) >> $GITHUB_ENV
+      - name: Get parent project project data
+        if: env.IN_CHILD_PROJ
+        run: |
+          gh api graphql -f query='
+            query($org: String!, $number: Int!) {
+              organization(login: $org){
+                projectV2(number: $number) {
+                  id
+                  fields(first:20) {
+                    nodes {
+                      ... on ProjectV2Field {
+                        id
+                        name
+                      }
+                      ... on ProjectV2SingleSelectField {
+                        id
+                        name
+                        options {
+                          id
+                          name
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }' -f org=$ORGANIZATION -F number=$PARENT_PROJECT > project_data.json
+
+          echo 'PROJECT_ID='$(jq '.data.organization.projectV2.id' project_data.json) >> $GITHUB_ENV
+          echo 'STATUS_FIELD_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .id' project_data.json) >> $GITHUB_ENV
+          echo 'TODO_OPTION_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="Todo") |.id' project_data.json) >> $GITHUB_ENV
+          echo 'PROGRESS_OPTION_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="In Progress") |.id' project_data.json) >> $GITHUB_ENV
+          echo 'DONE_OPTION_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="Done") |.id' project_data.json) >> $GITHUB_ENV
+      - name: Add issue to parent project
+        if: env.IN_CHILD_PROJ && !env.IN_PARENT_PROJ
+        run: |
+          item_id="$( gh api graphql -f query='
+            mutation($project:ID!, $issue:ID!) {
+              addProjectV2ItemById(input: {projectId: $project, contentId: $issue}) {
+                item {
+                  id
+                }
+              }
+            }' -f project=$PROJECT_ID -f issue=${{ github.event.issue.node_id }} --jq '.data.addProjectV2ItemById.item.id')"
+
+            echo 'ITEM_ID='$item_id >> $GITHUB_ENV
+      - name: Set parent project status Done
+        if: contains(env.CHILD_PROJ_STATUS, 'Done')
+        run: |
+          echo 'OPTION_ID='$DONE_OPTION_ID >> $GITHUB_ENV
+      - name: Set parent project status In Progress
+        if: contains(env.CHILD_PROJ_STATUS, 'In ') || contains(env.CHILD_PROJ_STATUS, 'Blocked')
+        run: |
+          echo 'OPTION_ID='$PROGRESS_OPTION_ID >> $GITHUB_ENV
+      - name: Set parent project status To do
+        if: env.CHILD_PROJ_STATUS && !contains(env.CHILD_PROJ_STATUS, 'In ') && !contains(env.CHILD_PROJ_STATUS, 'Blocked') && ! contains(env.CHILD_PROJ_STATUS, 'Done')
+        run: |
+          echo 'OPTION_ID='$TODO_OPTION_ID >> $GITHUB_ENV
+      - name: Set issue status in parent project
+        if: env.OPTION_ID && (env.OPTION_ID != env.PARENT_PROJ_STATUS_ID)
+        run: |
+          gh api graphql -f query='
+            mutation (
+              $project: ID!
+              $item: ID!
+              $status_field: ID!
+              $status_value: String!
+            ) {
+              set_status: updateProjectV2ItemFieldValue(input: {
+                projectId: $project
+                itemId: $item
+                fieldId: $status_field
+                value: {
+                  singleSelectOptionId: $status_value
+                  }
+              }) {
+                projectV2Item {
+                  id
+                  }
+              }
+            }' -f project=$PROJECT_ID -f item=$ITEM_ID -f status_field=$STATUS_FIELD_ID -f status_value=${{ env.OPTION_ID }} --silent

.github/workflows/feature-toggle-cleanup.yml

@@ -0,0 +1,28 @@
+name: Feature Toggle Cleanup
+
+on:
+  workflow_dispatch:
+  schedule:
+      # * is a special character in YAML so you have to quote this string
+      - cron:  '30 10 * * *'
+jobs:
+    feature-toggle-cleanup:
+        runs-on: ubuntu-latest
+        # This check is here to prevent this workflow from running on forks.    
+        if: github.repository == 'grafana/grafana'
+        steps:
+            - name: Check out the code
+              uses: actions/checkout@v3
+            - uses: actions/setup-node@v4
+              with:
+                node-version: "20.x"
+            - run: npm install csv-parse
+            - name: Parse CVS file to see which Feature Toggles should be notified about
+              id: parse-csv-file
+              uses: actions/github-script@v7
+              env:
+                    FEATURE_TOGGLES_CSV_FILE_PATH: "pkg/services/featuremgmt/toggles_gen.csv"
+              with:
+                    script: |
+                        const { default: cleanupFeatureFlags } = await import('${{ github.workspace }}/.github/workflows/scripts/feature-toggle-cleanup/feature-toggle-cleanup.mjs')                        
+                        await cleanupFeatureFlags({github, context, core})

.github/workflows/feature-toggles-ci.yml

@@ -1,25 +0,0 @@
-name: Feature toggles CI
-
-on:
-  pull_request:
-    paths:
-      - 'pkg/services/featuremgmt/toggles_gen_test.go'
-      - 'pkg/services/featuremgmt/registry.go'
-      - 'docs/sources/setup-grafana/configure-grafana/feature-toggles/index.md'
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-          cache: true
-
-      - name: Run feature toggle tests
-        run: go test -v -run TestFeatureToggleFiles ./pkg/services/featuremgmt/

.github/workflows/frontend-lint.yml

@@ -1,133 +0,0 @@
-name: Lint Frontend
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - release-*.*.*
-
-permissions: {}
-
-jobs:
-  lint-frontend-verify-i18n:
-    name: Verify i18n
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        persist-credentials: false
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - run: yarn install --immutable --check-cache
-    - run: |
-        extract_error_message='::error::Extraction failed. Make sure that you have no dynamic translation phrases, such as "t(`preferences.theme.{themeID}`, themeName)" and that no translation key is used twice. Search the output for '[warning]' to find the offending file.'
-        make i18n-extract || (echo "${extract_error_message}" && false)
-    - run: |
-        uncommited_error_message="::error::Translation extraction has not been committed. Please run 'make i18n-extract', commit the changes and push again."
-        file_diff=$(git diff --dirstat public/locales)
-        if [ -n "$file_diff" ]; then
-            echo $file_diff
-            echo "${uncommited_error_message}"
-            exit 1
-        fi
-  lint-frontend-prettier:
-    permissions:
-      contents: read
-      id-token: write
-    # Run this workflow only for PRs from forks; if it gets merged into `main` or `release-*`,
-    # the `lint-frontend-prettier-enterprise` workflow will run instead
-    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true
-    name: Lint
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - run: yarn install --immutable --check-cache
-    - run: yarn run prettier:check
-    - run: yarn run lint
-  lint-frontend-prettier-enterprise:
-    permissions:
-      contents: read
-      id-token: write
-    # Run this workflow for non-PR events (like pushes to `main` or `release-*`) OR for internal PRs (PRs not from forks)
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false
-    name: Lint
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - name: Setup Enterprise
-      uses: ./.github/actions/setup-enterprise
-      with:
-        github-app-name: 'grafana-ci-bot'
-    - run: yarn install --immutable --check-cache
-    - run: yarn run prettier:check
-    - run: yarn run lint
-  lint-frontend-typecheck:
-    permissions:
-      contents: read
-      id-token: write
-    # Run this workflow only for PRs from forks; if it gets merged into `main` or `release-*`,
-    # the `lint-frontend-typecheck-enterprise` workflow will run instead
-    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true
-    name: Typecheck
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - run: yarn install --immutable --check-cache
-    - run: yarn run typecheck
-  lint-frontend-typecheck-enterprise:
-    permissions:
-      contents: read
-      id-token: write
-    # Run this workflow for non-PR events (like pushes to `main` or `release-*`) OR for internal PRs (PRs not from forks)
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false
-    name: Typecheck
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - name: Setup Enterprise
-      uses: ./.github/actions/setup-enterprise
-      with:
-        github-app-name: 'grafana-ci-bot'
-    - run: yarn install --immutable --check-cache
-    - run: yarn run typecheck
-  lint-frontend-betterer:
-    permissions:
-      contents: read
-      id-token: write
-    name: Betterer
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - run: yarn install --immutable --check-cache
-    - run: yarn run betterer:ci

.github/workflows/github-release.yml

@@ -1,49 +1,27 @@
 name: Create or update GitHub release
 on:
-  workflow_call:
-    inputs:
-      version:
-        required: true
-        description: Needs to match, exactly, the name of a milestone (NO v prefix)
-        type: string
-      latest:
-        required: false
-        default: "0"
-        description: Mark this release as latest (`1`) or not (`0`, default)
-        type: string
-      dry_run:
-        required: false
-        default: false
-        type: boolean
   workflow_dispatch:
     inputs:
       version:
         required: true
         description: Needs to match, exactly, the name of a milestone (NO v prefix)
-        type: string
       latest:
         required: false
-        default: "0"
         description: Mark this release as latest (`1`) or not (`0`, default)
-        type: string
-      dry_run:
-        required: false
-        default: false
-        type: boolean
-
-permissions:
-  # contents: write allows the action(s) to create github releases
-  contents: write
-
 jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-      - name: Create GitHub release (manually invoked)
-        uses: grafana/grafana-github-actions-go/github-release@main # zizmor: ignore[unpinned-uses]
+      - name: "Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
+          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
+      - name: Create GitHub release (manually invoked)
+        uses: grafana/grafana-github-actions-go/github-release@main
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
           version: ${{ inputs.version }}
           metrics_api_key: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
           latest: ${{ inputs.latest }}
-          dry_run: ${{ inputs.dry_run }}

.github/workflows/go-lint.yml

@@ -1,32 +0,0 @@
-name: golangci-lint
-on:
-  push:
-    paths:
-      - pkg/**
-      - .github/workflows/go-lint.yml
-      - go.*
-    branches:
-      - main
-  pull_request:
-
-permissions:
-  contents: read
-
-jobs:
-  lint-go:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: ./go.mod
-      - run: make gen-go
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd
-        with:
-          version: v2.0.2
-          args: |
-            --verbose $(go list -m -f '{{.Dir}}' | xargs -I{} sh -c 'test ! -f {}/.nolint && echo {}/...')
-          install-mode: binary

.github/workflows/i18n-crowdin-create-tasks.yml

@@ -1,27 +0,0 @@
-name: Crowdin Create Tasks
-
-on:
-  workflow_dispatch:
-  # schedule:
-  #   - cron: "0 0 * * *"
-
-jobs:
-  create-tasks-in-crowdin:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-
-      - name: Create tasks
-        env:
-          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
-          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
-        run: node ./.github/workflows/scripts/crowdin/create-tasks.js

.github/workflows/i18n-crowdin-download.yml

@@ -1,159 +0,0 @@
-name: Crowdin Download Action
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  download-sources-from-crowdin:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write # needed to commit changes into the PR
-      pull-requests: write # needed to update PR description, labels, etc
-      id-token: write # needed to get vault secrets
-
-    steps:
-      - name: Generate token
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_PEM }}
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
-          token: ${{ steps.generate_token.outputs.token }}
-          persist-credentials: false
-
-      - name: Download sources
-        id: crowdin-download
-        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2
-        with:
-          upload_sources: false
-          upload_translations: false
-          download_sources: false
-          download_translations: true
-          export_only_approved: true
-          localization_branch_name: i18n_crowdin_translations
-          create_pull_request: true
-          pull_request_title: 'I18n: Download translations from Crowdin'
-          pull_request_body:  |
-            :robot: Automatic download of translations from Crowdin.
-
-            This runs once per day and will merge automatically if all the required checks pass.
-
-            If there's a conflict, close the pull request and **delete the branch**.
-            You can then either wait for the schedule to trigger a new PR, or rerun the action manually.
-          pull_request_labels: 'area/frontend, area/internationalization, no-changelog, no-backport'
-          pull_request_base_branch_name: 'main'
-          base_url: 'https://grafana.api.crowdin.com'
-          config: 'crowdin.yml'
-          source: 'public/locales/en-US/grafana.json'
-          translation: 'public/locales/%locale%/%original_file_name%'
-          # Magic details of the github-actions bot user, to pass CLA checks
-          github_user_name: "github-actions[bot]"
-          github_user_email: "41898282+github-actions[bot]@users.noreply.github.com"
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
-          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
-
-      - name: Get pull request ID
-        if: steps.crowdin-download.outputs.pull_request_url
-        shell: bash
-        # Crowdin action returns us the URL of the pull request, but we need an ID for the GraphQL API
-        # that looks like 'PR_kwDOAOaWjc5mP_GU'
-        run: |
-          pr_id=$(gh pr view ${{ steps.crowdin-download.outputs.pull_request_url }} --json id -q .id)
-          echo "PULL_REQUEST_ID=$pr_id" >> "$GITHUB_ENV"
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-
-      - name: Get project board ID
-        uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
-        id: get-project-id
-        if: steps.crowdin-download.outputs.pull_request_url
-        with:
-          # Frontend Platform project - https://github.com/orgs/grafana/projects/78
-          org: grafana
-          project_number: 78
-          query: |
-            query getProjectId($org: String!, $project_number: Int!){
-              organization(login: $org) {
-                projectV2(number: $project_number) {
-                  title
-                  id
-                }
-              }
-            }
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-
-      - name: Add to project board
-        uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
-        if: steps.crowdin-download.outputs.pull_request_url
-        with:
-          projectid: ${{ fromJson(steps.get-project-id.outputs.data).organization.projectV2.id }}
-          prid: ${{ env.PULL_REQUEST_ID }}
-          query: |
-            mutation addPullRequestToProject($projectid: ID!, $prid: ID!){
-              addProjectV2ItemById(input: {projectId: $projectid, contentId: $prid}) {
-                item {
-                  id
-                }
-              }
-            }
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-
-      - name: Run auto-milestone
-        uses: grafana/grafana-github-actions-go/auto-milestone@main # zizmor: ignore[unpinned-uses]
-        if: steps.crowdin-download.outputs.pull_request_url
-        with:
-          pr: ${{ steps.crowdin-download.outputs.pull_request_number }}
-          token: ${{ steps.generate_token.outputs.token }}
-
-      - name: Get vault secrets
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Secrets placed in ci/repo/grafana/grafana/grafana-pr-approver
-          repo_secrets: |
-            GRAFANA_PR_APPROVER_APP_ID=grafana-pr-approver:app-id
-            GRAFANA_PR_APPROVER_APP_PEM=grafana-pr-approver:private-key
-
-      - name: Generate approver token
-        if: steps.crowdin-download.outputs.pull_request_url
-        id: generate_approver_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ env.GRAFANA_PR_APPROVER_APP_ID }}
-          private_key: ${{ env.GRAFANA_PR_APPROVER_APP_PEM }}
-
-      - name: Approve and automerge PR
-        if: steps.crowdin-download.outputs.pull_request_url
-        shell: bash
-        # Only approve if:
-        # - the PR does not modify files other than json files under the public/locales/ directory
-        # - the PR does not modify the en-US locale
-        run: |
-          filesChanged=$(gh pr diff --name-only ${{ steps.crowdin-download.outputs.pull_request_url }})
-
-          if [[ $(echo $filesChanged | grep -v 'public/locales/[a-zA-Z\-]*/grafana.json' | wc -l) -ne 0 ]]; then
-            echo "Non-i18n changes detected, not approving"
-            exit 1
-          fi
-
-          if [[ $(echo $filesChanged | grep "public/locales/en-US" | wc -l) -ne 0 ]]; then
-            echo "public/locales/en-US changes detected, not approving"
-            exit 1
-          fi
-
-          echo "Approving and enabling automerge"
-          gh pr review ${{ steps.crowdin-download.outputs.pull_request_url }} --approve
-          gh pr merge --auto --squash ${{ steps.crowdin-download.outputs.pull_request_url }}
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_approver_token.outputs.token }}

.github/workflows/i18n-crowdin-fix-files.yml

@@ -0,0 +1,67 @@
+# When Crowdin creates a pull request from the crowdin-service-branch branch,
+# run `yarn i18n:extract` and commit the changed grafana.json files back into the PR
+# to reformat crowdin's changes to prevent conflicts with our CI checks.
+
+name: Fix Crowdin I18n files
+
+on:
+  pull_request:
+    paths:
+      - 'public/locales/*/grafana.json'
+    branches:
+      - main # Only run on pull requests *target* main (will be merged into main)
+
+jobs:
+  fix-files:
+    # Only run on pull requests *from* the crowdin-service-branch branch
+    if: github.head_ref == 'crowdin-service-branch'
+
+    name: Fix files
+    runs-on: ubuntu-latest
+
+
+    permissions:
+      contents: write # needed to commit changes back into the PR
+      pull-requests: write # needed to update PR description
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20.9.0
+          cache: 'yarn'
+
+      - name: Install dependencies
+        run: yarn install
+
+      - name: Extract I18n files
+        run: yarn i18n:extract
+
+      - name: Commit changes
+        uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5.0.0
+        with:
+          commit_message: "Github Action: Auto-fix i18n files"
+          file_pattern: public/locales/*/grafana.json
+
+      - name: Update PR description
+        uses: devindford/Append_PR_Comment@32dd2619cd96ac8da9907c416c992fe265233ca8 # v1.1.3
+        if: ${{ ! contains(github.event.pull_request.body, 'Steps for merging') }}
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          body-update-action: prefix
+          body-template: |
+            :robot: Automatic sync of translations from Crowdin.
+
+            Steps for merging:
+              1. Wait for the "Github Action: Auto-fix i18n files" commit that may be required for CI to pass.
+              2. A quick sanity check of the changes and approve. Things to look out for:
+                - No changes to the English strings. The source of truth is already in the main branch, NOT Crowdin.
+                - Translations maybe be removed if the English phrase was removed, but there should not be many of these
+                - Anything else that looks 'funky'. Ask if you're not sure.
+              3. Approve & (Auto-)merge. :tada:
+
+            If there's a conflict, close the pull request and **delete the branch**. Crowdin will recreate the pull request eventually.
+            Remember, the longer this pull request is open, the more likely it is that it'll get conflicts.

.github/workflows/i18n-crowdin-upload.yml

@@ -1,35 +0,0 @@
-name: Crowdin Upload Action
-
-on:
-  workflow_dispatch:
-  push:
-    paths:
-      - 'public/locales/en-US/grafana.json'
-    branches:
-      - main
-
-jobs:
-  upload-sources-to-crowdin:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: Upload sources
-        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2
-        with:
-          upload_sources: true
-          upload_sources_args: '--dest=public/locales/en-US/grafana.json'
-          upload_translations: false
-          download_translations: false
-          create_pull_request: false
-          base_url: 'https://grafana.api.crowdin.com'
-          config: 'crowdin.yml'
-          source: 'public/locales/en-US/grafana.json'
-          translation: 'public/locales/%locale%/%original_file_name%'
-        env:
-          CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
-          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

.github/workflows/issue-labeled.yml

@@ -0,0 +1,99 @@
+name: Notify Slack channel based on new issue label
+
+on:
+  issues:
+    types: [labeled]
+
+jobs:
+  config:
+    runs-on: "ubuntu-latest"
+    outputs:
+      has-secrets: ${{ steps.check.outputs.has-secrets }}
+    steps:
+      - name: "Check for secrets"
+        id: check
+        shell: bash
+        run: |
+          if [ -n "${{ (secrets.SLACK_WEBHOOK_URL != '') || '' }}" ]; then
+            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+          fi
+
+  notify:
+    needs: config
+    if: needs.config.outputs.has-secrets
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Download teams.yml to know which label is for which team"
+        run: wget https://raw.githubusercontent.com/grafana/grafana/main/.github/teams.yml
+
+      - name: "Determine which team to notify"
+        run: |
+          # Default to null values.
+          CHANNEL="null"
+          TEAM="null"
+
+          echo "${{ github.event.label.name }} label added"
+          export CURRENT_LABEL="${{ github.event.label.name }}" # Enable the use of the label in yq evaluations
+          # yq is installed by default in ubuntu-latest
+          if [[ $(yq e 'keys | .[] | select(. == env(CURRENT_LABEL))' teams.yml ) ]]; then
+            # Check if we have a channel set to notify on comments.
+            if [[ $(yq '.[env(CURRENT_LABEL)] | has("channel-label")' teams.yml ) == true ]]; then
+              CHANNEL=$(yq '.[env(CURRENT_LABEL)].channel-label' teams.yml)
+              echo "Ready to send issue to channel ID ${CHANNEL}"
+            fi
+
+            if [[ $(yq '.[env(CURRENT_LABEL)] | has("exclude-github-team")' teams.yml ) == true ]]; then
+              TEAM=$(yq '.[env(CURRENT_LABEL)].exclude-github-team' teams.yml)
+              echo "Will not send issue to channel if issue author is part of the team ${TEAM}"
+            fi
+          fi
+
+          # set environment for next steps
+          echo "CHANNEL=${CHANNEL}" >> $GITHUB_ENV
+          echo "TEAM=${TEAM}" >> $GITHUB_ENV
+
+      - name: "Prepare payload"
+        uses: frabert/replace-string-action@v2.0
+        id: preparePayload
+        with:
+          # replace double quotes with single quotes to avoid breaking the JSON payload sent to Slack
+          string: ${{ github.event.issue.title }}
+          pattern: '"'
+          replace-with: "'"
+          flags: 'g'
+
+      - name: Get Token
+        id: get_workflow_token
+        uses: peter-murray/workflow-application-token-action@v2
+        with:
+          application_id: ${{ secrets.APP_GRAFANA_TEAM_CHECKER_ID }}
+          application_private_key: ${{ secrets.APP_GRAFANA_TEAM_CHECKER_KEY }}
+
+      - name: "Check that issue author is not part of the team"
+        if: ${{ env.TEAM != 'null' }}
+        run: |
+          response=$(gh api /orgs/grafana/teams/${{ env.TEAM }}/memberships/${{ github.event.issue.user.login }} -i -H "Accept: application/vnd.github.v3+json")
+          STATUS_CODE=$(echo "$response" | head -n 1 | cut -d' ' -f2)
+          if [ "$status_code" -eq 404 ]; then
+            echo "The user was not found in the team."
+            echo "USER_FOUND=false" >> $GITHUB_ENV
+          else
+            echo "The user was potentially found in the team"
+            echo "USER_FOUND=maybe" >> $GITHUB_ENV
+          fi
+        env:
+          GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
+
+      - name: "Send Slack notification"
+        if: ${{ (env.CHANNEL != 'null') && ((env.USER_FOUND == 'false') || (env.TEAM != 'null')) }}
+        uses: slackapi/slack-github-action@v1.24.0
+        with:
+          payload: >
+            {
+              "icon_emoji": ":grafana:",
+              "username": "Grafana issue labeled",
+              "text": "Issue \"${{ steps.preparePayload.outputs.replaced }}\" labeled \"${{ github.event.label.name }}\": ${{ github.event.issue.html_url }}, please triage.",
+              "channel": "${{ env.CHANNEL }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/issue-opened.yml

@@ -1,118 +1,28 @@
 name: Run commands when issues are opened
-
-# important: this workflow uses a github app that is strictly limited
-# to issues. If you want to change the triggers for this workflow,
-# please review if the permissions are still sufficient.
 on:
   issues:
     types: [opened]
-
 concurrency:
   group: issue-opened-${{ github.event.issue.number }}
-
-permissions: {}
-
 jobs:
   main:
     runs-on: ubuntu-latest
-    if: github.repository == 'grafana/grafana'
-    permissions:
-      contents: read
-      id-token: write
     steps:
-
       - name: Checkout Actions
-        uses: actions/checkout@v4 # v4.2.2
+        uses: actions/checkout@v4
         with:
           repository: "grafana/grafana-github-actions"
           path: ./actions
           ref: main
-          persist-credentials: false
-
       - name: Install Actions
         run: npm install --production --prefix ./actions
-
       # give issue-openers a chance to add labels after submit
       - name: Sleep for 2 minutes
         run: sleep 2m
         shell: bash
-
-      - name: "Get vault secrets"
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_commands_github_bot path in Vault
-          repo_secrets: |
-            GH_APP_ID=plugins_platform_issue_commands_github_bot:app_id
-            GH_APP_PEM=plugins_platform_issue_commands_github_bot:app_pem
-
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ env.GH_APP_ID }}
-          private_key: ${{ env.GH_APP_PEM }}
-
       - name: Run Commands
         uses: ./actions/commands
         with:
           metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}}
-          token: ${{ steps.generate_token.outputs.token }}
+          token: ${{secrets.ISSUE_COMMANDS_TOKEN}}
           configPath: "issue-opened"
-
-  auto-triage:
-    needs: [main]
-    permissions:
-      contents: read
-      id-token: write
-    if: github.repository == 'grafana/grafana' && github.event.issue.author_association != 'MEMBER' && github.event.issue.author_association != 'OWNER'
-    runs-on: ubuntu-latest
-    steps:
-
-      - name: "Get vault secrets"
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_triager path in Vault
-          repo_secrets: |
-            AUTOTRIAGER_OPENAI_API_KEY=plugins_platform_issue_triager:AUTOTRIAGER_OPENAI_API_KEY
-            AUTOTRIAGER_SLACK_WEBHOOK_URL=plugins_platform_issue_triager:AUTOTRIAGER_SLACK_WEBHOOK_URL
-            GH_APP_ID=plugins_platform_issue_commands_github_bot:app_id
-            GH_APP_PEM=plugins_platform_issue_commands_github_bot:app_pem
-
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ env.GH_APP_ID }}
-          private_key: ${{ env.GH_APP_PEM }}
-
-      - name: Checkout
-        uses: actions/checkout@v4 # v4.2.2
-
-      - name: Send issue to the auto triager action
-        id: auto_triage
-        uses: grafana/auto-triager@main # zizmor: ignore[unpinned-uses]
-        with:
-          token: ${{ steps.generate_token.outputs.token }}
-          issue_number: ${{ github.event.issue.number }}
-          openai_api_key: ${{ env.AUTOTRIAGER_OPENAI_API_KEY }}
-          add_labels: true
-          labels_file: ${{ github.workspace }}/.github/workflows/auto-triager/labels.txt
-          types_file: ${{ github.workspace }}/.github/workflows/auto-triager/types.txt
-          prompt_file: ${{ github.workspace }}/.github/workflows/auto-triager/prompt.txt
-
-      - name: "Send Slack notification"
-        if: ${{ steps.auto_triage.outputs.triage_labels != '' }}
-        uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
-        with:
-          payload: >
-            {
-              "icon_emoji": ":robocto:",
-              "username": "Auto Triager",
-              "type": "mrkdwn",
-              "text": "Auto triager found the following labels: ${{ steps.auto_triage.outputs.triage_labels }} for issue ${{ github.event.issue.html_url }}",
-              "channel": "#triage-automation-ci"
-            }
-        env:
-          SLACK_WEBHOOK_URL:  ${{ env.AUTOTRIAGER_SLACK_WEBHOOK_URL }}

.github/workflows/lint-build-docs.yml

@@ -1,62 +0,0 @@
-name: Documentation
-
-on:
-  pull_request:
-    paths:
-      - '*.md'
-      - 'docs/**'
-      - 'packages/**/*.md'
-      - 'latest.json'
-  push:
-    branches:
-      - main
-    paths:
-      - '*.md'
-      - 'docs/**'
-      - 'packages/**/*.md'
-      - 'latest.json'
-
-jobs:
-  docs:
-    name: Build & Verify Docs
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22.11.0'
-          cache: 'yarn'
-
-      - name: Install dependencies
-        run: yarn install --immutable
-
-      - name: Lint docs
-        run: yarn run prettier:checkDocs
-        env:
-          # Increase memory for prettier due to large number of files
-          NODE_OPTIONS: --max_old_space_size=8192
-
-      - name: Build docs website
-        run: |
-          # Create and start a container from the docs-base image in detached mode
-          docker run -d --name docs-builder grafana/docs-base:latest tail -f /dev/null
-          
-          # Create the directory structure inside the container
-          docker exec docs-builder mkdir -p /hugo/content/docs/grafana/latest
-          
-          # Create the _index.md file
-          docker exec docs-builder /bin/sh -c "echo -e '---\nredirectURL: /docs/grafana/latest/\ntype: redirect\nversioned: true\n---\n' > /hugo/content/docs/grafana/_index.md"
-          
-          # Copy the docs sources from the host to the container
-          docker cp docs/sources/. docs-builder:/hugo/content/docs/grafana/latest/
-          
-          # Run the make prod command inside the container
-          docker exec -w /hugo docs-builder make prod || echo "Build completed with warnings"
-          
-          # Clean up the container
-          docker rm -f docs-builder

.github/workflows/metrics-collector.yml

@@ -15,9 +15,6 @@ on:
   issues:
     types: [opened, closed]
 
-permissions:
-  contents: read
-
 jobs:
   config:
     runs-on: "ubuntu-latest"
@@ -28,7 +25,7 @@ jobs:
         id: check
         shell: bash
         run: |
-          if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '') || '' }}" ]; then
+          if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then
             echo "has-secrets=1" >> "$GITHUB_OUTPUT"
           fi
 
@@ -38,17 +35,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Actions
-        uses: actions/checkout@v4 # v4.2.2
+        uses: actions/checkout@v4
         with:
           repository: "grafana/grafana-github-actions"
           path: ./actions
           ref: main
-          persist-credentials: false
       - name: Install Actions
         run: npm install --production --prefix ./actions
       - name: Run metrics collector
         uses: ./actions/metrics-collector
         with:
           metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}}
-          token: ${{secrets.GITHUB_TOKEN}}
+          token: ${{secrets.GH_BOT_ACCESS_TOKEN}}
           configPath: "metrics-collector"

.github/workflows/migrate-prs.yml

@@ -1,60 +0,0 @@
-name: Migrate open PRs
-# Migrate open PRs from a superseded release branch to the current release branch and notify authors
-on: 
-  workflow_call:
-    inputs:
-      from:
-        description: 'The base branch to check for open PRs'
-        required: true
-        type: string
-      to:
-        description: 'The base branch to migrate open PRs to'
-        required: true
-        type: string
-      ownerRepo:
-        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
-        required: true
-        type: string
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID:
-        required: true
-      GRAFANA_DELIVERY_BOT_APP_PEM:
-        required: true
-  workflow_dispatch:
-    inputs:
-      from:
-        description: 'The base branch to check for open PRs'
-        required: true
-        type: string
-      to:
-        description: 'The base branch to migrate open PRs to'
-        required: true
-        type: string
-      ownerRepo:
-        description: Owner/repo of the repository where the branch is created (e.g. 'grafana/grafana')
-        required: true
-        type: string
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID:
-        required: true
-      GRAFANA_DELIVERY_BOT_APP_PEM:
-        required: true
-
-jobs:
-  main:
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
-      - name: Migrate PRs
-        uses: grafana/grafana-github-actions-go/migrate-open-prs@main # zizmor: ignore[unpinned-uses]
-        with:
-          token: ${{ steps.generate_token.outputs.token }}
-          ownerRepo: ${{ inputs.ownerRepo }}
-          from: ${{ inputs.from }}
-          to: ${{ inputs.to }}
-          binary_release_tag: 'dev'

.github/workflows/milestone.yml

@@ -0,0 +1,19 @@
+name: Close Milestone
+on:
+  workflow_dispatch:
+    inputs:
+      version_input:
+        description: 'The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview<number> format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1'
+        required: true
+jobs:
+  call-remove-milestone:
+    uses: grafana/grafana/.github/workflows/remove-milestone.yml@main
+    with:
+      version_call: ${{ github.event.inputs.version_input }}
+    secrets: inherit
+  call-close-milestone:
+    uses: grafana/grafana/.github/workflows/close-milestone.yml@main
+    with:
+      version_call: ${{ github.event.inputs.version_input }}
+    secrets: inherit
+    needs: call-remove-milestone

.github/workflows/pr-backend-coverage.yml

@@ -1,71 +0,0 @@
-name: Coverage
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - 'docs/**'
-      - '**/*.md'
-
-permissions:
-  contents: read
-  id-token: write
-
-env:
-  EDITION: 'oss'
-  WIRE_TAGS: 'oss'
-
-jobs:
-  main:
-    name: Backend Unit Tests
-    runs-on: ubuntu-latest-8-cores
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-          cache: true
-      - name: Install dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y build-essential shared-mime-info
-          go install github.com/mfridman/tparse@c1754a1f484ac5cd422697b0fec635177ddc8507 # v0.17.0
-      - name: Generate Go code
-        run: make gen-go
-      - name: Run unit tests
-        run: COVER_OPTS="-coverprofile=be-unit.cov -coverpkg=github.com/grafana/grafana/..." GO_TEST_OUTPUT="/tmp/unit.log" make test-go-unit-cov
-      - name: Process and upload coverage
-        uses: ./.github/actions/test-coverage-processor
-        with:
-          test-type: 'be-unit'
-          # Needs to be named 'unit.cov' based on the Makefile command `make test-go-unit`
-          coverage-file: 'unit.cov'
-          codecov-token: ${{ secrets.CODECOV_TOKEN }}
-          codecov-flag: 'be-unit'
-          codecov-name: 'be-unit'
-
-      - name: Install Grafana Bench
-        # We can't allow forks here, as we need secret access.
-        if: ${{ github.event_name != 'pull_request' }}
-        uses: ./.github/actions/setup-grafana-bench
-
-      - name: Process output for Bench
-        if: ${{ github.event_name != 'pull_request' }}
-        run: |
-          grafana-bench report \
-            --trigger pr-backend-unit-tests-oss \
-            --report-input go \
-            --report-output log \
-            --grafana-version "$(git rev-parse HEAD)" \
-            --suite-name grafana-oss-unit-tests \
-            /tmp/unit.log || true
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false

.github/workflows/pr-checks.yml

@@ -9,7 +9,6 @@ on:
       - labeled
       - unlabeled
       - edited
-      - auto_merge_enabled
   issues:
     types:
       - milestoned
@@ -31,12 +30,11 @@ jobs:
     if: github.event.pull_request.draft == false
     steps:
       - name: Checkout Actions
-        uses: actions/checkout@v4 # v4.2.2
+        uses: actions/checkout@v4
         with:
           repository: "grafana/grafana-github-actions"
           path: ./actions
           ref: main
-          persist-credentials: false
       - name: Install Actions
         run: npm install --production --prefix ./actions
       - name: Run PR Checks

.github/workflows/pr-codeql-analysis-go.yml

@@ -0,0 +1,43 @@
+name: "CodeQL for PR / go"
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [main]
+    paths:
+      - '**/*.go'
+
+permissions:
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    - name: Set go version
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.21.8'
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: "go"
+
+    - name: Build go files
+      run: |
+        go mod verify
+        make build-go
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/pr-codeql-analysis-javascript.yml

@@ -16,7 +16,6 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-    if: github.repository == 'grafana/grafana'
 
     steps:
     - name: Checkout repository
@@ -25,13 +24,12 @@ jobs:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
-        persist-credentials: false
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v2
       with:
         languages: "javascript"
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v2

.github/workflows/pr-codeql-analysis-python.yml

@@ -14,7 +14,6 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-    if: github.repository == 'grafana/grafana'
 
     steps:
     - name: Checkout repository
@@ -23,13 +22,12 @@ jobs:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
-        persist-credentials: false
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v2
       with:
         languages: "python"
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v2

.github/workflows/pr-commands.yml

@@ -30,12 +30,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Actions
-        uses: actions/checkout@v4 # v4.2.2
+        uses: actions/checkout@v4
         with:
           repository: "grafana/grafana-github-actions"
           path: ./actions
           ref: main
-          persist-credentials: false
       - name: Install Actions
         run: npm install --production --prefix ./actions
       - name: "Generate token"

.github/workflows/pr-dependabot-update-go-workspace.yml

@@ -1,69 +0,0 @@
-name: "Update Go Workspace for Dependabot PRs"
-on:
-  pull_request:
-    branches: [main]
-    paths:
-      - .github/workflows/pr-dependabot-update-go-workspace.yml
-      - go.mod
-      - go.sum
-      - go.work
-      - go.work.sum
-      - '**/go.mod'
-      - '**/go.sum'
-      - '**.go'
-permissions:
-  contents: write
-  id-token: write
-jobs:
-  update:
-    runs-on: "ubuntu-latest"
-    if: ${{ github.actor == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository }}
-    continue-on-error: true
-    steps:
-    - name: Retrieve GitHub App secrets
-      id: get-secrets
-      uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets-v1.0.1 # zizmor: ignore[unpinned-uses]
-      with:
-        repo_secrets: |
-          APP_ID=grafana-go-workspace-bot:app-id
-          APP_INSTALLATION_ID=grafana-go-workspace-bot:app-installation-id
-          PRIVATE_KEY=grafana-go-workspace-bot:private-key
-
-    - name: Generate GitHub App token
-      id: generate_token
-      uses: actions/create-github-app-token@v1
-      with:
-        app-id: ${{ env.APP_ID }}
-        private-key: ${{ env.PRIVATE_KEY }}
-
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        repository: ${{ github.event.pull_request.head.repo.full_name }}
-        ref: ${{ github.event.pull_request.head.ref }}
-        token: ${{ steps.generate_token.outputs.token }}
-        persist-credentials: false
-
-    - name: Set go version
-      uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639
-      with:
-        go-version-file: go.mod
-
-    - name: Configure Git
-      run: |
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          git config --local --add --bool push.autoSetupRemote true
-
-    - name: Update workspace
-      run: make update-workspace
-
-    - name: Commit and push workspace changes
-      env:
-        BRANCH_NAME: ${{ github.head_ref || github.ref_name }} 
-      run: |
-        if ! git diff --exit-code --quiet; then
-          echo "Committing and pushing workspace changes"
-          git commit -a -m "update workspace"
-          git push origin $BRANCH_NAME
-        fi

.github/workflows/pr-e2e-tests.yml

@@ -1,72 +0,0 @@
-name: End-to-end tests
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - release-*.*.*
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
-
-jobs:
-  build-grafana:
-    name: Build & Package Grafana
-    runs-on: ubuntu-latest-16-cores
-    outputs:
-      artifact: ${{ steps.artifact.outputs.artifact }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          repository: 'grafana/grafana-build'
-          ref: 'main'
-          persist-credentials: false
-      - uses: actions/checkout@v4
-        with:
-          path: ./grafana
-      - run: echo "GRAFANA_GO_VERSION=$(grep "go 1." grafana/go.work |  cut -d\  -f2)" >> "$GITHUB_ENV"
-      - uses: dagger/dagger-for-github@e47aba410ef9bb9ed81a4d2a97df31061e5e842e
-        with:
-          verb: run
-          args: go run ./cmd artifacts -a targz:grafana:linux/amd64 --grafana-dir=grafana --go-version=${GRAFANA_GO_VERSION} > out.txt
-      - run: mv $(cat out.txt) grafana.tar.gz
-      - run: echo "artifact=grafana-e2e-${{github.run_number}}" >> "$GITHUB_OUTPUT"
-        id: artifact
-      - uses: actions/upload-artifact@v4
-        id: upload
-        with:
-          retention-days: 1
-          name: ${{ steps.artifact.outputs.artifact }}
-          path: grafana.tar.gz
-  e2e-matrix:
-    name: ${{ matrix.suite }}
-    strategy:
-      matrix:
-        suite:
-          - various-suite
-          - dashboards-suite
-          - smoke-tests-suite
-          - panels-suite
-    needs:
-      - build-grafana
-    uses: ./.github/workflows/run-e2e-suite.yml
-    with:
-      package: ${{ needs.build-grafana.outputs.artifact }}
-      suite: ${{ matrix.suite }}
-  e2e-matrix-old-arch:
-    name: ${{ matrix.suite }} (old arch)
-    strategy:
-      matrix:
-        suite:
-          - old-arch/various-suite
-          - old-arch/dashboards-suite
-          - old-arch/smoke-tests-suite
-          - old-arch/panels-suite
-    needs:
-      - build-grafana
-    uses: ./.github/workflows/run-e2e-suite.yml
-    with:
-      package: ${{ needs.build-grafana.outputs.artifact }}
-      suite: ${{ matrix.suite }}

.github/workflows/pr-frontend-unit-tests.yml

@@ -1,69 +0,0 @@
-name: Frontend tests
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - release-*.*.*
-
-permissions: {}
-
-jobs:
-  frontend-unit-tests:
-    permissions:
-      contents: read
-      id-token: write
-    # Run this workflow only for PRs from forks; if it gets merged into `main` or `release-*`,
-    # the `frontend-unit-tests-enterprise` workflow will run instead
-    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true
-    runs-on: ubuntu-latest-8-cores
-    name: "Unit tests (${{ matrix.chunk }} / 8)"
-    strategy:
-      fail-fast: false
-      matrix:
-        chunk: [1, 2, 3, 4, 5, 6, 7, 8]
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        persist-credentials: false
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - run: yarn install --immutable --check-cache
-    - run: yarn run test:ci
-      env:
-        TEST_MAX_WORKERS: 2
-        TEST_SHARD: ${{ matrix.chunk }}
-        TEST_SHARD_TOTAL: 8
-
-  frontend-unit-tests-enterprise:
-    permissions:
-      contents: read
-      id-token: write
-    # Run this workflow for non-PR events (like pushes to `main` or `release-*`) OR for internal PRs (PRs not from forks)
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false
-    runs-on: ubuntu-latest-8-cores
-    name: "Unit tests (${{ matrix.chunk }} / 8)"
-    strategy:
-      fail-fast: false
-      matrix:
-        chunk: [1, 2, 3, 4, 5, 6, 7, 8]
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-        cache: 'yarn'
-        cache-dependency-path: 'yarn.lock'
-    - name: Setup Enterprise
-      uses: ./.github/actions/setup-enterprise
-      with:
-        github-app-name: 'grafana-ci-bot'
-    - run: yarn install --immutable --check-cache
-    - run: yarn run test:ci
-      env:
-        TEST_MAX_WORKERS: 2
-        TEST_SHARD: ${{ matrix.chunk }}
-        TEST_SHARD_TOTAL: 8

.github/workflows/pr-go-workspace-check.yml

@@ -1,47 +0,0 @@
-name: "Go Workspace Check"
-
-on:
-  workflow_dispatch:
-  pull_request:
-    branches: [main]
-    paths:
-      - .github/workflows/pr-go-workspace-check.yml
-      - go.mod
-      - go.sum
-      - go.work
-      - go.work.sum
-      - '**/go.mod'
-      - '**/go.sum'
-      - '**.go'
-
-jobs:
-  check:
-    name: Go Workspace Check
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        persist-credentials: false
-
-    - name: Set go version
-      uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639
-      with:
-        cache: false
-        go-version-file: go.mod
-
-    - name: Update workspace
-      run: make update-workspace
-
-    - name: Check for go mod & workspace changes 
-      run: |
-        if ! git diff --exit-code --quiet; then
-          echo "Changes detected:"
-          git diff
-          echo "Please run 'make update-workspace' and commit the changes."
-          echo "If there is a change in enterprise dependencies, please update pkg/extensions/main.go."
-          exit 1
-        fi
-    - name: Ensure Dockerfile contains submodule COPY commands
-      run: ./scripts/go-workspace/validate-dockerfile.sh

.github/workflows/pr-k8s-codegen-check.yml

@@ -1,41 +0,0 @@
-name: "K8s Codegen Check"
-
-on:
-  workflow_dispatch:
-  pull_request:
-    branches: [main]
-    paths:
-      - "pkg/apis/**"
-      - "pkg/aggregator/apis/**"
-      - "pkg/apimachinery/apis/**"
-      - "hack/**"
-      - "apps/**"
-      - "*.sum"
-
-jobs:
-  check:
-    name: K8s Codegen Check
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        persist-credentials: false
-
-    - name: Set go version
-      uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639
-      with:
-        go-version-file: go.mod
-
-    - name: Update k8s codegen
-      run: ./hack/update-codegen.sh
-
-    - name: Check for k8s codegen changes
-      run: |
-        if ! git diff --exit-code --quiet; then
-          echo "Changes detected:"
-          git diff
-          echo "Please run './hack/update-codegen.sh' and commit the changes."
-          exit 1
-        fi

.github/workflows/pr-patch-check-event.yml

@@ -1,63 +0,0 @@
-# Owned by grafana-delivery-squad
-# Intended to be dropped into the base repo Ex: grafana/grafana
-name: Dispatch check for patch conflicts
-run-name: dispatch-check-patch-conflicts-${{ github.base_ref }}-${{ github.head_ref }}
-on:
-  pull_request_target:
-    types:
-      - opened
-      - reopened
-      - synchronize
-    branches:
-      - "main"
-      - "v*.*.*"
-      - "release-*"
-
-permissions: {}
-
-# Since this is run on a pull request, we want to apply the patches intended for the
-# target branch onto the source branch, to verify compatibility before merging.
-jobs:
-  dispatch-job:
-    permissions:
-      id-token: write
-      contents: read
-      actions: write
-    env:
-      HEAD_REF: ${{ github.head_ref }}
-      BASE_REF: ${{ github.base_ref }}
-      REPO: ${{ github.repository }}
-      SENDER: ${{ github.event.sender.login }}
-      SHA: ${{ github.sha }}
-      PR_COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Generate token"
-        id: generate_token
-        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
-        with:
-          # App needs Actions: Read/Write for the grafana/security-patch-actions repo
-          app_id: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-          private_key: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
-      - name: "Dispatch job"
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ steps.generate_token.outputs.token }}
-          script: |
-            const {HEAD_REF, BASE_REF, REPO, SENDER, SHA, PR_COMMIT_SHA} = process.env;
-
-            await github.rest.actions.createWorkflowDispatch({
-                owner: 'grafana',
-                repo: 'security-patch-actions',
-                workflow_id: 'test-patches-event.yml',
-                ref: 'main',
-                inputs: {
-                  src_repo: REPO,
-                  src_ref: HEAD_REF,
-                  src_merge_sha: SHA,
-                  src_pr_commit_sha: PR_COMMIT_SHA,
-                  patch_repo: REPO + '-security-patches',
-                  patch_ref: BASE_REF,
-                  triggering_github_handle: SENDER
-                }
-            })

.github/workflows/pr-patch-check.yml

@@ -0,0 +1,26 @@
+# Owned by grafana-release-guild
+# Intended to be dropped into the base repo Ex: grafana/grafana
+name: Check for patch conflicts
+run-name: check-patch-conflicts-${{ github.base_ref }}-${{ github.head_ref }}
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - "main"
+      - "v*.*.*"
+      - "release-*"
+
+# Since this is run on a pull request, we want to apply the patches intended for the
+# target branch onto the source branch, to verify compatibility before merging.
+jobs:
+  trigger_downstream_patch_check:
+    uses: grafana/security-patch-actions/.github/workflows/test-patches.yml@main
+    with:
+      src_repo: "${{ github.repository }}"
+      src_ref: "${{ github.head_ref }}" # this is the source branch name, Ex: "feature/newthing"
+      patch_repo: "${{ github.repository }}-security-patches"
+      patch_ref: "${{ github.base_ref }}" # this is the target branch name, Ex: "main"
+    secrets: inherit