Add Azure Entra/AD Authentication to PostgreSQL Plugin #23206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Ephemeral instances: PR comment' | |
| on: | |
| issue_comment: | |
| types: [created] | |
| jobs: | |
| config: | |
| if: github.event.sender.type == 'User' && | |
| github.event.issue.pull_request && | |
| startsWith(github.event.comment.body, '/deploy-to-hg') | |
| runs-on: | |
| labels: ubuntu-latest-8-cores | |
| outputs: | |
| has-secrets: ${{ steps.check.outputs.has-secrets }} | |
| steps: | |
| - name: "Check for secrets" | |
| id: check | |
| shell: bash | |
| run: | | |
| if [ -n "${{ (secrets.EI_APP_ID != '' && | |
| secrets.EI_APP_PRIVATE_KEY != '' && | |
| secrets.EI_GCOM_HOST != '' && | |
| secrets.EI_GCOM_TOKEN != '' && | |
| secrets.EI_EPHEMERAL_INSTANCES_REGISTRY != '' && | |
| secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 != '' && | |
| secrets.EI_EPHEMERAL_ORG_ID != '' | |
| ) || '' }}" ]; then | |
| echo "has-secrets=1" >> "$GITHUB_OUTPUT" | |
| fi | |
| handle-pull-request-event: | |
| needs: config | |
| if: needs.config.outputs.has-secrets && | |
| github.event.sender.type == 'User' && | |
| github.event.issue.pull_request && | |
| startsWith(github.event.comment.body, '/deploy-to-hg') | |
| runs-on: | |
| labels: ubuntu-latest-8-cores | |
| continue-on-error: true | |
| steps: | |
| - name: Setup Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.20' | |
| - name: Generate a GitHub app installation token | |
| id: generate_token | |
| uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 | |
| with: | |
| app_id: ${{ secrets.EI_APP_ID }} | |
| private_key: ${{ secrets.EI_APP_PRIVATE_KEY }} | |
| - name: Checkout ephemeral instances repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: grafana/ephemeral-grafana-instances-github-action | |
| token: ${{ steps.generate_token.outputs.token }} | |
| ref: main | |
| path: ephemeral | |
| - name: Run action | |
| env: | |
| GITHUB_EVENT: ${{ toJson(github.event)}} | |
| run: | | |
| GRAFANA_VERSION=10.1.0 | |
| cd $GITHUB_WORKSPACE/ephemeral/src | |
| go run . \ | |
| -GITHUB_TOKEN="${{ steps.generate_token.outputs.token }}" \ | |
| -GITHUB_WORKFLOW_RUN_ID="${{ github.run_id }}" \ | |
| -GITHUB_EVENT="$GITHUB_EVENT" \ | |
| -GITHUB_TRIGGERING_ACTOR="${{ github.triggering_actor }}" \ | |
| -GCOM_HOST="${{ secrets.EI_GCOM_HOST }}" \ | |
| -GCOM_TOKEN="${{ secrets.EI_GCOM_TOKEN }}" \ | |
| -HOSTED_GRAFANA_IMAGE_TAG="$GRAFANA_VERSION-ephemeral-oss-${{ github.event.issue.number}}-${{ github.run_number }}-${{ github.run_attempt }}" \ | |
| -REGISTRY="${{ secrets.EI_EPHEMERAL_INSTANCES_REGISTRY }}" \ | |
| -GRAFANA_VERSION="$GRAFANA_VERSION" \ | |
| -GCP_SERVICE_ACCOUNT_KEY_BASE64="${{ secrets.EI_GCP_SERVICE_ACCOUNT_KEY_BASE64 }}" \ | |
| -EPHEMERAL_ORG_ID="${{ secrets.EI_EPHEMERAL_ORG_ID }}" || true |