From d92d51c18b27013ca3140d48b0640721abe9b763 Mon Sep 17 00:00:00 2001 From: Meng Yan Date: Mon, 9 Feb 2026 09:46:12 +0800 Subject: [PATCH] Remove failing upstream Grafana workflows Remove workflows that are not applicable to stolostron/glo-grafana: 1. relyance-scan.yml - Fails with 401 Unauthorized when accessing vault Error: failed to retrieve vault token (ERR_NON_2XX_3XX_RESPONSE: Response code 401) Reference: https://github.com/stolostron/glo-grafana/actions/runs/21808224596 2. sync-mirror-event.yml - Only executes for grafana/grafana repository Contains condition: if: github.repository == 'grafana/grafana' This workflow never actually runs in stolostron fork, but attempts vault access causing failures. These workflows are inherited from upstream Grafana but are not configured or needed for the Global Hub fork. Signed-off-by: Meng Yan --- .github/workflows/relyance-scan.yml | 33 ------------- .github/workflows/sync-mirror-event.yml | 63 ------------------------- 2 files changed, 96 deletions(-) delete mode 100644 .github/workflows/relyance-scan.yml delete mode 100644 .github/workflows/sync-mirror-event.yml diff --git a/.github/workflows/relyance-scan.yml b/.github/workflows/relyance-scan.yml deleted file mode 100644 index 29d68e004165a..0000000000000 --- a/.github/workflows/relyance-scan.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Relyance Compliance Inspection -on: - schedule: - - cron: '0 0 * * *' # Run daily at 00:00 UTC - workflow_dispatch: # Allow for manual trigger - -jobs: - relyance-compliance-inspector: - permissions: - contents: read - id-token: write # Needed for Vault access - - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Get API key - id: vault-secrets - uses: grafana/shared-workflows/actions/get-vault-secrets@5d7e361bc7e0a183cde8afe9899fb7b596d2659b # get-vault-secrets-v1.2.0 - with: - repo_secrets: | - API_KEY=relyance:API_KEY - - - name: Run Relyance scan - env: - API_KEY: "${{ fromJSON(steps.vault-secrets.outputs.secrets).API_KEY }}" - run: | - docker pull gcr.io/relyance-ext/compliance_inspector:release && \ - docker run --rm -v ${{ github.workspace }}:/repo --env "API_KEY=${{ env.API_KEY }}" gcr.io/relyance-ext/compliance_inspector:release diff --git a/.github/workflows/sync-mirror-event.yml b/.github/workflows/sync-mirror-event.yml deleted file mode 100644 index 4a073c9b2b3d7..0000000000000 --- a/.github/workflows/sync-mirror-event.yml +++ /dev/null @@ -1,63 +0,0 @@ -# Owned by grafana-delivery-squad -# Intended to be dropped into the base repo, Ex: grafana/grafana -name: Dispatch sync to mirror -run-name: dispatch-sync-to-mirror-${{ github.ref_name }} -on: - workflow_dispatch: - push: - branches: - - "main" - - "v*.*.*" - - "release-*" - -permissions: {} - -# This is run after the pull request has been merged, so we'll run against the target branch -jobs: - dispatch-job: - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - actions: write - env: - REF_NAME: ${{ github.ref_name }} - REPO: ${{ github.repository }} - SHA: ${{ github.sha }} - steps: - - name: "Get vault secrets" - id: vault-secrets - uses: grafana/shared-workflows/actions/get-vault-secrets@main - with: - # Secrets placed in the ci/data/repo/grafana/grafana/delivery-bot-app path in Vault - repo_secrets: | - GRAFANA_DELIVERY_BOT_APP_PEM=delivery-bot-app:PRIVATE_KEY - - - name: "Generate token" - id: generate_token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a - with: - # App needs Actions: Read/Write for the grafana/security-patch-actions repo - app_id: ${{ vars.DELIVERY_BOT_APP_ID }} - private_key: ${{ env.GRAFANA_DELIVERY_BOT_APP_PEM }} - - - uses: actions/github-script@v7 - if: github.repository == 'grafana/grafana' - with: - github-token: ${{ steps.generate_token.outputs.token }} - script: | - const {REF_NAME, REPO, SHA} = process.env; - - await github.rest.actions.createWorkflowDispatch({ - owner: 'grafana', - repo: 'security-patch-actions', - workflow_id: 'mirror-branch-and-apply-patches-event.yml', - ref: 'main', - inputs: { - src_ref: REF_NAME, - src_repo: REPO, - src_sha: SHA, - dest_repo: REPO + "-security-mirror", - patch_repo: REPO + "-security-patches" - } - })