grafana/README.md

# grafana
The grafana package

## Setup instructions
* clone the upstream sources: `git clone https://github.com/grafana/grafana && cd grafana`
* checkout the version of the specfile: `git checkout <currentversion>`
* apply existing patches: `git am ../0*.patch`

## Upgrade instructions
* follow the Setup instructions above
* rebase to the new version: `git fetch && git rebase --onto <newversion> <oldversion>`
  * rebasing `remove-unused-backend-dependencies.patch`: only apply the patch to `pkg/extensions/main.go` and run `go mod tidy`, then `go.mod` and `go.sum` will get updated automatically
  * rebasing `remove-unused-frontend-crypto.patch`: only apply the patch to `package.json` and run `yarn install`, then `yarn.lock` will get updated automatically
* create new patches from the modified git commits: `git format-patch -N --no-stat --no-signature <newversion> && mv *.patch ..`
* update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile
* create bundles and manifest: `./create_bundles_in_container.sh`
* inspect the vendor tarball for any new non-FIPS crypto (`vendor/golang.org/x/crypto`), delete these files/directories in the Makefile and update the `patch-removed-backend-crypto.patch` if required
* update specfile with contents of the `.manifest` file
* update the manpages patch in `0002-add-manpages.patch` and other patches if required
* run local build: `rpkg local`
* run rpmlint: `rpmlint -r grafana.rpmlintrc /tmp/rpkg/grafana-*/grafana-*.src.rpm /tmp/rpkg/grafana-*/x86_64/grafana-*.x86_64.rpm`
* run a scratch build: `fedpkg scratch-build --srpm`
* upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz`
* commit new `sources` file

## Patches
* create the patch
* declare and apply (`%prep`) the patch in the specfile
* if the patch affects Go or Node.js dependencies, or the webpack
  * update the `create_bundles.sh` script and apply the patch
  * create new tarballs
  * update the specfile with new tarball name and contents of the `.manifest` file

### General guidelines
* aim to apply all patches in the specfile
* avoid rebuilding the tarballs

Patches fall in several categories:
  * modify dependency versions
  * modify both sources and vendored dependencies (e.g. CVEs)
  * modify the Node.js source (i.e. affect the webpack)
  * some patches are conditional (e.g. FIPS)

Patches cannot be applied twice.
It is not possible to unconditionally apply all patches in the Makefile, and great care must be taken to include the required patches at the correct stage of the build.

## Reproducible Bundles
Run `./create_bundles_in_container.sh` to generate a reproducible vendor and webpack bundle.

## Verification
* compare the list of files with the upstream RPM at https://grafana.com/grafana/download
Added the README 2019-04-29 12:46:34 +00:00			`# grafana`
update to upstream version 6.7.2, add scripts to ease upgrade process 2020-04-22 16:14:45 +00:00			`The grafana package`
Added the README 2019-04-29 12:46:34 +00:00
update to upstream Grafana 8.5.6 2022-06-22 17:13:29 +00:00			`## Setup instructions`
			* clone the upstream sources: `git clone https://github.com/grafana/grafana && cd grafana`
update to upstream Grafana 9.0.2 2022-07-06 10:57:30 +00:00			* checkout the version of the specfile: `git checkout <currentversion>`
			* apply existing patches: `git am ../0*.patch`
update to upstream Grafana 8.5.6 2022-06-22 17:13:29 +00:00
update to upstream version 6.7.2, add scripts to ease upgrade process 2020-04-22 16:14:45 +00:00			`## Upgrade instructions`
update to upstream Grafana 9.0.2 2022-07-06 10:57:30 +00:00			`* follow the Setup instructions above`
			* rebase to the new version: `git fetch && git rebase --onto <newversion> <oldversion>`
			* rebasing `remove-unused-backend-dependencies.patch`: only apply the patch to `pkg/extensions/main.go` and run `go mod tidy`, then `go.mod` and `go.sum` will get updated automatically
			* rebasing `remove-unused-frontend-crypto.patch`: only apply the patch to `package.json` and run `yarn install`, then `yarn.lock` will get updated automatically
			* create new patches from the modified git commits: `git format-patch -N --no-stat --no-signature <newversion> && mv *.patch ..`
update to upstream version 7.5.10 2021-09-30 12:16:39 +00:00			* update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile
update to upstream Grafana 9.0.2 2022-07-06 10:57:30 +00:00			* create bundles and manifest: `./create_bundles_in_container.sh`
			* inspect the vendor tarball for any new non-FIPS crypto (`vendor/golang.org/x/crypto`), delete these files/directories in the Makefile and update the `patch-removed-backend-crypto.patch` if required
update to upstream version 7.3.4 2020-11-25 17:55:36 +00:00			* update specfile with contents of the `.manifest` file
update to upstream Grafana 8.5.6 2022-06-22 17:13:29 +00:00			* update the manpages patch in `0002-add-manpages.patch` and other patches if required
update to upstream version 7.1.1 2020-07-30 15:52:28 +00:00			* run local build: `rpkg local`
update to upstream Grafana 9.0.2 2022-07-06 10:57:30 +00:00			* run rpmlint: `rpmlint -r grafana.rpmlintrc /tmp/rpkg/grafana-/grafana-.src.rpm /tmp/rpkg/grafana-/x86_64/grafana-.x86_64.rpm`
update to upstream version 6.7.2, add scripts to ease upgrade process 2020-04-22 16:14:45 +00:00			* run a scratch build: `fedpkg scratch-build --srpm`
update to upstream version 7.3.6 2020-12-21 18:42:28 +00:00			* upload new source tarballs: `fedpkg new-sources .tar.gz .tar.xz`
update to upstream version 7.5.10 2021-09-30 12:16:39 +00:00			* commit new `sources` file
update to upstream version 7.3.1, resolve RHBZ #1843170 2020-11-04 16:44:15 +00:00
update patch handling and instructions 2021-10-08 14:53:45 +00:00			`## Patches`
update to upstream version 7.3.1, resolve RHBZ #1843170 2020-11-04 16:44:15 +00:00			`* create the patch`
			* declare and apply (`%prep`) the patch in the specfile
			`* if the patch affects Go or Node.js dependencies, or the webpack`
update to upstream Grafana 9.0.8 2022-09-15 14:11:11 +00:00			* update the `create_bundles.sh` script and apply the patch
update to upstream version 7.5.10 2021-09-30 12:16:39 +00:00			`* create new tarballs`
update patch handling and instructions 2021-10-08 14:53:45 +00:00			* update the specfile with new tarball name and contents of the `.manifest` file
update to upstream version 7.3.1, resolve RHBZ #1843170 2020-11-04 16:44:15 +00:00
update patch handling and instructions 2021-10-08 14:53:45 +00:00			`### General guidelines`
			`* aim to apply all patches in the specfile`
			`* avoid rebuilding the tarballs`
update to upstream version 7.5.10 2021-09-30 12:16:39 +00:00
update patch handling and instructions 2021-10-08 14:53:45 +00:00			`Patches fall in several categories:`
			`* modify dependency versions`
			`* modify both sources and vendored dependencies (e.g. CVEs)`
			`* modify the Node.js source (i.e. affect the webpack)`
			`* some patches are conditional (e.g. FIPS)`

			`Patches cannot be applied twice.`
			`It is not possible to unconditionally apply all patches in the Makefile, and great care must be taken to include the required patches at the correct stage of the build.`
update to upstream version 7.5.7 2021-05-20 14:57:43 +00:00
update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-05 17:39:40 +00:00			`## Reproducible Bundles`
			Run `./create_bundles_in_container.sh` to generate a reproducible vendor and webpack bundle.

update to upstream version 7.5.7 2021-05-20 14:57:43 +00:00			`## Verification`
			`* compare the list of files with the upstream RPM at https://grafana.com/grafana/download`