fix: auto-provision Grafana dashboard on staging deploy#282
Conversation
Add a provision-dashboard job to deploy-staging.yml that pushes the dashboard JSON to Grafana Cloud via the HTTP API after each deploy. Replaces __inputs datasource template variables with actual UIDs from GitHub repository variables (GRAFANA_DS_METRICS_UID, GRAFANA_DS_LOGS_UID). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 5453091f69b0
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughAdds a new GitHub Actions job to the staging deployment workflow that transforms a staging Grafana dashboard JSON (removes Changes
Sequence Diagram(s)sequenceDiagram
participant Actions as GitHub Actions Runner
participant Repo as Repository (checkout)
participant Transform as Transformation Script
participant GrafanaAPI as Grafana API
participant GrafanaCloud as Grafana Cloud
Actions->>Repo: checkout code
Actions->>Transform: load staging dashboard JSON
Transform->>Transform: remove __inputs, set id=null, replace datasource UIDs
Actions->>GrafanaAPI: POST /api/dashboards/db (payload)
GrafanaAPI->>GrafanaCloud: persist dashboard
GrafanaAPI-->>Actions: 2xx response + dashboard URL / non-2xx error
Estimated code review effort🎯 2 (Simple) | ⏱️ ~15 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR automates Grafana dashboard provisioning as part of the staging deploy pipeline. Previously, dashboard changes required a manual import after each deploy; this adds a provision-dashboard job to deploy-staging.yml that runs after deploy-vps, reads the dashboard JSON from the repo, replaces __inputs datasource template variables with actual datasource UIDs, and pushes it to Grafana Cloud via the HTTP API.
Changes:
- Adds
provision-dashboardjob to.github/workflows/deploy-staging.ymlthat triggers afterdeploy-vpssucceeds, transforms the dashboard JSON with real datasource UIDs, and pushes it to Grafana Cloud.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/deploy-staging.yml:
- Around line 477-484: The provision-dashboard job is inheriting full repo token
permissions; limit the job's GITHUB_TOKEN to read-only by adding a job-level
permissions block (permissions: contents: read) to the provision-dashboard job
so the actions/checkout@v4 step and Grafana call only have read access;
reference the job name provision-dashboard and the checkout step that uses
inputs.staging_tag || github.ref_name and ensure GRAFANA_API_KEY remains
available but the GITHUB_TOKEN is scoped to contents: read.
- Around line 515-519: The Grafana POST uses curl without timeouts which can
hang the workflow; update the curl invocation that sets HTTP_CODE (the command
using GRAFANA_URL, GRAFANA_API_KEY, and PAYLOAD) to include explicit connect and
overall timeouts (for example --connect-timeout and --max-time or -m) so the
request fails fast on network stalls; keep the rest of the flags and ensure the
HTTP_CODE capture and response file behavior remain unchanged.
- Around line 487-505: Add a fail-fast check before building DASHBOARD: verify
that the required GitHub Actions vars (DS_METRICS_UID and DS_LOGS_UID, and
optionally GRAFANA_URL/GRAFANA_API_KEY) are non-empty and exit with a clear
error if any are missing; place this check immediately before the
DASHBOARD=$(cat ... | jq ...) line so you don't proceed to rewrite/import
dashboards with empty UIDs. Reference the environment variable names
DS_METRICS_UID and DS_LOGS_UID and the DASHBOARD assignment in the step so the
check is easy to find and prevents a silent, broken import.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 4015bb69-4927-4ab2-ad23-010df4671000
📒 Files selected for processing (1)
.github/workflows/deploy-staging.yml
- Add `environment: staging` so env-scoped vars/secrets resolve correctly - Add `permissions: contents: read` to limit GITHUB_TOKEN scope - Fail fast if Grafana env vars are missing or empty - Add curl timeouts (--connect-timeout 10 --max-time 60) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 31e8ddc5e1ce
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/deploy-staging.yml:
- Around line 504-512: After building DASHBOARD with the jq transform that
removes __inputs and rewrites certain .uid values (the block that uses
DS_GRAFANA_CLOUD_METRICS and DS_GRAFANA_CLOUD_LOGS), add a strict post-transform
validation that scans the DASHBOARD JSON for any remaining .uid values that
match the literal placeholder pattern "${DS_...}". If any such placeholder is
found, fail the job (non-zero exit) and log an error explaining that unresolved
datasource placeholders remain; otherwise proceed. Target the DASHBOARD variable
and the .uid fields in the validation check so any future imports that leave a
"${DS_" placeholder will be rejected.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 74911c60-29d4-492e-bdbc-76321f7ed456
📒 Files selected for processing (1)
.github/workflows/deploy-staging.yml
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 14e5146034e9
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
You can also share your feedback on Copilot code review. Take the survey.
Summary
provision-dashboardjob todeploy-staging.ymlthat pushes the Grafana dashboard JSON to Grafana Cloud via HTTP API after each staging deploy__inputsdatasource template variables with actual UIDs from repo-level GitHub variables (GRAFANA_DS_METRICS_UID,GRAFANA_DS_LOGS_UID)New GitHub variables added
GRAFANA_DS_METRICS_UID=grafanacloud-promGRAFANA_DS_LOGS_UID=grafanacloud-logsGRAFANA_URL(already existed)GRAFANA_API_KEYsecret (already existed)Test plan
provision-dashboardjob succeeds in CI logsresult="success"filters)🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes