From 47db35fd49eab8a6bf196cc7731aeb066bfb270c Mon Sep 17 00:00:00 2001
From: Ashley Harrison <ashley.harrison@grafana.com>
Date: Tue, 10 Jun 2025 13:33:54 +0100
Subject: [PATCH] Internationalisation: Use the reusable workflows from
 `grafana-github-actions` (#106465)

use the reusable workflows from grafana-github-actions
---
 .../workflows/i18n-crowdin-create-tasks.yml   |  36 +---
 .github/workflows/i18n-crowdin-download.yml   | 166 +-----------------
 .github/workflows/i18n-crowdin-upload.yml     |  36 +---
 3 files changed, 12 insertions(+), 226 deletions(-)

diff --git a/.github/workflows/i18n-crowdin-create-tasks.yml b/.github/workflows/i18n-crowdin-create-tasks.yml
index 1a5847d83da..6ecaa883e01 100644
--- a/.github/workflows/i18n-crowdin-create-tasks.yml
+++ b/.github/workflows/i18n-crowdin-create-tasks.yml
@@ -9,36 +9,6 @@ on:
 
 jobs:
   create-tasks-in-crowdin:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      id-token: write # needed to get vault secrets
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: "Get vault secrets"
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Vault secret paths:
-          # - ci/repo/grafana/grafana/grafana_frontend_platform_crowdin_bot
-          repo_secrets: |
-            CROWDIN_TOKEN=grafana_frontend_platform_crowdin_bot:access_token
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: '.nvmrc'
-
-      - run: yarn install --immutable --check-cache
-
-      - name: Create tasks
-        env:
-          CROWDIN_PROJECT_ID: '5'
-          CROWDIN_PERSONAL_TOKEN: ${{ env.CROWDIN_TOKEN }}
-        run: node --experimental-strip-types ./.github/workflows/scripts/crowdin/create-tasks.ts
+    uses: grafana/grafana-github-actions/.github/workflows/crowdin-create-tasks.yml@main
+    with:
+      crowdin_project_id: 5
diff --git a/.github/workflows/i18n-crowdin-download.yml b/.github/workflows/i18n-crowdin-download.yml
index 526876bbd81..46b456ddebb 100644
--- a/.github/workflows/i18n-crowdin-download.yml
+++ b/.github/workflows/i18n-crowdin-download.yml
@@ -7,163 +7,9 @@ on:
 
 jobs:
   download-sources-from-crowdin:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write # needed to commit changes into the PR
-      pull-requests: write # needed to update PR description, labels, etc
-      id-token: write # needed to get vault secrets
-
-    steps:
-      - name: "Get vault secrets"
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Vault secret paths:
-          # - ci/repo/grafana/grafana/grafana_frontend_platform_crowdin_bot
-          repo_secrets: |
-            CROWDIN_TOKEN=grafana_frontend_platform_crowdin_bot:access_token
-            GRAFANA_PR_AUTOMATION_APP_ID=grafana_pr_automation_app:app_id
-            GRAFANA_PR_AUTOMATION_APP_PEM=grafana_pr_automation_app:app_pem
-
-      - name: Generate token
-        id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ env.GRAFANA_PR_AUTOMATION_APP_ID }}
-          private_key: ${{ env.GRAFANA_PR_AUTOMATION_APP_PEM }}
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
-          token: ${{ steps.generate_token.outputs.token }}
-          persist-credentials: false
-
-      - name: Download sources
-        id: crowdin-download
-        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2
-        with:
-          upload_sources: false
-          upload_translations: false
-          download_sources: false
-          download_translations: true
-          export_only_approved: true
-          localization_branch_name: i18n_crowdin_translations
-          create_pull_request: true
-          pull_request_title: 'I18n: Download translations from Crowdin'
-          pull_request_body:  |
-            :robot: Automatic download of translations from Crowdin.
-
-            This runs once per day and will merge automatically if all the required checks pass.
-
-            If there's a conflict, close the pull request and **delete the branch**.
-            You can then either wait for the schedule to trigger a new PR, or rerun the action manually.
-          pull_request_labels: 'area/frontend, area/internationalization, no-changelog, no-backport'
-          pull_request_base_branch_name: 'main'
-          base_url: 'https://grafana.api.crowdin.com'
-          config: 'crowdin.yml'
-          # Magic details of the github-actions bot user, to pass CLA checks
-          github_user_name: "github-actions[bot]"
-          github_user_email: "41898282+github-actions[bot]@users.noreply.github.com"
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-          CROWDIN_PROJECT_ID: 5
-          CROWDIN_PERSONAL_TOKEN: ${{ env.CROWDIN_TOKEN }}
-
-      - name: Get pull request ID
-        if: steps.crowdin-download.outputs.pull_request_url
-        shell: bash
-        # Crowdin action returns us the URL of the pull request, but we need an ID for the GraphQL API
-        # that looks like 'PR_kwDOAOaWjc5mP_GU'
-        run: |
-          pr_id=$(gh pr view ${{ steps.crowdin-download.outputs.pull_request_url }} --json id -q .id)
-          echo "PULL_REQUEST_ID=$pr_id" >> "$GITHUB_ENV"
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-
-      - name: Get project board ID
-        uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
-        id: get-project-id
-        if: steps.crowdin-download.outputs.pull_request_url
-        with:
-          # Frontend Platform project - https://github.com/orgs/grafana/projects/78
-          org: grafana
-          project_number: 78
-          query: |
-            query getProjectId($org: String!, $project_number: Int!){
-              organization(login: $org) {
-                projectV2(number: $project_number) {
-                  title
-                  id
-                }
-              }
-            }
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-
-      - name: Add to project board
-        uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
-        if: steps.crowdin-download.outputs.pull_request_url
-        with:
-          projectid: ${{ fromJson(steps.get-project-id.outputs.data).organization.projectV2.id }}
-          prid: ${{ env.PULL_REQUEST_ID }}
-          query: |
-            mutation addPullRequestToProject($projectid: ID!, $prid: ID!){
-              addProjectV2ItemById(input: {projectId: $projectid, contentId: $prid}) {
-                item {
-                  id
-                }
-              }
-            }
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
-
-      - name: Run auto-milestone
-        uses: grafana/grafana-github-actions-go/auto-milestone@main # zizmor: ignore[unpinned-uses]
-        if: steps.crowdin-download.outputs.pull_request_url
-        with:
-          pr: ${{ steps.crowdin-download.outputs.pull_request_number }}
-          token: ${{ steps.generate_token.outputs.token }}
-
-      - name: Get vault secrets
-        id: vault-secrets-approver
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Secrets placed in ci/repo/grafana/grafana/grafana-pr-approver
-          repo_secrets: |
-            GRAFANA_PR_APPROVER_APP_ID=grafana-pr-approver:app-id
-            GRAFANA_PR_APPROVER_APP_PEM=grafana-pr-approver:private-key
-
-      - name: Generate approver token
-        if: steps.crowdin-download.outputs.pull_request_url
-        id: generate_approver_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
-        with:
-          app_id: ${{ env.GRAFANA_PR_APPROVER_APP_ID }}
-          private_key: ${{ env.GRAFANA_PR_APPROVER_APP_PEM }}
-
-      - name: Approve and automerge PR
-        if: steps.crowdin-download.outputs.pull_request_url
-        shell: bash
-        # Only approve if:
-        # - the PR does not modify files other than json files under the public/locales/ directory
-        # - the PR does not modify the en-US locale
-        # TODO make these paths inputs to the workflow when we move this to a shared repo
-        run: |
-          filesChanged="$(gh pr diff --name-only ${{ steps.crowdin-download.outputs.pull_request_url }})"
-
-          if [[ $(echo "$filesChanged" | grep -cv -e 'public/locales/[a-zA-Z\-]*/grafana.json' -e 'public/app/plugins/datasource/azuremonitor/locales/[a-zA-Z\-]*/grafana-azure-monitor-datasource.json' -e 'public/app/plugins/datasource/mssql/locales/[a-zA-Z\-]*/mssql.json') -ne 0 ]]; then
-            echo "Non-i18n changes detected, not approving"
-            exit 1
-          fi
-
-          if [[ $(echo "$filesChanged" | grep -c -e "public/locales/en-US" -e "public/app/plugins/datasource/azuremonitor/locales/en-US" -e "public/app/plugins/datasource/mssql/locales/en-US") -ne 0 ]]; then
-            echo "en-US changes detected, not approving"
-            exit 1
-          fi
-
-          echo "Approving and enabling automerge"
-          gh pr review ${{ steps.crowdin-download.outputs.pull_request_url }} --approve
-          gh pr merge --auto --squash ${{ steps.crowdin-download.outputs.pull_request_url }}
-        env:
-          GITHUB_TOKEN: ${{ steps.generate_approver_token.outputs.token }}
+    uses: grafana/grafana-github-actions/.github/workflows/crowdin-download.yml@main
+    with:
+      crowdin_project_id: 5
+      pr_labels: 'area/frontend, area/internationalization, no-changelog, no-backport'
+      github_board_id: 78 # Frontend Platform project
+      en_paths: public/locales/en-US/grafana.json, public/app/plugins/datasource/azuremonitor/locales/en-US/grafana-azure-monitor-datasource.json, public/app/plugins/datasource/mssql/locales/en-US/mssql.json
diff --git a/.github/workflows/i18n-crowdin-upload.yml b/.github/workflows/i18n-crowdin-upload.yml
index 60f33de876f..97638769526 100644
--- a/.github/workflows/i18n-crowdin-upload.yml
+++ b/.github/workflows/i18n-crowdin-upload.yml
@@ -12,36 +12,6 @@ on:
 
 jobs:
   upload-sources-to-crowdin:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      id-token: write # needed to get vault secrets
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: "Get vault secrets"
-        id: vault-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
-        with:
-          # Vault secret paths:
-          # - ci/repo/grafana/grafana/grafana_frontend_platform_crowdin_bot
-          repo_secrets: |
-            CROWDIN_TOKEN=grafana_frontend_platform_crowdin_bot:access_token
-
-      - name: Upload sources
-        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2
-        with:
-          upload_sources: true
-          upload_translations: false
-          download_translations: false
-          create_pull_request: false
-          base_url: 'https://grafana.api.crowdin.com'
-          config: 'crowdin.yml'
-        env:
-          CROWDIN_PROJECT_ID: 5
-          CROWDIN_PERSONAL_TOKEN: ${{ env.CROWDIN_TOKEN }}
+    uses: grafana/grafana-github-actions/.github/workflows/crowdin-upload.yml@main
+    with:
+      crowdin_project_id: 5