diff --git a/docs/sources/setup-grafana/configure-security/_index.md b/docs/sources/setup-grafana/configure-security/_index.md
index 54b45e67ed9..b03577d38dc 100644
--- a/docs/sources/setup-grafana/configure-security/_index.md
+++ b/docs/sources/setup-grafana/configure-security/_index.md
@@ -45,6 +45,16 @@ Self-hosted reverse proxy options include but are not limited to:
- [NGINX](https://docs.nginx.com/nginx/) using their [guide on restricting access with HTTP basic authentication](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/)
- [OAuth2 proxy](https://github.com/oauth2-proxy/oauth2-proxy)
+### Configure CORS
+
+If you want to enable CORS for your Grafana instance, run Grafana behind a reverse proxy and configure the CORS headers in the reverse proxy.
+
+For more information, refer to [Run Grafana behind a reverse proxy](https://grafana.com/tutorials/run-grafana-behind-a-proxy/).
+
+{{< admonition type="note" >}}
+Grafana doesn't recommend using wildcard values (`*`) as header values and recommends using a URL instead.
+{{< /admonition >}}
+
## Limit Viewer query permissions
Users with the `Viewer role` can enter _any possible query_ in _any_ of the data sources available in the **organization**, not just the queries that are defined on the dashboards for which the user has Viewer permissions.
diff --git a/pkg/build/daggerbuild/arguments/grafana.go b/pkg/build/daggerbuild/arguments/grafana.go
index d7a4ebe599c..00bad617e32 100644
--- a/pkg/build/daggerbuild/arguments/grafana.go
+++ b/pkg/build/daggerbuild/arguments/grafana.go
@@ -3,7 +3,6 @@ package arguments
import (
"context"
"fmt"
- "log"
"log/slog"
"path"
"path/filepath"
@@ -95,16 +94,30 @@ func GrafanaDirectoryOptsFromFlags(c cliutil.CLIContext) *GrafanaDirectoryOpts {
}
func cloneOrMount(ctx context.Context, client *dagger.Client, localPath, repo, ref string, ght string) (*dagger.Directory, error) {
- // If GrafanaDir was provided, then we can just use that one.
- if path := localPath; path != "" {
- slog.Info("Using local Grafana found", "path", path)
- return daggerutil.HostDir(client, path)
+ if localPath != "" {
+ absolute, err := filepath.Abs(localPath)
+ if err != nil {
+ return nil, fmt.Errorf("error getting absolute path for local dir: %w", err)
+ }
+ localPath = absolute
+ slog.Info("Using local directory for repository", "path", localPath, "repo", repo)
+ return daggerutil.HostDir(client, localPath)
+ }
+
+ ght, err := githubToken(ctx, ght)
+ if err != nil {
+ return nil, fmt.Errorf("error acquiring GitHub token: %w", err)
}
return git.CloneWithGitHubToken(client, ght, repo, ref)
}
func applyPatches(ctx context.Context, client *dagger.Client, src *dagger.Directory, repo, patchesPath, ref, ght string) (*dagger.Directory, error) {
+ ght, err := githubToken(ctx, ght)
+ if err != nil {
+ return nil, fmt.Errorf("error acquiring GitHub token: %w", err)
+ }
+
// Clone the patches repository on 'main'
dir, err := git.CloneWithGitHubToken(client, ght, repo, ref)
if err != nil {
@@ -144,12 +157,7 @@ func applyPatches(ctx context.Context, client *dagger.Client, src *dagger.Direct
func grafanaDirectory(ctx context.Context, opts *pipeline.ArgumentOpts) (any, error) {
o := GrafanaDirectoryOptsFromFlags(opts.CLIContext)
- ght, err := githubToken(ctx, o.GitHubToken)
- if err != nil {
- log.Println("No github token found:", err)
- }
-
- src, err := cloneOrMount(ctx, opts.Client, o.GrafanaDir, o.GrafanaRepo, o.GrafanaRef, ght)
+ src, err := cloneOrMount(ctx, opts.Client, o.GrafanaDir, o.GrafanaRepo, o.GrafanaRef, o.GitHubToken)
if err != nil {
return nil, err
}
@@ -172,7 +180,7 @@ func grafanaDirectory(ctx context.Context, opts *pipeline.ArgumentOpts) (any, er
WithFile(".buildinfo.branch", branchFile)
if o.PatchesRepo != "" {
- withPatches, err := applyPatches(ctx, opts.Client, src, o.PatchesRepo, o.PatchesPath, o.PatchesRef, ght)
+ withPatches, err := applyPatches(ctx, opts.Client, src, o.PatchesRepo, o.PatchesPath, o.PatchesRef, o.GitHubToken)
if err != nil {
opts.Log.Debug("patch application skipped", "error", err)
} else {
@@ -209,12 +217,7 @@ func enterpriseDirectory(ctx context.Context, opts *pipeline.ArgumentOpts) (any,
return nil, fmt.Errorf("error initializing grafana directory: %w", err)
}
- ght, err := githubToken(ctx, o.GitHubToken)
- if err != nil {
- return nil, nil
- }
-
- src, err := cloneOrMount(ctx, opts.Client, o.EnterpriseDir, o.EnterpriseRepo, o.EnterpriseRef, ght)
+ src, err := cloneOrMount(ctx, opts.Client, o.EnterpriseDir, o.EnterpriseRepo, o.EnterpriseRef, o.GitHubToken)
if err != nil {
return nil, err
}
diff --git a/pkg/build/daggerbuild/backend/build.go b/pkg/build/daggerbuild/backend/build.go
index 2b55f829838..4b0f69d9fa5 100644
--- a/pkg/build/daggerbuild/backend/build.go
+++ b/pkg/build/daggerbuild/backend/build.go
@@ -33,7 +33,7 @@ func GoLDFlags(flags []LDFlag) string {
// GoBuildCommand returns the arguments for go build to be used in 'WithExec'.
func GoBuildCommand(output string, ldflags []LDFlag, tags []string, main string) []string {
- args := []string{"go", "build", "-v", "-x",
+ args := []string{"go", "build",
fmt.Sprintf("-ldflags=\"%s\"", GoLDFlags(ldflags)),
fmt.Sprintf("-o=%s", output),
"-trimpath",
diff --git a/pkg/build/daggerbuild/backend/builder.go b/pkg/build/daggerbuild/backend/builder.go
index 1bb597348da..b257bd53ad1 100644
--- a/pkg/build/daggerbuild/backend/builder.go
+++ b/pkg/build/daggerbuild/backend/builder.go
@@ -93,14 +93,14 @@ func GolangContainer(
container := golang.Container(d, platform, goVersion).
WithExec([]string{"apk", "add", "--update", "wget", "build-base", "alpine-sdk", "musl", "musl-dev", "xz"}).
- WithExec([]string{"wget", "https://ziglang.org/download/0.11.0/zig-linux-x86_64-0.11.0.tar.xz"}).
+ WithExec([]string{"wget", "https://dl.grafana.com/ci/zig-linux-x86_64-0.11.0.tar.xz"}).
WithExec([]string{"tar", "--strip-components=1", "-C", "/", "-xf", "zig-linux-x86_64-0.11.0.tar.xz"}).
WithExec([]string{"mv", "/zig", "/bin/zig"}).
// Install the toolchain specifically for armv7 until we figure out why it's crashing w/ zig container = container.
WithExec([]string{"mkdir", "/toolchain"}).
- WithExec([]string{"wget", "http://musl.cc/arm-linux-musleabihf-cross.tgz", "-P", "/toolchain"}).
+ WithExec([]string{"wget", "http://dl.grafana.com/ci/arm-linux-musleabihf-cross.tgz", "-P", "/toolchain"}).
WithExec([]string{"tar", "-xvf", "/toolchain/arm-linux-musleabihf-cross.tgz", "-C", "/toolchain"}).
- WithExec([]string{"wget", "https://musl.cc/s390x-linux-musl-cross.tgz", "-P", "/toolchain"}).
+ WithExec([]string{"wget", "https://dl.grafana.com/ci/s390x-linux-musl-cross.tgz", "-P", "/toolchain"}).
WithExec([]string{"tar", "-xvf", "/toolchain/s390x-linux-musl-cross.tgz", "-C", "/toolchain"})
return WithGoEnv(log, container, distro, opts)
diff --git a/pkg/build/daggerbuild/msi/builder.go b/pkg/build/daggerbuild/msi/builder.go
index 3af334c27eb..f55c32703e3 100644
--- a/pkg/build/daggerbuild/msi/builder.go
+++ b/pkg/build/daggerbuild/msi/builder.go
@@ -7,7 +7,7 @@ import (
func Builder(d *dagger.Client) (*dagger.Container, error) {
nssm := d.Container().From("busybox").
- WithExec([]string{"wget", "https://nssm.cc/release/nssm-2.24.zip"}).
+ WithExec([]string{"wget", "https://dl.grafana.com/ci/nssm-2.24.zip"}).
WithExec([]string{"unzip", "nssm-2.24.zip"}).
Directory("nssm-2.24")
diff --git a/public/app/features/commandPalette/ScopesRow.tsx b/public/app/features/commandPalette/ScopesRow.tsx
index ab350f9107d..0f2d9521517 100644
--- a/public/app/features/commandPalette/ScopesRow.tsx
+++ b/public/app/features/commandPalette/ScopesRow.tsx
@@ -26,19 +26,21 @@ export function ScopesRow({ treeScopes, isDirty, apply, toggleNode }: Props) {
Scopes:
- {treeScopes?.map((scope) => {
- return (
- {
- toggleNode(scope);
- }}
- />
- );
- })}
+
+ {treeScopes?.map((scope) => {
+ return (
+ {
+ toggleNode(scope);
+ }}
+ />
+ );
+ })}
+
{isDirty && (