Merge remote-tracking branch 'grafana/main' into karsten/helm-checksum

.drone/drone.yml

@@ -93,14 +93,14 @@ steps:
   depends_on:
   - clone
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: check-drone-drift
 - commands:
   - make BUILD_IN_CONTAINER=false check-generated-files
   depends_on:
   - clone
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: check-generated-files
 - commands:
   - cd ..
@@ -110,7 +110,7 @@ steps:
   depends_on:
   - clone
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: clone-target-branch
   when:
     event:
@@ -121,14 +121,14 @@ steps:
   - clone-target-branch
   - check-generated-files
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: test
 - commands:
   - cd ../loki-target-branch && BUILD_IN_CONTAINER=false make test
   depends_on:
   - clone-target-branch
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: test-target-branch
   when:
     event:
@@ -141,7 +141,7 @@ steps:
   - test
   - test-target-branch
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: compare-coverage
   when:
     event:
@@ -159,7 +159,7 @@ steps:
     TOKEN:
       from_secret: github_token
     USER: grafanabot
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: report-coverage
   when:
     event:
@@ -169,15 +169,15 @@ steps:
   depends_on:
   - check-generated-files
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: lint
 - commands:
   - make BUILD_IN_CONTAINER=false check-mod
   depends_on:
   - test
   - lint
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: check-mod
 - commands:
   - apk add make bash && make lint-scripts
@@ -188,21 +188,21 @@ steps:
   depends_on:
   - check-generated-files
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: loki
 - commands:
   - make BUILD_IN_CONTAINER=false check-doc
   depends_on:
   - loki
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: check-doc
 - commands:
   - make BUILD_IN_CONTAINER=false check-format GIT_TARGET_BRANCH="$DRONE_TARGET_BRANCH"
   depends_on:
   - loki
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: check-format
   when:
     event:
@@ -212,14 +212,14 @@ steps:
   depends_on:
   - loki
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: validate-example-configs
 - commands:
   - make BUILD_IN_CONTAINER=false check-example-config-doc
   depends_on:
   - clone
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: check-example-config-doc
 - commands:
   - mkdir -p /hugo/content/docs/loki/latest
@@ -252,7 +252,7 @@ steps:
   depends_on:
   - clone
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: loki-mixin-check
   when:
     event:
@@ -277,7 +277,7 @@ steps:
   depends_on:
   - clone
   environment: {}
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: documentation-helm-reference-check
 trigger:
   ref:
@@ -1683,15 +1683,15 @@ steps:
     NFPM_SIGNING_KEY:
       from_secret: gpg_private_key
     NFPM_SIGNING_KEY_FILE: /drone/src/private-key.key
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: write-key
 - commands:
   - make BUILD_IN_CONTAINER=false packages
   environment:
     NFPM_PASSPHRASE:
       from_secret: gpg_passphrase
     NFPM_SIGNING_KEY_FILE: /drone/src/private-key.key
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: test packaging
 - commands:
   - ./tools/packaging/verify-deb-install.sh
@@ -1717,7 +1717,7 @@ steps:
     NFPM_PASSPHRASE:
       from_secret: gpg_passphrase
     NFPM_SIGNING_KEY_FILE: /drone/src/private-key.key
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: publish
   when:
     event:
@@ -1752,7 +1752,7 @@ steps:
       from_secret: docker_password
     DOCKER_USERNAME:
       from_secret: docker_username
-  image: grafana/loki-build-image:0.30.1
+  image: grafana/loki-build-image:0.31.2
   name: build and push
   privileged: true
   volumes:
@@ -2017,6 +2017,6 @@ kind: secret
 name: gpg_private_key
 ---
 kind: signature
-hmac: 27257b795645c64fe82deb850f6efdf73fec2e0e2217e86ac52ae6bf434a92b5
+hmac: a68ce0151ff769aa0731f120437450f0d9685c843cb3c5b046d4991f910aadd7
 
 ...

.github/renovate.json

@@ -11,6 +11,14 @@
         "matchBaseBranches": ["release-2.9.x","release-2.8.x"],
         "packagePatterns": ["*"],
         "enabled": false
+      },
+      {
+        "matchFileNames": [ "operator/go.mod" ],
+        "matchPackageNames": [
+          "github.com/grafana/loki",
+          "github.com/grafana/loki/operator/apis/loki"
+        ],
+        "enabled": false
       }
     ],
     "vulnerabilityAlerts": {

.github/workflows/vulnerability-scan.yml

@@ -0,0 +1,90 @@
+name: PR Vulnerability Scan
+on: pull_request
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  snyk:
+    name: Snyk Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/golang@master
+        continue-on-error: true # To make sure that PR comment is made
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: --severity-threshold=high --json-file-output=snyk.json
+
+      - name: Prepare Snyk message
+        run: |
+          echo "Snyk scan found the following vulnerabilities:" > snyk.txt
+
+      - name: Format Snyk Message
+        uses: sergeysova/jq-action@v2
+        continue-on-error: true
+        with:
+          cmd: jq -r  '.vulnerabilities[] | "* **\(.severity)** - [\(.identifiers.CVE[0])] \(.title) in `\(.moduleName)` v\(.version). Fixed in \(.fixedIn)"' snyk.json >> snyk.txt
+
+      - name: Determine whether to comment
+        continue-on-error: true
+        id: should-comment
+        run: |
+          if [[ $(wc -l < snyk.txt) -gt 1 ]]; then exit 0; fi
+          exit 1
+
+      - name: Comment on PR with Snyk scan results
+        uses: mshick/add-pr-comment@v2
+        if: ${{ steps.should-comment.outcome == 'success' }}
+        with:
+          message-id: snyk-${{ github.event.number }}
+          message-path: snyk.txt
+  trivy:
+    name: Trivy Scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build Loki Image
+        run: |
+          IMAGE_TAG="$(./tools/image-tag)"
+          make loki-image
+          echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: "docker.io/grafana/loki:${{ env.IMAGE_TAG }}"
+          format: "json"
+          output: "trivy.json"
+          severity: "CRITICAL,HIGH"
+
+      - name: Prepare Trivy Message
+        run: |
+          echo "Trivy scan found the following vulnerabilities:" > trivy.txt
+
+      - name: Format Trivy Message
+        uses: sergeysova/jq-action@v2
+        continue-on-error: true
+        with:
+          cmd: jq -r '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | "* **\(.Severity)** [\(.Title)](\(.PrimaryURL)) in `\(.PkgName)` v\(.InstalledVersion). Fixed in v\(.FixedVersion)"' trivy.json >> trivy.txt
+
+      - name: Determine whether to comment
+        continue-on-error: true
+        id: should-comment
+        run: |
+          if [[ $(wc -l < trivy.txt) -gt 1 ]]; then exit 0; fi
+          exit 1
+
+      - name: Comment on PR with Trivy scan results
+        uses: mshick/add-pr-comment@v2
+        if: ${{ steps.should-comment.outcome == 'success' }}
+        with:
+          message-id: trivy-${{ github.event.number }}
+          message-path: trivy.txt

.golangci.yml

@@ -79,6 +79,7 @@ linters:
     - goimports
     - gosimple
     - staticcheck
+    - gochecksumtype
   disable:
     - unused
     - unparam
@@ -88,5 +89,8 @@ issues:
     - Error return value of .*log\.Logger\)\.Log\x60 is not checked
     - Error return value of .*.Log.* is not checked
     - Error return value of `` is not checked
-
+  exclude-rules:
+    - path: '(.+)_test\.go'
+      linters:
+        - goconst
   fix: true

CHANGELOG.md

@@ -6,6 +6,7 @@
 
 ##### Enhancements
 
+* [11110](https://github.com/grafana/loki/pull/11003) **MichelHollands**: Change the default of the `metrics-namespace` flag to 'loki'.
 * [11086](https://github.com/grafana/loki/pull/11086) **kandrew5**: Helm: Allow topologySpreadConstraints
 * [11003](https://github.com/grafana/loki/pull/11003) **MichelHollands**: Add the `metrics-namespace` flag to change the namespace of metrics currently using cortex as namespace.
 * [10096](https://github.com/grafana/loki/pull/10096) **aschleck**: Storage: Allow setting a constant prefix for all created keys

Makefile

@@ -37,7 +37,7 @@ DOCKER_IMAGE_DIRS := $(patsubst %/Dockerfile,%,$(DOCKERFILES))
 BUILD_IN_CONTAINER ?= true
 
 # ensure you run `make drone` after changing this
-BUILD_IMAGE_VERSION := 0.30.1
+BUILD_IMAGE_VERSION ?= 0.31.2
 
 # Docker image info
 IMAGE_PREFIX ?= grafana

clients/pkg/logentry/stages/metrics.go

@@ -179,6 +179,7 @@ func (m *metricStage) Name() string {
 }
 
 // recordCounter will update a counter metric
+// nolint:goconst
 func (m *metricStage) recordCounter(name string, counter *metric.Counters, labels model.LabelSet, v interface{}) {
 	// If value matching is defined, make sure value matches.
 	if counter.Cfg.Value != nil {

clients/pkg/logentry/stages/pack_test.go

@@ -1,3 +1,4 @@
+// nolint:goconst
 package stages
 
 import (

cmd/migrate/main.go

@@ -24,6 +24,7 @@ import (
 	"github.com/grafana/loki/pkg/storage/config"
 	"github.com/grafana/loki/pkg/storage/stores/shipper/indexshipper"
 	"github.com/grafana/loki/pkg/util/cfg"
+	"github.com/grafana/loki/pkg/util/constants"
 	util_log "github.com/grafana/loki/pkg/util/log"
 	"github.com/grafana/loki/pkg/validation"
 )
@@ -48,7 +49,7 @@ func main() {
 	batch := flag.Int("batchLen", 500, "Specify how many chunks to read/write in one batch")
 	shardBy := flag.Duration("shardBy", 6*time.Hour, "Break down the total interval into shards of this size, making this too small can lead to syncing a lot of duplicate chunks")
 	parallel := flag.Int("parallel", 8, "How many parallel threads to process each shard")
-	metricsNamespace := flag.String("metrics.namespace", "cortex", "Namespace of the generated metrics")
+	metricsNamespace := flag.String("metrics.namespace", constants.Loki, "Namespace of the generated metrics")
 	flag.Parse()
 
 	go func() {

docs/sources/configure/_index.md

@@ -226,8 +226,9 @@ Pass the `-config.expand-env` flag at the command line to enable this way of set
 [shutdown_delay: <duration> | default = 0s]
 
 # Namespace of the metrics that in previous releases had cortex as namespace.
+# This setting is deprecated and will be removed in the next minor release.
 # CLI flag: -metrics-namespace
-[metrics_namespace: <string> | default = "cortex"]
+[metrics_namespace: <string> | default = "loki"]
 ```
 
 ### server
@@ -4410,7 +4411,7 @@ dynamodb:
 
     # query to fetch ingester queue length
     # CLI flag: -metrics.queue-length-query
-    [queue_length_query: <string> | default = "sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"]
+    [queue_length_query: <string> | default = "sum(avg_over_time(loki_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m])) or sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"]
 
     # query to fetch throttle rates per table
     # CLI flag: -metrics.write-throttle-query

docs/sources/configure/examples/query-frontend.md

@@ -144,7 +144,7 @@ spec:
 
 ### Grafana
 
-Once you've deployed these, point your Grafana datasource to the new frontend service. The service is available within the cluster at `http://query-frontend.<namespace>.svc.cluster.local:3100`.
+Once you've deployed these, point your Grafana data source to the new frontend service. The service is available within the cluster at `http://query-frontend.<namespace>.svc.cluster.local:3100`.
 
 ### GRPC Mode (Pull model)
 

docs/sources/get-started/_index.md

@@ -63,11 +63,11 @@ The write component returns `ready` when you point a web browser at http://local
 ## Use Grafana and the test environment
 
 Use [Grafana](/docs/grafana/latest/) to query and observe the log lines captured in the Loki cluster by navigating a browser to http://localhost:3000.
-The Grafana instance has Loki configured as a [datasource](/docs/grafana/latest/datasources/loki/).
+The Grafana instance has Loki configured as a [data source](/docs/grafana/latest/datasources/loki/).
 
 Click on the Grafana instance's [Explore](/docs/grafana/latest/explore/) icon to bring up the explore pane.
 
-Use the Explore dropdown menu to choose the Loki datasource and bring up the Loki query browser.
+Use the Explore dropdown menu to choose the Loki data source and bring up the Loki query browser.
 
 Try some queries.
 Enter your query into the **Log browser** box, and click on the blue **Run query** button.