Skip to content

chore: auto-audit hygiene fixes#759

Open
itsmylife wants to merge 7 commits into
mainfrom
chore/auto-audit
Open

chore: auto-audit hygiene fixes#759
itsmylife wants to merge 7 commits into
mainfrom
chore/auto-audit

Conversation

@itsmylife
Copy link
Copy Markdown
Contributor

@itsmylife itsmylife commented May 28, 2026

Automated repo hygiene audit. This branch applies the following standard changes:

  • Apply npx @grafana/create-plugin@latest update (separate commit).
  • Set engines in package.json to node >=24 (and npm >=11.15.0 for npm-based repos), across every package.json outside node_modules.
  • Bump go.mod go (and toolchain if present) to 1.26.3.
  • Set packageManager to yarn@4.15.0.
  • Replace .yarnrc.yml with the standard template (enableScripts: false, npmMinimalAgeGate: 4320, etc.).

Notes

  • All commits are SSH-signed.
  • Audit was applied uniformly across ~70 Grafana data-source / library repos. See the audit driver (run locally) for the full ruleset.
  • Please skim the diff before merging.

itsmylife added 2 commits May 28, 2026 17:36
@itsmylife
chore: auto-audit fixes
c3dd3bc 
Apply repo hygiene audit:
- ensure plugin-ci-workflows ci.yml/cd.yml pinned at @ci-cd-workflows/v8.0.1
- ensure .npmrc / .yarnrc.yml match standard template
- ensure package.json engines (node >=24, npm >=11.15.0 if npm)
- ensure go.mod go directive at >= 1.26.3 (plugins only)
@itsmylife
chore: npx @grafana/create-plugin@latest update
0c2d4a1
@itsmylife itsmylife requested a review from a team as a code owner May 28, 2026 20:55
@github-project-automation github-project-automation Bot moved this to Backlog in OSS Big Tent May 28, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 28, 2026
edited
Loading

TruffleHog Scan Results

Summary: Found 1 potential secrets (0 verified, 1 unverified)

  • Possible secret (Gitlab) at .yarn/releases/yarn-4.15.0.cjs:711npmP***ance

Review: Check if unverified secrets are false positives.

Ignoring False Positives:
To mark a false positive, add # trufflehog:ignore as an inline comment on the same line as the detected secret:

my_fake_secret = "AKIAIOSFODNN7EXAMPLE"  # trufflehog:ignore

This works for files that support line numbers (most source files). After adding the comment, push your changes and the scan will re-run.

@itsmylife
chore: pin .nvmrc to 24.15.0 and regenerate yarn.lock for yarn 4.15.0
48296f5 
yarn@4.15.0 uses lockfile format v10; regenerate so the immutable
install in CI no longer fails with YN0028. Pin node to 24.15.0.
aangelisc
aangelisc reviewed May 29, 2026
View reviewed changes
Comment thread .config/.cprc.json Outdated
@iwysiu iwysiu requested a review from aangelisc May 29, 2026 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aangelisc aangelisc Awaiting requested review from aangelisc

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

OSS Big Tent
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@itsmylife @aangelisc @iwysiu