feat(grafana): add grafana

[netanelC]

No description provided.

[mapcolonies-devops]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	1		0	0	0.12s
❌ ACTION	zizmor	1		1	0	0.37s
✅ COPYPASTE	jscpd	yes		no	no	1.68s
✅ DOCKERFILE	hadolint	1		0	0	0.22s
✅ JSON	jsonlint	1		0	0	0.13s
✅ JSON	npm-package-json-lint	yes		no	no	0.55s
✅ JSON	prettier	1		0	0	0.74s
✅ MARKDOWN	markdownlint	1		0	0	0.59s
✅ MARKDOWN	markdown-table-formatter	1		0	0	0.25s
✅ REPOSITORY	checkov	yes		no	no	25.71s
✅ REPOSITORY	gitleaks	yes		no	no	0.25s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	51.23s
❌ REPOSITORY	osv-scanner	yes		16	no	4.33s
✅ REPOSITORY	secretlint	yes		no	no	1.09s
✅ REPOSITORY	syft	yes		no	no	2.85s
✅ REPOSITORY	trivy	yes		no	no	14.96s
✅ REPOSITORY	trivy-sbom	yes		no	no	2.46s
✅ REPOSITORY	trufflehog	yes		no	no	13.09s
✅ SPELL	lychee	4		0	0	0.36s
✅ YAML	prettier	2		0	0	0.35s
✅ YAML	v8r	2		0	0	3.51s
✅ YAML	yamllint	2		0	0	0.47s

Detailed Issues

❌ REPOSITORY / osv-scanner - 16 errors

Scanning dir .
Starting filesystem walk for root: /
Scanned package-lock.json file and found 461 packages
Scanned images/elastic-alertmanager-connector/requirements.txt file and found 4 packages
Scanned images/scaler/requirements.txt file and found 1 package
End status: 29 dirs visited, 121 inodes visited, 3 Extract calls, 16.641086ms elapsed, 16.641216ms wall time

Total 4 packages affected by 16 known vulnerabilities (0 Critical, 8 High, 8 Medium, 0 Low, 0 Unknown) from 2 ecosystems.
16 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+----------------+---------+---------------+--------------------------------------------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE        | VERSION | FIXED VERSION | SOURCE                                                 |
+-------------------------------------+------+-----------+----------------+---------+---------------+--------------------------------------------------------+
| https://osv.dev/PYSEC-2023-192      | 8.1  | PyPI      | urllib3        | 1.26.9  | 1.26.17       | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/GHSA-v845-jxx5-vc9f |      |           |                |         |               |                                                        |
| https://osv.dev/PYSEC-2023-212      | 5.7  | PyPI      | urllib3        | 1.26.9  | 1.26.18       | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/GHSA-g4mx-q9vg-27p4 |      |           |                |         |               |                                                        |
| https://osv.dev/GHSA-2xpw-w6gg-jr37 | 8.9  | PyPI      | urllib3        | 1.26.9  | 2.6.0         | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/GHSA-34jh-p97f-mpxf | 4.4  | PyPI      | urllib3        | 1.26.9  | 1.26.19       | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/GHSA-38jv-5279-wg99 | 8.9  | PyPI      | urllib3        | 1.26.9  | 2.6.3         | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/GHSA-gm62-xv2j-4w53 | 8.9  | PyPI      | urllib3        | 1.26.9  | 2.6.0         | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/GHSA-pq67-6m6q-mj2v | 5.3  | PyPI      | urllib3        | 1.26.9  | 2.5.0         | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/GHSA-qccp-gfcp-xxvc | 8.2  | PyPI      | urllib3        | 1.26.9  | 2.7.0         | images/elastic-alertmanager-connector/requirements.txt |
| https://osv.dev/PYSEC-2018-28       | 7.5  | PyPI      | requests       | 2.9.2   | 2.20.0        | images/scaler/requirements.txt                         |
| https://osv.dev/GHSA-x84v-xcm2-53pg |      |           |                |         |               |                                                        |
| https://osv.dev/PYSEC-2023-74       | 6.1  | PyPI      | requests       | 2.9.2   | 2.31.0        | images/scaler/requirements.txt                         |
| https://osv.dev/GHSA-j8r2-6x86-q33q |      |           |                |         |               |                                                        |
| https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3  | PyPI      | requests       | 2.9.2   | 2.32.4        | images/scaler/requirements.txt                         |
| https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6  | PyPI      | requests       | 2.9.2   | 2.32.0        | images/scaler/requirements.txt                         |
| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4  | PyPI      | requests       | 2.9.2   | 2.33.0        | images/scaler/requirements.txt                         |
| https://osv.dev/GHSA-q3j6-qgpj-74h6 | 7.5  | npm       | fast-uri (dev) | 3.1.0   | 3.1.1         | package-lock.json                                      |
| https://osv.dev/GHSA-v39h-62p7-jpjc | 7.5  | npm       | fast-uri (dev) | 3.1.0   | 3.1.2         | package-lock.json                                      |
| https://osv.dev/GHSA-w5hq-g745-h8pq | 6.3  | npm       | uuid (dev)     | 13.0.0  | 13.0.1        | package-lock.json                                      |
+-------------------------------------+------+-----------+----------------+---------+---------------+--------------------------------------------------------+

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/pr-checks.yaml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	1		0	0	0.11s
✅ ACTION	zizmor	1		0	0	0.98s
✅ COPYPASTE	jscpd	yes		no	no	1.79s
✅ DOCKERFILE	hadolint	1		0	0	0.16s
✅ JSON	jsonlint	6		0	0	0.11s
✅ JSON	npm-package-json-lint	yes		no	no	0.44s
✅ JSON	prettier	6		0	0	0.45s
✅ MARKDOWN	markdownlint	1		0	0	0.49s
✅ MARKDOWN	markdown-table-formatter	1		0	0	0.22s
✅ REPOSITORY	checkov	yes		no	no	22.42s
✅ REPOSITORY	gitleaks	yes		no	no	0.34s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	46.7s
✅ REPOSITORY	secretlint	yes		no	no	1.15s
✅ REPOSITORY	syft	yes		no	no	2.39s
✅ REPOSITORY	trivy	yes		no	no	13.4s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.48s
✅ REPOSITORY	trufflehog	yes		no	no	5.47s
✅ SPELL	lychee	10		0	0	0.99s
✅ YAML	prettier	3		0	0	1.24s
✅ YAML	v8r	3		0	0	6.12s
✅ YAML	yamllint	3		0	0	0.45s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

[ronenkapelian]

1. you didnt add it to release please config
   .release-please-manifest.json & release-please-config.json

[ronenkapelian]

seems that /opt will not work, did you check it?

https://grafana.com/docs/grafana/latest/setup-grafana/configure-docker/#default-paths:~:text=grafana%2Ddev.-,Default%20paths,-Grafana%20comes%20with

[netanelC]

Keeping it with the default value removed the existing plugins I installed from the Docker and started all from the default plugins. Only customizing the plugins dir allowed me to deploy Grafana with the desired plugins

[ronenkapelian]

Without -f / --fail, curl returns exit code 0 on HTTP 4xx/5xx. A deleted or mis-typed plugin version would produce an empty or HTML error-page zip, unzip would either fail or silently extract garbage, and the build would succeed with broken plugins. Adding -f makes curl fail immediately on server errors.

curl -fL -o```

[netanelC]

Thanks, added.
Next time, feel free to make a suggestion instead. That way I can easily just apply it :)