From 158502572e8564efded918d6724739356f3778bc Mon Sep 17 00:00:00 2001 From: Dimitris Sotirakis Date: Mon, 19 Dec 2022 18:25:48 +0200 Subject: [PATCH] CI: Add `aws-marketplace` pipeline (#60484) * Add aws marketplace automation # Conflicts: # .drone.yml * Fix secret paths # Conflicts: # .drone.yml * Add docker socket # Conflicts: # .drone.yml # Conflicts: # .drone.yml * s/enterprise2/enterprise * Add dependency on the enterprise docker publish # Conflicts: # .drone.yml * Replace testing args with prod args # Conflicts: # .drone.yml * Fix path # Conflicts: # .drone.yml --- .drone.star | 2 + .drone.yml | 90 +++++++++++++++++++- scripts/drone/pipelines/aws_marketplace.star | 38 +++++++++ scripts/drone/vault.star | 15 ++++ 4 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 scripts/drone/pipelines/aws_marketplace.star diff --git a/.drone.star b/.drone.star index 0d55e51ea10..f5994191a0c 100644 --- a/.drone.star +++ b/.drone.star @@ -23,6 +23,7 @@ load( 'publish_image_pipelines_security', ) load('scripts/drone/pipelines/github.star', 'publish_github_pipeline') +load('scripts/drone/pipelines/aws_marketplace.star', 'publish_aws_marketplace_pipeline') load('scripts/drone/version.star', 'version_branch_pipelines') load('scripts/drone/events/cron.star', 'cronjobs') load('scripts/drone/vault.star', 'secrets') @@ -43,6 +44,7 @@ def main(ctx): + publish_image_pipelines_security() + publish_github_pipeline('public') + publish_github_pipeline('security') + + publish_aws_marketplace_pipeline('public') + publish_artifacts_pipelines('security') + publish_artifacts_pipelines('public') + publish_npm_pipelines() diff --git a/.drone.yml b/.drone.yml index 56f3b2cc8d5..c8485652d46 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4175,6 +4175,76 @@ volumes: path: /var/run/docker.sock name: docker --- +clone: + retries: 3 +depends_on: +- publish-docker-enterprise-public +environment: + EDITION: enterprise2 +image_pull_secrets: +- dockerconfigjson +kind: pipeline +name: publish-aws-marketplace-public +node: + type: no-parallel +platform: + arch: amd64 + os: linux +services: [] +steps: +- commands: + - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd + depends_on: [] + environment: + CGO_ENABLED: 0 + image: golang:1.19.3 + name: compile-build-cmd +- commands: + - ./bin/build artifacts docker fetch --edition enterprise + depends_on: + - compile-build-cmd + environment: + DOCKER_ENTERPRISE2_REPO: + from_secret: docker_enterprise2_repo + DOCKER_PASSWORD: + from_secret: docker_password + DOCKER_USER: + from_secret: docker_username + GCP_KEY: + from_secret: gcp_key + image: google/cloud-sdk + name: fetch-images-enterprise + volumes: + - name: docker + path: /var/run/docker.sock +- commands: + - ./bin/build publish aws --image grafana/grafana-enterprise --repo grafana-labs/grafanaenterprise + --product 422b46fb-bea6-4f27-8bcc-832117bd627e + depends_on: + - fetch-images-enterprise + environment: + AWS_ACCESS_KEY_ID: + from_secret: aws_access_key_id + AWS_REGION: + from_secret: aws_region + AWS_SECRET_ACCESS_KEY: + from_secret: aws_secret_access_key + image: grafana/grafana-ci-deploy:1.3.3 + name: publish-aws-marketplace + volumes: + - name: docker + path: /var/run/docker.sock +trigger: + event: + - promote + target: + - public +type: docker +volumes: +- host: + path: /var/run/docker.sock + name: docker +--- clone: retries: 3 depends_on: [] @@ -6348,7 +6418,25 @@ get: kind: secret name: packages_secret_access_key --- +get: + name: aws_region + path: secret/data/common/aws-marketplace +kind: secret +name: aws_region +--- +get: + name: aws_access_key_id + path: secret/data/common/aws-marketplace +kind: secret +name: aws_access_key_id +--- +get: + name: aws_secret_access_key + path: secret/data/common/aws-marketplace +kind: secret +name: aws_secret_access_key +--- kind: signature -hmac: b4096b73caa8b48e68c564820954e1fb5632a49a91021c30fab1880d8afb96ba +hmac: e3d58aacde14e03c46303c4d707f9b4e7d6e33b92b696b19befd06d6a28cf88a ... diff --git a/scripts/drone/pipelines/aws_marketplace.star b/scripts/drone/pipelines/aws_marketplace.star new file mode 100644 index 00000000000..299bc15b845 --- /dev/null +++ b/scripts/drone/pipelines/aws_marketplace.star @@ -0,0 +1,38 @@ +load( + 'scripts/drone/steps/lib.star', + 'download_grabpl_step', + 'publish_images_step', + 'compile_build_cmd', + 'fetch_images_step', + 'publish_image', +) + +load('scripts/drone/vault.star', 'from_secret') + +load( + 'scripts/drone/utils/utils.star', + 'pipeline', +) + +def publish_aws_marketplace_step(): + return { + 'name': 'publish-aws-marketplace', + 'image': publish_image, + 'commands': ['./bin/build publish aws --image grafana/grafana-enterprise --repo grafana-labs/grafanaenterprise --product 422b46fb-bea6-4f27-8bcc-832117bd627e'], + 'depends_on': ['fetch-images-enterprise'], + 'environment': { + 'AWS_REGION': from_secret('aws_region'), + 'AWS_ACCESS_KEY_ID': from_secret('aws_access_key_id'), + 'AWS_SECRET_ACCESS_KEY': from_secret('aws_secret_access_key'), + }, + 'volumes': [{'name': 'docker', 'path': '/var/run/docker.sock'}], + } + +def publish_aws_marketplace_pipeline(mode): + trigger = { + 'event': ['promote'], + 'target': [mode], + } + return [pipeline( + name='publish-aws-marketplace-{}'.format(mode), trigger=trigger, steps=[compile_build_cmd(), fetch_images_step('enterprise'), publish_aws_marketplace_step()], edition="", depends_on = ['publish-docker-enterprise-public'], environment = {'EDITION': 'enterprise2'} + ),] diff --git a/scripts/drone/vault.star b/scripts/drone/vault.star index e2804f0d879..015009a64ca 100644 --- a/scripts/drone/vault.star +++ b/scripts/drone/vault.star @@ -79,4 +79,19 @@ def secrets(): 'infra/data/ci/packages-publish/bucket-credentials', 'Secret', ), + vault_secret( + 'aws_region', + 'secret/data/common/aws-marketplace', + 'aws_region', + ), + vault_secret( + 'aws_access_key_id', + 'secret/data/common/aws-marketplace', + 'aws_access_key_id', + ), + vault_secret( + 'aws_secret_access_key', + 'secret/data/common/aws-marketplace', + 'aws_secret_access_key', + ), ]