CI: Get Github Token and Docker username/password from Vault (#74555)

CI: Get Docker username/password from Vault
Not Drone secrets

.drone.yml

@@ -541,7 +541,7 @@ steps:
     $${TEST_TAG}
   environment:
     GITHUB_TOKEN:
-      from_secret: github_token_pr
+      from_secret: github_token
     TEST_TAG: v0.0.0-test
   failure: ignore
   image: grafana/build-container:1.7.5
@@ -676,7 +676,7 @@ steps:
       from_secret: azure_tenant
     CYPRESS_CI: "true"
     GITHUB_TOKEN:
-      from_secret: github_token_pr
+      from_secret: github_token
     HOST: grafana-server
   image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
   name: end-to-end-tests-cloud-plugins-suite-azure
@@ -786,9 +786,9 @@ steps:
   - build-docker-images-ubuntu
   environment:
     DOCKER_PASSWORD:
-      from_secret: docker_password_pr
+      from_secret: docker_password
     DOCKER_USER:
-      from_secret: docker_username_pr
+      from_secret: docker_username
     GITHUB_APP_ID:
       from_secret: delivery-bot-app-id
     GITHUB_APP_INSTALLATION_ID:
@@ -1835,7 +1835,7 @@ steps:
       from_secret: azure_tenant
     CYPRESS_CI: "true"
     GITHUB_TOKEN:
-      from_secret: github_token_pr
+      from_secret: github_token
     HOST: grafana-server
   image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
   name: end-to-end-tests-cloud-plugins-suite-azure
@@ -4596,6 +4596,18 @@ get:
 kind: secret
 name: prerelease_bucket
 ---
+get:
+  name: username
+  path: infra/data/ci/grafanaci-docker-hub
+kind: secret
+name: docker_username
+---
+get:
+  name: password
+  path: infra/data/ci/grafanaci-docker-hub
+kind: secret
+name: docker_password
+---
 get:
   name: credentials.json
   path: infra/data/ci/grafana/releng/artifacts-uploader-service-account
@@ -4698,12 +4710,6 @@ get:
 kind: secret
 name: dagger_token
 ---
-get:
-  name: pat
-  path: infra/data/ci/github/grafanabot
-kind: secret
-name: github_token
----
 get:
   name: app-id
   path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
@@ -4729,6 +4735,6 @@ kind: secret
 name: gcr_credentials
 ---
 kind: signature
-hmac: 883d9f0e14f52a0b773040eeb476f3081b8122b34d5c14ad4f81219ceb754299
+hmac: fa64513236ee2677770f4e09ac6ddb06d1b85db22916efb44c1d332c92edf99b
 
 ...

scripts/drone/steps/lib.star

@@ -874,7 +874,7 @@ def cloud_plugins_e2e_tests_step(suite, cloud, trigger = None):
         environment = {
             "CYPRESS_CI": "true",
             "HOST": "grafana-server",
-            "GITHUB_TOKEN": from_secret("github_token_pr"),
+            "GITHUB_TOKEN": from_secret("github_token"),
             "AZURE_SP_APP_ID": from_secret("azure_sp_app_id"),
             "AZURE_SP_PASSWORD": from_secret("azure_sp_app_pw"),
             "AZURE_TENANT": from_secret("azure_tenant"),
@@ -1020,8 +1020,8 @@ def publish_images_step(ver_mode, docker_repo, trigger = None):
 
     if ver_mode == "pr":
         environment = {
-            "DOCKER_USER": from_secret("docker_username_pr"),
-            "DOCKER_PASSWORD": from_secret("docker_password_pr"),
+            "DOCKER_USER": from_secret("docker_username"),
+            "DOCKER_PASSWORD": from_secret("docker_password"),
             "GITHUB_APP_ID": from_secret("delivery-bot-app-id"),
             "GITHUB_APP_INSTALLATION_ID": from_secret("delivery-bot-app-installation-id"),
             "GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"),
@@ -1398,7 +1398,7 @@ def trigger_test_release():
         "name": "trigger-test-release",
         "image": images["build_image"],
         "environment": {
-            "GITHUB_TOKEN": from_secret("github_token_pr"),
+            "GITHUB_TOKEN": from_secret("github_token"),
             "TEST_TAG": "v0.0.0-test",
         },
         "commands": [

scripts/drone/vault.star

@@ -17,6 +17,9 @@ rgm_destination = "destination"
 rgm_github_token = "github_token"
 rgm_dagger_token = "dagger_token"
 
+docker_username = "docker_username"
+docker_password = "docker_password"
+
 npm_token = "npm_token"
 
 def from_secret(secret):
@@ -41,6 +44,8 @@ def secrets():
         vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"),
         vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"),
         vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),
+        vault_secret(docker_username, "infra/data/ci/grafanaci-docker-hub", "username"),
+        vault_secret(docker_password, "infra/data/ci/grafanaci-docker-hub", "password"),
         vault_secret(
             gcp_upload_artifacts_key,
             "infra/data/ci/grafana/releng/artifacts-uploader-service-account",
@@ -127,11 +132,6 @@ def secrets():
             "infra/data/ci/grafana-release-eng/rgm",
             "dagger_token",
         ),
-        vault_secret(
-            rgm_github_token,
-            "infra/data/ci/github/grafanabot",
-            "pat",
-        ),
         # grafana-delivery-bot secrets
         vault_secret(
             "delivery-bot-app-id",