CI: Update secret refs to vault ones; update downstream repo origin (#72515)

Update secret refs to vault ones; update downstream repo origin

.drone.yml

@@ -2416,7 +2416,7 @@ trigger:
     - docs/**
     - latest.json
   repo:
-  - grafana/grafana
+  - grafana/grafana-security-mirror
 type: docker
 volumes:
 - host:
@@ -2597,7 +2597,7 @@ steps:
   - compile-build-cmd
   environment:
     GCP_KEY:
-      from_secret: gcp_key
+      from_secret: gcp_upload_artifacts_key
     PRERELEASE_BUCKET:
       from_secret: prerelease_bucket
   image: grafana/grafana-ci-deploy:1.3.3
@@ -2608,7 +2608,7 @@ steps:
   - compile-build-cmd
   environment:
     GCP_KEY:
-      from_secret: gcp_key
+      from_secret: gcp_upload_artifacts_key
     PRERELEASE_BUCKET:
       from_secret: prerelease_bucket
     STATIC_ASSET_EDITIONS:
@@ -2621,7 +2621,7 @@ steps:
   - compile-build-cmd
   environment:
     GCP_KEY:
-      from_secret: gcp_key
+      from_secret: gcp_upload_artifacts_key
     PRERELEASE_BUCKET:
       from_secret: prerelease_bucket
   image: grafana/grafana-ci-deploy:1.3.3
@@ -2672,7 +2672,7 @@ steps:
   - yarn-install
   environment:
     GCP_KEY:
-      from_secret: gcp_key
+      from_secret: gcp_upload_artifacts_key
     PRERELEASE_BUCKET:
       from_secret: prerelease_bucket
   failure: ignore
@@ -3179,7 +3179,7 @@ steps:
   environment:
     BUCKET: grafana-prerelease
     GCP_KEY:
-      from_secret: gcp_key
+      from_secret: gcp_upload_artifacts_key
   failure: ignore
   image: google/cloud-sdk:431.0.0
   name: gsutil-stat
@@ -4556,6 +4556,6 @@ kind: secret
 name: delivery-bot-app-private-key
 ---
 kind: signature
-hmac: f2b25e9786bc5dd27ea27d7ed8b9b88e001014bbdf5376c38556bafe5043b717
+hmac: 4351462792d68218e3f95264ffa4d5f87d56290b2bbe1ed6d93401d6ca194c34
 
 ...

scripts/drone/events/release.star

@@ -108,7 +108,7 @@ def retrieve_npm_packages_step():
         ],
         "failure": "ignore",
         "environment": {
-            "GCP_KEY": from_secret("gcp_key"),
+            "GCP_KEY": from_secret(gcp_upload_artifacts_key),
             "PRERELEASE_BUCKET": from_secret(prerelease_bucket),
         },
         "commands": ["./bin/build artifacts npm retrieve --tag ${DRONE_TAG}"],
@@ -270,7 +270,7 @@ def publish_artifacts_step():
         "name": "publish-artifacts",
         "image": images["publish_image"],
         "environment": {
-            "GCP_KEY": from_secret("gcp_key"),
+            "GCP_KEY": from_secret(gcp_upload_artifacts_key),
             "PRERELEASE_BUCKET": from_secret("prerelease_bucket"),
         },
         "commands": [
@@ -284,7 +284,7 @@ def publish_static_assets_step():
         "name": "publish-static-assets",
         "image": images["publish_image"],
         "environment": {
-            "GCP_KEY": from_secret("gcp_key"),
+            "GCP_KEY": from_secret(gcp_upload_artifacts_key),
             "PRERELEASE_BUCKET": from_secret("prerelease_bucket"),
             "STATIC_ASSET_EDITIONS": from_secret("static_asset_editions"),
         },
@@ -299,7 +299,7 @@ def publish_storybook_step():
         "name": "publish-storybook",
         "image": images["publish_image"],
         "environment": {
-            "GCP_KEY": from_secret("gcp_key"),
+            "GCP_KEY": from_secret(gcp_upload_artifacts_key),
             "PRERELEASE_BUCKET": from_secret("prerelease_bucket"),
         },
         "commands": [
@@ -438,7 +438,7 @@ def integration_test_pipelines():
 def verify_release_pipeline(
         name = "verify-prerelease-assets",
         bucket = from_secret(prerelease_bucket),
-        gcp_key = from_secret("gcp_key"),
+        gcp_key = from_secret(gcp_upload_artifacts_key),
         version = "${DRONE_TAG}",
         trigger = release_trigger,
         depends_on = [

scripts/drone/pipelines/trigger_downstream.star

@@ -24,7 +24,7 @@ trigger = {
         ],
     },
     "repo": [
-        "grafana/grafana",
+        "grafana/grafana-security-mirror",
     ],
 }