From 9bbed3484ac2d40025354d4cf48299c2db71e380 Mon Sep 17 00:00:00 2001 From: Jev Forsberg <46619047+baldm0mma@users.noreply.github.com> Date: Mon, 2 Dec 2024 11:58:17 -0700 Subject: [PATCH] [v10.4.x] Chore: Remove verification steps for deb/rpm in drone (#97299) Chore: Remove verification steps for deb/rpm in drone (#96991) remove verification steps for deb/rpm in drone (cherry picked from commit feeb2c6ce0ccbf3574717d1485538d1d248cab60) Co-authored-by: Serge Zaitsev --- .drone.yml | 231 +----------------------------- scripts/drone/events/release.star | 15 -- scripts/drone/steps/lib.star | 88 ------------ 3 files changed, 1 insertion(+), 333 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9aafb5b655f..5793da87cf8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3128,132 +3128,6 @@ volumes: path: /var/run/docker.sock name: docker --- -clone: - retries: 3 -depends_on: [] -image_pull_secrets: -- gcr -- gar -kind: pipeline -name: verify-linux-packages -node: - type: no-parallel -platform: - arch: amd64 - os: linux -services: [] -steps: -- commands: - - export version=$(echo ${TAG} | sed -e "s/+security-/-/g") - - 'echo "Step 1: Updating package lists..."' - - apt-get update >/dev/null 2>&1 - - 'echo "Step 2: Installing prerequisites..."' - - DEBIAN_FRONTEND=noninteractive apt-get install -yq apt-transport-https software-properties-common - wget >/dev/null 2>&1 - - 'echo "Step 3: Adding Grafana GPG key..."' - - mkdir -p /etc/apt/keyrings/ - - wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg - > /dev/null - - 'echo "Step 4: Adding Grafana repository..."' - - echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable - main" | tee -a /etc/apt/sources.list.d/grafana.list - - 'echo "Step 5: Installing Grafana..."' - - for i in $(seq 1 60); do - - ' if apt-get update >/dev/null 2>&1 && DEBIAN_FRONTEND=noninteractive apt-get - install -yq grafana=$version >/dev/null 2>&1; then' - - ' echo "Command succeeded on attempt $i"' - - ' break' - - ' else' - - ' echo "Attempt $i failed"' - - ' if [ $i -eq 60 ]; then' - - ' echo ''All attempts failed''' - - ' exit 1' - - ' fi' - - ' echo "Waiting 30 seconds before next attempt..."' - - ' sleep 30' - - ' fi' - - done - - 'echo "Step 6: Verifying Grafana installation..."' - - 'if dpkg -s grafana | grep -q "Version: $version"; then' - - ' echo "Successfully verified Grafana version $version"' - - else - - ' echo "Failed to verify Grafana version $version"' - - ' exit 1' - - fi - - echo "Verification complete." - depends_on: [] - environment: {} - image: ubuntu:22.04 - name: verify-linux-DEB-packages -- commands: - - 'echo "Step 1: Updating package lists..."' - - dnf check-update -y >/dev/null 2>&1 || true - - 'echo "Step 2: Installing prerequisites..."' - - dnf install -y dnf-utils >/dev/null 2>&1 - - 'echo "Step 3: Adding Grafana GPG key..."' - - rpm --import https://rpm.grafana.com/gpg.key - - 'echo "Step 4: Configuring Grafana repository..."' - - |- - echo -e '[grafana] - name=grafana - baseurl=https://rpm.grafana.com - repo_gpgcheck=0 - enabled=1 - gpgcheck=0 - gpgkey=https://rpm.grafana.com/gpg.key - sslverify=1 - sslcacert=/etc/pki/tls/certs/ca-bundle.crt - ' > /etc/yum.repos.d/grafana.repo - - 'echo "Step 5: Checking RPM repository..."' - - export version=$(echo "${TAG}" | sed -e "s/+security-/^security_/g") - - dnf list available grafana-$version - - if [ $? -eq 0 ]; then - - ' echo "Grafana package found in repository. Installing from repo..."' - - for i in $(seq 1 60); do - - ' if dnf install -y --nogpgcheck grafana-$version >/dev/null 2>&1; then' - - ' echo "Command succeeded on attempt $i"' - - ' break' - - ' else' - - ' echo "Attempt $i failed"' - - ' if [ $i -eq 60 ]; then' - - ' echo ''All attempts failed''' - - ' exit 1' - - ' fi' - - ' echo "Waiting 30 seconds before next attempt..."' - - ' sleep 30' - - ' fi' - - done - - ' echo "Verifying GPG key..."' - - ' rpm --import https://rpm.grafana.com/gpg.key' - - ' rpm -qa gpg-pubkey* | xargs rpm -qi | grep -i grafana' - - else - - ' echo "Grafana package version $version not found in repository."' - - ' dnf repolist' - - ' dnf list available grafana*' - - ' exit 1' - - fi - - 'echo "Step 6: Verifying Grafana installation..."' - - if rpm -q grafana | grep -q "$verison"; then - - ' echo "Successfully verified Grafana version $version"' - - else - - ' echo "Failed to verify Grafana version $version"' - - ' exit 1' - - fi - - echo "Verification complete." - depends_on: [] - environment: {} - image: rockylinux:9 - name: verify-linux-RPM-packages -trigger: - event: - - promote - target: verify-linux-packages -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- clone: retries: 3 depends_on: @@ -3322,109 +3196,6 @@ steps: service_account_json: from_secret: packages_service_account target_bucket: grafana-packages -- commands: - - export version=$(echo ${TAG} | sed -e "s/+security-/-/g") - - 'echo "Step 1: Updating package lists..."' - - apt-get update >/dev/null 2>&1 - - 'echo "Step 2: Installing prerequisites..."' - - DEBIAN_FRONTEND=noninteractive apt-get install -yq apt-transport-https software-properties-common - wget >/dev/null 2>&1 - - 'echo "Step 3: Adding Grafana GPG key..."' - - mkdir -p /etc/apt/keyrings/ - - wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg - > /dev/null - - 'echo "Step 4: Adding Grafana repository..."' - - echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable - main" | tee -a /etc/apt/sources.list.d/grafana.list - - 'echo "Step 5: Installing Grafana..."' - - for i in $(seq 1 60); do - - ' if apt-get update >/dev/null 2>&1 && DEBIAN_FRONTEND=noninteractive apt-get - install -yq grafana=$version >/dev/null 2>&1; then' - - ' echo "Command succeeded on attempt $i"' - - ' break' - - ' else' - - ' echo "Attempt $i failed"' - - ' if [ $i -eq 60 ]; then' - - ' echo ''All attempts failed''' - - ' exit 1' - - ' fi' - - ' echo "Waiting 30 seconds before next attempt..."' - - ' sleep 30' - - ' fi' - - done - - 'echo "Step 6: Verifying Grafana installation..."' - - 'if dpkg -s grafana | grep -q "Version: $version"; then' - - ' echo "Successfully verified Grafana version $version"' - - else - - ' echo "Failed to verify Grafana version $version"' - - ' exit 1' - - fi - - echo "Verification complete." - depends_on: - - publish-linux-packages-deb - environment: {} - image: ubuntu:22.04 - name: verify-linux-DEB-packages -- commands: - - 'echo "Step 1: Updating package lists..."' - - dnf check-update -y >/dev/null 2>&1 || true - - 'echo "Step 2: Installing prerequisites..."' - - dnf install -y dnf-utils >/dev/null 2>&1 - - 'echo "Step 3: Adding Grafana GPG key..."' - - rpm --import https://rpm.grafana.com/gpg.key - - 'echo "Step 4: Configuring Grafana repository..."' - - |- - echo -e '[grafana] - name=grafana - baseurl=https://rpm.grafana.com - repo_gpgcheck=0 - enabled=1 - gpgcheck=0 - gpgkey=https://rpm.grafana.com/gpg.key - sslverify=1 - sslcacert=/etc/pki/tls/certs/ca-bundle.crt - ' > /etc/yum.repos.d/grafana.repo - - 'echo "Step 5: Checking RPM repository..."' - - export version=$(echo "${TAG}" | sed -e "s/+security-/^security_/g") - - dnf list available grafana-$version - - if [ $? -eq 0 ]; then - - ' echo "Grafana package found in repository. Installing from repo..."' - - for i in $(seq 1 60); do - - ' if dnf install -y --nogpgcheck grafana-$version >/dev/null 2>&1; then' - - ' echo "Command succeeded on attempt $i"' - - ' break' - - ' else' - - ' echo "Attempt $i failed"' - - ' if [ $i -eq 60 ]; then' - - ' echo ''All attempts failed''' - - ' exit 1' - - ' fi' - - ' echo "Waiting 30 seconds before next attempt..."' - - ' sleep 30' - - ' fi' - - done - - ' echo "Verifying GPG key..."' - - ' rpm --import https://rpm.grafana.com/gpg.key' - - ' rpm -qa gpg-pubkey* | xargs rpm -qi | grep -i grafana' - - else - - ' echo "Grafana package version $version not found in repository."' - - ' dnf repolist' - - ' dnf list available grafana*' - - ' exit 1' - - fi - - 'echo "Step 6: Verifying Grafana installation..."' - - if rpm -q grafana | grep -q "$verison"; then - - ' echo "Successfully verified Grafana version $version"' - - else - - ' echo "Failed to verify Grafana version $version"' - - ' exit 1' - - fi - - echo "Verification complete." - depends_on: - - publish-linux-packages-rpm - environment: {} - image: rockylinux:9 - name: verify-linux-RPM-packages - commands: - ./bin/build publish grafana-com --edition oss ${DRONE_TAG} depends_on: @@ -5126,6 +4897,6 @@ kind: secret name: gcr_credentials --- kind: signature -hmac: d5afbd3e3107644d41932a47ef3722072b03617f16c2d41550faacf50107fe1a +hmac: 9ade54c2059751aae400f8b1a7ad1a4699205c49d3e4e349fd8168fad5b0df6b ... diff --git a/scripts/drone/events/release.star b/scripts/drone/events/release.star index b3faaefa2a7..f02e71adb11 100644 --- a/scripts/drone/events/release.star +++ b/scripts/drone/events/release.star @@ -28,8 +28,6 @@ load( "verify_gen_cue_step", "verify_gen_jsonnet_step", "verify_grafanacom_step", - "verify_linux_DEB_packages_step", - "verify_linux_RPM_packages_step", "wire_install_step", "yarn_install_step", ) @@ -195,8 +193,6 @@ def publish_packages_pipeline(): compile_build_cmd(), publish_linux_packages_step(package_manager = "deb"), publish_linux_packages_step(package_manager = "rpm"), - verify_linux_DEB_packages_step(depends_on = ["publish-linux-packages-deb"]), - verify_linux_RPM_packages_step(depends_on = ["publish-linux-packages-rpm"]), publish_grafanacom_step(ver_mode = "release"), verify_grafanacom_step(), ] @@ -217,17 +213,6 @@ def publish_packages_pipeline(): verify_grafanacom_step(depends_on = []), ], ), - pipeline( - name = "verify-linux-packages", - trigger = { - "event": ["promote"], - "target": "verify-linux-packages", - }, - steps = [ - verify_linux_DEB_packages_step(), - verify_linux_RPM_packages_step(), - ], - ), pipeline( name = "publish-packages", trigger = trigger, diff --git a/scripts/drone/steps/lib.star b/scripts/drone/steps/lib.star index 44d5b93143d..4f32559d9eb 100644 --- a/scripts/drone/steps/lib.star +++ b/scripts/drone/steps/lib.star @@ -1235,94 +1235,6 @@ def retry_command(command, attempts = 60, delay = 30): "done", ] -def verify_linux_DEB_packages_step(depends_on = []): - install_command = "apt-get update >/dev/null 2>&1 && DEBIAN_FRONTEND=noninteractive apt-get install -yq grafana=$version >/dev/null 2>&1" - - return { - "name": "verify-linux-DEB-packages", - "image": images["ubuntu"], - "environment": {}, - "commands": [ - 'export version=$(echo ${TAG} | sed -e "s/+security-/-/g")', - 'echo "Step 1: Updating package lists..."', - "apt-get update >/dev/null 2>&1", - 'echo "Step 2: Installing prerequisites..."', - "DEBIAN_FRONTEND=noninteractive apt-get install -yq apt-transport-https software-properties-common wget >/dev/null 2>&1", - 'echo "Step 3: Adding Grafana GPG key..."', - "mkdir -p /etc/apt/keyrings/", - "wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg > /dev/null", - 'echo "Step 4: Adding Grafana repository..."', - 'echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list', - 'echo "Step 5: Installing Grafana..."', - # The packages take a bit of time to propogate within the repo. This retry will check their availability within 10 minutes. - ] + retry_command(install_command) + [ - 'echo "Step 6: Verifying Grafana installation..."', - 'if dpkg -s grafana | grep -q "Version: $version"; then', - ' echo "Successfully verified Grafana version $version"', - "else", - ' echo "Failed to verify Grafana version $version"', - " exit 1", - "fi", - 'echo "Verification complete."', - ], - "depends_on": depends_on, - } - -def verify_linux_RPM_packages_step(depends_on = []): - repo_config = ( - "[grafana]\n" + - "name=grafana\n" + - "baseurl=https://rpm.grafana.com\n" + - "repo_gpgcheck=0\n" + # Change this to 0 - "enabled=1\n" + - "gpgcheck=0\n" + # Change this to 0 - "gpgkey=https://rpm.grafana.com/gpg.key\n" + - "sslverify=1\n" + - "sslcacert=/etc/pki/tls/certs/ca-bundle.crt\n" - ) - - install_command = "dnf install -y --nogpgcheck grafana-$version >/dev/null 2>&1" - - return { - "name": "verify-linux-RPM-packages", - "image": images["rocky"], - "environment": {}, - "commands": [ - 'echo "Step 1: Updating package lists..."', - "dnf check-update -y >/dev/null 2>&1 || true", - 'echo "Step 2: Installing prerequisites..."', - "dnf install -y dnf-utils >/dev/null 2>&1", - 'echo "Step 3: Adding Grafana GPG key..."', - "rpm --import https://rpm.grafana.com/gpg.key", - 'echo "Step 4: Configuring Grafana repository..."', - "echo -e '" + repo_config + "' > /etc/yum.repos.d/grafana.repo", - 'echo "Step 5: Checking RPM repository..."', - 'export version=$(echo "${TAG}" | sed -e "s/+security-/^security_/g")', - "dnf list available grafana-$version", - "if [ $? -eq 0 ]; then", - ' echo "Grafana package found in repository. Installing from repo..."', - ] + retry_command(install_command) + [ - ' echo "Verifying GPG key..."', - " rpm --import https://rpm.grafana.com/gpg.key", - " rpm -qa gpg-pubkey* | xargs rpm -qi | grep -i grafana", - "else", - ' echo "Grafana package version $version not found in repository."', - " dnf repolist", - " dnf list available grafana*", - " exit 1", - "fi", - 'echo "Step 6: Verifying Grafana installation..."', - 'if rpm -q grafana | grep -q "$verison"; then', - ' echo "Successfully verified Grafana version $version"', - "else", - ' echo "Failed to verify Grafana version $version"', - " exit 1", - "fi", - 'echo "Verification complete."', - ], - "depends_on": depends_on, - } - def verify_gen_cue_step(): return { "name": "verify-gen-cue",