apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use new GPG key when publishing (#61784)

Browse Source 
The old key is revoked: https://grafana.com/blog/2023/01/12/grafana-labs-update-regarding-circleci-security-updates/
But it's added as a manual Drone repo secret
This switches to the new gpg key that's also used to publish to apt.grafana.com
pull/61738/head
Julien Duchesne 2 years ago committed by GitHub
parent d8273eeb6b
commit be4c969337
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 28 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 50
      .drone.yml
  2. 6
      scripts/drone/steps/lib.star

50
.drone.yml
Unescape View File

@ -1316,11 +1316,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -2034,11 +2034,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -2690,11 +2690,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -3425,11 +3425,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -3675,11 +3675,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -4727,11 +4727,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -5341,11 +5341,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -6061,11 +6061,11 @@ steps:
- build-frontend-packages
environment:
GPG_KEY_PASSWORD:
from_secret: gpg_key_password
from_secret: packages_gpg_passphrase
GPG_PRIV_KEY:
from_secret: gpg_priv_key
from_secret: packages_gpg_private_key
GPG_PUB_KEY:
from_secret: gpg_pub_key
from_secret: packages_gpg_public_key
GRAFANA_API_KEY:
from_secret: grafana_api_key
image: grafana/build-container:1.6.6
@ -6439,6 +6439,6 @@ kind: secret
name: aws_secret_access_key
---
kind: signature
hmac: 64942ed50326b912df092e639ce480eb1a0438947c7f3df4fbf126655e5e9c3e
hmac: b00c47739d5af79f368c649765e1ac22d89ef4e4539166ad54650642ffc163e0
...

6
scripts/drone/steps/lib.star
Unescape View File

@ -644,9 +644,9 @@ def package_step(edition, ver_mode, variants=None):
sign_args = ' --sign'
env = {
'GRAFANA_API_KEY': from_secret('grafana_api_key'),
'GPG_PRIV_KEY': from_secret('gpg_priv_key'),
'GPG_PUB_KEY': from_secret('gpg_pub_key'),
'GPG_KEY_PASSWORD': from_secret('gpg_key_password'),
'GPG_PRIV_KEY': from_secret('packages_gpg_private_key'),
'GPG_PUB_KEY': from_secret('packages_gpg_public_key'),
'GPG_KEY_PASSWORD': from_secret('packages_gpg_passphrase'),
}
test_args = ''
else:

Write Preview
Loading…
Cancel
Save