apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

CI: Move npm token to Vault (#73407)

Browse Source
pull/73280/head
Horst Gutmann 2 years ago committed by GitHub
parent 30393459df
commit c86a73c794
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      .drone.yml
  2. 3
      scripts/drone/events/release.star
  3. 3
      scripts/drone/steps/lib.star
  4. 7
      scripts/drone/vault.star

8
.drone.yml
Unescape View File

@ -4449,6 +4449,12 @@ get:
kind: secret kind: secret
name: azure_tenant name: azure_tenant
--- ---
get:
name: token
path: infra/data/ci/grafana-release-eng/npm
kind: secret
name: npm_token
---
get: get:
name: public-key-b64 name: public-key-b64
path: infra/data/ci/packages-publish/gpg path: infra/data/ci/packages-publish/gpg
@ -4540,6 +4546,6 @@ kind: secret
name: delivery-bot-app-private-key name: delivery-bot-app-private-key
--- ---
kind: signature kind: signature
hmac: fe5607d33fe4779ac63a4a77e9bf174afb0d477b0cb89009ed8a55abd733bfe0 hmac: da71a34a4dca17f08a083941cc4f8582abc5c855dca13382a54db96c23ea7e65
... ...

3
scripts/drone/events/release.star
Unescape View File

@ -55,6 +55,7 @@ load(
"scripts/drone/vault.star", "scripts/drone/vault.star",
"from_secret", "from_secret",
"gcp_upload_artifacts_key", "gcp_upload_artifacts_key",
"npm_token",
"prerelease_bucket", "prerelease_bucket",
) )
load( load(
@ -124,7 +125,7 @@ def release_npm_packages_step():
], ],
"failure": "ignore", "failure": "ignore",
"environment": { "environment": {
"NPM_TOKEN": from_secret("npm_token"), "NPM_TOKEN": from_secret(npm_token),
}, },
"commands": ["./bin/build artifacts npm release --tag ${DRONE_TAG}"], "commands": ["./bin/build artifacts npm release --tag ${DRONE_TAG}"],
} }

3
scripts/drone/steps/lib.star
Unescape View File

@ -8,6 +8,7 @@ load(
"gcp_grafanauploads", "gcp_grafanauploads",
"gcp_grafanauploads_base64", "gcp_grafanauploads_base64",
"gcp_upload_artifacts_key", "gcp_upload_artifacts_key",
"npm_token",
"prerelease_bucket", "prerelease_bucket",
) )
load( load(
@ -1139,7 +1140,7 @@ def release_canary_npm_packages_step(trigger = None):
"image": images["build_image"], "image": images["build_image"],
"depends_on": end_to_end_tests_deps(), "depends_on": end_to_end_tests_deps(),
"environment": { "environment": {
"NPM_TOKEN": from_secret("npm_token"), "NPM_TOKEN": from_secret(npm_token),
}, },
"commands": [ "commands": [
"./scripts/publish-npm-packages.sh --dist-tag 'canary' --registry 'https://registry.npmjs.org'", "./scripts/publish-npm-packages.sh --dist-tag 'canary' --registry 'https://registry.npmjs.org'",

7
scripts/drone/vault.star
Unescape View File

@ -17,6 +17,8 @@ rgm_destination = "destination"
rgm_github_token = "github_token" rgm_github_token = "github_token"
rgm_dagger_token = "dagger_token" rgm_dagger_token = "dagger_token"
npm_token = "npm_token"
def from_secret(secret): def from_secret(secret):
return {"from_secret": secret} return {"from_secret": secret}
@ -64,6 +66,11 @@ def secrets():
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials", "infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",
"tenant_id", "tenant_id",
), ),
vault_secret(
npm_token,
"infra/data/ci/grafana-release-eng/npm",
"token",
),
# Package publishing # Package publishing
vault_secret( vault_secret(
"packages_gpg_public_key", "packages_gpg_public_key",

Write Preview
Loading…
Cancel
Save