apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

CI: move `grafana-delivery-bot` path in Drone (#104886)

Browse Source 
* move delivery bot creds to vault

* format-drone
pull/104843/head^2
Kevin Minehart 2 months ago committed by GitHub
parent 0f93e02ae6
commit ec35e861e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 17 additions and 48 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 42
      .drone.yml
  2. 8
      scripts/drone/steps/lib.star
  3. 15
      scripts/drone/vault.star

42
.drone.yml
Unescape View File

@ -520,10 +520,8 @@ steps:
from_secret: docker_password from_secret: docker_password
DOCKER_USER: DOCKER_USER:
from_secret: docker_username from_secret: docker_username
GITHUB_APP_ID: GITHUB_APP_ID: "329617"
from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY: GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key from_secret: delivery-bot-app-private-key
failure: ignore failure: ignore
@ -1808,10 +1806,8 @@ steps:
from_secret: docker_username from_secret: docker_username
GCP_KEY: GCP_KEY:
from_secret: gcp_grafanauploads from_secret: gcp_grafanauploads
GITHUB_APP_ID: GITHUB_APP_ID: "329617"
from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY: GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0 image: google/cloud-sdk:431.0.0
@ -2112,10 +2108,8 @@ steps:
from_secret: docker_username from_secret: docker_username
GCP_KEY: GCP_KEY:
from_secret: gcp_grafanauploads from_secret: gcp_grafanauploads
GITHUB_APP_ID: GITHUB_APP_ID: "329617"
from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY: GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0 image: google/cloud-sdk:431.0.0
@ -3110,10 +3104,8 @@ steps:
from_secret: docker_username from_secret: docker_username
GCP_KEY: GCP_KEY:
from_secret: gcp_grafanauploads from_secret: gcp_grafanauploads
GITHUB_APP_ID: GITHUB_APP_ID: "329617"
from_secret: delivery-bot-app-id GITHUB_APP_INSTALLATION_ID: "37346161"
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY: GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key from_secret: delivery-bot-app-private-key
image: google/cloud-sdk:431.0.0 image: google/cloud-sdk:431.0.0
@ -5186,20 +5178,8 @@ kind: secret
name: dagger_token name: dagger_token
--- ---
get: get:
name: app-id name: PRIVATE_KEY
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot path: ci/data/repo/grafana/grafana/delivery-bot-app
kind: secret
name: delivery-bot-app-id
---
get:
name: app-installation-id
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-installation-id
---
get:
name: app-private-key
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret kind: secret
name: delivery-bot-app-private-key name: delivery-bot-app-private-key
--- ---
@ -5210,6 +5190,6 @@ kind: secret
name: gcr_credentials name: gcr_credentials
--- ---
kind: signature kind: signature
hmac: 38513409bb4d2834e2140e41a9873c81052683ad8d9c86f3136060c44d099b6f hmac: 42a35cb0c3a5f320e6bdf3d6727539fb3895832506964ae055907a751c91ab8e
... ...

8
scripts/drone/steps/lib.star
Unescape View File

@ -976,8 +976,8 @@ def publish_images_step(ver_mode, docker_repo, trigger = None, depends_on = ["rg
"GCP_KEY": from_secret(gcp_grafanauploads), "GCP_KEY": from_secret(gcp_grafanauploads),
"DOCKER_USER": from_secret("docker_username"), "DOCKER_USER": from_secret("docker_username"),
"DOCKER_PASSWORD": from_secret("docker_password"), "DOCKER_PASSWORD": from_secret("docker_password"),
"GITHUB_APP_ID": from_secret("delivery-bot-app-id"), "GITHUB_APP_ID": "329617",
"GITHUB_APP_INSTALLATION_ID": from_secret("delivery-bot-app-installation-id"), "GITHUB_APP_INSTALLATION_ID": "37346161",
"GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"), "GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"),
} }
@ -994,8 +994,8 @@ def publish_images_step(ver_mode, docker_repo, trigger = None, depends_on = ["rg
environment = { environment = {
"DOCKER_USER": from_secret("docker_username"), "DOCKER_USER": from_secret("docker_username"),
"DOCKER_PASSWORD": from_secret("docker_password"), "DOCKER_PASSWORD": from_secret("docker_password"),
"GITHUB_APP_ID": from_secret("delivery-bot-app-id"), "GITHUB_APP_ID": "329617",
"GITHUB_APP_INSTALLATION_ID": from_secret("delivery-bot-app-installation-id"), "GITHUB_APP_INSTALLATION_ID": "37346161",
"GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"), "GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"),
} }

15
scripts/drone/vault.star
Unescape View File

@ -153,21 +153,10 @@ def secrets():
"infra/data/ci/grafana-release-eng/rgm", "infra/data/ci/grafana-release-eng/rgm",
"dagger_token", "dagger_token",
), ),
# grafana-delivery-bot secrets
vault_secret(
"delivery-bot-app-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-id",
),
vault_secret(
"delivery-bot-app-installation-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-installation-id",
),
vault_secret( vault_secret(
"delivery-bot-app-private-key", "delivery-bot-app-private-key",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot", "ci/data/repo/grafana/grafana/delivery-bot-app",
"app-private-key", "PRIVATE_KEY",
), ),
vault_secret( vault_secret(
"gcr_credentials", "gcr_credentials",

Write Preview
Loading…
Cancel
Save