Drone: Retrieve the machine-user from a Vault secret (#35489)

This will remove the need to use a Drone repository secret
This commit is contained in:
Javier Palomo 2021-06-10 12:22:03 +02:00 committed by GitHub
parent a07c53b671
commit 074c07b347
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 3 deletions

View File

@ -3493,4 +3493,12 @@ get:
path: infra/data/ci/github/grafanabot
name: pat
---
kind: secret
name: drone_token
get:
path: infra/data/ci/drone
name: machine-user-token
...

View File

@ -1,4 +1,4 @@
load('scripts/vault.star', 'from_secret', 'github_token', 'pull_secret')
load('scripts/vault.star', 'from_secret', 'github_token', 'pull_secret', 'drone_token')
grabpl_version = '2.0.0'
build_image = 'grafana/build-container:1.4.1'
@ -193,7 +193,7 @@ def enterprise_downstream_step(edition):
'image': 'grafana/drone-downstream',
'settings': {
'server': 'https://drone.grafana.net',
'token': from_secret('drone_token'),
'token': from_secret(drone_token),
'repositories': [
'grafana/grafana-enterprise@main',
],

View File

@ -1,5 +1,6 @@
pull_secret = 'dockerconfigjson'
github_token = 'github_token'
drone_token = 'drone_token'
def from_secret(secret):
return {
@ -19,5 +20,6 @@ def vault_secret(name, path, key):
def secrets():
return [
vault_secret(pull_secret, 'secret/data/common/gcr', '.dockerconfigjson'),
vault_secret(github_token, 'infra/data/ci/github/grafanabot', 'pat')
vault_secret(github_token, 'infra/data/ci/github/grafanabot', 'pat'),
vault_secret(drone_token, 'infra/data/ci/drone', 'machine-user-token'),
]