mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Drone: Retrieve the machine-user from a Vault secret (#35489)
This will remove the need to use a Drone repository secret
This commit is contained in:
parent
a07c53b671
commit
074c07b347
@ -3493,4 +3493,12 @@ get:
|
||||
path: infra/data/ci/github/grafanabot
|
||||
name: pat
|
||||
|
||||
---
|
||||
kind: secret
|
||||
name: drone_token
|
||||
|
||||
get:
|
||||
path: infra/data/ci/drone
|
||||
name: machine-user-token
|
||||
|
||||
...
|
||||
|
@ -1,4 +1,4 @@
|
||||
load('scripts/vault.star', 'from_secret', 'github_token', 'pull_secret')
|
||||
load('scripts/vault.star', 'from_secret', 'github_token', 'pull_secret', 'drone_token')
|
||||
|
||||
grabpl_version = '2.0.0'
|
||||
build_image = 'grafana/build-container:1.4.1'
|
||||
@ -193,7 +193,7 @@ def enterprise_downstream_step(edition):
|
||||
'image': 'grafana/drone-downstream',
|
||||
'settings': {
|
||||
'server': 'https://drone.grafana.net',
|
||||
'token': from_secret('drone_token'),
|
||||
'token': from_secret(drone_token),
|
||||
'repositories': [
|
||||
'grafana/grafana-enterprise@main',
|
||||
],
|
||||
|
@ -1,5 +1,6 @@
|
||||
pull_secret = 'dockerconfigjson'
|
||||
github_token = 'github_token'
|
||||
drone_token = 'drone_token'
|
||||
|
||||
def from_secret(secret):
|
||||
return {
|
||||
@ -19,5 +20,6 @@ def vault_secret(name, path, key):
|
||||
def secrets():
|
||||
return [
|
||||
vault_secret(pull_secret, 'secret/data/common/gcr', '.dockerconfigjson'),
|
||||
vault_secret(github_token, 'infra/data/ci/github/grafanabot', 'pat')
|
||||
vault_secret(github_token, 'infra/data/ci/github/grafanabot', 'pat'),
|
||||
vault_secret(drone_token, 'infra/data/ci/drone', 'machine-user-token'),
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user