From 074c07b347607220393f27458a69701caa2da2c0 Mon Sep 17 00:00:00 2001 From: Javier Palomo Date: Thu, 10 Jun 2021 12:22:03 +0200 Subject: [PATCH] Drone: Retrieve the machine-user from a Vault secret (#35489) This will remove the need to use a Drone repository secret --- .drone.yml | 8 ++++++++ scripts/lib.star | 4 ++-- scripts/vault.star | 4 +++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 1de4de7468f..8e8578c5f35 100644 --- a/.drone.yml +++ b/.drone.yml @@ -3493,4 +3493,12 @@ get: path: infra/data/ci/github/grafanabot name: pat +--- +kind: secret +name: drone_token + +get: + path: infra/data/ci/drone + name: machine-user-token + ... diff --git a/scripts/lib.star b/scripts/lib.star index 69a621da11a..779adb7bac6 100644 --- a/scripts/lib.star +++ b/scripts/lib.star @@ -1,4 +1,4 @@ -load('scripts/vault.star', 'from_secret', 'github_token', 'pull_secret') +load('scripts/vault.star', 'from_secret', 'github_token', 'pull_secret', 'drone_token') grabpl_version = '2.0.0' build_image = 'grafana/build-container:1.4.1' @@ -193,7 +193,7 @@ def enterprise_downstream_step(edition): 'image': 'grafana/drone-downstream', 'settings': { 'server': 'https://drone.grafana.net', - 'token': from_secret('drone_token'), + 'token': from_secret(drone_token), 'repositories': [ 'grafana/grafana-enterprise@main', ], diff --git a/scripts/vault.star b/scripts/vault.star index d49f4d2dfbd..eb2a6f90cff 100644 --- a/scripts/vault.star +++ b/scripts/vault.star @@ -1,5 +1,6 @@ pull_secret = 'dockerconfigjson' github_token = 'github_token' +drone_token = 'drone_token' def from_secret(secret): return { @@ -19,5 +20,6 @@ def vault_secret(name, path, key): def secrets(): return [ vault_secret(pull_secret, 'secret/data/common/gcr', '.dockerconfigjson'), - vault_secret(github_token, 'infra/data/ci/github/grafanabot', 'pat') + vault_secret(github_token, 'infra/data/ci/github/grafanabot', 'pat'), + vault_secret(drone_token, 'infra/data/ci/drone', 'machine-user-token'), ]