CI: Add aws-marketplace pipeline (#60484)

* Add aws marketplace automation

# Conflicts:
#	.drone.yml

* Fix secret paths

# Conflicts:
#	.drone.yml

* Add docker socket

# Conflicts:
#	.drone.yml

# Conflicts:
#	.drone.yml

* s/enterprise2/enterprise

* Add dependency on the enterprise docker publish

# Conflicts:
#	.drone.yml

* Replace testing args with prod args

# Conflicts:
#	.drone.yml

* Fix path

# Conflicts:
#	.drone.yml

.drone.star

@@ -23,6 +23,7 @@ load(
     'publish_image_pipelines_security',
 )
 load('scripts/drone/pipelines/github.star', 'publish_github_pipeline')
+load('scripts/drone/pipelines/aws_marketplace.star', 'publish_aws_marketplace_pipeline')
 load('scripts/drone/version.star', 'version_branch_pipelines')
 load('scripts/drone/events/cron.star', 'cronjobs')
 load('scripts/drone/vault.star', 'secrets')
@@ -43,6 +44,7 @@ def main(ctx):
         + publish_image_pipelines_security()
         + publish_github_pipeline('public')
         + publish_github_pipeline('security')
+        + publish_aws_marketplace_pipeline('public')
         + publish_artifacts_pipelines('security')
         + publish_artifacts_pipelines('public')
         + publish_npm_pipelines()

.drone.yml

@@ -4175,6 +4175,76 @@ volumes:
     path: /var/run/docker.sock
   name: docker
 ---
+clone:
+  retries: 3
+depends_on:
+- publish-docker-enterprise-public
+environment:
+  EDITION: enterprise2
+image_pull_secrets:
+- dockerconfigjson
+kind: pipeline
+name: publish-aws-marketplace-public
+node:
+  type: no-parallel
+platform:
+  arch: amd64
+  os: linux
+services: []
+steps:
+- commands:
+  - go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
+  depends_on: []
+  environment:
+    CGO_ENABLED: 0
+  image: golang:1.19.3
+  name: compile-build-cmd
+- commands:
+  - ./bin/build artifacts docker fetch --edition enterprise
+  depends_on:
+  - compile-build-cmd
+  environment:
+    DOCKER_ENTERPRISE2_REPO:
+      from_secret: docker_enterprise2_repo
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+    DOCKER_USER:
+      from_secret: docker_username
+    GCP_KEY:
+      from_secret: gcp_key
+  image: google/cloud-sdk
+  name: fetch-images-enterprise
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+- commands:
+  - ./bin/build publish aws --image grafana/grafana-enterprise --repo grafana-labs/grafanaenterprise
+    --product 422b46fb-bea6-4f27-8bcc-832117bd627e
+  depends_on:
+  - fetch-images-enterprise
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: aws_access_key_id
+    AWS_REGION:
+      from_secret: aws_region
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: aws_secret_access_key
+  image: grafana/grafana-ci-deploy:1.3.3
+  name: publish-aws-marketplace
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+trigger:
+  event:
+  - promote
+  target:
+  - public
+type: docker
+volumes:
+- host:
+    path: /var/run/docker.sock
+  name: docker
+---
 clone:
   retries: 3
 depends_on: []
@@ -6348,7 +6418,25 @@ get:
 kind: secret
 name: packages_secret_access_key
 ---
+get:
+  name: aws_region
+  path: secret/data/common/aws-marketplace
+kind: secret
+name: aws_region
+---
+get:
+  name: aws_access_key_id
+  path: secret/data/common/aws-marketplace
+kind: secret
+name: aws_access_key_id
+---
+get:
+  name: aws_secret_access_key
+  path: secret/data/common/aws-marketplace
+kind: secret
+name: aws_secret_access_key
+---
 kind: signature
-hmac: b4096b73caa8b48e68c564820954e1fb5632a49a91021c30fab1880d8afb96ba
+hmac: e3d58aacde14e03c46303c4d707f9b4e7d6e33b92b696b19befd06d6a28cf88a
 
 ...

scripts/drone/pipelines/aws_marketplace.star

@@ -0,0 +1,38 @@
+load(
+    'scripts/drone/steps/lib.star',
+    'download_grabpl_step',
+    'publish_images_step',
+    'compile_build_cmd',
+    'fetch_images_step',
+    'publish_image',
+)
+
+load('scripts/drone/vault.star', 'from_secret')
+
+load(
+    'scripts/drone/utils/utils.star',
+    'pipeline',
+)
+
+def publish_aws_marketplace_step():
+    return {
+        'name': 'publish-aws-marketplace',
+        'image': publish_image,
+        'commands': ['./bin/build publish aws --image grafana/grafana-enterprise --repo grafana-labs/grafanaenterprise --product 422b46fb-bea6-4f27-8bcc-832117bd627e'],
+        'depends_on': ['fetch-images-enterprise'],
+        'environment': {
+            'AWS_REGION': from_secret('aws_region'),
+            'AWS_ACCESS_KEY_ID': from_secret('aws_access_key_id'),
+            'AWS_SECRET_ACCESS_KEY': from_secret('aws_secret_access_key'),
+        },
+        'volumes': [{'name': 'docker', 'path': '/var/run/docker.sock'}],
+    }
+
+def publish_aws_marketplace_pipeline(mode):
+    trigger = {
+        'event': ['promote'],
+        'target': [mode],
+    }
+    return [pipeline(
+        name='publish-aws-marketplace-{}'.format(mode), trigger=trigger, steps=[compile_build_cmd(), fetch_images_step('enterprise'), publish_aws_marketplace_step()], edition="", depends_on = ['publish-docker-enterprise-public'], environment = {'EDITION': 'enterprise2'}
+    ),]

scripts/drone/vault.star

@@ -79,4 +79,19 @@ def secrets():
             'infra/data/ci/packages-publish/bucket-credentials',
             'Secret',
         ),
+        vault_secret(
+            'aws_region',
+            'secret/data/common/aws-marketplace',
+            'aws_region',
+        ),
+        vault_secret(
+            'aws_access_key_id',
+            'secret/data/common/aws-marketplace',
+            'aws_access_key_id',
+        ),
+        vault_secret(
+            'aws_secret_access_key',
+            'secret/data/common/aws-marketplace',
+            'aws_secret_access_key',
+        ),
     ]