From 55622615ded8205ddeb466f14d6e5efd41a165bd Mon Sep 17 00:00:00 2001 From: Dimitris Sotirakis Date: Mon, 15 May 2023 16:33:31 +0300 Subject: [PATCH] CI: Add delivery bot secrets to publish images step (#68467) Add delivery bot secrets --- .drone.yml | 68 +++++++++++++++++++++++++++++++++++- scripts/drone/steps/lib.star | 3 ++ scripts/drone/vault.star | 16 +++++++++ 3 files changed, 86 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index ad3c2e33513..0fcabe51126 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1742,6 +1742,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-grafana volumes: @@ -1762,6 +1768,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-grafana-oss volumes: @@ -3514,6 +3526,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key_hg + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-enterprise2 volumes: @@ -3617,6 +3635,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-grafana volumes: @@ -3634,6 +3658,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-grafana-oss volumes: @@ -3713,6 +3743,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-grafana-enterprise volumes: @@ -3792,6 +3828,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-grafana-enterprise volumes: @@ -6230,6 +6272,12 @@ steps: from_secret: docker_username GCP_KEY: from_secret: gcp_key_hg + GITHUB_APP_ID: + from_secret: delivery-bot-app-id + GITHUB_APP_INSTALLATION_ID: + from_secret: delivery-bot-app-installation-id + GITHUB_APP_PRIVATE_KEY: + from_secret: delivery-bot-app-private-key image: google/cloud-sdk name: publish-images-enterprise2 volumes: @@ -6997,7 +7045,25 @@ get: kind: secret name: github_token --- +get: + name: app-id + path: infra/data/ci/grafana-release-eng/grafana-delivery-bot +kind: secret +name: delivery-bot-app-id +--- +get: + name: app-installation-id + path: infra/data/ci/grafana-release-eng/grafana-delivery-bot +kind: secret +name: delivery-bot-app-installation-id +--- +get: + name: app-private-key + path: infra/data/ci/grafana-release-eng/grafana-delivery-bot +kind: secret +name: delivery-bot-app-private-key +--- kind: signature -hmac: 8f7ce26439948efdc37ff6cc08853574bd36f4db4445f5c92eed5e69084c2655 +hmac: 58a3bcd7e58a2105933efe7132da7eee8be97fb9e3cd0ea26e0a804c096dab9b ... diff --git a/scripts/drone/steps/lib.star b/scripts/drone/steps/lib.star index 80abd8389b7..1455215ce56 100644 --- a/scripts/drone/steps/lib.star +++ b/scripts/drone/steps/lib.star @@ -1126,6 +1126,9 @@ def publish_images_step(edition, ver_mode, mode, docker_repo, trigger = None): "GCP_KEY": from_secret("gcp_key"), "DOCKER_USER": from_secret("docker_username"), "DOCKER_PASSWORD": from_secret("docker_password"), + "GITHUB_APP_ID": from_secret("delivery-bot-app-id"), + "GITHUB_APP_INSTALLATION_ID": from_secret("delivery-bot-app-installation-id"), + "GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"), } cmd = "./bin/grabpl artifacts docker publish {}--dockerhub-repo {}".format( diff --git a/scripts/drone/vault.star b/scripts/drone/vault.star index 167b7ec9c04..59877d83b0b 100644 --- a/scripts/drone/vault.star +++ b/scripts/drone/vault.star @@ -138,4 +138,20 @@ def secrets(): "infra/data/ci/github/grafanabot", "pat", ), + # grafana-delivery-bot secrets + vault_secret( + "delivery-bot-app-id", + "infra/data/ci/grafana-release-eng/grafana-delivery-bot", + "app-id", + ), + vault_secret( + "delivery-bot-app-installation-id", + "infra/data/ci/grafana-release-eng/grafana-delivery-bot", + "app-installation-id", + ), + vault_secret( + "delivery-bot-app-private-key", + "infra/data/ci/grafana-release-eng/grafana-delivery-bot", + "app-private-key", + ), ]