CI: Add delivery bot secrets to publish images step (#68467)

Add delivery bot secrets
This commit is contained in:
Dimitris Sotirakis 2023-05-15 16:33:31 +03:00 committed by GitHub
parent a1f76af15a
commit 55622615de
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 86 additions and 1 deletions

View File

@ -1742,6 +1742,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-grafana
volumes:
@ -1762,6 +1768,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-grafana-oss
volumes:
@ -3514,6 +3526,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key_hg
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-enterprise2
volumes:
@ -3617,6 +3635,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-grafana
volumes:
@ -3634,6 +3658,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-grafana-oss
volumes:
@ -3713,6 +3743,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-grafana-enterprise
volumes:
@ -3792,6 +3828,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-grafana-enterprise
volumes:
@ -6230,6 +6272,12 @@ steps:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key_hg
GITHUB_APP_ID:
from_secret: delivery-bot-app-id
GITHUB_APP_INSTALLATION_ID:
from_secret: delivery-bot-app-installation-id
GITHUB_APP_PRIVATE_KEY:
from_secret: delivery-bot-app-private-key
image: google/cloud-sdk
name: publish-images-enterprise2
volumes:
@ -6997,7 +7045,25 @@ get:
kind: secret
name: github_token
---
get:
name: app-id
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-id
---
get:
name: app-installation-id
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-installation-id
---
get:
name: app-private-key
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
kind: secret
name: delivery-bot-app-private-key
---
kind: signature
hmac: 8f7ce26439948efdc37ff6cc08853574bd36f4db4445f5c92eed5e69084c2655
hmac: 58a3bcd7e58a2105933efe7132da7eee8be97fb9e3cd0ea26e0a804c096dab9b
...

View File

@ -1126,6 +1126,9 @@ def publish_images_step(edition, ver_mode, mode, docker_repo, trigger = None):
"GCP_KEY": from_secret("gcp_key"),
"DOCKER_USER": from_secret("docker_username"),
"DOCKER_PASSWORD": from_secret("docker_password"),
"GITHUB_APP_ID": from_secret("delivery-bot-app-id"),
"GITHUB_APP_INSTALLATION_ID": from_secret("delivery-bot-app-installation-id"),
"GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"),
}
cmd = "./bin/grabpl artifacts docker publish {}--dockerhub-repo {}".format(

View File

@ -138,4 +138,20 @@ def secrets():
"infra/data/ci/github/grafanabot",
"pat",
),
# grafana-delivery-bot secrets
vault_secret(
"delivery-bot-app-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-id",
),
vault_secret(
"delivery-bot-app-installation-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-installation-id",
),
vault_secret(
"delivery-bot-app-private-key",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-private-key",
),
]