mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
CI: Get Github Token and Docker username/password from Vault (#74555)
CI: Get Docker username/password from Vault Not Drone secrets
This commit is contained in:
Julien Duchesne
GitHub
parent
49bd93aa2b
commit
566215c22c
30
.drone.yml
30
.drone.yml
@ -541,7 +541,7 @@ steps:
|
||||
$${TEST_TAG}
|
||||
environment:
|
||||
GITHUB_TOKEN:
|
||||
from_secret: github_token_pr
|
||||
from_secret: github_token
|
||||
TEST_TAG: v0.0.0-test
|
||||
failure: ignore
|
||||
image: grafana/build-container:1.7.5
|
||||
@ -676,7 +676,7 @@ steps:
|
||||
from_secret: azure_tenant
|
||||
CYPRESS_CI: "true"
|
||||
GITHUB_TOKEN:
|
||||
from_secret: github_token_pr
|
||||
from_secret: github_token
|
||||
HOST: grafana-server
|
||||
image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
|
||||
name: end-to-end-tests-cloud-plugins-suite-azure
|
||||
@ -786,9 +786,9 @@ steps:
|
||||
- build-docker-images-ubuntu
|
||||
environment:
|
||||
DOCKER_PASSWORD:
|
||||
from_secret: docker_password_pr
|
||||
from_secret: docker_password
|
||||
DOCKER_USER:
|
||||
from_secret: docker_username_pr
|
||||
from_secret: docker_username
|
||||
GITHUB_APP_ID:
|
||||
from_secret: delivery-bot-app-id
|
||||
GITHUB_APP_INSTALLATION_ID:
|
||||
@ -1835,7 +1835,7 @@ steps:
|
||||
from_secret: azure_tenant
|
||||
CYPRESS_CI: "true"
|
||||
GITHUB_TOKEN:
|
||||
from_secret: github_token_pr
|
||||
from_secret: github_token
|
||||
HOST: grafana-server
|
||||
image: us-docker.pkg.dev/grafanalabs-dev/cloud-data-sources/e2e:latest
|
||||
name: end-to-end-tests-cloud-plugins-suite-azure
|
||||
@ -4596,6 +4596,18 @@ get:
|
||||
kind: secret
|
||||
name: prerelease_bucket
|
||||
---
|
||||
get:
|
||||
name: username
|
||||
path: infra/data/ci/grafanaci-docker-hub
|
||||
kind: secret
|
||||
name: docker_username
|
||||
---
|
||||
get:
|
||||
name: password
|
||||
path: infra/data/ci/grafanaci-docker-hub
|
||||
kind: secret
|
||||
name: docker_password
|
||||
---
|
||||
get:
|
||||
name: credentials.json
|
||||
path: infra/data/ci/grafana/releng/artifacts-uploader-service-account
|
||||
@ -4698,12 +4710,6 @@ get:
|
||||
kind: secret
|
||||
name: dagger_token
|
||||
---
|
||||
get:
|
||||
name: pat
|
||||
path: infra/data/ci/github/grafanabot
|
||||
kind: secret
|
||||
name: github_token
|
||||
---
|
||||
get:
|
||||
name: app-id
|
||||
path: infra/data/ci/grafana-release-eng/grafana-delivery-bot
|
||||
@ -4729,6 +4735,6 @@ kind: secret
|
||||
name: gcr_credentials
|
||||
---
|
||||
kind: signature
|
||||
hmac: 883d9f0e14f52a0b773040eeb476f3081b8122b34d5c14ad4f81219ceb754299
|
||||
hmac: fa64513236ee2677770f4e09ac6ddb06d1b85db22916efb44c1d332c92edf99b
|
||||
|
||||
...
|
||||
|
||||
@ -874,7 +874,7 @@ def cloud_plugins_e2e_tests_step(suite, cloud, trigger = None):
|
||||
environment = {
|
||||
"CYPRESS_CI": "true",
|
||||
"HOST": "grafana-server",
|
||||
"GITHUB_TOKEN": from_secret("github_token_pr"),
|
||||
"GITHUB_TOKEN": from_secret("github_token"),
|
||||
"AZURE_SP_APP_ID": from_secret("azure_sp_app_id"),
|
||||
"AZURE_SP_PASSWORD": from_secret("azure_sp_app_pw"),
|
||||
"AZURE_TENANT": from_secret("azure_tenant"),
|
||||
@ -1020,8 +1020,8 @@ def publish_images_step(ver_mode, docker_repo, trigger = None):
|
||||
|
||||
if ver_mode == "pr":
|
||||
environment = {
|
||||
"DOCKER_USER": from_secret("docker_username_pr"),
|
||||
"DOCKER_PASSWORD": from_secret("docker_password_pr"),
|
||||
"DOCKER_USER": from_secret("docker_username"),
|
||||
"DOCKER_PASSWORD": from_secret("docker_password"),
|
||||
"GITHUB_APP_ID": from_secret("delivery-bot-app-id"),
|
||||
"GITHUB_APP_INSTALLATION_ID": from_secret("delivery-bot-app-installation-id"),
|
||||
"GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"),
|
||||
@ -1398,7 +1398,7 @@ def trigger_test_release():
|
||||
"name": "trigger-test-release",
|
||||
"image": images["build_image"],
|
||||
"environment": {
|
||||
"GITHUB_TOKEN": from_secret("github_token_pr"),
|
||||
"GITHUB_TOKEN": from_secret("github_token"),
|
||||
"TEST_TAG": "v0.0.0-test",
|
||||
},
|
||||
"commands": [
|
||||
|
||||
@ -17,6 +17,9 @@ rgm_destination = "destination"
|
||||
rgm_github_token = "github_token"
|
||||
rgm_dagger_token = "dagger_token"
|
||||
|
||||
docker_username = "docker_username"
|
||||
docker_password = "docker_password"
|
||||
|
||||
npm_token = "npm_token"
|
||||
|
||||
def from_secret(secret):
|
||||
@ -41,6 +44,8 @@ def secrets():
|
||||
vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"),
|
||||
vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"),
|
||||
vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),
|
||||
vault_secret(docker_username, "infra/data/ci/grafanaci-docker-hub", "username"),
|
||||
vault_secret(docker_password, "infra/data/ci/grafanaci-docker-hub", "password"),
|
||||
vault_secret(
|
||||
gcp_upload_artifacts_key,
|
||||
"infra/data/ci/grafana/releng/artifacts-uploader-service-account",
|
||||
@ -127,11 +132,6 @@ def secrets():
|
||||
"infra/data/ci/grafana-release-eng/rgm",
|
||||
"dagger_token",
|
||||
),
|
||||
vault_secret(
|
||||
rgm_github_token,
|
||||
"infra/data/ci/github/grafanabot",
|
||||
"pat",
|
||||
),
|
||||
# grafana-delivery-bot secrets
|
||||
vault_secret(
|
||||
"delivery-bot-app-id",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user