CI: Get Github Token and Docker username/password from Vault (#74555)

CI: Get Docker username/password from Vault Not Drone secrets
2025-02-25 18:55:37 -06:00 · 2023-09-07 12:26:43 -04:00
parent 49bd93aa2b
commit 566215c22c
3 changed files with 27 additions and 21 deletions
--- a/scripts/drone/steps/lib.star
+++ b/scripts/drone/steps/lib.star
@@ -874,7 +874,7 @@ def cloud_plugins_e2e_tests_step(suite, cloud, trigger = None):
        environment = {
            "CYPRESS_CI": "true",
            "HOST": "grafana-server",
-            "GITHUB_TOKEN": from_secret("github_token_pr"),
+            "GITHUB_TOKEN": from_secret("github_token"),
            "AZURE_SP_APP_ID": from_secret("azure_sp_app_id"),
            "AZURE_SP_PASSWORD": from_secret("azure_sp_app_pw"),
            "AZURE_TENANT": from_secret("azure_tenant"),
@@ -1020,8 +1020,8 @@ def publish_images_step(ver_mode, docker_repo, trigger = None):

    if ver_mode == "pr":
        environment = {
-            "DOCKER_USER": from_secret("docker_username_pr"),
-            "DOCKER_PASSWORD": from_secret("docker_password_pr"),
+            "DOCKER_USER": from_secret("docker_username"),
+            "DOCKER_PASSWORD": from_secret("docker_password"),
            "GITHUB_APP_ID": from_secret("delivery-bot-app-id"),
            "GITHUB_APP_INSTALLATION_ID": from_secret("delivery-bot-app-installation-id"),
            "GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"),
@@ -1398,7 +1398,7 @@ def trigger_test_release():
        "name": "trigger-test-release",
        "image": images["build_image"],
        "environment": {
-            "GITHUB_TOKEN": from_secret("github_token_pr"),
+            "GITHUB_TOKEN": from_secret("github_token"),
            "TEST_TAG": "v0.0.0-test",
        },
        "commands": [
--- a/scripts/drone/vault.star
+++ b/scripts/drone/vault.star
@@ -17,6 +17,9 @@ rgm_destination = "destination"
 rgm_github_token = "github_token"
 rgm_dagger_token = "dagger_token"

+docker_username = "docker_username"
+docker_password = "docker_password"
+
 npm_token = "npm_token"

 def from_secret(secret):
@@ -41,6 +44,8 @@ def secrets():
        vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"),
        vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"),
        vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),
+        vault_secret(docker_username, "infra/data/ci/grafanaci-docker-hub", "username"),
+        vault_secret(docker_password, "infra/data/ci/grafanaci-docker-hub", "password"),
        vault_secret(
            gcp_upload_artifacts_key,
            "infra/data/ci/grafana/releng/artifacts-uploader-service-account",
@@ -127,11 +132,6 @@ def secrets():
            "infra/data/ci/grafana-release-eng/rgm",
            "dagger_token",
        ),
-        vault_secret(
-            rgm_github_token,
-            "infra/data/ci/github/grafanabot",
-            "pat",
-        ),
        # grafana-delivery-bot secrets
        vault_secret(
            "delivery-bot-app-id",