IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-01-23 23:13:52 -06:00
Code Issues Packages Projects Releases Wiki Activity

CI: Stop publishing OSS images for security mode (#56088)

Browse Source 
* No-op: Refactor publish images pipeline struct

* Stop publishing images for OSS
This commit is contained in:
Dimitris Sotirakis 2022-10-05 09:39:38 +03:00 committed by GitHub
parent 8950d86141
commit 5cdc932f8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 72 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.drone.star
View File

@ -7,7 +7,8 @@
load('scripts/drone/events/pr.star', 'pr_pipelines') load('scripts/drone/events/pr.star', 'pr_pipelines')
load('scripts/drone/events/main.star', 'main_pipelines') load('scripts/drone/events/main.star', 'main_pipelines')
load('scripts/drone/pipelines/docs.star', 'docs_pipelines') load('scripts/drone/pipelines/docs.star', 'docs_pipelines')
load('scripts/drone/events/release.star', 'release_pipelines', 'publish_image_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline', 'artifacts_page_pipeline') load('scripts/drone/events/release.star', 'release_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline', 'artifacts_page_pipeline')
load('scripts/drone/pipelines/publish_images.star', 'publish_image_pipelines_public', 'publish_image_pipelines_security')
load('scripts/drone/version.star', 'version_branch_pipelines') load('scripts/drone/version.star', 'version_branch_pipelines')
load('scripts/drone/events/cron.star', 'cronjobs') load('scripts/drone/events/cron.star', 'cronjobs')
load('scripts/drone/vault.star', 'secrets') load('scripts/drone/vault.star', 'secrets')
@ -15,7 +16,7 @@ load('scripts/drone/vault.star', 'secrets')
def main(ctx): def main(ctx):
edition = 'oss' edition = 'oss'
return pr_pipelines(edition=edition) + main_pipelines(edition=edition) + release_pipelines() + \ return pr_pipelines(edition=edition) + main_pipelines(edition=edition) + release_pipelines() + \
publish_image_pipelines('public') + publish_image_pipelines('security') + \ publish_image_pipelines_public() + publish_image_pipelines_security() + \
publish_artifacts_pipelines('security') + publish_artifacts_pipelines('public') + \ publish_artifacts_pipelines('security') + publish_artifacts_pipelines('public') + \
publish_npm_pipelines('public') + publish_packages_pipeline() + artifacts_page_pipeline() + \ publish_npm_pipelines('public') + publish_packages_pipeline() + artifacts_page_pipeline() + \
version_branch_pipelines() + cronjobs(edition=edition) + secrets() version_branch_pipelines() + cronjobs(edition=edition) + secrets()

91
.drone.yml
View File

@ -3434,95 +3434,6 @@ depends_on: []
image_pull_secrets: image_pull_secrets:
- dockerconfigjson - dockerconfigjson
kind: pipeline kind: pipeline
name: publish-docker-oss-security
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- mkdir -p bin
- curl -fL -o bin/grabpl https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v3.0.10/grabpl
- chmod +x bin/grabpl
image: byrnedo/alpine-curl:0.1.8
name: grabpl
- commands:
- go build -o ./bin/build -ldflags '-extldflags -static' ./pkg/build/cmd
depends_on: []
environment:
CGO_ENABLED: 0
image: golang:1.19.1
name: compile-build-cmd
- commands:
- ./bin/build artifacts docker fetch --edition oss
depends_on:
- compile-build-cmd
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
image: google/cloud-sdk
name: fetch-images-oss
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --security --dockerhub-repo grafana --base
alpine --base ubuntu --arch amd64 --arch arm64 --arch armv7 --version-tag ${TAG}
depends_on:
- fetch-images-oss
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
image: google/cloud-sdk
name: publish-images-grafana
volumes:
- name: docker
path: /var/run/docker.sock
- commands:
- ./bin/grabpl artifacts docker publish --security --dockerhub-repo grafana-oss
--base alpine --base ubuntu --arch amd64 --arch arm64 --arch armv7 --version-tag
${TAG}
depends_on:
- fetch-images-oss
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
GCP_KEY:
from_secret: gcp_key
image: google/cloud-sdk
name: publish-images-grafana-oss
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- promote
target:
- security
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-docker-enterprise-security name: publish-docker-enterprise-security
node: node:
type: no-parallel type: no-parallel
@ -5413,6 +5324,6 @@ kind: secret
name: packages_secret_access_key name: packages_secret_access_key
--- ---
kind: signature kind: signature
hmac: 49387e58319c5c9d4069d95213b8fa6023b8e44622433ebbea6063203a3ba4f4 hmac: ec1914f530a4e3b8f1473ea2a1e8ed368e9a356bc62907ec06bfa42def7b4629
... ...

42
scripts/drone/events/release.star
View File

@ -42,6 +42,7 @@ load(
'publish_linux_packages_step', 'publish_linux_packages_step',
'trigger_oss', 'trigger_oss',
'artifacts_page_step', 'artifacts_page_step',
'fetch_images_step',
'compile_build_cmd', 'compile_build_cmd',
) )
@ -111,47 +112,6 @@ def release_npm_packages_step():
], ],
} }
def fetch_images_step(edition):
return {
'name': 'fetch-images-{}'.format(edition),
'image': 'google/cloud-sdk',
'environment': {
'GCP_KEY': from_secret('gcp_key'),
'DOCKER_USER': from_secret('docker_username'),
'DOCKER_PASSWORD': from_secret('docker_password'),
},
'commands': ['./bin/build artifacts docker fetch --edition {}'.format(edition)],
'depends_on': ['compile-build-cmd'],
'volumes': [{
'name': 'docker',
'path': '/var/run/docker.sock'
}],
}
def publish_image_steps(edition, mode, docker_repo, additional_docker_repo=""):
steps = [
download_grabpl_step(),
compile_build_cmd(),
fetch_images_step(edition),
publish_images_step(edition, 'release', mode, docker_repo),
]
if additional_docker_repo != "":
steps.extend([publish_images_step(edition, 'release', mode, additional_docker_repo)])
return steps
def publish_image_pipelines(mode):
trigger = {
'event': ['promote'],
'target': [mode],
}
return [pipeline(
name='publish-docker-oss-{}'.format(mode), trigger=trigger, steps=publish_image_steps(edition='oss', mode=mode, docker_repo='grafana', additional_docker_repo='grafana-oss'), edition=""
), pipeline(
name='publish-docker-enterprise-{}'.format(mode), trigger=trigger, steps=publish_image_steps(edition='enterprise', mode=mode, docker_repo='grafana-enterprise'), edition=""
),]
def get_oss_pipelines(trigger, ver_mode): def get_oss_pipelines(trigger, ver_mode):
environment = {'EDITION': 'OSS'} environment = {'EDITION': 'OSS'}
edition = 'oss' edition = 'oss'

50
scripts/drone/pipelines/publish_images.star Normal file
View File

@ -0,0 +1,50 @@
load(
'scripts/drone/steps/lib.star',
'download_grabpl_step',
'publish_images_step',
'compile_build_cmd',
'fetch_images_step',
)
load(
'scripts/drone/utils/utils.star',
'pipeline',
)
def publish_image_steps(edition, mode, docker_repo):
additional_docker_repo = ""
if edition == 'oss':
additional_docker_repo='grafana-oss'
steps = [
download_grabpl_step(),
compile_build_cmd(),
fetch_images_step(edition),
publish_images_step(edition, 'release', mode, docker_repo),
]
if additional_docker_repo != "":
steps.extend([publish_images_step(edition, 'release', mode, additional_docker_repo)])
return steps
def publish_image_pipelines_public():
mode='public'
trigger = {
'event': ['promote'],
'target': [mode],
}
return [pipeline(
name='publish-docker-oss-{}'.format(mode), trigger=trigger, steps=publish_image_steps(edition='oss', mode=mode, docker_repo='grafana'), edition=""
), pipeline(
name='publish-docker-enterprise-{}'.format(mode), trigger=trigger, steps=publish_image_steps(edition='enterprise', mode=mode, docker_repo='grafana-enterprise'), edition=""
),]
def publish_image_pipelines_security():
mode='security'
trigger = {
'event': ['promote'],
'target': [mode],
}
return [pipeline(
name='publish-docker-enterprise-{}'.format(mode), trigger=trigger, steps=publish_image_steps(edition='enterprise', mode=mode, docker_repo='grafana-enterprise'), edition=""
),]

17
scripts/drone/steps/lib.star
View File

@ -796,6 +796,23 @@ def build_docker_images_step(edition, ver_mode, archs=None, ubuntu=False, publis
}, },
} }
def fetch_images_step(edition):
return {
'name': 'fetch-images-{}'.format(edition),
'image': 'google/cloud-sdk',
'environment': {
'GCP_KEY': from_secret('gcp_key'),
'DOCKER_USER': from_secret('docker_username'),
'DOCKER_PASSWORD': from_secret('docker_password'),
},
'commands': ['./bin/build artifacts docker fetch --edition {}'.format(edition)],
'depends_on': ['compile-build-cmd'],
'volumes': [{
'name': 'docker',
'path': '/var/run/docker.sock'
}],
}
def publish_images_step(edition, ver_mode, mode, docker_repo, trigger=None): def publish_images_step(edition, ver_mode, mode, docker_repo, trigger=None):
if mode == 'security': if mode == 'security':