From 65104a7efab8be95f37f390c04e39253a2e5913b Mon Sep 17 00:00:00 2001 From: Dimitris Sotirakis Date: Fri, 19 Jan 2024 19:29:49 +0200 Subject: [PATCH] `ImagePullSecrets`: Add `GAR` secret to `image_pull_secret` in `.drone.yml` (#80912) * Add GAR secret to image_pull_secret * Fix starlark fmt --- .drone.yml | 136 ++++++++++++++++++++++----------- scripts/drone/utils/utils.star | 8 +- scripts/drone/vault.star | 6 +- 3 files changed, 102 insertions(+), 48 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9f34e4e8279..83f05a49d3a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5,7 +5,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-verify-drone node: @@ -55,7 +56,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-verify-starlark node: @@ -105,7 +107,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-test-frontend node: @@ -184,7 +187,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-lint-frontend node: @@ -274,7 +278,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-test-backend node: @@ -380,7 +385,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-lint-backend node: @@ -475,7 +481,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-build-e2e node: @@ -757,7 +764,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-integration-tests node: @@ -1021,7 +1029,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-docs node: @@ -1095,7 +1104,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-shellcheck node: @@ -1137,7 +1147,8 @@ clone: retries: 3 depends_on: [] image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-swagger-gen node: @@ -1200,7 +1211,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: pr-integration-benchmarks node: @@ -1376,7 +1388,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-docs node: @@ -1451,7 +1464,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-test-frontend node: @@ -1508,7 +1522,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-lint-frontend node: @@ -1576,7 +1591,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-test-backend node: @@ -1655,7 +1671,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-lint-backend node: @@ -1729,7 +1746,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-build-e2e-publish node: @@ -2129,7 +2147,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-integration-tests node: @@ -2372,7 +2391,8 @@ depends_on: environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-windows platform: @@ -2416,7 +2436,8 @@ depends_on: environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: main-trigger-downstream node: @@ -2499,7 +2520,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: publish-docker-public node: @@ -2605,7 +2627,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: publish-artifacts-public node: @@ -2674,7 +2697,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: publish-npm-packages-public node: @@ -2739,7 +2763,8 @@ depends_on: environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: publish-packages node: @@ -2827,7 +2852,8 @@ depends_on: - main-test-backend - main-test-frontend image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-main-prerelease node: @@ -2902,7 +2928,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: release-whatsnew-checker node: @@ -2946,7 +2973,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: release-test-frontend node: @@ -3001,7 +3029,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: release-test-backend node: @@ -3078,7 +3107,8 @@ depends_on: - release-test-backend - release-test-frontend image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-tag-prerelease node: @@ -3149,7 +3179,8 @@ clone: depends_on: - rgm-tag-prerelease image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-tag-prerelease-windows platform: @@ -3213,7 +3244,8 @@ depends_on: - rgm-tag-prerelease - rgm-tag-prerelease-windows image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-tag-verify-prerelease-assets node: @@ -3258,7 +3290,8 @@ depends_on: - release-test-backend - release-test-frontend image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-version-branch-prerelease node: @@ -3323,7 +3356,8 @@ clone: depends_on: - rgm-version-branch-prerelease image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-prerelease-verify-prerelease-assets node: @@ -3362,7 +3396,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: nightly-test-frontend node: @@ -3415,7 +3450,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: nightly-test-backend node: @@ -3490,7 +3526,8 @@ depends_on: - nightly-test-backend - nightly-test-frontend image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-nightly-build node: @@ -3597,7 +3634,8 @@ clone: depends_on: - rgm-nightly-build image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-nightly-publish node: @@ -3744,7 +3782,8 @@ clone: retries: 3 depends_on: [] image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: rgm-promotion node: @@ -3846,7 +3885,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: testing-test-backend-windows platform: @@ -3898,7 +3938,8 @@ depends_on: [] environment: EDITION: oss image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: integration-tests node: @@ -4121,7 +4162,8 @@ clone: disable: true depends_on: [] image_pull_secrets: -- dockerconfigjson +- gcr +- gar kind: pipeline name: publish-ci-windows-test-image platform: @@ -4560,7 +4602,13 @@ get: name: .dockerconfigjson path: secret/data/common/gcr kind: secret -name: dockerconfigjson +name: gcr +--- +get: + name: .dockerconfigjson + path: secret/data/common/gar +kind: secret +name: gar --- get: name: pat @@ -4731,6 +4779,6 @@ kind: secret name: gcr_credentials --- kind: signature -hmac: f5bca13f4f753f2c911b11b8a2102a51243ce8a215126d2075dc73f8b7628a4d +hmac: c960d3059e4cb4c852b4b51ce07867d9ea1ab42cb0f30f5775e9889dba71dff3 ... diff --git a/scripts/drone/utils/utils.star b/scripts/drone/utils/utils.star index aea832018cf..4cc7aac6e49 100644 --- a/scripts/drone/utils/utils.star +++ b/scripts/drone/utils/utils.star @@ -6,7 +6,11 @@ load( "scripts/drone/steps/lib.star", "slack_step", ) -load("scripts/drone/vault.star", "pull_secret") +load( + "scripts/drone/vault.star", + "gar_pull_secret", + "gcr_pull_secret", +) failure_template = "Build {{build.number}} failed for commit: : {{build.link}}\nBranch: \nAuthor: {{build.author}}" @@ -83,7 +87,7 @@ def pipeline( }, ], "depends_on": depends_on, - "image_pull_secrets": [pull_secret], + "image_pull_secrets": [gcr_pull_secret, gar_pull_secret], } if environment: pipeline.update( diff --git a/scripts/drone/vault.star b/scripts/drone/vault.star index 6a27cf51785..7c90b89ca5d 100644 --- a/scripts/drone/vault.star +++ b/scripts/drone/vault.star @@ -1,7 +1,8 @@ """ This module returns functions for generating Drone secrets fetched from Vault. """ -pull_secret = "dockerconfigjson" +gcr_pull_secret = "gcr" +gar_pull_secret = "gar" drone_token = "drone_token" prerelease_bucket = "prerelease_bucket" gcp_upload_artifacts_key = "gcp_upload_artifacts_key" @@ -43,7 +44,8 @@ def secrets(): vault_secret(gcp_grafanauploads, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials.json"), vault_secret(gcp_grafanauploads_base64, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials_base64"), vault_secret("grafana_api_key", "infra/data/ci/grafana-release-eng/grafanacom", "api_key"), - vault_secret(pull_secret, "secret/data/common/gcr", ".dockerconfigjson"), + vault_secret(gcr_pull_secret, "secret/data/common/gcr", ".dockerconfigjson"), + vault_secret(gar_pull_secret, "secret/data/common/gar", ".dockerconfigjson"), vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"), vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"), vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),