ImagePullSecrets: Add GAR secret to image_pull_secret in .drone.yml (#80912)

* Add GAR secret to image_pull_secret * Fix starlark fmt
2025-02-25 18:55:37 -06:00 · 2024-01-19 19:29:49 +02:00
parent 361c49233d
commit 65104a7efa
3 changed files with 102 additions and 48 deletions
--- a/scripts/drone/utils/utils.star
+++ b/scripts/drone/utils/utils.star
@@ -6,7 +6,11 @@ load(
    "scripts/drone/steps/lib.star",
    "slack_step",
 )
-load("scripts/drone/vault.star", "pull_secret")
+load(
+    "scripts/drone/vault.star",
+    "gar_pull_secret",
+    "gcr_pull_secret",
+)

 failure_template = "Build {{build.number}} failed for commit: <https://github.com/{{repo.owner}}/{{repo.name}}/commit/{{build.commit}}|{{ truncate build.commit 8 }}>: {{build.link}}\nBranch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>\nAuthor: {{build.author}}"

@@ -83,7 +87,7 @@ def pipeline(
            },
        ],
        "depends_on": depends_on,
-        "image_pull_secrets": [pull_secret],
+        "image_pull_secrets": [gcr_pull_secret, gar_pull_secret],
    }
    if environment:
        pipeline.update(
--- a/scripts/drone/vault.star
+++ b/scripts/drone/vault.star
@@ -1,7 +1,8 @@
 """
 This module returns functions for generating Drone secrets fetched from Vault.
 """
-pull_secret = "dockerconfigjson"
+gcr_pull_secret = "gcr"
+gar_pull_secret = "gar"
 drone_token = "drone_token"
 prerelease_bucket = "prerelease_bucket"
 gcp_upload_artifacts_key = "gcp_upload_artifacts_key"
@@ -43,7 +44,8 @@ def secrets():
        vault_secret(gcp_grafanauploads, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials.json"),
        vault_secret(gcp_grafanauploads_base64, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials_base64"),
        vault_secret("grafana_api_key", "infra/data/ci/grafana-release-eng/grafanacom", "api_key"),
-        vault_secret(pull_secret, "secret/data/common/gcr", ".dockerconfigjson"),
+        vault_secret(gcr_pull_secret, "secret/data/common/gcr", ".dockerconfigjson"),
+        vault_secret(gar_pull_secret, "secret/data/common/gar", ".dockerconfigjson"),
        vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"),
        vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"),
        vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),