IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

ImagePullSecrets: Add GAR secret to image_pull_secret in .drone.yml (#80912)

Browse Source 
* Add GAR secret to image_pull_secret

* Fix starlark fmt
This commit is contained in:
Dimitris Sotirakis 2024-01-19 19:29:49 +02:00 committed by GitHub
parent 361c49233d
commit 65104a7efa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 102 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
.drone.yml
View File

@ -5,7 +5,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-verify-drone
node:
@ -55,7 +56,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-verify-starlark
node:
@ -105,7 +107,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-test-frontend
node:
@ -184,7 +187,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-lint-frontend
node:
@ -274,7 +278,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-test-backend
node:
@ -380,7 +385,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-lint-backend
node:
@ -475,7 +481,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-build-e2e
node:
@ -757,7 +764,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-integration-tests
node:
@ -1021,7 +1029,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-docs
node:
@ -1095,7 +1104,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-shellcheck
node:
@ -1137,7 +1147,8 @@ clone:
retries: 3
depends_on: []
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-swagger-gen
node:
@ -1200,7 +1211,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: pr-integration-benchmarks
node:
@ -1376,7 +1388,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-docs
node:
@ -1451,7 +1464,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-test-frontend
node:
@ -1508,7 +1522,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-lint-frontend
node:
@ -1576,7 +1591,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-test-backend
node:
@ -1655,7 +1671,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-lint-backend
node:
@ -1729,7 +1746,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-build-e2e-publish
node:
@ -2129,7 +2147,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-integration-tests
node:
@ -2372,7 +2391,8 @@ depends_on:
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-windows
platform:
@ -2416,7 +2436,8 @@ depends_on:
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: main-trigger-downstream
node:
@ -2499,7 +2520,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: publish-docker-public
node:
@ -2605,7 +2627,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: publish-artifacts-public
node:
@ -2674,7 +2697,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: publish-npm-packages-public
node:
@ -2739,7 +2763,8 @@ depends_on:
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: publish-packages
node:
@ -2827,7 +2852,8 @@ depends_on:
- main-test-backend
- main-test-frontend
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-main-prerelease
node:
@ -2902,7 +2928,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: release-whatsnew-checker
node:
@ -2946,7 +2973,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: release-test-frontend
node:
@ -3001,7 +3029,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: release-test-backend
node:
@ -3078,7 +3107,8 @@ depends_on:
- release-test-backend
- release-test-frontend
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-tag-prerelease
node:
@ -3149,7 +3179,8 @@ clone:
depends_on:
- rgm-tag-prerelease
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-tag-prerelease-windows
platform:
@ -3213,7 +3244,8 @@ depends_on:
- rgm-tag-prerelease
- rgm-tag-prerelease-windows
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-tag-verify-prerelease-assets
node:
@ -3258,7 +3290,8 @@ depends_on:
- release-test-backend
- release-test-frontend
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-version-branch-prerelease
node:
@ -3323,7 +3356,8 @@ clone:
depends_on:
- rgm-version-branch-prerelease
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-prerelease-verify-prerelease-assets
node:
@ -3362,7 +3396,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: nightly-test-frontend
node:
@ -3415,7 +3450,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: nightly-test-backend
node:
@ -3490,7 +3526,8 @@ depends_on:
- nightly-test-backend
- nightly-test-frontend
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-nightly-build
node:
@ -3597,7 +3634,8 @@ clone:
depends_on:
- rgm-nightly-build
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-nightly-publish
node:
@ -3744,7 +3782,8 @@ clone:
retries: 3
depends_on: []
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: rgm-promotion
node:
@ -3846,7 +3885,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: testing-test-backend-windows
platform:
@ -3898,7 +3938,8 @@ depends_on: []
environment:
EDITION: oss
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: integration-tests
node:
@ -4121,7 +4162,8 @@ clone:
disable: true
depends_on: []
image_pull_secrets:
- dockerconfigjson
- gcr
- gar
kind: pipeline
name: publish-ci-windows-test-image
platform:
@ -4560,7 +4602,13 @@ get:
name: .dockerconfigjson
path: secret/data/common/gcr
kind: secret
name: dockerconfigjson
name: gcr
---
get:
name: .dockerconfigjson
path: secret/data/common/gar
kind: secret
name: gar
---
get:
name: pat
@ -4731,6 +4779,6 @@ kind: secret
name: gcr_credentials
---
kind: signature
hmac: f5bca13f4f753f2c911b11b8a2102a51243ce8a215126d2075dc73f8b7628a4d
hmac: c960d3059e4cb4c852b4b51ce07867d9ea1ab42cb0f30f5775e9889dba71dff3
...

8
scripts/drone/utils/utils.star
View File

@ -6,7 +6,11 @@ load(
"scripts/drone/steps/lib.star",
"slack_step",
)
load("scripts/drone/vault.star", "pull_secret")
load(
"scripts/drone/vault.star",
"gar_pull_secret",
"gcr_pull_secret",
)
failure_template = "Build {{build.number}} failed for commit: <https://github.com/{{repo.owner}}/{{repo.name}}/commit/{{build.commit}}|{{ truncate build.commit 8 }}>: {{build.link}}\nBranch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>\nAuthor: {{build.author}}"
@ -83,7 +87,7 @@ def pipeline(
},
],
"depends_on": depends_on,
"image_pull_secrets": [pull_secret],
"image_pull_secrets": [gcr_pull_secret, gar_pull_secret],
}
if environment:
pipeline.update(

6
scripts/drone/vault.star
View File

@ -1,7 +1,8 @@
"""
This module returns functions for generating Drone secrets fetched from Vault.
"""
pull_secret = "dockerconfigjson"
gcr_pull_secret = "gcr"
gar_pull_secret = "gar"
drone_token = "drone_token"
prerelease_bucket = "prerelease_bucket"
gcp_upload_artifacts_key = "gcp_upload_artifacts_key"
@ -43,7 +44,8 @@ def secrets():
vault_secret(gcp_grafanauploads, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials.json"),
vault_secret(gcp_grafanauploads_base64, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials_base64"),
vault_secret("grafana_api_key", "infra/data/ci/grafana-release-eng/grafanacom", "api_key"),
vault_secret(pull_secret, "secret/data/common/gcr", ".dockerconfigjson"),
vault_secret(gcr_pull_secret, "secret/data/common/gcr", ".dockerconfigjson"),
vault_secret(gar_pull_secret, "secret/data/common/gar", ".dockerconfigjson"),
vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"),
vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"),
vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),