Add package publishing step (#53553)

Issue: https://github.com/grafana/deployment_tools/issues/36289 Based on the new image: https://github.com/grafana/deployment_tools/tree/master/docker/package-publish This is a new step meant to replace the store-packages command. It will greatly improve publishing performace and it publishes to a common repository shared with all Grafana products Co-authored-by: dsotirakis <dimitrios.sotirakis@grafana.com>
2025-02-25 18:55:37 -06:00 · 2022-09-01 07:13:44 -04:00
parent be6b8d91eb
commit 67f1778bf1
4 changed files with 112 additions and 1 deletions
--- a/scripts/drone/events/release.star
+++ b/scripts/drone/events/release.star
@@ -42,6 +42,7 @@ load(
    'upload_cdn_step',
    'verify_gen_cue_step',
    'publish_images_step',
+    'publish_linux_packages_step',
    'trigger_oss',
    'artifacts_page_step',
    'compile_build_cmd',
@@ -394,6 +395,7 @@ def publish_packages_pipeline():
        gen_version_step(ver_mode='release'),
        publish_packages_step(edition='oss', ver_mode='release'),
        publish_grafanacom_step(edition='oss', ver_mode='release'),
+        publish_linux_packages_step(edition='oss'),
    ]

    enterprise_steps = [
@@ -401,6 +403,7 @@ def publish_packages_pipeline():
        gen_version_step(ver_mode='release'),
        publish_packages_step(edition='enterprise', ver_mode='release'),
        publish_grafanacom_step(edition='enterprise', ver_mode='release'),
+        publish_linux_packages_step(edition='enterprise'),
    ]
    deps = [
        'publish-artifacts-public',
--- a/scripts/drone/steps/lib.star
+++ b/scripts/drone/steps/lib.star
@@ -1055,6 +1055,28 @@ def publish_grafanacom_step(edition, ver_mode):
        ],
    }

+def publish_linux_packages_step(edition):
+    return {
+        'name': 'publish-linux-packages',
+        # See https://github.com/grafana/deployment_tools/blob/master/docker/package-publish/README.md for docs on that image
+        'image': 'us.gcr.io/kubernetes-dev/package-publish:latest',
+        'depends_on': [
+            'gen-version'
+        ],
+        'failure': 'ignore', # While we're testing it
+        'settings': {
+            'access_key_id': from_secret('packages_access_key_id'),
+            'secret_access_key': from_secret('packages_secret_access_key'),
+            'service_account_json': from_secret('packages_service_account_json'),
+            'target_bucket': 'grafana-packages',
+            'deb_distribution': 'stable',
+            'gpg_passphrase': from_secret('packages_gpg_passphrase'),
+            'gpg_public_key': from_secret('packages_gpg_public_key'),
+            'gpg_private_key': from_secret('packages_gpg_private_key'),
+            'package_path': 'gs://grafana-prerelease/artifacts/downloads/*${{DRONE_TAG}}/{}/**.deb'.format(edition)
+        }
+    }
+

 def get_windows_steps(edition, ver_mode):
    init_cmds = []
--- a/scripts/drone/vault.star
+++ b/scripts/drone/vault.star
@@ -26,4 +26,12 @@ def secrets():
        vault_secret(drone_token, 'infra/data/ci/drone', 'machine-user-token'),
        vault_secret(prerelease_bucket, 'infra/data/ci/grafana/prerelease', 'bucket'),
        vault_secret(gcp_upload_artifacts_key, 'infra/data/ci/grafana/releng/artifacts-uploader-service-account', 'credentials.json'),
+    
+        # Package publishing
+        vault_secret('packages_gpg_public_key', 'infra/data/ci/packages-publish/gpg', 'public-key'),
+        vault_secret('packages_gpg_private_key', 'infra/data/ci/packages-publish/gpg', 'private-key'),
+        vault_secret('packages_gpg_passphrase', 'infra/data/ci/packages-publish/gpg', 'passphrase'),
+        vault_secret('packages_service_account', 'infra/data/ci/packages-publish/service-account', 'credentials.json'),
+        vault_secret('packages_access_key_id', 'infra/data/ci/packages-publish/bucket-credentials', 'AccessID'),
+        vault_secret('packages_secret_access_key', 'infra/data/ci/packages-publish/bucket-credentials', 'Secret'),
    ]