CI: Add rgm to drone (#66991)

* add drone stub that build grafana using 'grafana/build' (dagger) --------- Co-authored-by: Ricky Whitaker <ricky.whitaker@grafana.com>
2025-02-25 18:55:37 -06:00 · 2023-05-03 13:56:02 -05:00 · 2023-05-03 13:56:02 -05:00 · 768efe9748
commit 768efe9748
parent 00a6a14a23
4 changed files with 243 additions and 1 deletions
--- a/.drone.star
+++ b/.drone.star
@ -20,6 +20,10 @@ load(
    "publish_npm_pipelines",
    "publish_packages_pipeline",
 )
+load(
+    "scripts/drone/rgm.star",
+    "rgm",
+)
 load(
    "scripts/drone/pipelines/publish_images.star",
    "publish_image_pipelines_public",
@ -51,6 +55,7 @@ def main(_ctx):
        publish_artifacts_pipelines("public") +
        publish_npm_pipelines() +
        publish_packages_pipeline() +
+        rgm() +
        artifacts_page_pipeline() +
        version_branch_pipelines() +
        integration_test_pipelines() +
--- a/.drone.yml
+++ b/.drone.yml
@ -4546,6 +4546,106 @@ volumes:
    path: /var/run/docker.sock
  name: docker
 ---
+clone:
+  retries: 3
+depends_on: []
+image_pull_secrets:
+- dockerconfigjson
+kind: pipeline
+name: '[RGM] Build and upload a grafana.tar.gz to a prerelease bucket when merging
+  to main'
+node:
+  type: no-parallel
+platform:
+  arch: amd64
+  os: linux
+services: []
+steps:
+- commands:
+  - git clone https://github.com/grafana/grafana-build.git rgm
+  failure: ignore
+  image: alpine/git
+  name: clone-rgm
+- commands:
+  - apk update && apk add docker
+  - export GRAFANA_DIR=$$(pwd)
+  - cd rgm && ./scripts/drone_publish_main.sh
+  environment:
+    DESTINATION:
+      from_secret: destination
+    GCP_KEY_BASE64:
+      from_secret: gcp_key_base64
+    GITHUB_TOKEN:
+      from_secret: github_token
+  failure: ignore
+  image: golang:1.20.3-alpine
+  name: rgm-build
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+trigger:
+  branch: main
+  event:
+  - push
+type: docker
+volumes:
+- host:
+    path: /var/run/docker.sock
+  name: docker
+---
+clone:
+  retries: 3
+depends_on:
+- main-test-backend
+- main-test-frontend
+image_pull_secrets:
+- dockerconfigjson
+kind: pipeline
+name: '[RGM] Build and upload a grafana.tar.gz to a prerelease bucket when tagging'
+node:
+  type: no-parallel
+platform:
+  arch: amd64
+  os: linux
+services: []
+steps:
+- commands:
+  - git clone https://github.com/grafana/grafana-build.git rgm
+  failure: ignore
+  image: alpine/git
+  name: clone-rgm
+- commands:
+  - apk update && apk add docker
+  - export GRAFANA_DIR=$$(pwd)
+  - cd rgm && ./scripts/drone_publish_tag.sh
+  environment:
+    DESTINATION:
+      from_secret: destination
+    GCP_KEY_BASE64:
+      from_secret: gcp_key_base64
+    GITHUB_TOKEN:
+      from_secret: github_token
+  failure: ignore
+  image: golang:1.20.3-alpine
+  name: rgm-build
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+trigger:
+  event:
+    exclude:
+    - promote
+  ref:
+    exclude:
+    - refs/tags/*-cloud*
+    include:
+    - refs/tags/v*
+type: docker
+volumes:
+- host:
+    path: /var/run/docker.sock
+  name: docker
+---
 clone:
  disable: true
 depends_on: []
@ -6822,7 +6922,25 @@ get:
 kind: secret
 name: enterprise2_security_prefix
 ---
+get:
+  name: gcp_service_account_base64
+  path: infra/data/ci/grafana-release-eng/rgm
+kind: secret
+name: gcp_key_base64
+---
+get:
+  name: destination
+  path: infra/data/ci/grafana-release-eng/rgm
+kind: secret
+name: destination
+---
+get:
+  name: pat
+  path: infra/data/ci/github/grafanabot
+kind: secret
+name: github_token
+---
 kind: signature
-hmac: e8c29c328c07ab24a7f858cc319c9b35a5bec1fc79531e809e5d3a390bbcbc2f
+hmac: d6bfbf6fa92bf3ed68b72ed6315e926aeec8b50e08a44cff1e40f0561007a0fd

 ...
--- a/scripts/drone/rgm.star
+++ b/scripts/drone/rgm.star
@ -0,0 +1,100 @@
+"""
+rgm uses 'github.com/grafana/grafana-build' to build Grafana on the following events:
+* A merge to main
+* A tag that begins with a 'v'
+"""
+
+load(
+    "scripts/drone/utils/utils.star",
+    "pipeline",
+)
+load(
+    "scripts/drone/vault.star",
+    "from_secret",
+    "rgm_destination",
+    "rgm_gcp_key_base64",
+    "rgm_github_token",
+)
+
+rgm_env_secrets = {
+    "GCP_KEY_BASE64": from_secret(rgm_gcp_key_base64),
+    "DESTINATION": from_secret(rgm_destination),
+    "GITHUB_TOKEN": from_secret(rgm_github_token),
+}
+
+def rgm_build(script = "drone_publish_main.sh"):
+    clone_step = {
+        "name": "clone-rgm",
+        "image": "alpine/git",
+        "commands": [
+            "git clone https://github.com/grafana/grafana-build.git rgm",
+        ],
+        "failure": "ignore",
+    }
+
+    rgm_build_step = {
+        "name": "rgm-build",
+        "image": "golang:1.20.3-alpine",
+        "commands": [
+            # the docker program is a requirement for running dagger programs
+            "apk update && apk add docker",
+            "export GRAFANA_DIR=$$(pwd)",
+            "cd rgm && ./scripts/{}".format(script),
+        ],
+        "environment": rgm_env_secrets,
+        # The docker socket is a requirement for running dagger programs
+        # In the future we should find a way to use dagger without mounting the docker socket.
+        "volumes": [{"name": "docker", "path": "/var/run/docker.sock"}],
+        "failure": "ignore",
+    }
+
+    return [
+        clone_step,
+        rgm_build_step,
+    ]
+
+def rgm_main():
+    trigger = {
+        "event": [
+            "push",
+        ],
+        "branch": "main",
+    }
+
+    return pipeline(
+        name = "[RGM] Build and upload a grafana.tar.gz to a prerelease bucket when merging to main",
+        edition = "all",
+        trigger = trigger,
+        steps = rgm_build(),
+    )
+
+def rgm_tag():
+    trigger = {
+        "event": {
+            "exclude": [
+                "promote",
+            ],
+        },
+        "ref": {
+            "include": [
+                "refs/tags/v*",
+            ],
+            "exclude": [
+                "refs/tags/*-cloud*",
+            ],
+        },
+    }
+
+    return pipeline(
+        name = "[RGM] Build and upload a grafana.tar.gz to a prerelease bucket when tagging",
+        edition = "all",
+        trigger = trigger,
+        steps = rgm_build(script = "drone_publish_tag.sh"),
+        depends_on = ["main-test-backend", "main-test-frontend"],
+    )
+
+def rgm():
+    return [
+        rgm_main(),
+        rgm_tag(),
+    ]
--- a/scripts/drone/vault.star
+++ b/scripts/drone/vault.star
@ -9,6 +9,10 @@ azure_sp_app_id = "azure_sp_app_id"
 azure_sp_app_pw = "azure_sp_app_pw"
 azure_tenant = "azure_tenant"

+rgm_gcp_key_base64 = "gcp_key_base64"
+rgm_destination = "destination"
+rgm_github_token = "github_token"
+
 def from_secret(secret):
    return {"from_secret": secret}

@ -119,4 +123,19 @@ def secrets():
            "infra/data/ci/grafana-release-eng/enterprise2",
            "security_prefix",
        ),
+        vault_secret(
+            rgm_gcp_key_base64,
+            "infra/data/ci/grafana-release-eng/rgm",
+            "gcp_service_account_base64",
+        ),
+        vault_secret(
+            rgm_destination,
+            "infra/data/ci/grafana-release-eng/rgm",
+            "destination",
+        ),
+        vault_secret(
+            rgm_github_token,
+            "infra/data/ci/github/grafanabot",
+            "pat",
+        ),
    ]