IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

CI: Provide a Drone promotion to build the build-container (#71133)

Browse Source
This commit is contained in:
Emil Tullstedt
2023-07-11 13:08:05 +02:00
committed by GitHub
parent b5272b5160
commit 7a9847e196
4 changed files with 121 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.drone.star
View File

@@ -30,6 +30,7 @@ load(
)
load(
"scripts/drone/pipelines/ci_images.star",
"publish_ci_build_container_image_pipeline",
"publish_ci_windows_test_image_pipeline",
)
load("scripts/drone/pipelines/github.star", "publish_github_pipeline")
@@ -66,6 +67,7 @@ def main(_ctx):
version_branch_pipelines() +
integration_test_pipelines() +
publish_ci_windows_test_image_pipeline() +
publish_ci_build_container_image_pipeline() +
cronjobs() +
secrets()
)

61
.drone.yml
View File

@@ -6978,6 +6978,59 @@ volumes:
path: //./pipe/docker_engine/
name: docker
---
clone:
retries: 3
depends_on: []
image_pull_secrets:
- dockerconfigjson
kind: pipeline
name: publish-ci-build-container-image
node:
type: no-parallel
platform:
arch: amd64
os: linux
services: []
steps:
- commands:
- if [ -z "${BUILD_CONTAINER_VERSION}" ]; then echo Missing BUILD_CONTAINER_VERSION;
false; fi
image: alpine:3.17.1
name: validate-version
- commands:
- printenv GCP_KEY > /tmp/key.json
- gcloud auth activate-service-account --key-file=/tmp/key.json
- gsutil cp gs://grafana-private-downloads/MacOSX10.15.sdk.tar.xz ./scripts/build/ci-build/MacOSX10.15.sdk.tar.xz
environment:
GCP_KEY:
from_secret: gcp_download_build_container_assets_key
image: google/cloud-sdk:431.0.0
name: download-macos-sdk
- commands:
- printenv DOCKER_PASSWORD | docker login -u "$DOCKER_USERNAME" --password-stdin
- docker build -t "grafana/build-container:${BUILD_CONTAINER_VERSION}" ./scripts/build/ci-build
- docker push "grafana/build-container:${BUILD_CONTAINER_VERSION}"
environment:
DOCKER_PASSWORD:
from_secret: docker_password
DOCKER_USERNAME:
from_secret: docker_username
image: google/cloud-sdk:431.0.0
name: build-and-publish
volumes:
- name: docker
path: /var/run/docker.sock
trigger:
event:
- promote
target:
- ci-build-container-image
type: docker
volumes:
- host:
path: /var/run/docker.sock
name: docker
---
clone:
retries: 3
kind: pipeline
@@ -7227,6 +7280,12 @@ get:
kind: secret
name: gcp_upload_artifacts_key
---
get:
name: credentials.json
path: infra/data/ci/grafana/assets-downloader-build-container-service-account
kind: secret
name: gcp_download_build_container_assets_key
---
get:
name: application_id
path: infra/data/ci/datasources/cpp-azure-resourcemanager-credentials
@@ -7354,6 +7413,6 @@ kind: secret
name: delivery-bot-app-private-key
---
kind: signature
hmac: 804a6690ecc4900ed6d0ed55902de1858562f2a07e359204d5c0e2313e5f61ca
hmac: 992db6d1af741f53ab58777764b03bf713ae2fc3ad7a3bdf8805d23b9bf2f9eb
...

53
scripts/drone/pipelines/ci_images.star
View File

@@ -9,11 +9,16 @@ load(
load(
"scripts/drone/vault.star",
"from_secret",
"gcp_download_build_container_assets_key",
)
load(
"scripts/drone/utils/windows_images.star",
"windows_images",
)
load(
"scripts/drone/utils/images.star",
"images",
)
def publish_ci_windows_test_image_pipeline():
trigger = {
@@ -65,3 +70,51 @@ def publish_ci_windows_test_image_pipeline():
}
return [pl]
def publish_ci_build_container_image_pipeline():
trigger = {
"event": ["promote"],
"target": ["ci-build-container-image"],
}
pl = pipeline(
name = "publish-ci-build-container-image",
trigger = trigger,
edition = "",
steps = [
{
"name": "validate-version",
"image": images["alpine_image"],
"commands": [
"if [ -z \"${BUILD_CONTAINER_VERSION}\" ]; then echo Missing BUILD_CONTAINER_VERSION; false; fi",
],
},
{
"name": "download-macos-sdk",
"image": images["cloudsdk_image"],
"environment": {
"GCP_KEY": from_secret(gcp_download_build_container_assets_key),
},
"commands": [
"printenv GCP_KEY > /tmp/key.json",
"gcloud auth activate-service-account --key-file=/tmp/key.json",
"gsutil cp gs://grafana-private-downloads/MacOSX10.15.sdk.tar.xz ./scripts/build/ci-build/MacOSX10.15.sdk.tar.xz",
],
},
{
"name": "build-and-publish", # Consider splitting the build and the upload task.
"image": images["cloudsdk_image"],
"volumes": [{"name": "docker", "path": "/var/run/docker.sock"}],
"environment": {
"DOCKER_USERNAME": from_secret("docker_username"),
"DOCKER_PASSWORD": from_secret("docker_password"),
},
"commands": [
"printenv DOCKER_PASSWORD | docker login -u \"$DOCKER_USERNAME\" --password-stdin",
"docker build -t \"grafana/build-container:${BUILD_CONTAINER_VERSION}\" ./scripts/build/ci-build",
"docker push \"grafana/build-container:${BUILD_CONTAINER_VERSION}\"",
],
},
],
)
return [pl]

6
scripts/drone/vault.star
View File

@@ -5,6 +5,7 @@ pull_secret = "dockerconfigjson"
drone_token = "drone_token"
prerelease_bucket = "prerelease_bucket"
gcp_upload_artifacts_key = "gcp_upload_artifacts_key"
gcp_download_build_container_assets_key = "gcp_download_build_container_assets_key"
azure_sp_app_id = "azure_sp_app_id"
azure_sp_app_pw = "azure_sp_app_pw"
azure_tenant = "azure_tenant"
@@ -38,6 +39,11 @@ def secrets():
"infra/data/ci/grafana/releng/artifacts-uploader-service-account",
"credentials.json",
),
vault_secret(
gcp_download_build_container_assets_key,
"infra/data/ci/grafana/assets-downloader-build-container-service-account",
"credentials.json",
),
vault_secret(
azure_sp_app_id,
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",