mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
CI: Cleanup - Remove security related steps (#70788)
* Remove security related steps * More cleanup
This commit is contained in:
Dimitris Sotirakis
committed by
GitHub
GitHub
parent
dde4a03544
commit
7f55ba9c6e
@@ -4,7 +4,6 @@ This module returns all the pipelines used in the event of a release along with
|
||||
|
||||
load(
|
||||
"scripts/drone/steps/lib.star",
|
||||
"artifacts_page_step",
|
||||
"build_backend_step",
|
||||
"build_docker_images_step",
|
||||
"build_frontend_package_step",
|
||||
@@ -525,7 +524,6 @@ def enterprise2_pipelines(prefix = "", ver_mode = ver_mode, trigger = release_tr
|
||||
publish_images_step(
|
||||
"enterprise2",
|
||||
"release",
|
||||
mode = "enterprise2",
|
||||
docker_repo = "${{DOCKER_ENTERPRISE2_REPO}}",
|
||||
),
|
||||
],
|
||||
@@ -556,23 +554,16 @@ def enterprise2_pipelines(prefix = "", ver_mode = ver_mode, trigger = release_tr
|
||||
|
||||
return pipelines
|
||||
|
||||
def publish_artifacts_step(mode):
|
||||
security = ""
|
||||
if mode == "security":
|
||||
security = "--security "
|
||||
def publish_artifacts_step():
|
||||
return {
|
||||
"name": "publish-artifacts",
|
||||
"image": images["publish_image"],
|
||||
"environment": {
|
||||
"GCP_KEY": from_secret("gcp_key"),
|
||||
"PRERELEASE_BUCKET": from_secret("prerelease_bucket"),
|
||||
"ENTERPRISE2_SECURITY_PREFIX": from_secret("enterprise2_security_prefix"),
|
||||
"SECURITY_DEST_BUCKET": from_secret("security_dest_bucket"),
|
||||
},
|
||||
"commands": [
|
||||
"./bin/build artifacts packages {}--tag $${{DRONE_TAG}} --src-bucket $${{PRERELEASE_BUCKET}}".format(
|
||||
security,
|
||||
),
|
||||
"./bin/build artifacts packages --tag $${{DRONE_TAG}} --src-bucket $${{PRERELEASE_BUCKET}}",
|
||||
],
|
||||
"depends_on": ["compile-build-cmd"],
|
||||
}
|
||||
@@ -622,11 +613,10 @@ def publish_artifacts_pipelines(mode):
|
||||
}
|
||||
steps = [
|
||||
compile_build_cmd(),
|
||||
publish_artifacts_step(mode),
|
||||
publish_artifacts_step(),
|
||||
publish_static_assets_step(),
|
||||
publish_storybook_step(),
|
||||
]
|
||||
if mode != "security":
|
||||
steps.extend([publish_storybook_step()])
|
||||
|
||||
return [
|
||||
pipeline(
|
||||
@@ -709,27 +699,6 @@ def publish_npm_pipelines():
|
||||
),
|
||||
]
|
||||
|
||||
def artifacts_page_pipeline():
|
||||
trigger = {
|
||||
"event": ["promote"],
|
||||
"target": "security",
|
||||
}
|
||||
return [
|
||||
pipeline(
|
||||
name = "publish-artifacts-page",
|
||||
trigger = trigger,
|
||||
steps = [
|
||||
download_grabpl_step(),
|
||||
clone_enterprise_step(source = "${DRONE_TAG}"),
|
||||
init_enterprise_step("release"),
|
||||
compile_build_cmd("enterprise"),
|
||||
artifacts_page_step(),
|
||||
],
|
||||
edition = "enterprise",
|
||||
environment = {"EDITION": "enterprise"},
|
||||
),
|
||||
]
|
||||
|
||||
def integration_test_pipelines():
|
||||
"""
|
||||
Trigger integration tests on release builds
|
||||
|
||||
@@ -112,14 +112,12 @@ def build_e2e(trigger, ver_mode):
|
||||
publish_images_step(
|
||||
docker_repo = "grafana",
|
||||
edition = edition,
|
||||
mode = "",
|
||||
trigger = trigger_oss,
|
||||
ver_mode = ver_mode,
|
||||
),
|
||||
publish_images_step(
|
||||
docker_repo = "grafana-oss",
|
||||
edition = edition,
|
||||
mode = "",
|
||||
trigger = trigger_oss,
|
||||
ver_mode = ver_mode,
|
||||
),
|
||||
@@ -155,7 +153,6 @@ def build_e2e(trigger, ver_mode):
|
||||
publish_images_step(
|
||||
docker_repo = "grafana",
|
||||
edition = edition,
|
||||
mode = "",
|
||||
trigger = trigger_oss,
|
||||
ver_mode = ver_mode,
|
||||
),
|
||||
|
||||
@@ -15,14 +15,13 @@ load(
|
||||
"pipeline",
|
||||
)
|
||||
|
||||
def publish_image_steps(edition, mode, docker_repo):
|
||||
def publish_image_steps(edition, docker_repo):
|
||||
"""Generates the steps used for publising Docker images using grabpl.
|
||||
|
||||
Args:
|
||||
edition: controls which version of an image is fetched in the case of a release.
|
||||
It also controls which publishing implementation is used.
|
||||
If edition == 'oss', it additionally publishes the grafana/grafana-oss repository.
|
||||
mode: uses to control the publishing of security images when mode == 'security'.
|
||||
docker_repo: the Docker image name.
|
||||
It is combined with the 'grafana/' library prefix.
|
||||
|
||||
@@ -34,12 +33,12 @@ def publish_image_steps(edition, mode, docker_repo):
|
||||
download_grabpl_step(),
|
||||
compile_build_cmd(),
|
||||
fetch_images_step(edition),
|
||||
publish_images_step(edition, "release", mode, docker_repo),
|
||||
publish_images_step(edition, "release", docker_repo),
|
||||
]
|
||||
|
||||
if edition == "oss":
|
||||
steps.append(
|
||||
publish_images_step(edition, "release", mode, "grafana-oss"),
|
||||
publish_images_step(edition, "release", "grafana-oss"),
|
||||
)
|
||||
|
||||
return steps
|
||||
@@ -59,7 +58,7 @@ def publish_image_pipelines_public():
|
||||
pipeline(
|
||||
name = "publish-docker-oss-{}".format(mode),
|
||||
trigger = trigger,
|
||||
steps = publish_image_steps(edition = "oss", mode = mode, docker_repo = "grafana"),
|
||||
steps = publish_image_steps(edition = "oss", docker_repo = "grafana"),
|
||||
edition = "",
|
||||
environment = {"EDITION": "oss"},
|
||||
),
|
||||
@@ -68,27 +67,6 @@ def publish_image_pipelines_public():
|
||||
trigger = trigger,
|
||||
steps = publish_image_steps(
|
||||
edition = "enterprise",
|
||||
mode = mode,
|
||||
docker_repo = "grafana-enterprise",
|
||||
),
|
||||
edition = "",
|
||||
environment = {"EDITION": "enterprise"},
|
||||
),
|
||||
]
|
||||
|
||||
def publish_image_pipelines_security():
|
||||
mode = "security"
|
||||
trigger = {
|
||||
"event": ["promote"],
|
||||
"target": [mode],
|
||||
}
|
||||
return [
|
||||
pipeline(
|
||||
name = "publish-docker-enterprise-{}".format(mode),
|
||||
trigger = trigger,
|
||||
steps = publish_image_steps(
|
||||
edition = "enterprise",
|
||||
mode = mode,
|
||||
docker_repo = "grafana-enterprise",
|
||||
),
|
||||
edition = "",
|
||||
|
||||
@@ -1130,7 +1130,7 @@ def fetch_images_step(edition):
|
||||
"volumes": [{"name": "docker", "path": "/var/run/docker.sock"}],
|
||||
}
|
||||
|
||||
def publish_images_step(edition, ver_mode, mode, docker_repo, trigger = None):
|
||||
def publish_images_step(edition, ver_mode, docker_repo, trigger = None):
|
||||
"""Generates a step for publishing public Docker images with grabpl.
|
||||
|
||||
Args:
|
||||
@@ -1138,7 +1138,6 @@ def publish_images_step(edition, ver_mode, mode, docker_repo, trigger = None):
|
||||
It also controls which publishing implementation is used.
|
||||
ver_mode: controls whether the image needs to be built or retrieved from a previous build.
|
||||
If ver_mode == 'release', the previously built image is fetched instead of being built again.
|
||||
mode: uses to control the publishing of security images when mode == 'security'.
|
||||
docker_repo: the Docker image name.
|
||||
It is combined with the 'grafana/' library prefix.
|
||||
trigger: a Drone trigger for the pipeline.
|
||||
@@ -1149,10 +1148,6 @@ def publish_images_step(edition, ver_mode, mode, docker_repo, trigger = None):
|
||||
"""
|
||||
name = docker_repo
|
||||
docker_repo = "grafana/{}".format(docker_repo)
|
||||
if mode == "security":
|
||||
mode = "--{} ".format(mode)
|
||||
else:
|
||||
mode = ""
|
||||
|
||||
environment = {
|
||||
"GCP_KEY": from_secret("gcp_key"),
|
||||
@@ -1163,8 +1158,7 @@ def publish_images_step(edition, ver_mode, mode, docker_repo, trigger = None):
|
||||
"GITHUB_APP_PRIVATE_KEY": from_secret("delivery-bot-app-private-key"),
|
||||
}
|
||||
|
||||
cmd = "./bin/grabpl artifacts docker publish {}--dockerhub-repo {}".format(
|
||||
mode,
|
||||
cmd = "./bin/grabpl artifacts docker publish --dockerhub-repo {}".format(
|
||||
docker_repo,
|
||||
)
|
||||
|
||||
@@ -1654,21 +1648,6 @@ def trigger_test_release():
|
||||
},
|
||||
}
|
||||
|
||||
def artifacts_page_step():
|
||||
return {
|
||||
"name": "artifacts-page",
|
||||
"image": images["build_image"],
|
||||
"depends_on": [
|
||||
"compile-build-cmd",
|
||||
],
|
||||
"environment": {
|
||||
"GCP_KEY": from_secret("gcp_key"),
|
||||
},
|
||||
"commands": [
|
||||
"./bin/build artifacts-page",
|
||||
],
|
||||
}
|
||||
|
||||
def end_to_end_tests_deps():
|
||||
return [
|
||||
"end-to-end-tests-dashboards-suite",
|
||||
|
||||
@@ -99,31 +99,16 @@ def secrets():
|
||||
"secret/data/common/aws-marketplace",
|
||||
"aws_secret_access_key",
|
||||
),
|
||||
vault_secret(
|
||||
"security_dest_bucket",
|
||||
"infra/data/ci/grafana-release-eng/security-bucket",
|
||||
"bucket",
|
||||
),
|
||||
vault_secret(
|
||||
"static_asset_editions",
|
||||
"infra/data/ci/grafana-release-eng/artifact-publishing",
|
||||
"static_asset_editions",
|
||||
),
|
||||
vault_secret(
|
||||
"enterprise2_security_prefix",
|
||||
"infra/data/ci/grafana-release-eng/enterprise2",
|
||||
"security_prefix",
|
||||
),
|
||||
vault_secret(
|
||||
"enterprise2-cdn-path",
|
||||
"infra/data/ci/grafana-release-eng/enterprise2",
|
||||
"cdn_path",
|
||||
),
|
||||
vault_secret(
|
||||
"enterprise2_security_prefix",
|
||||
"infra/data/ci/grafana-release-eng/enterprise2",
|
||||
"security_prefix",
|
||||
),
|
||||
vault_secret(
|
||||
rgm_gcp_key_base64,
|
||||
"infra/data/ci/grafana-release-eng/rgm",
|
||||
|
||||
Reference in New Issue
Block a user