From 9360d96f13cee533a37e8e1b5e125659e246e980 Mon Sep 17 00:00:00 2001 From: Arve Knudsen Date: Tue, 14 Jul 2020 13:31:26 +0200 Subject: [PATCH] Drone: Tighten grafana-enterprise access to token (#26321) Signed-off-by: Arve Knudsen --- .drone.yml | 2 ++ scripts/lib.star | 74 ++++++++++++++++++++++++++++++------------------ 2 files changed, 49 insertions(+), 27 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9046979ebf6..765275d0bdd 100644 --- a/.drone.yml +++ b/.drone.yml @@ -160,6 +160,8 @@ steps: - mkdir -p /hugo/content/docs/grafana - cp -r docs/sources /hugo/content/docs/grafana/latest - cd /hugo && make prod + depends_on: + - initialize - name: copy-packages-for-docker image: grafana/build-container:1.2.21 diff --git a/scripts/lib.star b/scripts/lib.star index 52ecb490d2f..ba3843ca96d 100644 --- a/scripts/lib.star +++ b/scripts/lib.star @@ -45,8 +45,7 @@ def pipelines(kind, name, edition): }, }, ], - 'steps': [ - init_step(edition), + 'steps': init_steps(edition) + [ lint_backend_step(edition), { 'name': 'codespell', @@ -230,6 +229,9 @@ def pipelines(kind, name, edition): 'name': 'build-docs-website', # Use latest revision here, since we want to catch if it breaks 'image': 'grafana/docs-base:latest', + 'depends_on': [ + 'initialize', + ], 'commands': [ 'mkdir -p /hugo/content/docs/grafana', 'cp -r docs/sources /hugo/content/docs/grafana/latest', @@ -328,7 +330,7 @@ def pipelines(kind, name, edition): return pipelines -def init_step(edition): +def init_steps(edition): grabpl_version = '0.4.24' common_cmds = [ 'curl -fLO https://github.com/jwilder/dockerize/releases/download/v$${DOCKERIZE_VERSION}/dockerize-linux-amd64-v$${DOCKERIZE_VERSION}.tar.gz', @@ -339,41 +341,59 @@ def init_step(edition): 'cp -r $(yarn cache dir) yarn-cache', ] if edition == 'enterprise': - return { + return [ + { + 'name': 'clone', + 'image': 'alpine/git:v2.26.2', + 'environment': { + 'GITHUB_TOKEN': { + 'from_secret': 'github_token', + }, + }, + 'commands': [ + 'git clone https://$${GITHUB_TOKEN}@github.com/grafana/grafana-enterprise.git', + 'cd grafana-enterprise', + 'git checkout ${DRONE_COMMIT}', + ], + }, + { + 'name': 'initialize', + 'image': build_image, + 'environment': { + 'GRABPL_VERSION': grabpl_version, + 'DOCKERIZE_VERSION': '0.6.1', + }, + 'depends_on': [ + 'clone', + ], + 'commands': [ + 'curl -fLO https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v$${GRABPL_VERSION}/grabpl', + 'chmod +x grabpl', + 'mv grabpl /tmp', + 'mv grafana-enterprise /tmp/', + '/tmp/grabpl init-enterprise /tmp/grafana-enterprise', + 'mkdir bin', + 'mv /tmp/grabpl bin/' + ] + common_cmds, + }, + ] + + return [ + { 'name': 'initialize', 'image': build_image, 'environment': { 'GRABPL_VERSION': grabpl_version, 'DOCKERIZE_VERSION': '0.6.1', - 'GITHUB_TOKEN': { - 'from_secret': 'github_token', - }, }, 'commands': [ - # Have grabpl clone Grafana OSS and pull enterprise extensions into it 'curl -fLO https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v$${GRABPL_VERSION}/grabpl', 'chmod +x grabpl', - 'mv grabpl /tmp', - '/tmp/grabpl init-enterprise ${DRONE_COMMIT} $${GITHUB_TOKEN}', - 'mkdir bin', - 'mv /tmp/grabpl bin/' + 'mkdir -p bin', + 'mv grabpl bin', ] + common_cmds, - } - - return { - 'name': 'initialize', - 'image': build_image, - 'environment': { - 'GRABPL_VERSION': grabpl_version, - 'DOCKERIZE_VERSION': '0.6.1', }, - 'commands': [ - 'curl -fLO https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/v$${GRABPL_VERSION}/grabpl', - 'chmod +x grabpl', - 'mkdir -p bin', - 'mv grabpl bin', - ] + common_cmds, - } + ] def lint_backend_step(edition): cmd = 'make lint-go'