[v10.0.x] CI: Add release verify pipeline (#68756) (#68934)

CI: Add release verify pipeline (#68756) (cherry picked from commit 79f49c9649)
2025-02-25 18:55:37 -06:00 · 2023-05-23 17:18:15 -05:00
parent 74af6f9343
commit d1f6d46edd
5 changed files with 194 additions and 1 deletions
--- a/.drone.star
+++ b/.drone.star
@@ -19,6 +19,7 @@ load(
    "publish_artifacts_pipelines",
    "publish_npm_pipelines",
    "publish_packages_pipeline",
+    "verify_release_pipeline",
 )
 load(
    "scripts/drone/pipelines/publish_images.star",
@@ -55,6 +56,7 @@ def main(_ctx):
        publish_artifacts_pipelines("public") +
        publish_npm_pipelines() +
        publish_packages_pipeline() +
+        [verify_release_pipeline()] +
        [windows_test_backend({
            "event": ["promote"],
            "target": ["test-windows"],
--- a/.drone.yml
+++ b/.drone.yml
@@ -4377,6 +4377,54 @@ volumes:
    path: /var/run/docker.sock
  name: docker
 ---
+clone:
+  retries: 3
+depends_on:
+- release-oss-build-e2e-publish
+- release-enterprise-build-e2e-publish
+- release-enterprise2-build-e2e-publish
+- release-oss-windows
+- release-enterprise-windows
+image_pull_secrets:
+- dockerconfigjson
+kind: pipeline
+name: verify-prerelease-assets
+node:
+  type: no-parallel
+platform:
+  arch: amd64
+  os: linux
+services: []
+steps:
+- commands:
+  - apt-get update && apt-get install -yq gettext
+  - printenv GCP_KEY | base64 -d > /tmp/key.json
+  - gcloud auth activate-service-account --key-file=/tmp/key.json
+  - VERSION=${DRONE_TAG} ./scripts/list-release-artifacts.sh | xargs -n1 gsutil stat
+  depends_on:
+  - clone
+  environment:
+    BUCKET:
+      from_secret: prerelease_bucket
+    GCP_KEY:
+      from_secret: gcp_key
+  image: google/cloud-sdk
+  name: gsutil-stat
+trigger:
+  event:
+    exclude:
+    - promote
+  ref:
+    exclude:
+    - refs/tags/*-cloud*
+    include:
+    - refs/tags/v*
+type: docker
+volumes:
+- host:
+    path: /var/run/docker.sock
+  name: docker
+---
 clone:
  disable: true
 depends_on: []
@@ -6778,6 +6826,6 @@ kind: secret
 name: delivery-bot-app-private-key
 ---
 kind: signature
-hmac: ed191338009351d2bbedc1c00a176b2ef26314420166baaa93527d4e87b00aef
+hmac: 0660516229712fcde890a1671417290a699cba8e51ec9463a33b8b65cc1cc6d4

 ...
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -229,6 +229,7 @@
 /Dockerfile @grafana/grafana-delivery
 /Makefile @grafana/grafana-delivery
 /scripts/build/ @grafana/grafana-delivery
+/scripts/list-release-artifacts.sh @grafana/grafana-delivery

 # OSS Plugin Partnerships backend code
 /pkg/tsdb/cloudwatch/ @grafana/aws-datasources
--- a/scripts/drone/events/release.star
+++ b/scripts/drone/events/release.star
@@ -790,3 +790,45 @@ def integration_test_pipelines():
    ))

    return pipelines
+
+def verify_release_pipeline(
+        name = "verify-prerelease-assets",
+        bucket = from_secret(prerelease_bucket),
+        gcp_key = from_secret("gcp_key"),
+        version = "${DRONE_TAG}",
+        trigger = release_trigger,
+        depends_on = [
+            "release-oss-build-e2e-publish",
+            "release-enterprise-build-e2e-publish",
+            "release-enterprise2-build-e2e-publish",
+            "release-oss-windows",
+            "release-enterprise-windows",
+        ]):
+    """
+    Runs a script that 'gsutil stat's every artifact that should have been produced by the pre-release process.
+
+    Returns:
+      A single Drone pipeline that runs the script.
+    """
+    step = {
+        "name": "gsutil-stat",
+        "depends_on": ["clone"],
+        "image": "google/cloud-sdk",
+        "environment": {
+            "BUCKET": bucket,
+            "GCP_KEY": gcp_key,
+        },
+        "commands": [
+            "apt-get update && apt-get install -yq gettext",
+            "printenv GCP_KEY | base64 -d > /tmp/key.json",
+            "gcloud auth activate-service-account --key-file=/tmp/key.json",
+            "VERSION={} ./scripts/list-release-artifacts.sh | xargs -n1 gsutil stat".format(version),
+        ],
+    }
+    return pipeline(
+        depends_on = depends_on,
+        name = name,
+        edition = "all",
+        trigger = trigger,
+        steps = [step],
+    )
--- a/scripts/list-release-artifacts.sh
+++ b/scripts/list-release-artifacts.sh
@@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+set -e
+
+VERSION="${1:-v9.5.2}"
+ERSION="${VERSION#*v}"
+
+ASSETS=$(cat << EOF
+gs://${BUCKET}/artifacts/static-assets/grafana-oss/${ERSION}/public/robots.txt
+gs://${BUCKET}/artifacts/static-assets/grafana/${ERSION}/public/robots.txt
+gs://${BUCKET}/artifacts/static-assets/grafana-pro/${ERSION}/public/robots.txt
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}-1.aarch64.rpm
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}-1.aarch64.rpm.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}-1.armhfp.rpm
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}-1.armhfp.rpm.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}-1.x86_64.rpm
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}-1.x86_64.rpm.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.darwin-amd64.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.darwin-amd64.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-amd64-musl.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-amd64-musl.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-amd64.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-amd64.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-arm64-musl.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-arm64-musl.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-arm64.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-arm64.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-armv6.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-armv6.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-armv7-musl.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-armv7-musl.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-armv7.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.linux-armv7.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.windows-amd64.msi
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.windows-amd64.msi.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.windows-amd64.zip
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-${ERSION}.windows-amd64.zip.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-rpi_${ERSION}_armhf.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana-rpi_${ERSION}_armhf.deb.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana_${ERSION}_amd64.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana_${ERSION}_amd64.deb.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana_${ERSION}_arm64.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana_${ERSION}_arm64.deb.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana_${ERSION}_armhf.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/oss/release/grafana_${ERSION}_armhf.deb.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}-1.aarch64.rpm
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}-1.aarch64.rpm.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}-1.armhfp.rpm
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}-1.armhfp.rpm.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}-1.x86_64.rpm
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}-1.x86_64.rpm.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.darwin-amd64.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.darwin-amd64.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-amd64-musl.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-amd64-musl.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-amd64.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-amd64.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-arm64-musl.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-arm64-musl.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-arm64.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-arm64.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-armv6.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-armv6.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-armv7-musl.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-armv7-musl.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-armv7.tar.gz
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.linux-armv7.tar.gz.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.windows-amd64.msi
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.windows-amd64.msi.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.windows-amd64.zip
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION}.windows-amd64.zip.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-rpi_${ERSION}_armhf.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-rpi_${ERSION}_armhf.deb.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise_${ERSION}_amd64.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise_${ERSION}_amd64.deb.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise_${ERSION}_arm64.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise_${ERSION}_arm64.deb.sha256
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise_${ERSION}_armhf.deb
+gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise_${ERSION}_armhf.deb.sha256
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-amd64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-arm64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-armv7.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-ubuntu-amd64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-ubuntu-arm64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-ubuntu-armv7.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-amd64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-arm64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-armv7.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-ubuntu-amd64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-ubuntu-arm64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-ubuntu-armv7.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-amd64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-arm64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-armv7.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-ubuntu-amd64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-ubuntu-arm64.img
+gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-ubuntu-armv7.img
+EOF
+)
+
+echo "${ASSETS}" | envsubst