CI: Add GPG keys to rgm, don't clone RGM just use the docker image (#71143)

* Add GPG keys to rgm, dont' clone RGM just use the docker image * remove the cd command * forgot to make drone :( * idk * reference script more specifically * i guess we'll just cd /src * Only show not found artifacts
2025-02-25 18:55:37 -06:00 · 2023-07-07 08:42:40 -05:00 · 2023-07-07 08:42:40 -05:00 · d5a4c81fa1
commit d5a4c81fa1
parent 92c94710cd
4 changed files with 27 additions and 42 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -4632,7 +4632,8 @@ steps:
  - apt-get update && apt-get install -yq gettext
  - printenv GCP_KEY | base64 -d > /tmp/key.json
  - gcloud auth activate-service-account --key-file=/tmp/key.json
-  - ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat
+  - ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat | grep
+    "No URLs matched"
  depends_on:
  - clone
  environment:
@ -4674,14 +4675,8 @@ platform:
 services: []
 steps:
 - commands:
-  - git clone https://github.com/grafana/grafana-build.git rgm
-  failure: ignore
-  image: alpine/git
-  name: clone-rgm
- commands:
-  - apk update && apk add docker bash
  - export GRAFANA_DIR=$$(pwd)
-  - cd rgm && ./scripts/drone_publish_main.sh
+  - cd /src && ./scripts/drone_publish_main.sh
  environment:
    _EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
      from_secret: dagger_token
@ -4691,8 +4686,14 @@ steps:
      from_secret: gcp_key_base64
    GITHUB_TOKEN:
      from_secret: github_token
+    GPG_PASSPHRASE:
+      from_secret: packages_gpg_passphrase
+    GPG_PRIVATE_KEY:
+      from_secret: packages_gpg_private_key
+    GPG_PUBLIC_KEY:
+      from_secret: packages_gpg_public_key
  failure: ignore
-  image: golang:1.20.3-alpine
+  image: grafana/grafana-build:main
  name: rgm-build
  volumes:
  - name: docker
@ -4728,14 +4729,8 @@ platform:
 services: []
 steps:
 - commands:
-  - git clone https://github.com/grafana/grafana-build.git rgm
-  failure: ignore
-  image: alpine/git
-  name: clone-rgm
- commands:
-  - apk update && apk add docker bash
  - export GRAFANA_DIR=$$(pwd)
-  - cd rgm && ./scripts/drone_publish_tag.sh
+  - cd /src && ./scripts/drone_publish_tag.sh
  environment:
    _EXPERIMENTAL_DAGGER_CLOUD_TOKEN:
      from_secret: dagger_token
@ -4745,8 +4740,14 @@ steps:
      from_secret: gcp_key_base64
    GITHUB_TOKEN:
      from_secret: github_token
+    GPG_PASSPHRASE:
+      from_secret: packages_gpg_passphrase
+    GPG_PRIVATE_KEY:
+      from_secret: packages_gpg_private_key
+    GPG_PUBLIC_KEY:
+      from_secret: packages_gpg_public_key
  failure: ignore
-  image: golang:1.20.3-alpine
+  image: grafana/grafana-build:main
  name: rgm-build
  volumes:
  - name: docker
@ -4785,7 +4786,8 @@ steps:
  - apt-get update && apt-get install -yq gettext
  - printenv GCP_KEY | base64 -d > /tmp/key.json
  - gcloud auth activate-service-account --key-file=/tmp/key.json
-  - ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat
+  - ./scripts/list-release-artifacts.sh ${DRONE_TAG} | xargs -n1 gsutil stat | grep
+    "No URLs matched"
  depends_on:
  - clone
  environment:
@ -7352,6 +7354,6 @@ kind: secret
 name: delivery-bot-app-private-key
 ---
 kind: signature
-hmac: 80038c08bedd62d8a0e4250e12e3dbb27712dd640694ff9f57ef14a82282ab76
+hmac: 804a6690ecc4900ed6d0ed55902de1858562f2a07e359204d5c0e2313e5f61ca

 ...
--- a/scripts/drone/events/release.star
+++ b/scripts/drone/events/release.star
@ -803,7 +803,7 @@ def verify_release_pipeline(
            "apt-get update && apt-get install -yq gettext",
            "printenv GCP_KEY | base64 -d > /tmp/key.json",
            "gcloud auth activate-service-account --key-file=/tmp/key.json",
-            "./scripts/list-release-artifacts.sh {} | xargs -n1 gsutil stat".format(version),
+            "./scripts/list-release-artifacts.sh {} | xargs -n1 gsutil stat | grep \"No URLs matched\"".format(version),
        ],
    }
    return pipeline(
--- a/scripts/drone/rgm.star
+++ b/scripts/drone/rgm.star
@ -26,26 +26,18 @@ rgm_env_secrets = {
    "DESTINATION": from_secret(rgm_destination),
    "GITHUB_TOKEN": from_secret(rgm_github_token),
    "_EXPERIMENTAL_DAGGER_CLOUD_TOKEN": from_secret(rgm_dagger_token),
+    "GPG_PRIVATE_KEY": from_secret("packages_gpg_private_key"),
+    "GPG_PUBLIC_KEY": from_secret("packages_gpg_public_key"),
+    "GPG_PASSPHRASE": from_secret("packages_gpg_passphrase"),
 }

 def rgm_build(script = "drone_publish_main.sh"):
-    clone_step = {
-        "name": "clone-rgm",
-        "image": "alpine/git",
-        "commands": [
-            "git clone https://github.com/grafana/grafana-build.git rgm",
-        ],
-        "failure": "ignore",
-    }
-
    rgm_build_step = {
        "name": "rgm-build",
-        "image": "golang:1.20.3-alpine",
+        "image": "grafana/grafana-build:main",
        "commands": [
-            # the docker program is a requirement for running dagger programs
-            "apk update && apk add docker bash",
            "export GRAFANA_DIR=$$(pwd)",
-            "cd rgm && ./scripts/{}".format(script),
+            "cd /src && ./scripts/{}".format(script),
        ],
        "environment": rgm_env_secrets,
        # The docker socket is a requirement for running dagger programs
@ -55,7 +47,6 @@ def rgm_build(script = "drone_publish_main.sh"):
    }

    return [
-        clone_step,
        rgm_build_step,
    ]

--- a/scripts/list-release-artifacts.sh
+++ b/scripts/list-release-artifacts.sh
@ -49,8 +49,6 @@ gs://${BUCKET}/artifacts/downloads-enterprise2/${VERSION}/enterprise2/release/gr
 gs://${BUCKET}/artifacts/downloads-enterprise2/${VERSION}/enterprise2/release/grafana-enterprise2-${ERSION}.linux-amd64-musl.tar.gz.sha256
 gs://${BUCKET}/artifacts/downloads-enterprise2/${VERSION}/enterprise2/release/grafana-enterprise2_${ERSION_DEB}_amd64.deb
 gs://${BUCKET}/artifacts/downloads-enterprise2/${VERSION}/enterprise2/release/grafana-enterprise2_${ERSION_DEB}_amd64.deb.sha256
-gs://${BUCKET}/artifacts/downloads-enterprise2/${VERSION}/enterprise2/release/grafana-enterprise2-${ERSION_DEB}-1.x86_64.rpm
-gs://${BUCKET}/artifacts/downloads-enterprise2/${VERSION}/enterprise2/release/grafana-enterprise2-${ERSION_DEB}-1.x86_64.rpm.sha256
 gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION_DEB}-1.aarch64.rpm
 gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION_DEB}-1.aarch64.rpm.sha256
 gs://${BUCKET}/artifacts/downloads/${VERSION}/enterprise/release/grafana-enterprise-${ERSION_DEB}-1.armhfp.rpm
@ -91,12 +89,6 @@ gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-armv7.img
 gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-ubuntu-amd64.img
 gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-ubuntu-arm64.img
 gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise-${ERSION}-ubuntu-armv7.img
-gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-amd64.img
-gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-arm64.img
-gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-armv7.img
-gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-ubuntu-amd64.img
-gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-ubuntu-arm64.img
-gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-enterprise2-${ERSION}-ubuntu-armv7.img
 gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-amd64.img
 gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-arm64.img
 gs://${BUCKET}/artifacts/docker/${ERSION}/grafana-oss-${ERSION}-armv7.img