grafana/scripts/drone/events/release.star

324 lines
9.8 KiB
Plaintext

"""
This module returns all the pipelines used in the event of a release along with supporting functions.
"""
load(
"scripts/drone/services/services.star",
"integration_test_services",
"integration_test_services_volumes",
)
load(
"scripts/drone/steps/lib.star",
"compile_build_cmd",
"download_grabpl_step",
"identify_runner_step",
"memcached_integration_tests_steps",
"mysql_integration_tests_steps",
"postgres_integration_tests_steps",
"publish_grafanacom_step",
"publish_linux_packages_step",
"redis_integration_tests_steps",
"remote_alertmanager_integration_tests_steps",
"verify_gen_cue_step",
"verify_gen_jsonnet_step",
"wire_install_step",
"yarn_install_step",
)
load(
"scripts/drone/utils/images.star",
"images",
)
load(
"scripts/drone/utils/utils.star",
"pipeline",
)
load(
"scripts/drone/vault.star",
"from_secret",
"gcp_grafanauploads_base64",
"npm_token",
"prerelease_bucket",
"rgm_gcp_key_base64",
)
ver_mode = "release"
semver_regex = r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$"
def retrieve_npm_packages_step():
return {
"name": "retrieve-npm-packages",
"image": images["publish"],
"depends_on": [
"compile-build-cmd",
"yarn-install",
],
"failure": "ignore",
"environment": {
"GCP_KEY": from_secret(gcp_grafanauploads_base64),
"PRERELEASE_BUCKET": from_secret(prerelease_bucket),
},
"commands": ["./bin/build artifacts npm retrieve --tag ${DRONE_TAG}"],
}
def release_pr_step(depends_on = []):
return {
"name": "create-release-pr",
"image": images["curl"],
"depends_on": depends_on,
"environment": {
"GITHUB_TOKEN": from_secret("github_token"),
"GH_CLI_URL": "https://github.com/cli/cli/releases/download/v2.50.0/gh_2.50.0_linux_amd64.tar.gz",
},
"commands": [
"apk add perl",
"v_target=`echo $${{TAG}} | perl -pe 's/{}/v\\1.\\2.x/'`".format(semver_regex),
"default_target=`if [[ -n $$LATEST ]]; then echo 'main'; else echo $$v_target; fi`",
"backport=`if [[ -n $$LATEST ]]; then echo $$v_target; fi`",
# Install gh CLI
"curl -L $${GH_CLI_URL} | tar -xz --strip-components=1 -C /usr",
# Run the release-pr workflow
"gh workflow run " +
"-f dry_run=$${DRY_RUN} " +
"-f version=$${TAG} " +
# If the submitter has set a target branch, then use that, otherwise use the default
"-f target=$${TARGET:-$default_target} " +
# If the submitter has set a backport branch, then use that, otherwise use the default
"-f backport=$${BACKPORT:-$default_backport} " +
"--repo=grafana/grafana release-pr.yml",
],
}
def release_npm_packages_step():
return {
"name": "release-npm-packages",
"image": images["node"],
"depends_on": [
"compile-build-cmd",
"retrieve-npm-packages",
],
"failure": "ignore",
"environment": {
"NPM_TOKEN": from_secret(npm_token),
},
"commands": ["./bin/build artifacts npm release --tag ${DRONE_TAG}"],
}
def publish_artifacts_step():
return {
"name": "publish-artifacts",
"image": images["publish"],
"environment": {
"GCP_KEY": from_secret(gcp_grafanauploads_base64),
"PRERELEASE_BUCKET": from_secret("prerelease_bucket"),
},
"commands": [
"./bin/build artifacts packages --tag $${DRONE_TAG} --src-bucket $${PRERELEASE_BUCKET}",
],
"depends_on": ["compile-build-cmd"],
}
def publish_static_assets_step():
return {
"name": "publish-static-assets",
"image": images["publish"],
"environment": {
"GCP_KEY": from_secret(gcp_grafanauploads_base64),
"PRERELEASE_BUCKET": from_secret("prerelease_bucket"),
"STATIC_ASSET_EDITIONS": from_secret("static_asset_editions"),
},
"commands": [
"./bin/build artifacts static-assets --tag ${DRONE_TAG} --static-asset-editions=grafana-oss",
],
"depends_on": ["compile-build-cmd"],
}
def publish_storybook_step():
return {
"name": "publish-storybook",
"image": images["publish"],
"environment": {
"GCP_KEY": from_secret(gcp_grafanauploads_base64),
"PRERELEASE_BUCKET": from_secret("prerelease_bucket"),
},
"commands": [
"./bin/build artifacts storybook --tag ${DRONE_TAG}",
],
"depends_on": ["compile-build-cmd"],
}
def publish_artifacts_pipelines(mode):
"""Published artifacts after they've been stored and tested in prerelease buckets.
Args:
mode: public or security.
Defaults to ''.
Returns:
List of Drone pipelines.
"""
trigger = {
"event": ["promote"],
"target": [mode],
}
steps = [
compile_build_cmd(),
publish_artifacts_step(),
publish_static_assets_step(),
publish_storybook_step(),
release_pr_step(depends_on = ["publish-artifacts", "publish-static-assets"]),
]
return [
pipeline(
name = "create-release-pr",
trigger = {
"event": ["promote"],
"target": "release-pr",
},
steps = [
release_pr_step(),
],
),
pipeline(
name = "publish-artifacts-{}".format(mode),
trigger = trigger,
steps = steps,
environment = {"EDITION": "oss"},
),
]
def publish_packages_pipeline():
"""Generates pipelines used for publishing packages for OSS.
Returns:
List of Drone pipelines. One for each of OSS and enterprise packages.
"""
trigger = {
"event": ["promote"],
"target": ["public"],
}
oss_steps = [
compile_build_cmd(),
publish_linux_packages_step(package_manager = "deb"),
publish_linux_packages_step(package_manager = "rpm"),
publish_grafanacom_step(ver_mode = "release"),
]
deps = [
"publish-artifacts-public",
"publish-docker-public",
]
return [
pipeline(
name = "publish-packages",
trigger = trigger,
steps = oss_steps,
depends_on = deps,
environment = {"EDITION": "oss"},
),
]
def publish_npm_pipelines():
trigger = {
"event": ["promote"],
"target": ["public"],
}
steps = [
compile_build_cmd(),
yarn_install_step(),
retrieve_npm_packages_step(),
release_npm_packages_step(),
]
return [
pipeline(
name = "publish-npm-packages-public",
trigger = trigger,
steps = steps,
environment = {"EDITION": "oss"},
),
]
def integration_test_pipelines():
"""
Trigger integration tests on release builds
These pipelines should be triggered when we have a release that does a lot of
cherry-picking and we still want to have all the integration tests run on that
particular build.
Returns:
List of Drone pipelines
"""
trigger = {
"event": ["promote"],
"target": "integration-tests",
}
pipelines = []
volumes = integration_test_services_volumes()
integration_test_steps = postgres_integration_tests_steps() + \
mysql_integration_tests_steps("mysql57", "5.7") + \
mysql_integration_tests_steps("mysql80", "8.0") + \
redis_integration_tests_steps() + \
memcached_integration_tests_steps() + \
remote_alertmanager_integration_tests_steps()
pipelines.append(pipeline(
name = "integration-tests",
trigger = trigger,
services = integration_test_services(),
steps = [
download_grabpl_step(),
identify_runner_step(),
verify_gen_cue_step(),
verify_gen_jsonnet_step(),
wire_install_step(),
] +
integration_test_steps,
environment = {"EDITION": "oss"},
volumes = volumes,
))
return pipelines
def verify_release_pipeline(
name = "verify-prerelease-assets",
bucket = from_secret(prerelease_bucket),
gcp_key = from_secret(rgm_gcp_key_base64),
version = "${DRONE_TAG}",
trigger = {},
depends_on = [
"release-build-e2e-publish",
"release-windows",
]):
"""
Runs a script that 'gsutil stat's every artifact that should have been produced by the pre-release process.
Returns:
A single Drone pipeline that runs the script.
"""
step = {
"name": "gsutil-stat",
"depends_on": ["clone"],
"image": images["cloudsdk"],
"environment": {
"BUCKET": bucket,
"GCP_KEY": gcp_key,
},
"commands": [
"apt-get update && apt-get install -yq gettext",
"printenv GCP_KEY | base64 -d > /tmp/key.json",
"gcloud auth activate-service-account --key-file=/tmp/key.json",
"./scripts/list-release-artifacts.sh {} | xargs -n1 gsutil stat >> /tmp/stat.log".format(version),
"! cat /tmp/stat.log | grep \"No URLs matched\"",
],
}
return pipeline(
depends_on = depends_on,
name = name,
trigger = trigger,
steps = [step],
)