public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
55781b486c89488aeba2171b204d33ac25037ef2
grafana/scripts/drone/vault.star
T
Guilherme Caulada 55781b486c CI: Add nightly prerelease builds (#74119) 
* Add nightly prerelease builds

* Fix duplicated pipeline names

* Fix misnamed dependencies

* Fix misnamed dependencies

* Fix string formatting

* Add option to specify bucket to RGM pipeline

* Fix trigger?

* Comment out cron triggers

* Fix windows bucket for nightly

* Fix versioning for windows and verify pipelines

* Use grafana/grafana-build:dev-209553c

* Fix version on windows steps

* Fix version on windows steps

* Fix windows .zip path

* Fix windows .zip path

* Remove windows builds from nightly for now

* Remove verify release pipeline from nightly

* Add docstring to rgm_release

* Revert changes to get_windows_steps

* Simplify changes to rgm.star

* Use grafana/grafana-build:dev-f5a15d4

* Add rgm copy step

* Use grafana/grafana-build:dev-d88be0f

* Fix destination variable

* Escape copy destination environment variable

* Add -r flag to rgm copy command

* Add dependency to rgm-copy step

* Add dist volume

* Use absolute path for dist volume

* Move dist folder to drone workspace

* Delegate drone workspace path to grafana-build

* Use grafana/grafana-build:dev-66149b8

* Lower folder depth

* Use grafana/grafana-build:dev-7355791

* Add rgm-nightly-publish pipeline

* Merge imports on rgm.star

* Fix rgm_copy to allow copying to local destination

* Use grafana/grafana-build:dev-36ec1e2

* Use grafana/grafana-build:dev-634d8dc

* Use grafana/grafana-build:dev-7a93728

* Use grafana/grafana-build:dev-5e36725

* Use grafana/grafana-build:dev-f5ebe1f

* Fix copy source for nightly builds

* Fix drone build number on rgm-copy step

* Use grafana/grafana-build:dev-637583f

* Use grafana/grafana-build:dev-f2cc524

* Allow tag trigger on grafana/grafana for testing

* Use grafana/grafana-build:dev-c71d4b7

* Use grafana/grafana-build:dev-63beac8

* Use grafana/grafana-build:dev-224a0dd

* Add environment variables for package publishing

* Revert unintentional change to dataquery.cue

* Add package publish step to nightly pipeline

* Use GCS path for package publish

* Pre-evaluate drone workspace on packages path

* Use hardcoded drone workspace path

* Remove unused env from publish packages step

* Use grafana/grafana-build:dev-657ea6a

* Use grafana/grafana-build:dev-1a9beec

* Use grafana/grafana-build:dev-f0053c8

* Use grafana/grafana-build:main

* Use grafana/grafana-build:dev-ae5182f

* Use grafana/grafana-build:dev-ec3ec36

* Use grafana/grafana-build:dev-5e160d8

* Use grafana/grafana-build:dev-142d2dc

* Use grafana/grafana-build:dev-db6bff1

* Use grafana/grafana-build:main

* Change nightly trigger to cron
2023-10-04 13:55:43 -03:00

171 lines
5.8 KiB
Python
Raw Blame History

"""
This module returns functions for generating Drone secrets fetched from Vault.
"""
pull_secret = "dockerconfigjson"
drone_token = "drone_token"
prerelease_bucket = "prerelease_bucket"
gcp_upload_artifacts_key = "gcp_upload_artifacts_key"
gcp_grafanauploads = "gcp_grafanauploads"
gcp_grafanauploads_base64 = "gcp_grafanauploads_base64"
gcp_download_build_container_assets_key = "gcp_download_build_container_assets_key"
azure_sp_app_id = "azure_sp_app_id"
azure_sp_app_pw = "azure_sp_app_pw"
azure_tenant = "azure_tenant"
rgm_gcp_key_base64 = "gcp_key_base64"
rgm_destination = "destination"
rgm_storybook_destination = "rgm_storybook_destination"
rgm_cdn_destination = "rgm_cdn_destination"
rgm_downloads_destination = "rgm_downloads_destination"
rgm_github_token = "github_token"
rgm_dagger_token = "dagger_token"
docker_username = "docker_username"
docker_password = "docker_password"
npm_token = "npm_token"
def from_secret(secret):
return {"from_secret": secret}
def vault_secret(name, path, key):
return {
"kind": "secret",
"name": name,
"get": {
"path": path,
"name": key,
},
}
def secrets():
return [
vault_secret(gcp_grafanauploads, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials.json"),
vault_secret(gcp_grafanauploads_base64, "infra/data/ci/grafana-release-eng/grafanauploads", "credentials_base64"),
vault_secret("grafana_api_key", "infra/data/ci/grafana-release-eng/grafanacom", "api_key"),
vault_secret("grafana_api_key_dev", "infra/data/ci/grafana-release-eng/grafanacom", "api_key_dev"),
vault_secret(pull_secret, "secret/data/common/gcr", ".dockerconfigjson"),
vault_secret("github_token", "infra/data/ci/github/grafanabot", "pat"),
vault_secret(drone_token, "infra/data/ci/drone", "machine-user-token"),
vault_secret(prerelease_bucket, "infra/data/ci/grafana/prerelease", "bucket"),
vault_secret(docker_username, "infra/data/ci/grafanaci-docker-hub", "username"),
vault_secret(docker_password, "infra/data/ci/grafanaci-docker-hub", "password"),
vault_secret(
gcp_upload_artifacts_key,
"infra/data/ci/grafana/releng/artifacts-uploader-service-account",
"credentials.json",
),
vault_secret(
gcp_download_build_container_assets_key,
"infra/data/ci/grafana/assets-downloader-build-container-service-account",
"credentials.json",
),
vault_secret(
azure_sp_app_id,
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",
"application_id",
),
vault_secret(
azure_sp_app_pw,
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",
"application_secret",
),
vault_secret(
azure_tenant,
"infra/data/ci/datasources/cpp-azure-resourcemanager-credentials",
"tenant_id",
),
vault_secret(
npm_token,
"infra/data/ci/grafana-release-eng/npm",
"token",
),
# Package publishing
vault_secret(
"packages_gpg_public_key",
"infra/data/ci/packages-publish/gpg",
"public-key-b64",
),
vault_secret(
"packages_gpg_private_key",
"infra/data/ci/packages-publish/gpg",
"private-key-b64",
),
vault_secret(
"packages_gpg_passphrase",
"infra/data/ci/packages-publish/gpg",
"passphrase",
),
vault_secret(
"packages_service_account",
"infra/data/ci/packages-publish/service-account",
"credentials.json",
),
vault_secret(
"packages_access_key_id",
"infra/data/ci/packages-publish/bucket-credentials",
"AccessID",
),
vault_secret(
"packages_secret_access_key",
"infra/data/ci/packages-publish/bucket-credentials",
"Secret",
),
vault_secret(
"static_asset_editions",
"infra/data/ci/grafana-release-eng/artifact-publishing",
"static_asset_editions",
),
vault_secret(
rgm_gcp_key_base64,
"infra/data/ci/grafana-release-eng/rgm",
"gcp_service_account_prod_base64",
),
vault_secret(
rgm_destination,
"infra/data/ci/grafana-release-eng/rgm",
"destination_prod",
),
vault_secret(
rgm_storybook_destination,
"infra/data/ci/grafana-release-eng/rgm",
"storybook_destination",
),
vault_secret(
rgm_cdn_destination,
"infra/data/ci/grafana-release-eng/rgm",
"cdn_destination",
),
vault_secret(
rgm_downloads_destination,
"infra/data/ci/grafana-release-eng/rgm",
"downloads_destination",
),
vault_secret(
rgm_dagger_token,
"infra/data/ci/grafana-release-eng/rgm",
"dagger_token",
),
# grafana-delivery-bot secrets
vault_secret(
"delivery-bot-app-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-id",
),
vault_secret(
"delivery-bot-app-installation-id",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-installation-id",
),
vault_secret(
"delivery-bot-app-private-key",
"infra/data/ci/grafana-release-eng/grafana-delivery-bot",
"app-private-key",
),
vault_secret(
"gcr_credentials",
"secret/data/common/gcr",
"service-account",
),
]
Reference in New Issue View Git Blame Copy Permalink