here goes nothing

grafana · Sep 17, 2024 · 510ea28 · 510ea28
1 parent ae7dfd1
commit 510ea28
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 31 deletions.
diff --git a/.drone/drone.jsonnet b/.drone/drone.jsonnet
@@ -44,6 +44,9 @@ local docker_config_json_secret = secret('dockerconfigjson', 'secret/data/common
 
 // secret needed for dep-tools
 local gh_token_secret = secret('gh_token', 'infra/data/ci/github/grafanabot', 'pat');
+local tempo_app_id_secret = secret('tempo_app_id_secret', 'ci/data/repo/grafana/tempo/github-app', 'app_id');
+local tempo_app_installation_id_secret = secret('tempo_app_installation_id_secret', 'ci/data/repo/grafana/tempo/github-app', 'installation_id');
+local tempo_app_private_key_secret = secret('tempo_app_private_key_secret', 'ci/data/repo/grafana/tempo/github-app', 'private_key');
 
 // secret to sign linux packages
 local gpg_passphrase = secret('gpg_passphrase', 'infra/data/ci/packages-publish/gpg', 'passphrase');
@@ -148,7 +151,7 @@ local deploy_to_dev() = {
       {
         destination_branch: 'master',
         pull_request_branch_prefix: 'cd-tempo-dev',
-        pull_request_enabled: false,
+        pull_request_enabled: true,
         pull_request_team_reviewers: [
           'tempo',
         ],
@@ -164,8 +167,14 @@ local deploy_to_dev() = {
       },
       '  '
     ),
-    github_token: {
-      from_secret: gh_token_secret.name,
+    github_app_id: {
+      from_secret: tempo_app_id_secret.name,
+    },
+    github_app_installation_id: {
+      from_secret: tempo_app_installation_id_secret.name,
+    },
+    github_app_private_key: {
+      from_secret: tempo_app_private_key_secret.name,
     },
   },
 };
@@ -393,7 +402,6 @@ local deploy_to_dev() = {
         image: 'golang:1.22',
         commands: ['make release'],
         environment: {
-          GITHUB_TOKEN: { from_secret: gh_token_secret.name },
           NFPM_DEFAULT_PASSPHRASE: { from_secret: gpg_passphrase.name },
           NFPM_SIGNING_KEY_FILE: '/drone/src/private-key.key',
         },
@@ -408,6 +416,9 @@ local deploy_to_dev() = {
   docker_password_secret,
   docker_config_json_secret,
   gh_token_secret,
+  tempo_app_id_secret,
+  tempo_app_installation_id_secret,
+  tempo_app_private_key_secret,
   image_upload_ops_tools_secret,
   aws_dev_access_key_id,
   aws_dev_secret_access_key,

diff --git a/.drone/drone.yml b/.drone/drone.yml
@@ -333,15 +333,13 @@ steps:
   settings:
     config_json: |-
       {
-        "repo_owner": "grafana",
-        "repo_name": "deployment_tools",
         "destination_branch": "master",
         "pull_request_branch_prefix": "cd-tempo-dev",
         "pull_request_enabled": true,
-        "pull_request_existing_strategy": "ignore",
         "pull_request_team_reviewers": [
           "tempo"
         ],
+        "repo_name": "deployment_tools",
         "update_jsonnet_attribute_configs": [
           {
             "file_path": "ksonnet/environments/tempo/dev-us-central-0.tempo-dev-01/images.libsonnet",
@@ -361,11 +359,11 @@ steps:
         ]
       }
     github_app_id:
-      from_secret: tempo-app-id
+      from_secret: tempo_app_id_secret
     github_app_installation_id:
-      from_secret: tempo-app-installation-id
+      from_secret: tempo_app_installation_id_secret
     github_app_private_key:
-      from_secret: tempo-app-private-key
+      from_secret: tempo_app_private_key_secret
 trigger:
   ref:
   - refs/heads/main
@@ -482,8 +480,6 @@ steps:
 - commands:
   - make release
   environment:
-    GITHUB_TOKEN:
-      from_secret: gh_token
     NFPM_DEFAULT_PASSPHRASE:
       from_secret: gpg_passphrase
     NFPM_SIGNING_KEY_FILE: /drone/src/private-key.key
@@ -528,6 +524,24 @@ get:
 kind: secret
 name: gh_token
 ---
+get:
+  name: app_id
+  path: ci/data/repo/grafana/tempo/github-app
+kind: secret
+name: tempo_app_id_secret
+---
+get:
+  name: installation_id
+  path: ci/data/repo/grafana/tempo/github-app
+kind: secret
+name: tempo_app_installation_id_secret
+---
+get:
+  name: private_key
+  path: ci/data/repo/grafana/tempo/github-app
+kind: secret
+name: tempo_app_private_key_secret
+---
 get:
   name: credentials.json
   path: infra/data/ci/tempo-ops-tools-function-upload
@@ -570,25 +584,7 @@ get:
 kind: secret
 name: gpg_passphrase
 ---
-get:
-  name: app-id
-  path: ci/data/repo/grafana/tempo/github-app
-kind: secret
-name: tempo-app-id
----
-get:
-  name: app-installation-id
-  path: ci/data/repo/grafana/tempo/github-app
-kind: secret
-name: tempo-app-installation-id
----
-get:
-  name: app-private-key
-  path: ci/data/repo/grafana/tempo/github-app
-kind: secret
-name: tempo-app-private-key
----
 kind: signature
-hmac: bee5601dffa0f46559f5d8734ebda1261ec9171a3dca7add1a23188f6f162945
+hmac: 874f5743a31335aeffef05d822492dcfbec4f9ca8bc5d8bed32f9f336cfb1a80
 
 ...