From 743efefde877fb4e33692cb4e50a5e886c8a1d73 Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Wed, 28 Feb 2024 09:08:58 -0500 Subject: [PATCH 1/2] ci: temporarily disable some CI jobs Temporarily disable some CI jobs as the repo gets set up. --- .drone/drone.yml | 454 +----------------- .drone/pipelines/build_images.jsonnet | 5 + .drone/pipelines/publish.jsonnet | 7 + ...la-pr.yml => bump-formula-pr.yml.disabled} | 0 ...l => check-linux-build-image.yml.disabled} | 0 ...=> check-windows-build-image.yml.disabled} | 0 ...-release.yml => helm-release.yml.disabled} | 0 ...> publish-documentation-next.yml.disabled} | 0 ...lish-documentation-versioned.yml.disabled} | 0 9 files changed, 13 insertions(+), 453 deletions(-) rename .github/workflows/{bump-formula-pr.yml => bump-formula-pr.yml.disabled} (100%) rename .github/workflows/{check-linux-build-image.yml => check-linux-build-image.yml.disabled} (100%) rename .github/workflows/{check-windows-build-image.yml => check-windows-build-image.yml.disabled} (100%) rename .github/workflows/{helm-release.yml => helm-release.yml.disabled} (100%) rename .github/workflows/{publish-documentation-next.yml => publish-documentation-next.yml.disabled} (100%) rename .github/workflows/{publish-documentation-versioned.yml => publish-documentation-versioned.yml.disabled} (100%) diff --git a/.drone/drone.yml b/.drone/drone.yml index f521c097fe..51f63aad0d 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -1,107 +1,5 @@ --- kind: pipeline -name: Create Linux build image -platform: - arch: amd64 - os: linux -steps: -- commands: - - export IMAGE_TAG=${DRONE_TAG##build-image/v} - - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - - docker buildx create --name multiarch --driver docker-container --use - - docker buildx build --build-arg="GO_RUNTIME=golang:1.22.0-bullseye" --push --platform - linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG ./build-image - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - image: docker - name: Build - volumes: - - name: docker - path: /var/run/docker.sock -trigger: - event: - - tag - ref: - - refs/tags/build-image/v* -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -kind: pipeline -name: Create Linux build image for boringcrypto -platform: - arch: amd64 - os: linux -steps: -- commands: - - export IMAGE_TAG=${DRONE_TAG##build-image/v}-boringcrypto - - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - - docker buildx create --name multiarch --driver docker-container --use - - docker buildx build --build-arg="GO_RUNTIME=mcr.microsoft.com/oss/go/microsoft/golang:1.22-bullseye" - --push --platform linux/amd64,linux/arm64 -t grafana/agent-build-image:$IMAGE_TAG - ./build-image - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - image: docker - name: Build - volumes: - - name: docker - path: /var/run/docker.sock -trigger: - event: - - tag - ref: - - refs/tags/build-image/v* -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -kind: pipeline -name: Create Windows build image -platform: - arch: amd64 - os: windows - version: "1809" -steps: -- commands: - - $IMAGE_TAG="${DRONE_TAG##build-image/v}-windows" - - docker login -u $Env:DOCKER_LOGIN -p $Env:DOCKER_PASSWORD - - docker build -t grafana/agent-build-image:$IMAGE_TAG ./build-image/windows - - docker push grafana/agent-build-image:$IMAGE_TAG - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - image: docker:windowsservercore-1809 - name: Build - volumes: - - name: docker - path: //./pipe/docker_engine/ -trigger: - event: - - tag - ref: - - refs/tags/build-image/v* -type: docker -volumes: -- host: - path: //./pipe/docker_engine/ - name: docker ---- -kind: pipeline name: Lint platform: arch: amd64 @@ -896,356 +794,6 @@ trigger: type: docker --- kind: pipeline -name: Publish Linux agent container -platform: - arch: amd64 - os: linux -steps: -- commands: - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - failure: ignore - image: grafana/agent-build-image:0.31.0 - name: Configure QEMU - volumes: - - name: docker - path: /var/run/docker.sock -- commands: - - mkdir -p $HOME/.docker - - printenv GCR_CREDS > $HOME/.docker/config.json - - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - - docker buildx create --name multiarch-agent-agent-${DRONE_COMMIT_SHA} --driver - docker-container --use - - ./tools/ci/docker-containers agent - - docker buildx rm multiarch-agent-agent-${DRONE_COMMIT_SHA} - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - GCR_CREDS: - from_secret: gcr_admin - image: grafana/agent-build-image:0.31.0 - name: Publish container - volumes: - - name: docker - path: /var/run/docker.sock -trigger: - ref: - - refs/heads/main - - refs/tags/v* -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -kind: pipeline -name: Publish Linux agent-boringcrypto container -platform: - arch: amd64 - os: linux -steps: -- commands: - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - failure: ignore - image: grafana/agent-build-image:0.31.0 - name: Configure QEMU - volumes: - - name: docker - path: /var/run/docker.sock -- commands: - - mkdir -p $HOME/.docker - - printenv GCR_CREDS > $HOME/.docker/config.json - - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - - docker buildx create --name multiarch-agent-agent-boringcrypto-${DRONE_COMMIT_SHA} - --driver docker-container --use - - ./tools/ci/docker-containers agent-boringcrypto - - docker buildx rm multiarch-agent-agent-boringcrypto-${DRONE_COMMIT_SHA} - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - GCR_CREDS: - from_secret: gcr_admin - image: grafana/agent-build-image:0.31.0 - name: Publish container - volumes: - - name: docker - path: /var/run/docker.sock -trigger: - ref: - - refs/heads/main - - refs/tags/v* -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -kind: pipeline -name: Publish Linux agentctl container -platform: - arch: amd64 - os: linux -steps: -- commands: - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - failure: ignore - image: grafana/agent-build-image:0.31.0 - name: Configure QEMU - volumes: - - name: docker - path: /var/run/docker.sock -- commands: - - mkdir -p $HOME/.docker - - printenv GCR_CREDS > $HOME/.docker/config.json - - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - - docker buildx create --name multiarch-agent-agentctl-${DRONE_COMMIT_SHA} --driver - docker-container --use - - ./tools/ci/docker-containers agentctl - - docker buildx rm multiarch-agent-agentctl-${DRONE_COMMIT_SHA} - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - GCR_CREDS: - from_secret: gcr_admin - image: grafana/agent-build-image:0.31.0 - name: Publish container - volumes: - - name: docker - path: /var/run/docker.sock -trigger: - ref: - - refs/heads/main - - refs/tags/v* -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -kind: pipeline -name: Publish Linux agent-operator container -platform: - arch: amd64 - os: linux -steps: -- commands: - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - failure: ignore - image: grafana/agent-build-image:0.31.0 - name: Configure QEMU - volumes: - - name: docker - path: /var/run/docker.sock -- commands: - - mkdir -p $HOME/.docker - - printenv GCR_CREDS > $HOME/.docker/config.json - - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - - docker buildx create --name multiarch-agent-agent-operator-${DRONE_COMMIT_SHA} - --driver docker-container --use - - ./tools/ci/docker-containers agent-operator - - docker buildx rm multiarch-agent-agent-operator-${DRONE_COMMIT_SHA} - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - GCR_CREDS: - from_secret: gcr_admin - image: grafana/agent-build-image:0.31.0 - name: Publish container - volumes: - - name: docker - path: /var/run/docker.sock -trigger: - ref: - - refs/heads/main - - refs/tags/v* -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -kind: pipeline -name: Publish Windows agent container -platform: - arch: amd64 - os: windows - version: "1809" -steps: -- commands: - - '& "C:/Program Files/git/bin/bash.exe" ./tools/ci/docker-containers-windows agent' - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - image: grafana/agent-build-image:0.31.0-windows - name: Build containers - volumes: - - name: docker - path: //./pipe/docker_engine/ -trigger: - ref: - - refs/heads/main - - refs/tags/v* -type: docker -volumes: -- host: - path: //./pipe/docker_engine/ - name: docker ---- -kind: pipeline -name: Publish Windows agentctl container -platform: - arch: amd64 - os: windows - version: "1809" -steps: -- commands: - - '& "C:/Program Files/git/bin/bash.exe" ./tools/ci/docker-containers-windows agentctl' - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - image: grafana/agent-build-image:0.31.0-windows - name: Build containers - volumes: - - name: docker - path: //./pipe/docker_engine/ -trigger: - ref: - - refs/heads/main - - refs/tags/v* -type: docker -volumes: -- host: - path: //./pipe/docker_engine/ - name: docker ---- -depends_on: -- Publish Linux agent container -- Publish Linux agent-boringcrypto container -- Publish Linux agentctl container -- Publish Linux agent-operator container -image_pull_secrets: -- dockerconfigjson -kind: pipeline -name: Deploy to deployment_tools -platform: - arch: amd64 - os: linux -steps: -- commands: - - apk update && apk add git - - echo "$(sh ./tools/image-tag)" > .tag-only - - echo "grafana/agent:$(sh ./tools/image-tag)" > .image-tag - image: alpine - name: Create .image-tag -- image: us.gcr.io/kubernetes-dev/drone/plugins/updater - name: Update deployment_tools - settings: - config_json: | - { - "git_committer_name": "updater-for-ci[bot]", - "git_author_name": "updater-for-ci[bot]", - "git_committer_email": "119986603+updater-for-ci[bot]@users.noreply.github.com", - "git_author_email": "119986603+updater-for-ci[bot]@users.noreply.github.com", - "destination_branch": "master", - "repo_name": "deployment_tools", - "update_jsonnet_attribute_configs": [ - { - "file_path": "ksonnet/environments/kowalski/dev-us-central-0.kowalski-dev/main.jsonnet", - "jsonnet_key": "agent_image", - "jsonnet_value_file": ".image-tag" - }, - { - "file_path": "ksonnet/environments/grafana-agent/waves/agent.libsonnet", - "jsonnet_key": "dev_canary", - "jsonnet_value_file": ".image-tag" - }, - { - "file_path": "ksonnet/environments/pyroscope-ebpf/waves/ebpf.libsonnet", - "jsonnet_key": "dev_canary", - "jsonnet_value_file": ".image-tag" - } - ] - } - github_app_id: - from_secret: updater_app_id - github_app_installation_id: - from_secret: updater_app_installation_id - github_app_private_key: - from_secret: updater_private_key -trigger: - ref: - - refs/heads/main -type: docker ---- -depends_on: -- Publish Linux agent container -- Publish Linux agent-boringcrypto container -- Publish Linux agentctl container -- Publish Linux agent-operator container -- Publish Windows agent container -- Publish Windows agentctl container -image_pull_secrets: -- dockerconfigjson -kind: pipeline -name: Publish release -platform: - arch: amd64 - os: linux -steps: -- commands: - - /usr/bin/github-app-external-token > /drone/src/gh-token.txt - environment: - GITHUB_APP_ID: - from_secret: updater_app_id - GITHUB_APP_INSTALLATION_ID: - from_secret: updater_app_installation_id - GITHUB_APP_PRIVATE_KEY: - from_secret: updater_private_key - image: us.gcr.io/kubernetes-dev/github-app-secret-writer:latest - name: Generate GitHub token -- commands: - - export GITHUB_TOKEN=$(cat /drone/src/gh-token.txt) - - docker login -u $DOCKER_LOGIN -p $DOCKER_PASSWORD - - make -j4 RELEASE_BUILD=1 VERSION=${DRONE_TAG} dist - - | - VERSION=${DRONE_TAG} RELEASE_DOC_TAG=$(echo ${DRONE_TAG} | awk -F '.' '{print $1"."$2}') ./tools/release - environment: - DOCKER_LOGIN: - from_secret: docker_login - DOCKER_PASSWORD: - from_secret: docker_password - GPG_PASSPHRASE: - from_secret: gpg_passphrase - GPG_PRIVATE_KEY: - from_secret: gpg_private_key - GPG_PUBLIC_KEY: - from_secret: gpg_public_key - image: grafana/agent-build-image:0.31.0 - name: Publish release - volumes: - - name: docker - path: /var/run/docker.sock -trigger: - ref: - - refs/tags/v* -type: docker -volumes: -- host: - path: /var/run/docker.sock - name: docker ---- -kind: pipeline name: Test Linux system packages platform: arch: amd64 @@ -1352,6 +900,6 @@ kind: secret name: updater_private_key --- kind: signature -hmac: 2e439110a89f33a78d745a71635d47f9b1a99de6028bb84c258a0be9c09840f2 +hmac: f0ee45eb7194fb9b66e5fe25c83d3727698c10653033ffcc8f8aaae215c23752 ... diff --git a/.drone/pipelines/build_images.jsonnet b/.drone/pipelines/build_images.jsonnet index 328c7fc344..9378bb703e 100644 --- a/.drone/pipelines/build_images.jsonnet +++ b/.drone/pipelines/build_images.jsonnet @@ -17,6 +17,10 @@ local locals = { }; [ + // TODO(rfratto): The following are temporarily diasbled as grafana/alloy + // gets set up. + + /* pipelines.linux('Create Linux build image') { trigger: locals.on_build_image_tag, steps: [{ @@ -88,4 +92,5 @@ local locals = { host: { path: '//./pipe/docker_engine/' }, }], }, + */ ] diff --git a/.drone/pipelines/publish.jsonnet b/.drone/pipelines/publish.jsonnet index 6f8c4c2b20..bd578daca7 100644 --- a/.drone/pipelines/publish.jsonnet +++ b/.drone/pipelines/publish.jsonnet @@ -91,6 +91,12 @@ local windows_containers_jobs = std.map(function(container) ( } ), windows_containers); +// TODO(rfratto): The following are TEMPORARILY disabled as grafana/alloy gets +// set up. Remove the line below in favor of the comment block to reenable the +// publish jobs. +[] + +/* linux_containers_jobs + windows_containers_jobs + [ pipelines.linux('Deploy to deployment_tools') { trigger: { @@ -196,3 +202,4 @@ linux_containers_jobs + windows_containers_jobs + [ }], }, ] +*/ diff --git a/.github/workflows/bump-formula-pr.yml b/.github/workflows/bump-formula-pr.yml.disabled similarity index 100% rename from .github/workflows/bump-formula-pr.yml rename to .github/workflows/bump-formula-pr.yml.disabled diff --git a/.github/workflows/check-linux-build-image.yml b/.github/workflows/check-linux-build-image.yml.disabled similarity index 100% rename from .github/workflows/check-linux-build-image.yml rename to .github/workflows/check-linux-build-image.yml.disabled diff --git a/.github/workflows/check-windows-build-image.yml b/.github/workflows/check-windows-build-image.yml.disabled similarity index 100% rename from .github/workflows/check-windows-build-image.yml rename to .github/workflows/check-windows-build-image.yml.disabled diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml.disabled similarity index 100% rename from .github/workflows/helm-release.yml rename to .github/workflows/helm-release.yml.disabled diff --git a/.github/workflows/publish-documentation-next.yml b/.github/workflows/publish-documentation-next.yml.disabled similarity index 100% rename from .github/workflows/publish-documentation-next.yml rename to .github/workflows/publish-documentation-next.yml.disabled diff --git a/.github/workflows/publish-documentation-versioned.yml b/.github/workflows/publish-documentation-versioned.yml.disabled similarity index 100% rename from .github/workflows/publish-documentation-versioned.yml rename to .github/workflows/publish-documentation-versioned.yml.disabled From 2552a4114363c5f4eeae2df57c781b24aa8f7398 Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Wed, 28 Feb 2024 09:23:37 -0500 Subject: [PATCH 2/2] ci: update `make drone` to sign with correct repo name --- .drone/drone.yml | 2 +- Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone/drone.yml b/.drone/drone.yml index 51f63aad0d..8833018b6f 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -900,6 +900,6 @@ kind: secret name: updater_private_key --- kind: signature -hmac: f0ee45eb7194fb9b66e5fe25c83d3727698c10653033ffcc8f8aaae215c23752 +hmac: 25f83467a6323fb131c803ff1e9b9b0676d28c40ab0d55f374307685111eb61f ... diff --git a/Makefile b/Makefile index f08f0f9d89..aabf28a9c6 100644 --- a/Makefile +++ b/Makefile @@ -331,7 +331,7 @@ endif .PHONY: drone drone: generate-drone drone lint .drone/drone.yml --trusted - drone --server https://drone.grafana.net sign --save grafana/agent .drone/drone.yml + drone --server https://drone.grafana.net sign --save grafana/alloy .drone/drone.yml .PHONY: clean clean: clean-dist clean-build-container-cache