synced/tempo
1
0
Fork 0
mirror of https://github.com/grafana/tempo.git synced 2025-03-14 03:06:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Delete remaining Drone files to finish migration to GHA (#4552)

Browse Source
This commit is contained in:
Carles Garcia
2025-01-14 17:02:30 +01:00
committed by GitHub
parent 424274aab5
commit 52388dd460
7 changed files with 1 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.drone/docker-manifest.tmpl
View File

@ -1,13 +0,0 @@
image: grafana/{{config.target}}
tags:
- latest
- {{build.tags}}
manifests:
- image: grafana/{{config.target}}:{{build.tags}}-amd64
platform:
architecture: amd64
os: linux
- image: grafana/{{config.target}}:{{build.tags}}-arm64
platform:
architecture: arm64
os: linux

78
.drone/drone.jsonnet
View File

@ -1,78 +0,0 @@
local apps = ['tempo', 'tempo-vulture', 'tempo-query', 'tempo-cli'];
local archs = ['amd64', 'arm64'];
//# Building blocks ##
local pipeline(name, arch='amd64') = {
kind: 'pipeline',
name: name,
platform: {
os: 'linux',
arch: arch,
},
steps: [],
depends_on: [],
trigger: {
ref: [
'refs/heads/main',
'refs/tags/v*',
// weekly release branches
'refs/heads/r?',
'refs/heads/r??',
'refs/heads/r???',
],
},
};
local secret(name, vault_path, vault_key) = {
kind: 'secret',
name: name,
get: {
path: vault_path,
name: vault_key,
},
};
local docker_username_secret = secret('docker_username', 'infra/data/ci/docker_hub', 'username');
local docker_password_secret = secret('docker_password', 'infra/data/ci/docker_hub', 'password');
// secret needed to access us.gcr.io in deploy_to_dev()
local docker_config_json_secret = secret('dockerconfigjson', 'secret/data/common/gcr', '.dockerconfigjson');
// secret needed for dep-tools
local gh_token_secret = secret('gh_token', 'infra/data/ci/github/grafanabot', 'pat');
local tempo_app_id_secret = secret('tempo_app_id_secret', 'infra/data/ci/tempo/github-app', 'app-id');
local tempo_app_installation_id_secret = secret('tempo_app_installation_id_secret', 'infra/data/ci/tempo/github-app', 'app-installation-id');
local tempo_app_private_key_secret = secret('tempo_app_private_key_secret', 'infra/data/ci/tempo/github-app', 'app-private-key');
// secret to sign linux packages
local gpg_passphrase = secret('gpg_passphrase', 'infra/data/ci/packages-publish/gpg', 'passphrase');
local gpg_private_key = secret('gpg_private_key', 'infra/data/ci/packages-publish/gpg', 'private-key');
local aws_dev_access_key_id = secret('AWS_ACCESS_KEY_ID-dev', 'infra/data/ci/tempo-dev/aws-credentials-drone', 'access_key_id');
local aws_dev_secret_access_key = secret('AWS_SECRET_ACCESS_KEY-dev', 'infra/data/ci/tempo-dev/aws-credentials-drone', 'secret_access_key');
local aws_prod_access_key_id = secret('AWS_ACCESS_KEY_ID-prod', 'infra/data/ci/tempo-prod/aws-credentials-drone', 'access_key_id');
local aws_prod_secret_access_key = secret('AWS_SECRET_ACCESS_KEY-prod', 'infra/data/ci/tempo-prod/aws-credentials-drone', 'secret_access_key');
//# Steps ##
// the alpine/git image has apk errors when run on aarch64, this is the most recent image that does not have this issue
// https://github.com/alpine-docker/git/issues/35
local alpine_git_image = 'alpine/git:v2.30.2';
//# Pipelines & resources
[
docker_username_secret,
docker_password_secret,
docker_config_json_secret,
gh_token_secret,
tempo_app_id_secret,
tempo_app_installation_id_secret,
tempo_app_private_key_secret,
aws_dev_access_key_id,
aws_dev_secret_access_key,
aws_prod_access_key_id,
aws_prod_secret_access_key,
gpg_private_key,
gpg_passphrase,
]

83
.drone/drone.yml
View File

@ -1,83 +0,0 @@
---
get:
name: username
path: infra/data/ci/docker_hub
kind: secret
name: docker_username
---
get:
name: password
path: infra/data/ci/docker_hub
kind: secret
name: docker_password
---
get:
name: .dockerconfigjson
path: secret/data/common/gcr
kind: secret
name: dockerconfigjson
---
get:
name: pat
path: infra/data/ci/github/grafanabot
kind: secret
name: gh_token
---
get:
name: app-id
path: infra/data/ci/tempo/github-app
kind: secret
name: tempo_app_id_secret
---
get:
name: app-installation-id
path: infra/data/ci/tempo/github-app
kind: secret
name: tempo_app_installation_id_secret
---
get:
name: app-private-key
path: infra/data/ci/tempo/github-app
kind: secret
name: tempo_app_private_key_secret
---
get:
name: access_key_id
path: infra/data/ci/tempo-dev/aws-credentials-drone
kind: secret
name: AWS_ACCESS_KEY_ID-dev
---
get:
name: secret_access_key
path: infra/data/ci/tempo-dev/aws-credentials-drone
kind: secret
name: AWS_SECRET_ACCESS_KEY-dev
---
get:
name: access_key_id
path: infra/data/ci/tempo-prod/aws-credentials-drone
kind: secret
name: AWS_ACCESS_KEY_ID-prod
---
get:
name: secret_access_key
path: infra/data/ci/tempo-prod/aws-credentials-drone
kind: secret
name: AWS_SECRET_ACCESS_KEY-prod
---
get:
name: private-key
path: infra/data/ci/packages-publish/gpg
kind: secret
name: gpg_private_key
---
get:
name: passphrase
path: infra/data/ci/packages-publish/gpg
kind: secret
name: gpg_passphrase
---
kind: signature
hmac: 3c75d5aee874c3a55608d626bfdca5d28ef23ecefebc5b9cdfc43aa8f6a19cec
...

49
.drone/readme.md
View File

@ -1,49 +0,0 @@
# Drone
Drone is used for building our official dockerhub images. It is broken into 3
pipelines. Note that none of the pipelines include testing so it's important that
the codebase is otherwise tested when it begins this process. Currently we use GitHub
Actions for testing every PR and only build the main branch, tags and weekly release
branches (`r**`).
# Pipelines
The pipelines are `docker-amd64`, `docker-arm64`, and `manifest`. The two docker pipelines
run concurrently and create images tagged like `tempo:<tag>-<arch>` or `tempo:<branch>-<sha>-<arch>`.
E.g. `tempo:1.1.0-arm64` or `tempo:main-e2a314-amd64`. The manifest step then creates a manifest
that combines the mentioned images into one multiarch image named as you would expect:
`tempo:1.1.0` or `tempo:main-e2a314`.
The documentation on the manifest step is basically non-existent. There's some very
weak documentation in the Drone docs, but it's not even worth looking at. To understand
how to use the manifest step I'd recommend looking at the code itself:
https://github.com/drone-plugins/drone-manifest
It is a very simple wrapper that takes the configuration options and runs the following
cli tool:
https://github.com/estesp/manifest-tool
[`docker-manifest.tmpl`](./docker-manifest.tmpl) is pushed through the standard go templating library with access
to these objects: https://github.com/drone-plugins/drone-manifest/blob/master/plugin.go#L23
# Updating drone.yml
`drone.yml` is generated based upon `drone.jsonnet`. To change the Drone pipelines edit
`drone.jsonnet` and run:
```
make drone
```
# Signature
`drone.yml` contains a signature that can only be generated with an access token from the Grafana
Drone server. If you do not have an access token the last step of `make drone` will fail. Feel free
to still submit a PR, a Tempo maintainer can update the signature before merging the PR. To regenerate
the signature run:
```
make drone-signature
```

23
.github/workflows/drone-signature-check.yml vendored
View File

@ -1,23 +0,0 @@
name: Check Drone CI Signature
on:
push:
branches:
- "main"
paths:
- ".drone/drone.yml"
pull_request:
paths:
- ".drone/drone.yml"
permissions:
id-token: write
contents: read
jobs:
drone-signature-check:
# only run in grafana/tempo.
if: github.repository == 'grafana/tempo'
uses: grafana/shared-workflows/.github/workflows/check-drone-signature.yaml@main
with:
drone_config_path: .drone/drone.yml

20
Makefile
View File

@ -362,26 +362,6 @@ tempo-mixin: tools-image
tempo-mixin-check: tools-image tempo-mixin-check: tools-image
$(TOOLS_CMD) $(MAKE) -C operations/tempo-mixin check $(TOOLS_CMD) $(MAKE) -C operations/tempo-mixin check
##@ drone
.PHONY: drone drone-jsonnet drone-signature
# this requires the drone-cli https://docs.drone.io/cli/install/
drone: ## Run Drone targets
# piggyback on Loki's build image, this image contains a newer version of drone-cli than is
# released currently (1.4.0). The newer version of drone-clie keeps drone.yml human-readable.
# This will run 'make drone-jsonnet' from within the container
docker run -e DRONE_SERVER -e DRONE_TOKEN --rm -v $(shell pwd):/src/loki ${LOKI_BUILD_IMAGE} drone-jsonnet drone-signature
drone lint .drone/drone.yml --trusted
drone-jsonnet:
drone jsonnet --stream --format --source .drone/drone.jsonnet --target .drone/drone.yml
drone-signature:
ifndef DRONE_TOKEN
$(error DRONE_TOKEN is not set, visit https://drone.grafana.net/account)
endif
DRONE_SERVER=https://drone.grafana.net drone sign --save grafana/tempo .drone/drone.yml
.PHONY: generate-manifest .PHONY: generate-manifest
generate-manifest: generate-manifest:
GO111MODULE=on CGO_ENABLED=0 go run -v pkg/docsgen/generate_manifest.go GO111MODULE=on CGO_ENABLED=0 go run -v pkg/docsgen/generate_manifest.go

2
RELEASES.MD
View File

@ -5,7 +5,7 @@
- Push a semver tag to main on the merge commit above. Something like: - Push a semver tag to main on the merge commit above. Something like:
- `git tag -a v1.2.0-rc.0` - `git tag -a v1.2.0-rc.0`
- `git push origin v1.2.0-rc.0` - `git push origin v1.2.0-rc.0`
- This will initiate the build process in Github Actions and Drone. The tagged docker image should - This will initiate the build process in Github Actions. The tagged docker image should
be available here shortly: https://hub.docker.com/r/grafana/tempo/tags?page=1&ordering=last_updated be available here shortly: https://hub.docker.com/r/grafana/tempo/tags?page=1&ordering=last_updated
- A Github Release Draft should also be available here: https://github.com/grafana/tempo/releases - A Github Release Draft should also be available here: https://github.com/grafana/tempo/releases
- Copy over the CHANGELOG entries for the release - Copy over the CHANGELOG entries for the release