diff --git a/.drone.yml b/.drone.yml index 6c71f6bf20f60..ed1554e371a3c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7224,7 +7224,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline) +# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline) ################################################ kind: pipeline @@ -7233,20 +7233,128 @@ name: migrate-apt-new-repos trigger: event: include: - - custom + - push repo: include: - - non-existent-repository + - gravitational/teleport branch: include: - - non-existent-branch + - fred/v10.3.2-migration +workspace: + path: /go clone: disable: true steps: -- name: Placeholder - image: alpine:latest +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -p "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . + - git checkout "${DRONE_COMMIT}" +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile default + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws +- name: Download artifacts for "v10.3.2" + image: amazon/aws-cli + commands: + - mkdir -pv "$ARTIFACT_PATH" + - rm -rf "$ARTIFACT_PATH/*" + - aws s3 sync --no-progress --delete --exclude "*" --include "*.deb*" s3://$AWS_S3_BUCKET/teleport/tag/10.3.2/ + "$ARTIFACT_PATH" + environment: + ARTIFACT_PATH: /go/artifacts + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile default + environment: + AWS_ACCESS_KEY_ID: + from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: APT_REPO_NEW_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: APT_REPO_NEW_AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws +- name: Publish debs to APT repos for "v10.3.2" + image: golang:1.18.4-bullseye commands: - - echo "This command, step, and pipeline never runs" + - apt update + - apt install -y aptly + - mkdir -pv -m0700 "$GNUPGHOME" + - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME + - chown -R root:root "$GNUPGHOME" + - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" + - export VERSION="v10.3.2" + - export RELEASE_CHANNEL="stable" + - go run ./cmd/build-os-package-repos apt -bucket "$REPO_S3_BUCKET" -local-bucket-path + "$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL" + -artifact-path "$ARTIFACT_PATH" -log-level 4 -aptly-root-dir "$APTLY_ROOT_DIR" + environment: + APTLY_ROOT_DIR: /mnt/aptly + ARTIFACT_PATH: /go/artifacts + AWS_REGION: us-west-2 + BUCKET_CACHE_PATH: /tmp/bucket + DEBIAN_FRONTEND: noninteractive + GNUPGHOME: /tmpfs/gnupg + GPG_RPM_SIGNING_ARCHIVE: + from_secret: GPG_RPM_SIGNING_ARCHIVE + REPO_S3_BUCKET: + from_secret: APT_REPO_NEW_AWS_S3_BUCKET + volumes: + - name: apt-persistence + path: /mnt + - name: tmpfs + path: /tmpfs + - name: awsconfig + path: /root/.aws +volumes: +- name: apt-persistence + claim: + name: drone-s3-aptrepo-pvc +- name: tmpfs + temp: + medium: memory +- name: awsconfig + temp: {} --- ################################################ @@ -7421,7 +7529,7 @@ volumes: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline) +# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline) ################################################ kind: pipeline @@ -7430,20 +7538,129 @@ name: migrate-yum-new-repos trigger: event: include: - - custom + - push repo: include: - - non-existent-repository + - gravitational/teleport branch: include: - - non-existent-branch + - fred/v10.3.2-migration +workspace: + path: /go clone: disable: true steps: -- name: Placeholder - image: alpine:latest +- name: Check out code + image: alpine/git:latest commands: - - echo "This command, step, and pipeline never runs" + - mkdir -p "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . + - git checkout "${DRONE_COMMIT}" +- name: Assume Download AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile default + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws +- name: Download artifacts for "v10.3.2" + image: amazon/aws-cli + commands: + - mkdir -pv "$ARTIFACT_PATH" + - rm -rf "$ARTIFACT_PATH/*" + - aws s3 sync --no-progress --delete --exclude "*" --include "*.rpm*" s3://$AWS_S3_BUCKET/teleport/tag/10.3.2/ + "$ARTIFACT_PATH" + environment: + ARTIFACT_PATH: /go/artifacts + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume Upload AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + > /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile default + environment: + AWS_ACCESS_KEY_ID: + from_secret: YUM_REPO_NEW_AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: YUM_REPO_NEW_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: YUM_REPO_NEW_AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws +- name: Publish rpms to YUM repos for "v10.3.2" + image: golang:1.18.4-bullseye + commands: + - apt update + - apt install -y createrepo-c + - mkdir -pv "$CACHE_DIR" + - mkdir -pv -m0700 "$GNUPGHOME" + - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME + - chown -R root:root "$GNUPGHOME" + - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" + - export VERSION="v10.3.2" + - export RELEASE_CHANNEL="stable" + - go run ./cmd/build-os-package-repos yum -bucket "$REPO_S3_BUCKET" -local-bucket-path + "$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL" + -artifact-path "$ARTIFACT_PATH" -log-level 4 -cache-dir "$CACHE_DIR" + environment: + ARTIFACT_PATH: /go/artifacts + AWS_REGION: us-west-2 + BUCKET_CACHE_PATH: /mnt/bucket + CACHE_DIR: /mnt/createrepo_cache + DEBIAN_FRONTEND: noninteractive + GNUPGHOME: /tmpfs/gnupg + GPG_RPM_SIGNING_ARCHIVE: + from_secret: GPG_RPM_SIGNING_ARCHIVE + REPO_S3_BUCKET: + from_secret: YUM_REPO_NEW_AWS_S3_BUCKET + volumes: + - name: yum-persistence + path: /mnt + - name: tmpfs + path: /tmpfs + - name: awsconfig + path: /root/.aws +volumes: +- name: yum-persistence + claim: + name: drone-s3-yumrepo-pvc +- name: tmpfs + temp: + medium: memory +- name: awsconfig + temp: {} --- ################################################ @@ -8729,6 +8946,6 @@ steps: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect --- kind: signature -hmac: b1c9a7bbb841e00e8cf6a36bb2b6f91a72cce77f9b23c47c6d72cad432087711 +hmac: bd536470a105e2c7104b58d422f8da056b78988ad3446b0c3b685ca4f6dfd77e ... diff --git a/dronegen/os_repos.go b/dronegen/os_repos.go index f7f1892669bef..f9dbb1ccd8e01 100644 --- a/dronegen/os_repos.go +++ b/dronegen/os_repos.go @@ -89,10 +89,11 @@ func artifactMigrationPipeline() []pipeline { // "v10.0.2", // "v10.1.2", // "v10.1.4", + "v10.3.2", } // Pushing to this branch will trigger the listed versions to be migrated. Typically this should be // the branch that these changes are being committed to. - migrationBranch := "" // "rfd/0058-package-distribution" + migrationBranch := "fred/v10.3.2-migration" // "rfd/0058-package-distribution" aptPipeline := migrateAptPipeline(migrationBranch, migrationVersions) yumPipeline := migrateYumPipeline(migrationBranch, migrationVersions)