Update .drone.yml

grafana · Oct 8, 2024 · b70c9c1 · b70c9c1
1 parent ccdb097
commit b70c9c1
Showing 1 changed file with 40 additions and 35 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -432,6 +432,25 @@ steps:
   image: grafana/grafana-plugin-ci:1.9.0
   name: package-alpine-x64-no-chromium
 - commands:
+  - apk add --no-cache openssl curl jq
+  - echo "$GITHUB_APP_PRIVATE_KEY" > private-key.pem
+  - chmod 600 private-key.pem
+  - NOW=$(date +%s)
+  - EXPIRATION=$(($NOW + 600))
+  - HEADER=$(printf '{"alg":"RS256","typ":"JWT"}' | openssl base64 -A | tr '+/' '-_'
+    | tr -d '=')
+  - PAYLOAD=$(printf '{"iat":%d,"exp":%d,"iss":"%s"}' $NOW $EXPIRATION $GITHUB_APP_ID
+    | openssl base64 -A | tr '+/' '-_' | tr -d '=')
+  - HEADER_PAYLOAD="$HEADER.$PAYLOAD"
+  - SIGNATURE=$(echo -n "$HEADER_PAYLOAD" | openssl dgst -sha256 -sign private-key.pem
+    | openssl base64 -A | tr '+/' '-_' | tr -d '=')
+  - JWT="$HEADER_PAYLOAD.$SIGNATURE"
+  - RESPONSE=$(curl -s -X POST \
+  - '  -H "Authorization: Bearer $JWT" \'
+  - '  -H "Accept: application/vnd.github+json" \'
+  - '  https://api.github.com/app/installations/$GITHUB_INSTALLATION_ID/access_tokens)'
+  - GITHUB_TOKEN=$(echo $RESPONSE | jq -r '.token')
+  - export GITHUB_TOKEN
   - ./scripts/generate_md5sum.sh
   - ./scripts/publish_github_release.sh
   depends_on:
@@ -441,40 +460,14 @@ steps:
   - package-linux-x64-glibc-no-chromium
   - package-alpine-x64-no-chromium
   environment:
-    GITHUB_TOKEN:
-      from_secret: github_token
+    GITHUB_APP_ID:
+      from_secret: github_app_id
+    GITHUB_APP_PRIVATE_KEY:
+      from_secret: github_app_private_key
+    GITHUB_INSTALLATION_ID:
+      from_secret: github_app_installation_id
   image: cibuilds/github:0.13.0
   name: publish_to_github
-- commands:
-  - ./scripts/build_push_docker.sh
-  depends_on:
-  - publish_to_github
-  environment:
-    DOCKER_PASS:
-      from_secret: docker_pass
-    DOCKER_USER:
-      from_secret: docker_user
-    IMAGE_NAME: grafana/grafana-image-renderer
-  image: google/cloud-sdk:449.0.0
-  name: publish_to_docker
-  volumes:
-  - name: docker
-    path: /var/run/docker.sock
-- commands:
-  - . ~/.init-nvm.sh
-  - yarn run create-gcom-plugin-json ${DRONE_COMMIT}
-  - yarn run push-to-gcom
-  depends_on:
-  - publish_to_github
-  environment:
-    GCOM_PUBLISH_TOKEN:
-      from_secret: gcom_publish_token
-    GCOM_UAGENT:
-      from_secret: gcom_uagent
-    GCOM_URL:
-      from_secret: gcom_url
-  image: grafana/grafana-plugin-ci:1.9.0
-  name: publish_to_gcom
 trigger:
   branch:
   - master
@@ -495,10 +488,22 @@ kind: secret
 name: gcr
 ---
 get:
-  name: github_token
+  name: github_app_id
+  path: ci/data/repo/grafana/grafana-image-renderer/github_actions
+kind: secret
+name: github_app_id
+---
+get:
+  name: github_app_private_key
+  path: ci/data/repo/grafana/grafana-image-renderer/github_actions
+kind: secret
+name: github_app_private_key
+---
+get:
+  name: github_app_installation_id
   path: ci/data/repo/grafana/grafana-image-renderer/github_actions
 kind: secret
-name: github_token
+name: github_app_installation_id
 ---
 get:
   name: gcom_publish_token
@@ -525,6 +530,6 @@ kind: secret
 name: gar
 ---
 kind: signature
-hmac: aef686a708994a7210707534e31b9ccd2c5b4356fb2f09afa3505914c43c6aea
+hmac: 84fba26558ebea8e06f1368d449827c9afbf73f909e73f79686453a7b0c5d1a0
 
 ...