diff --git a/.drone/docker-manifest.tmpl b/.drone/docker-manifest.tmpl deleted file mode 100644 index 32323adc382..00000000000 --- a/.drone/docker-manifest.tmpl +++ /dev/null @@ -1,13 +0,0 @@ -image: grafana/{{config.target}} -tags: - - latest - - {{build.tags}} -manifests: - - image: grafana/{{config.target}}:{{build.tags}}-amd64 - platform: - architecture: amd64 - os: linux - - image: grafana/{{config.target}}:{{build.tags}}-arm64 - platform: - architecture: arm64 - os: linux \ No newline at end of file diff --git a/.drone/drone.jsonnet b/.drone/drone.jsonnet deleted file mode 100644 index b0060b7a23b..00000000000 --- a/.drone/drone.jsonnet +++ /dev/null @@ -1,78 +0,0 @@ -local apps = ['tempo', 'tempo-vulture', 'tempo-query', 'tempo-cli']; -local archs = ['amd64', 'arm64']; - -//# Building blocks ## - -local pipeline(name, arch='amd64') = { - kind: 'pipeline', - name: name, - platform: { - os: 'linux', - arch: arch, - }, - steps: [], - depends_on: [], - trigger: { - ref: [ - 'refs/heads/main', - 'refs/tags/v*', - // weekly release branches - 'refs/heads/r?', - 'refs/heads/r??', - 'refs/heads/r???', - ], - }, -}; - -local secret(name, vault_path, vault_key) = { - kind: 'secret', - name: name, - get: { - path: vault_path, - name: vault_key, - }, -}; - -local docker_username_secret = secret('docker_username', 'infra/data/ci/docker_hub', 'username'); -local docker_password_secret = secret('docker_password', 'infra/data/ci/docker_hub', 'password'); - -// secret needed to access us.gcr.io in deploy_to_dev() -local docker_config_json_secret = secret('dockerconfigjson', 'secret/data/common/gcr', '.dockerconfigjson'); - -// secret needed for dep-tools -local gh_token_secret = secret('gh_token', 'infra/data/ci/github/grafanabot', 'pat'); -local tempo_app_id_secret = secret('tempo_app_id_secret', 'infra/data/ci/tempo/github-app', 'app-id'); -local tempo_app_installation_id_secret = secret('tempo_app_installation_id_secret', 'infra/data/ci/tempo/github-app', 'app-installation-id'); -local tempo_app_private_key_secret = secret('tempo_app_private_key_secret', 'infra/data/ci/tempo/github-app', 'app-private-key'); - -// secret to sign linux packages -local gpg_passphrase = secret('gpg_passphrase', 'infra/data/ci/packages-publish/gpg', 'passphrase'); -local gpg_private_key = secret('gpg_private_key', 'infra/data/ci/packages-publish/gpg', 'private-key'); - -local aws_dev_access_key_id = secret('AWS_ACCESS_KEY_ID-dev', 'infra/data/ci/tempo-dev/aws-credentials-drone', 'access_key_id'); -local aws_dev_secret_access_key = secret('AWS_SECRET_ACCESS_KEY-dev', 'infra/data/ci/tempo-dev/aws-credentials-drone', 'secret_access_key'); -local aws_prod_access_key_id = secret('AWS_ACCESS_KEY_ID-prod', 'infra/data/ci/tempo-prod/aws-credentials-drone', 'access_key_id'); -local aws_prod_secret_access_key = secret('AWS_SECRET_ACCESS_KEY-prod', 'infra/data/ci/tempo-prod/aws-credentials-drone', 'secret_access_key'); - -//# Steps ## - -// the alpine/git image has apk errors when run on aarch64, this is the most recent image that does not have this issue -// https://github.com/alpine-docker/git/issues/35 -local alpine_git_image = 'alpine/git:v2.30.2'; - -//# Pipelines & resources -[ - docker_username_secret, - docker_password_secret, - docker_config_json_secret, - gh_token_secret, - tempo_app_id_secret, - tempo_app_installation_id_secret, - tempo_app_private_key_secret, - aws_dev_access_key_id, - aws_dev_secret_access_key, - aws_prod_access_key_id, - aws_prod_secret_access_key, - gpg_private_key, - gpg_passphrase, -] diff --git a/.drone/drone.yml b/.drone/drone.yml deleted file mode 100644 index 4dd33f6e7bb..00000000000 --- a/.drone/drone.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -get: - name: username - path: infra/data/ci/docker_hub -kind: secret -name: docker_username ---- -get: - name: password - path: infra/data/ci/docker_hub -kind: secret -name: docker_password ---- -get: - name: .dockerconfigjson - path: secret/data/common/gcr -kind: secret -name: dockerconfigjson ---- -get: - name: pat - path: infra/data/ci/github/grafanabot -kind: secret -name: gh_token ---- -get: - name: app-id - path: infra/data/ci/tempo/github-app -kind: secret -name: tempo_app_id_secret ---- -get: - name: app-installation-id - path: infra/data/ci/tempo/github-app -kind: secret -name: tempo_app_installation_id_secret ---- -get: - name: app-private-key - path: infra/data/ci/tempo/github-app -kind: secret -name: tempo_app_private_key_secret ---- -get: - name: access_key_id - path: infra/data/ci/tempo-dev/aws-credentials-drone -kind: secret -name: AWS_ACCESS_KEY_ID-dev ---- -get: - name: secret_access_key - path: infra/data/ci/tempo-dev/aws-credentials-drone -kind: secret -name: AWS_SECRET_ACCESS_KEY-dev ---- -get: - name: access_key_id - path: infra/data/ci/tempo-prod/aws-credentials-drone -kind: secret -name: AWS_ACCESS_KEY_ID-prod ---- -get: - name: secret_access_key - path: infra/data/ci/tempo-prod/aws-credentials-drone -kind: secret -name: AWS_SECRET_ACCESS_KEY-prod ---- -get: - name: private-key - path: infra/data/ci/packages-publish/gpg -kind: secret -name: gpg_private_key ---- -get: - name: passphrase - path: infra/data/ci/packages-publish/gpg -kind: secret -name: gpg_passphrase ---- -kind: signature -hmac: 3c75d5aee874c3a55608d626bfdca5d28ef23ecefebc5b9cdfc43aa8f6a19cec - -... diff --git a/.drone/readme.md b/.drone/readme.md deleted file mode 100644 index b322e7a2fc9..00000000000 --- a/.drone/readme.md +++ /dev/null @@ -1,49 +0,0 @@ -# Drone - -Drone is used for building our official dockerhub images. It is broken into 3 -pipelines. Note that none of the pipelines include testing so it's important that -the codebase is otherwise tested when it begins this process. Currently we use GitHub -Actions for testing every PR and only build the main branch, tags and weekly release -branches (`r**`). - -# Pipelines - -The pipelines are `docker-amd64`, `docker-arm64`, and `manifest`. The two docker pipelines -run concurrently and create images tagged like `tempo:-` or `tempo:--`. -E.g. `tempo:1.1.0-arm64` or `tempo:main-e2a314-amd64`. The manifest step then creates a manifest -that combines the mentioned images into one multiarch image named as you would expect: -`tempo:1.1.0` or `tempo:main-e2a314`. - -The documentation on the manifest step is basically non-existent. There's some very -weak documentation in the Drone docs, but it's not even worth looking at. To understand -how to use the manifest step I'd recommend looking at the code itself: - -https://github.com/drone-plugins/drone-manifest - -It is a very simple wrapper that takes the configuration options and runs the following -cli tool: - -https://github.com/estesp/manifest-tool - -[`docker-manifest.tmpl`](./docker-manifest.tmpl) is pushed through the standard go templating library with access -to these objects: https://github.com/drone-plugins/drone-manifest/blob/master/plugin.go#L23 - -# Updating drone.yml - -`drone.yml` is generated based upon `drone.jsonnet`. To change the Drone pipelines edit -`drone.jsonnet` and run: - -``` -make drone -``` - -# Signature - -`drone.yml` contains a signature that can only be generated with an access token from the Grafana -Drone server. If you do not have an access token the last step of `make drone` will fail. Feel free -to still submit a PR, a Tempo maintainer can update the signature before merging the PR. To regenerate -the signature run: - -``` -make drone-signature -``` \ No newline at end of file diff --git a/.github/workflows/drone-signature-check.yml b/.github/workflows/drone-signature-check.yml deleted file mode 100644 index ab3e6f0845c..00000000000 --- a/.github/workflows/drone-signature-check.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Check Drone CI Signature - -on: - push: - branches: - - "main" - paths: - - ".drone/drone.yml" - pull_request: - paths: - - ".drone/drone.yml" - -permissions: - id-token: write - contents: read - -jobs: - drone-signature-check: - # only run in grafana/tempo. - if: github.repository == 'grafana/tempo' - uses: grafana/shared-workflows/.github/workflows/check-drone-signature.yaml@main - with: - drone_config_path: .drone/drone.yml diff --git a/Makefile b/Makefile index ced99d17580..55852967df5 100644 --- a/Makefile +++ b/Makefile @@ -362,26 +362,6 @@ tempo-mixin: tools-image tempo-mixin-check: tools-image $(TOOLS_CMD) $(MAKE) -C operations/tempo-mixin check -##@ drone -.PHONY: drone drone-jsonnet drone-signature -# this requires the drone-cli https://docs.drone.io/cli/install/ -drone: ## Run Drone targets - # piggyback on Loki's build image, this image contains a newer version of drone-cli than is - # released currently (1.4.0). The newer version of drone-clie keeps drone.yml human-readable. - # This will run 'make drone-jsonnet' from within the container - docker run -e DRONE_SERVER -e DRONE_TOKEN --rm -v $(shell pwd):/src/loki ${LOKI_BUILD_IMAGE} drone-jsonnet drone-signature - - drone lint .drone/drone.yml --trusted - -drone-jsonnet: - drone jsonnet --stream --format --source .drone/drone.jsonnet --target .drone/drone.yml - -drone-signature: -ifndef DRONE_TOKEN - $(error DRONE_TOKEN is not set, visit https://drone.grafana.net/account) -endif - DRONE_SERVER=https://drone.grafana.net drone sign --save grafana/tempo .drone/drone.yml - .PHONY: generate-manifest generate-manifest: GO111MODULE=on CGO_ENABLED=0 go run -v pkg/docsgen/generate_manifest.go diff --git a/RELEASES.MD b/RELEASES.MD index dbaf9842ed7..025cbc71589 100644 --- a/RELEASES.MD +++ b/RELEASES.MD @@ -5,7 +5,7 @@ - Push a semver tag to main on the merge commit above. Something like: - `git tag -a v1.2.0-rc.0` - `git push origin v1.2.0-rc.0` -- This will initiate the build process in Github Actions and Drone. The tagged docker image should +- This will initiate the build process in Github Actions. The tagged docker image should be available here shortly: https://hub.docker.com/r/grafana/tempo/tags?page=1&ordering=last_updated - A Github Release Draft should also be available here: https://github.com/grafana/tempo/releases - Copy over the CHANGELOG entries for the release