Use updater app instead of github agent app for merging into dev (#4719)

* Use updater app instead of github agent app for merging into deployment_tools.

* Fix key names

* Fix key names in drone.yml

Author: mattdurham

.drone/drone.yml

@@ -1277,12 +1277,11 @@ steps:
   settings:
     config_json: |
       {
+        "git_committer_name": "updater-for-ci[bot]",
+        "git_author_name": "updater-for-ci[bot]",
+        "git_committer_email": "119986603+updater-for-ci[bot]@users.noreply.github.com",
+        "git_author_email": "119986603+updater-for-ci[bot]@users.noreply.github.com",
         "destination_branch": "master",
-        "pull_request_branch_prefix": "cd-agent",
-        "pull_request_enabled": false,
-        "pull_request_team_reviewers": [
-          "agent-squad"
-        ],
         "repo_name": "deployment_tools",
         "update_jsonnet_attribute_configs": [
           {
@@ -1302,8 +1301,12 @@ steps:
           }
         ]
       }
-    github_token:
-      from_secret: gh_token
+    github_app_id:
+      from_secret: updater_app_id
+    github_app_installation_id:
+      from_secret: updater_app_installation_id
+    github_app_private_key:
+      from_secret: updater_private_key
 trigger:
   ref:
   - refs/heads/main
@@ -1450,7 +1453,25 @@ get:
 kind: secret
 name: private_key
 ---
+get:
+  name: app-id
+  path: infra/data/ci/github/updater-app
+kind: secret
+name: updater_app_id
+---
+get:
+  name: app-installation-id
+  path: infra/data/ci/github/updater-app
+kind: secret
+name: updater_app_installation_id
+---
+get:
+  name: private-key
+  path: infra/data/ci/github/updater-app
+kind: secret
+name: updater_private_key
+---
 kind: signature
-hmac: 2ff5f7f665aaba388e272316c0b7aee419801f347d882577dbbb84a95e4be672
+hmac: 34d8fb10b7203bd97d29de3930322207cb5a5e618d5b7827af927e319b734ff5
 
 ...

.drone/pipelines/publish.jsonnet

@@ -112,12 +112,11 @@ linux_containers_jobs + windows_containers_jobs + [
         settings: {
           config_json: |||
             {
+              "git_committer_name": "updater-for-ci[bot]",
+              "git_author_name": "updater-for-ci[bot]",
+              "git_committer_email": "119986603+updater-for-ci[bot]@users.noreply.github.com",
+              "git_author_email": "119986603+updater-for-ci[bot]@users.noreply.github.com",
               "destination_branch": "master",
-              "pull_request_branch_prefix": "cd-agent",
-              "pull_request_enabled": false,
-              "pull_request_team_reviewers": [
-                "agent-squad"
-              ],
               "repo_name": "deployment_tools",
               "update_jsonnet_attribute_configs": [
                 {
@@ -138,7 +137,9 @@ linux_containers_jobs + windows_containers_jobs + [
               ]
             }
           |||,
-          github_token: secrets.gh_token.fromSecret,
+          github_app_id: secrets.updater_app_id.fromSecret,
+          github_app_installation_id: secrets.updater_app_installation_id.fromSecret,
+          github_app_private_key: secrets.updater_private_key.fromSecret,
         },
       },
     ],

.drone/util/secrets.jsonnet

@@ -13,9 +13,17 @@ local newSecret(name) = {
   dockerconfigjson: newSecret('dockerconfigjson').getFrom(path='secret/data/common/gcr', name='.dockerconfigjson'),
   gcr_admin: newSecret('gcr_admin').getFrom(path='infra/data/ci/gcr-admin', name='.dockerconfigjson'),
   gh_token: newSecret('gh_token').getFrom(path='infra/data/ci/github/grafanabot', name='pat'),
+
+  // Agent Github App
   private_key: newSecret('private_key').getFrom(path='infra/data/ci/agent/githubapp', name='private-key'),
   app_id: newSecret('app_id').getFrom(path='infra/data/ci/agent/githubapp', name='app-id'),
   app_installation_id: newSecret('app_installation_id').getFrom(path='infra/data/ci/agent/githubapp', name='app-installation-id'),
+
+  // Updater secrets for pushing to deployment_tools
+  updater_private_key: newSecret('updater_private_key').getFrom(path='infra/data/ci/github/updater-app', name='private-key'),
+  updater_app_id: newSecret('updater_app_id').getFrom(path='infra/data/ci/github/updater-app', name='app-id'),
+  updater_app_installation_id: newSecret('updater_app_installation_id').getFrom(path='infra/data/ci/github/updater-app', name='app-installation-id'),
+
   gpg_public_key: newSecret('gpg_public_key').getFrom(path='infra/data/ci/packages-publish/gpg', name='public-key'),
   gpg_private_key: newSecret('gpg_private_key').getFrom(path='infra/data/ci/packages-publish/gpg', name='private-key'),
   gpg_passphrase: newSecret('gpg_passphrase').getFrom(path='infra/data/ci/packages-publish/gpg', name='passphrase'),