* Serialize apt/yum promote pipelines
These were running in parallel, but we want them to run serially.
Therefore, we add a dependency between each step and its previous step.
* Allow dev build promotes to proceed in deb/rpm pipelines
This helps test a couple more changes from this pipeline when cutting a
dev build. Particularly, we saw the download and role assumption steps
fail in https://github.com/gravitational/teleport/pull/17334, and this
change would have allowed us to catch that error during testing.
* Fix globbing bug
This bug does not appear to affect anything currently. However it
should be fixed in case the rm is important at some point in the future.
The bug is: when a wildcard is inside quotes, it is treated as a literal
filename. So rm -rf "$ARTIFACT_PATH/*" tries to remove the file named
'*' instead of trying to remove everything in artifact path.
* Swap YUM_REPO_NEW_ROLE to YUM_REPO_NEW_AWS_ROLE
All other roles environment variables end in AWS_ROLE, and consistency
is our friend here.
This PR updates our various Drone pipelines to use AWS roles for publishing.
Our AWS FTR requires that we do not use any long lived credentials in our AWS accounts and instead use roles. This means we need to move from attaching policies directly to users to attaching policies to roles and having policyless users assume those roles.
https://aws.amazon.com/partners/foundational-technical-review/
Contributes to https://github.com/gravitational/SecOps/issues/213