particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CI: Journal-log is accessible and encrypted

Browse source
This commit is contained in:
Thomas Lavocat 2021-11-05 17:38:44 +01:00 committed by Achilleas Koutsou
parent 117886a75f
commit 82ee9661a9
2 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.gitlab-ci.yml
View file

@ -9,13 +9,13 @@ stages:
.base:
after_script:
- schutzbot/update_github_status.sh update
# - schutzbot/save_journal.sh
- schutzbot/save_journal.sh
- schutzbot/run_cloud_cleaner.sh
tags:
- terraform
artifacts:
paths:
# - journal-log
- journal-log.gpg
- ci-artifacts
when: always
@ -46,7 +46,10 @@ RPM:
- sh "schutzbot/mockbuild.sh"
after_script:
- schutzbot/update_github_status.sh update
# - schutzbot/save_journal.sh
- schutzbot/save_journal.sh
artifacts:
paths:
- journal-log.gpg
parallel:
matrix:
- RUNNER:
@ -123,7 +126,7 @@ Base:
INTERNAL_NETWORK: ["true"]
artifacts:
paths:
- journal-log
- journal-log.gpg
- "*.repo"
when: always
@ -152,7 +155,7 @@ Regression:
INTERNAL_NETWORK: ["true"]
artifacts:
paths:
- journal-log
- journal-log.gpg
- "*.repo"
when: always

5
schutzbot/save_journal.sh
View file

@ -2,3 +2,8 @@
# use tee, otherwise shellcheck complains
sudo journalctl --boot | tee journal-log >/dev/null
# As it might contain sensitive information and is important for debugging
# purposes, encrypt journal-log with a symmetric passphrase.
gpg --batch --yes --passphrase "$GPG_SYMMETRIC_PASSPHRASE" -o journal-log.gpg --symmetric journal-log
rm journal-log