From 82ee9661a9f55aa414e5264cd6fe898bd2471e5e Mon Sep 17 00:00:00 2001
From: Thomas Lavocat <tlavocat@redhat.com>
Date: Fri, 5 Nov 2021 17:38:44 +0100
Subject: [PATCH] CI: Journal-log is accessible and encrypted

---
 .gitlab-ci.yml            | 13 ++++++++-----
 schutzbot/save_journal.sh |  5 +++++
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a834997c1..c576428ee 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,13 +9,13 @@ stages:
 .base:
   after_script:
     - schutzbot/update_github_status.sh update
-#     - schutzbot/save_journal.sh
+    - schutzbot/save_journal.sh
     - schutzbot/run_cloud_cleaner.sh
   tags:
     - terraform
   artifacts:
     paths:
-      # - journal-log
+      - journal-log.gpg
       - ci-artifacts
     when: always
 
@@ -46,7 +46,10 @@ RPM:
     - sh "schutzbot/mockbuild.sh"
   after_script:
     - schutzbot/update_github_status.sh update
-#     - schutzbot/save_journal.sh
+    - schutzbot/save_journal.sh
+  artifacts:
+    paths:
+      - journal-log.gpg
   parallel:
     matrix:
       - RUNNER:
@@ -123,7 +126,7 @@ Base:
         INTERNAL_NETWORK: ["true"]
   artifacts:
     paths:
-      - journal-log
+      - journal-log.gpg
       - "*.repo"
     when: always
 
@@ -152,7 +155,7 @@ Regression:
         INTERNAL_NETWORK: ["true"]
   artifacts:
     paths:
-      - journal-log
+      - journal-log.gpg
       - "*.repo"
     when: always
 
diff --git a/schutzbot/save_journal.sh b/schutzbot/save_journal.sh
index 7e708b15c..79a9ebabc 100755
--- a/schutzbot/save_journal.sh
+++ b/schutzbot/save_journal.sh
@@ -2,3 +2,8 @@
 
 # use tee, otherwise shellcheck complains
 sudo journalctl --boot | tee journal-log >/dev/null
+
+# As it might contain sensitive information and is important for debugging
+# purposes, encrypt journal-log with a symmetric passphrase.
+gpg --batch --yes --passphrase "$GPG_SYMMETRIC_PASSPHRASE" -o journal-log.gpg --symmetric journal-log
+rm journal-log