ci/tests: Change the way artifacts are collected

We want to be able to safely gather any artifacts without worrying about
any possible secrets leaking. Every artifacts that we want to upload
will now have to be placed in /tmp/artifacts which will then be uploaded
to S3 by the executor and link to the artifacts will be provided in the
logs. Only people with access to our AWS account can see them.

schutzbot/ci_details.sh

@@ -34,7 +34,7 @@ EOF
 echo -e "\033[0m"
 
 echo "List of system repositories:"
-yum repolist -v
+sudo yum repolist -v
 
 echo "------------------------------------------------------------------------------"
 

schutzbot/save_journal.sh

@@ -3,7 +3,5 @@
 # use tee, otherwise shellcheck complains
 sudo journalctl --boot | tee journal-log >/dev/null
 
-# As it might contain sensitive information and is important for debugging
-# purposes, encrypt journal-log with a symmetric passphrase.
-gpg --batch --yes --passphrase "$GPG_SYMMETRIC_PASSPHRASE" -o journal-log.gpg --symmetric journal-log
-rm journal-log
+# copy journal to artifacts folder which is then uploaded to secure S3 location
+cp journal-log "${ARTIFACTS:-/tmp/artifacts}"

schutzbot/upload_artifacts.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# This script uploads all files from ARTIFACTS folder to S3
+
+S3_URL="s3://image-builder-ci-artifacts/osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/"
+BROWSER_URL="https://s3.console.aws.amazon.com/s3/buckets/image-builder-ci-artifacts?region=us-east-1&prefix=osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/&showversions=false"
+ARTIFACTS=${ARTIFACTS:-/tmp/artifacts}
+
+# Colorful output.
+function greenprint {
+  echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m"
+}
+
+sudo dnf -y install s3cmd
+greenprint "Job artifacts will be uploaded to: $S3_URL"
+
+AWS_SECRET_ACCESS_KEY="$V2_AWS_SECRET_ACCESS_KEY" \
+AWS_ACCESS_KEY_ID="$V2_AWS_ACCESS_KEY_ID" \
+s3cmd --acl-private put "$ARTIFACTS"/* "$S3_URL"
+
+greenprint "Please login to 438669297788 AWS account and visit $BROWSER_URL to access job artifacts."