particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci/tests: Change the way artifacts are collected

Browse source 
We want to be able to safely gather any artifacts without worrying about
any possible secrets leaking. Every artifacts that we want to upload
will now have to be placed in /tmp/artifacts which will then be uploaded
to S3 by the executor and link to the artifacts will be provided in the
logs. Only people with access to our AWS account can see them.
This commit is contained in:
Jakub Rusz 2022-03-23 10:58:03 +01:00 committed by Alexander Todorov
parent d3af314e58
commit efbd5ebd7b
22 changed files with 74 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

21
schutzbot/upload_artifacts.sh Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
# This script uploads all files from ARTIFACTS folder to S3
S3_URL="s3://image-builder-ci-artifacts/osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/"
BROWSER_URL="https://s3.console.aws.amazon.com/s3/buckets/image-builder-ci-artifacts?region=us-east-1&prefix=osbuild-composer/$CI_COMMIT_BRANCH/$CI_JOB_ID/&showversions=false"
ARTIFACTS=${ARTIFACTS:-/tmp/artifacts}
# Colorful output.
function greenprint {
echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m"
}
sudo dnf -y install s3cmd
greenprint "Job artifacts will be uploaded to: $S3_URL"
AWS_SECRET_ACCESS_KEY="$V2_AWS_SECRET_ACCESS_KEY" \
AWS_ACCESS_KEY_ID="$V2_AWS_ACCESS_KEY_ID" \
s3cmd --acl-private put "$ARTIFACTS"/* "$S3_URL"
greenprint "Please login to 438669297788 AWS account and visit $BROWSER_URL to access job artifacts."