622baa65bf
Some log upload tasks were missing no_log instructions and might write out credentials to the job-output.json file. Update these tasks to include no_log. Change-Id: I1f18cec117d9205945644ce19d5584f5d676e8d8
41 lines
1.4 KiB
YAML
41 lines
1.4 KiB
YAML
- name: Set zuul-log-path fact
|
|
include_role:
|
|
name: set-zuul-log-path-fact
|
|
when: zuul_log_path is not defined
|
|
|
|
# Always upload (true), never upload (false) or only on failure ('failure')
|
|
- name: Upload logs
|
|
when: zuul_site_upload_logs | default(true) | bool or
|
|
(zuul_site_upload_logs == 'failure' and not zuul_success | bool)
|
|
block:
|
|
# Use chmod instead of file because ansible 2.5 file with recurse and
|
|
# follow can't really handle symlinks to .
|
|
- name: Ensure logs are readable before uploading
|
|
delegate_to: localhost
|
|
command: "chmod -R u=rwX,g=rX,o=rX {{ zuul.executor.log_root }}/"
|
|
# ANSIBLE0007 chmod used in place of argument mode to file
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Upload logs to Google Cloud Storage
|
|
delegate_to: localhost
|
|
no_log: true
|
|
zuul_google_storage_upload:
|
|
partition: "{{ zuul_log_partition }}"
|
|
container: "{{ zuul_log_container }}"
|
|
prefix: "{{ zuul_log_path }}"
|
|
indexes: "{{ zuul_log_create_indexes }}"
|
|
credentials_file: "{{ zuul_log_credentials_file }}"
|
|
project: "{{ zuul_log_project }}"
|
|
files:
|
|
- "{{ zuul.executor.log_root }}/"
|
|
register: upload_results
|
|
|
|
- name: Return log URL to Zuul
|
|
delegate_to: localhost
|
|
zuul_return:
|
|
data:
|
|
zuul:
|
|
log_url: "{{ upload_results.url }}/"
|
|
when: upload_results is defined
|