From c3d69047b57c8b406c7f043d91057d003f90f788 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Tue, 22 Aug 2017 15:45:13 -0700
Subject: [PATCH] Create secrets dir in bwrap

Since the mountpoint for the tmpfs used for playbook secrets may
itself be on a read-only bind mount inside the bubblewrap environment,
ensure that it is created before bwrap runs.

Change-Id: I493d1b33500c23d4e2c1458247345cc751757a0b
---
 zuul/executor/server.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/zuul/executor/server.py b/zuul/executor/server.py
index 1a445f13f9..3c1dbb080a 100644
--- a/zuul/executor/server.py
+++ b/zuul/executor/server.py
@@ -256,6 +256,7 @@ class JobDirPlaybook(object):
         self.ansible_config = os.path.join(self.root, 'ansible.cfg')
         self.project_link = os.path.join(self.root, 'project')
         self.secrets_root = os.path.join(self.root, 'secrets')
+        os.makedirs(self.secrets_root)
         self.secrets = os.path.join(self.secrets_root, 'secrets.yaml')
         self.secrets_content = None