zuul/zuul-jobs
Code Issues Proposed changes
Files
d58090422a105908d80e319717b8546bf6e3b2bf
zuul-jobs/roles/upload-logs-s3/tasks/main.yaml
James E. Blair d58090422a Add OIDC support to upload-logs-s3 
Add support for the upload-logs-s3 role to obtain a short-term
token from the AWS sts service using a federated OIDC provider
(which may be Zuul itself).

Change-Id: Ic69fb1f61f53b3b8dd08f776b96e9d5db57dbf5a
2025-07-13 09:55:14 -07:00

51 lines
2.0 KiB
YAML
Raw Blame History

- name: Set zuul-log-path fact
include_role:
name: set-zuul-log-path-fact
when: zuul_log_path is not defined
# Always upload (true), never upload (false) or only on failure ('failure')
- name: Upload logs
when: zuul_site_upload_logs | default(true) | bool or
(zuul_site_upload_logs == 'failure' and not zuul_success | bool)
block:
# Use chmod instead of file because ansible 2.5 file with recurse and
# follow can't really handle symlinks to .
- name: Debug log_root
debug:
msg: "log_root {{ zuul.executor.log_root }}"
- name: Ensure logs are readable before uploading
delegate_to: "{{ _undocumented_test_worker_node_ | default('localhost') }}"
command: "chmod -R u=rwX,g=rX,o=rX {{ zuul.executor.log_root }}/"
# ANSIBLE0007 chmod used in place of argument mode to file
tags:
- skip_ansible_lint
- name: Upload logs to S3
delegate_to: "{{ _undocumented_test_worker_node_ | default('localhost') }}"
no_log: true
zuul_s3_upload:
endpoint: "{{ upload_logs_s3_endpoint | default(omit) }}"
partition: "{{ zuul_log_partition }}"
bucket: "{{ zuul_log_bucket }}"
public: "{{ zuul_log_bucket_public }}"
prefix: "{{ zuul_log_path }}"
indexes: "{{ zuul_log_create_indexes }}"
aws_access_key: "{{ zuul_log_aws_access_key | default(omit) }}"
aws_secret_key: "{{ zuul_log_aws_secret_key | default(omit) }}"
aws_oidc_role_arn: "{{ zuul_log_aws_oidc_role_arn | default(omit) }}"
aws_oidc_session_name: "{{ zuul_log_aws_oidc_session_name | default(omit) }}"
aws_oidc_token: "{{ zuul_log_aws_oidc_token | default(omit) }}"
aws_oidc_token_duration: "{{ zuul_log_aws_oidc_token_duration | default(omit) }}"
files:
- "{{ zuul.executor.log_root }}/"
register: upload_results
- name: Return log URL to Zuul
delegate_to: localhost
zuul_return:
data:
zuul:
log_url: "{{ upload_results.url }}/"
when: upload_results is defined
View Git Blame Copy Permalink