As the JWT is sensitive, we don't want to record or leak it anywhere.
Doing this lets us run --dump-yaml in normal execution so we can
artifact the result, as well as bringing us into line with bare-metal.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/11309>
variables:
GIT_STRATEGY: none # testing doesn't build anything from source
ENV_VARS: "DEQP_PARALLEL=6"
- FIXED_ENV_VARS: "CI_PIPELINE_ID=${CI_PIPELINE_ID} CI_JOB_ID=${CI_JOB_ID} CI_PAGES_DOMAIN=${CI_PAGES_DOMAIN} CI_PROJECT_NAME=${CI_PROJECT_NAME} CI_PROJECT_DIR=${CI_PROJECT_DIR} CI_PROJECT_PATH=${CI_PROJECT_PATH} CI_PROJECT_ROOT_NAMESPACE=${CI_PROJECT_ROOT_NAMESPACE} CI_JOB_JWT=${CI_JOB_JWT} CI_SERVER_URL=${CI_SERVER_URL} DRIVER_NAME=${DRIVER_NAME} FDO_UPSTREAM_REPO=${FDO_UPSTREAM_REPO} PIGLIT_NO_WINDOW=1 PIGLIT_REPLAY_UPLOAD_TO_MINIO=1 MINIO_HOST=${MINIO_HOST} LAVA_TEST_SCRIPT=${LAVA_TEST_SCRIPT} VK_DRIVER=${VK_DRIVER} FLAKES_CHANNEL=${FLAKES_CHANNEL}"
+ FIXED_ENV_VARS: "CI_PIPELINE_ID=${CI_PIPELINE_ID} CI_JOB_ID=${CI_JOB_ID} CI_PAGES_DOMAIN=${CI_PAGES_DOMAIN} CI_PROJECT_NAME=${CI_PROJECT_NAME} CI_PROJECT_DIR=${CI_PROJECT_DIR} CI_PROJECT_PATH=${CI_PROJECT_PATH} CI_PROJECT_ROOT_NAMESPACE=${CI_PROJECT_ROOT_NAMESPACE} CI_SERVER_URL=${CI_SERVER_URL} DRIVER_NAME=${DRIVER_NAME} FDO_UPSTREAM_REPO=${FDO_UPSTREAM_REPO} PIGLIT_NO_WINDOW=1 PIGLIT_REPLAY_UPLOAD_TO_MINIO=1 MINIO_HOST=${MINIO_HOST} LAVA_TEST_SCRIPT=${LAVA_TEST_SCRIPT} VK_DRIVER=${VK_DRIVER} FLAKES_CHANNEL=${FLAKES_CHANNEL}"
DEQP_VERSION: gles2
ARTIFACTS_PREFIX: "https://${MINIO_HOST}/mesa-lava"
MESA_URL: "http://caching-proxy/cache/?uri=https://${MINIO_HOST}/artifacts/${CI_PROJECT_PATH}/${CI_PIPELINE_ID}/mesa-${ARCH}.tar.gz"
--device-type ${DEVICE_TYPE} \
--dtb ${DTB} \
--env-vars "${ENV_VARS} ${FIXED_ENV_VARS}" \
+ --jwt "${CI_JOB_JWT}" \
--deqp-version ${DEQP_VERSION} \
--kernel-image-name ${KERNEL_IMAGE_NAME} \
--kernel-image-type "${KERNEL_IMAGE_TYPE}" \
{% if env_vars %}
- export {{ env_vars }}
{% endif %}
+ - export CI_JOB_JWT="{{ jwt }}"
# runner script assumes some stuff is in pwd
- cd /
values['env_vars'] = env_vars
values['deqp_version'] = args.deqp_version
- yaml = template.render(values)
-
if args.dump_yaml:
- print(yaml)
+ dump_values = values
+ dump_values['jwt'] = 'xxx'
+ print(template.render(dump_values))
+
+ values['jwt'] = args.jwt
+ yaml = template.render(values)
return yaml
parser.add_argument("--boot-method")
parser.add_argument("--lava-tags", nargs='?', default="")
parser.add_argument("--env-vars", nargs='?', default="")
+ parser.add_argument("--jwt")
parser.add_argument("--deqp-version")
parser.add_argument("--ci-node-index")
parser.add_argument("--ci-node-total")