Skip to content

Commit b652685

Browse files
blink1073blink1073
authored
MOTOR-1360 Use AssumeRole for S3 Access in Evergreen Builds (#303)
1 parent 48f34cb commit b652685

File tree

1 file changed

+13
-169
lines changed

1 file changed

+13
-169
lines changed

.evergreen/config.yml

Lines changed: 13 additions & 169 deletions
Original file line numberDiff line numberDiff line change
@@ -54,21 +54,18 @@ functions:
5454
5555
export MONGO_ORCHESTRATION_HOME="$DRIVERS_TOOLS/.evergreen/orchestration"
5656
export MONGODB_BINARIES="$DRIVERS_TOOLS/mongodb/bin"
57-
export UPLOAD_BUCKET="${project}"
5857
5958
cat <<EOT > expansion.yml
6059
CURRENT_VERSION: "$CURRENT_VERSION"
6160
DRIVERS_TOOLS: "$DRIVERS_TOOLS"
6261
MONGO_ORCHESTRATION_HOME: "$MONGO_ORCHESTRATION_HOME"
6362
MONGODB_BINARIES: "$MONGODB_BINARIES"
64-
UPLOAD_BUCKET: "$UPLOAD_BUCKET"
6563
PROJECT_DIRECTORY: "$PROJECT_DIRECTORY"
6664
PREPARE_SHELL: |
6765
set -o errexit
6866
export DRIVERS_TOOLS="$DRIVERS_TOOLS"
6967
export MONGO_ORCHESTRATION_HOME="$MONGO_ORCHESTRATION_HOME"
7068
export MONGODB_BINARIES="$MONGODB_BINARIES"
71-
export UPLOAD_BUCKET="$UPLOAD_BUCKET"
7269
export PROJECT_DIRECTORY="$PROJECT_DIRECTORY"
7370
export TMPDIR="$MONGO_ORCHESTRATION_HOME/db"
7471
export PATH="$MONGODB_BINARIES:$PATH"
@@ -99,58 +96,6 @@ functions:
9996
fi
10097
echo "{ \"releases\": { \"default\": \"$MONGODB_BINARIES\" }}" > $MONGO_ORCHESTRATION_HOME/orchestration.config
10198
102-
"upload release":
103-
- command: s3.put
104-
params:
105-
aws_key: ${aws_key}
106-
aws_secret: ${aws_secret}
107-
local_file: ${project}.tar.gz
108-
remote_file: ${UPLOAD_BUCKET}/${project}-${CURRENT_VERSION}.tar.gz
109-
bucket: mciuploads
110-
permissions: public-read
111-
content_type: ${content_type|application/x-gzip}
112-
113-
# Upload build artifacts that other tasks may depend on
114-
# Note this URL needs to be totally unique, while predictable for the next task
115-
# so it can automatically download the artifacts
116-
"upload build":
117-
# Compress and upload the entire build directory
118-
- command: archive.targz_pack
119-
params:
120-
# Example: mongo_c_driver_releng_9dfb7d741efbca16faa7859b9349d7a942273e43_16_11_08_19_29_52.tar.gz
121-
target: "${build_id}.tar.gz"
122-
source_dir: ${PROJECT_DIRECTORY}/
123-
include:
124-
- "./**"
125-
- command: s3.put
126-
params:
127-
aws_key: ${aws_key}
128-
aws_secret: ${aws_secret}
129-
local_file: ${build_id}.tar.gz
130-
# Example: /mciuploads/${UPLOAD_BUCKET}/gcc49/9dfb7d741efbca16faa7859b9349d7a942273e43/debug-compile-nosasl-nossl/mongo_c_driver_releng_9dfb7d741efbca16faa7859b9349d7a942273e43_16_11_08_19_29_52.tar.gz
131-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${task_name}/${build_id}.tar.gz
132-
bucket: mciuploads
133-
permissions: public-read
134-
content_type: ${content_type|application/x-gzip}
135-
136-
"fetch build":
137-
- command: shell.exec
138-
params:
139-
continue_on_err: true
140-
script: "set -o xtrace && rm -rf ${PROJECT_DIRECTORY}"
141-
- command: s3.get
142-
params:
143-
aws_key: ${aws_key}
144-
aws_secret: ${aws_secret}
145-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${BUILD_NAME}/${build_id}.tar.gz
146-
bucket: mciuploads
147-
local_file: build.tar.gz
148-
- command: shell.exec
149-
params:
150-
continue_on_err: true
151-
# EVG-1105: Use s3.get extract_to: ./
152-
script: "set -o xtrace && cd .. && rm -rf ${PROJECT_DIRECTORY} && mkdir ${PROJECT_DIRECTORY}/ && tar xf build.tar.gz -C ${PROJECT_DIRECTORY}/"
153-
15499
"exec compile script" :
155100
- command: shell.exec
156101
type: test
@@ -169,137 +114,38 @@ functions:
169114
${PREPARE_SHELL}
170115
[ -f ${PROJECT_DIRECTORY}/${file} ] && sh ${PROJECT_DIRECTORY}/${file} || echo "${PROJECT_DIRECTORY}/${file} not available, skipping"
171116
172-
"upload docs" :
173-
- command: shell.exec
174-
params:
175-
silent: true
176-
script: |
177-
export AWS_ACCESS_KEY_ID=${aws_key}
178-
export AWS_SECRET_ACCESS_KEY=${aws_secret}
179-
aws s3 cp ${PROJECT_DIRECTORY}/doc/html s3://mciuploads/${UPLOAD_BUCKET}/docs/${CURRENT_VERSION} --recursive --acl public-read --region us-east-1
180-
- command: s3.put
181-
params:
182-
aws_key: ${aws_key}
183-
aws_secret: ${aws_secret}
184-
local_file: ${PROJECT_DIRECTORY}/doc/html/index.html
185-
remote_file: ${UPLOAD_BUCKET}/docs/${CURRENT_VERSION}/index.html
186-
bucket: mciuploads
187-
permissions: public-read
188-
content_type: text/html
189-
display_name: "Rendered docs"
190-
191-
"upload coverage" :
192-
- command: shell.exec
193-
params:
194-
silent: true
195-
script: |
196-
export AWS_ACCESS_KEY_ID=${aws_key}
197-
export AWS_SECRET_ACCESS_KEY=${aws_secret}
198-
aws s3 cp ${PROJECT_DIRECTORY}/coverage s3://mciuploads/${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/coverage/ --recursive --acl public-read --region us-east-1
199-
- command: s3.put
200-
params:
201-
aws_key: ${aws_key}
202-
aws_secret: ${aws_secret}
203-
local_file: ${PROJECT_DIRECTORY}/coverage/index.html
204-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/coverage/index.html
205-
bucket: mciuploads
206-
permissions: public-read
207-
content_type: text/html
208-
display_name: "Coverage Report"
209-
210-
"upload scan artifacts" :
211-
- command: shell.exec
212-
type: test
213-
params:
214-
script: |
215-
cd
216-
if find ${PROJECT_DIRECTORY}/scan -name \*.html | grep -q html; then
217-
(cd ${PROJECT_DIRECTORY}/scan && find . -name index.html -exec echo "<li><a href='{}'>{}</a></li>" \;) >> scan.html
218-
else
219-
echo "No issues found" > scan.html
220-
fi
221-
- command: shell.exec
222-
params:
223-
silent: true
224-
script: |
225-
export AWS_ACCESS_KEY_ID=${aws_key}
226-
export AWS_SECRET_ACCESS_KEY=${aws_secret}
227-
aws s3 cp ${PROJECT_DIRECTORY}/scan s3://mciuploads/${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/scan/ --recursive --acl public-read --region us-east-1
228-
- command: s3.put
229-
params:
230-
aws_key: ${aws_key}
231-
aws_secret: ${aws_secret}
232-
local_file: ${PROJECT_DIRECTORY}/scan.html
233-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/scan/index.html
234-
bucket: mciuploads
235-
permissions: public-read
236-
content_type: text/html
237-
display_name: "Scan Build Report"
238-
239117
"upload mo artifacts":
118+
- command: ec2.assume_role
119+
params:
120+
role_arn: ${assume_role_arn}
240121
- command: shell.exec
241122
params:
242123
script: |
243124
${PREPARE_SHELL}
244125
find $MONGO_ORCHESTRATION_HOME -name \*.log | xargs tar czf mongodb-logs.tar.gz
245126
- command: s3.put
246127
params:
247-
aws_key: ${aws_key}
248-
aws_secret: ${aws_secret}
128+
aws_key: ${AWS_ACCESS_KEY_ID}
129+
aws_secret: ${AWS_SECRET_ACCESS_KEY}
130+
aws_session_token: ${AWS_SESSION_TOKEN}
249131
local_file: mongodb-logs.tar.gz
250-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/logs/${task_id}-${execution}-mongodb-logs.tar.gz
251-
bucket: mciuploads
132+
remote_file: ${build_variant}/${revision}/${version_id}/${build_id}/logs/${task_id}-${execution}-mongodb-logs.tar.gz
133+
bucket: ${aws_bucket}
252134
permissions: public-read
253135
content_type: ${content_type|application/x-gzip}
254136
display_name: "mongodb-logs.tar.gz"
255137
- command: s3.put
256138
params:
257-
aws_key: ${aws_key}
258-
aws_secret: ${aws_secret}
139+
aws_key: ${AWS_ACCESS_KEY_ID}
140+
aws_secret: ${AWS_SECRET_ACCESS_KEY}
141+
aws_session_token: ${AWS_SESSION_TOKEN}
259142
local_file: ${DRIVERS_TOOLS}/.evergreen/orchestration/server.log
260-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/logs/${task_id}-${execution}-orchestration.log
261-
bucket: mciuploads
143+
remote_file: ${build_variant}/${revision}/${version_id}/${build_id}/logs/${task_id}-${execution}-orchestration.log
144+
bucket: ${aws_bucket}
262145
permissions: public-read
263146
content_type: ${content_type|text/plain}
264147
display_name: "orchestration.log"
265148

266-
"upload working dir":
267-
- command: archive.targz_pack
268-
params:
269-
target: "working-dir.tar.gz"
270-
source_dir: ${PROJECT_DIRECTORY}/
271-
include:
272-
- "./**"
273-
- command: s3.put
274-
params:
275-
aws_key: ${aws_key}
276-
aws_secret: ${aws_secret}
277-
local_file: working-dir.tar.gz
278-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/artifacts/${task_id}-${execution}-working-dir.tar.gz
279-
bucket: mciuploads
280-
permissions: public-read
281-
content_type: ${content_type|application/x-gzip}
282-
display_name: "working-dir.tar.gz"
283-
- command: archive.targz_pack
284-
params:
285-
target: "drivers-dir.tar.gz"
286-
source_dir: ${DRIVERS_TOOLS}
287-
include:
288-
- "./**"
289-
exclude_files:
290-
# Windows cannot read the mongod *.lock files because they are locked.
291-
- "*.lock"
292-
- command: s3.put
293-
params:
294-
aws_key: ${aws_key}
295-
aws_secret: ${aws_secret}
296-
local_file: drivers-dir.tar.gz
297-
remote_file: ${UPLOAD_BUCKET}/${build_variant}/${revision}/${version_id}/${build_id}/artifacts/${task_id}-${execution}-drivers-dir.tar.gz
298-
bucket: mciuploads
299-
permissions: public-read
300-
content_type: ${content_type|application/x-gzip}
301-
display_name: "drivers-dir.tar.gz"
302-
303149
"upload test results":
304150
- command: attach.results
305151
params:
@@ -462,8 +308,6 @@ pre:
462308
- func: "install dependencies"
463309

464310
post:
465-
# Disabled, causing timeouts
466-
# - func: "upload working dir"
467311
- func: "upload mo artifacts"
468312
- func: "upload test results"
469313
- func: "stop mongo-orchestration"

0 commit comments

Comments
 (0)