From e6252dec9ef3ebb1a32f7c7016473283f563ab6b Mon Sep 17 00:00:00 2001
From: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Date: Wed, 23 Feb 2022 17:44:33 +0200
Subject: [PATCH] ci: Set CI_JOB_JWT_FILE to a fixed path outside /tmp

Having CI_JOB_JWT_FILE pointing to path on /tmp makes it difficult to be
managed in VM contexts (e.g. crosvm) because the /tmp mountpoint usually
refers to a local filesystem rather than the host one.

Additionally, there is another restriction for 'piglit-traces-test' job
to have the file available on the root filesystem.

To avoid amending all the jobs that might be affected, let's just set
the variable to a fixed path '/minio_jwt'. Note we also need to do this
in the 'variables:' section instead of 'before_script:' in order to be
able to reference it in CI job variables, e.g. PIGLIT_REPLAY_EXTRA_ARGS

Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com>
Reviewed-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Reviewed-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15208>
---
 .gitlab-ci.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b3283436790..e3a96735042 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,6 +7,7 @@ variables:
           bash download-git-cache.sh
           rm download-git-cache.sh
           set +o xtrace
+  CI_JOB_JWT_FILE: /minio_jwt
   MINIO_HOST: minio-packet.freedesktop.org
   # per-pipeline artifact storage on MinIO
   PIPELINE_ARTIFACTS_BASE: ${MINIO_HOST}/artifacts/${CI_PROJECT_PATH}/${CI_PIPELINE_ID}
@@ -22,7 +23,6 @@ variables:
 default:
   before_script:
     - echo -e "\e[0Ksection_start:$(date +%s):unset_env_vars_section[collapsed=true]\r\e[0KUnsetting vulnerable environment variables"
-    - export CI_JOB_JWT_FILE="${CI_JOB_JWT_FILE:-$(mktemp)}"
     - echo -n "${CI_JOB_JWT}" > "${CI_JOB_JWT_FILE}"
     - unset CI_JOB_JWT
     - echo -e "\e[0Ksection_end:$(date +%s):unset_env_vars_section\r\e[0K"
@@ -1308,9 +1308,7 @@ debian-mingw32-x86_64:
       - results/summary/
       - results/*.txt
   variables:
-    CI_JOB_JWT_FILE: /minio_jwt  # JWT file on piglit jobs should be available on / partition
     PIGLIT_REPLAY_EXTRA_ARGS:  --keep-image --db-path ${CI_PROJECT_DIR}/replayer-db/ --minio_host=minio-packet.freedesktop.org --minio_bucket=mesa-tracie-public --role-session-name=${CI_PROJECT_PATH}:${CI_JOB_ID} --jwt-file=${CI_JOB_JWT_FILE}
-    CI_JOB_JWT_FILE: /minio_jwt  # JWT file on piglit jobs should be available on / partition
   script:
     - install/piglit/piglit-traces.sh