Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workflow failure: cron #3839

Closed
pulumi-bot opened this issue Apr 18, 2024 · 4 comments · Fixed by #3843
Closed

Workflow failure: cron #3839

pulumi-bot opened this issue Apr 18, 2024 · 4 comments · Fixed by #3843
Assignees
@flostadler
Labels
kind/engineering Work that is not visible to an external user p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed

Comments

@pulumi-bot
Copy link
Contributor

pulumi-bot commented Apr 18, 2024
edited
Loading

Workflow Failure

cron has failed. See the list of failures below:
@pulumi-bot pulumi-bot added kind/engineering Work that is not visible to an external user needs-triage Needs attention from the triage team p1 A bug severe enough to be the next item assigned to an engineer labels Apr 18, 2024
@flostadler flostadler self-assigned this Apr 18, 2024
@t0yv0
Copy link
Member

t0yv0 commented Apr 18, 2024

It's consistently failing looks like, and blocking everything. I see you're taking a look @flostadler any discoveries? If not we can skip it for now to unblock other work.

@flostadler
Copy link
Contributor

Yes, found that this is caused by AWS setting an environment variable by default now to auto discover reports (CODEBUILD_CONFIG_AUTO_DISCOVER).

As a workaround for the test I'm creating a PR that sets this env variable.
But I'm worried that this will lead to users ending up with a drift until they re-run pulumi up once

@flostadler flostadler mentioned this issue Apr 18, 2024
Merged
@flostadler
Copy link
Contributor

flostadler commented Apr 18, 2024
edited
Loading

I was also able to replicate this with Terraform. Intentionally used an old aws provider (5.6.1) to ensure it was not caused by a recent upstream change.
And the environment variable (CODEBUILD_CONFIG_AUTO_DISCOVER) is also showing up in the CloudTrail audit events so everything points to AWS being the culprit here.

resource "aws_codebuild_project" "this" {
  name           = "florian-tf-sample"
  build_timeout  = 30

  service_role = "arn:aws:iam::616138583583:role/CICD-sample-Role-5b38997"

  artifacts {
    type = "NO_ARTIFACTS"
  }

  environment {
    compute_type                = "BUILD_GENERAL1_SMALL"
    image                       = "aws/codebuild/amazonlinux2-x86_64-standard:4.0"
    type                        = "LINUX_CONTAINER"
    image_pull_credentials_type = "CODEBUILD"
  }

  source {
    type            = "GITHUB"
    location        = "https://github.com/edalongeville/pulumi_sample_codebuild.git"
    git_clone_depth = 1
  }

  tags = {
    Owner = "florian"
  }
}

Tracing the AWS API calls shows that the env variable is not present in the create request, but shows up in the response automatically:

Request:

{
    "artifacts": {
        "over************Name": false,
        "type": "NO_ARTIFACTS"
    },
    "environment": {
        "computeType": "BUILD_GENERAL1_SMALL",
        "image": "aws/******************nux2-x86_64-standard:4.0",
        "imag****************Type": "CODEBUILD",
        "privilegedMode": false,
        "type": "LINUX_CONTAINER"
    },
    "logsConfig": {
        "cloudWatchLogs": {
            "status": "ENABLED"
        },
        "s3Logs": {
            "status": "DISABLED"
        }
    },
    "name": "florian-tf-sample",
    "queu**************utes": 480,
    "serviceRole": "arn:aws:iam::616138583583:role/CICD-sample-Role-9662d80",
    "source": {
        "buildspec": "",
        "gitCloneDepth": 1,
        "insecureSsl": false,
        "location": "https://github.com/****************lumi_sample_codebuild.git",
        "repo*********atus": false,
        "type": "GITHUB"
    },
    "tags": [
        {
            "key": "Owner",
            "value": "florian"
        }
    ],
    "time********utes": 30
}

Response:

{
    "project": {
        "arn": "arn:aws:codebuild:us-west-2:616138583583:project/florian-tf-sample",
        "artifacts": {
            "over************Name": false,
            "type": "NO_ARTIFACTS"
        },
        "badge": {
            "badgeEnabled": false
        },
        "cache": {
            "type": "NO_CACHE"
        },
        "created": 1.713517789859E9,
        "encryptionKey": "arn:aws:kms:us-west-2:616138583583:alias/aws/s3",
        "environment": {
            "computeType": "BUILD_GENERAL1_SMALL",
            "envi************bles": [
                {
                    "name": "CODEBUILD_CONFIG_AUTO_DISCOVER",
                    "type": "PLAINTEXT",
                    "value": "true"
                }
            ],
            "image": "aws/******************nux2-x86_64-standard:4.0",
            "imag****************Type": "CODEBUILD",
            "privilegedMode": false,
            "type": "LINUX_CONTAINER"
        },
        "lastModified": 1.713517789859E9,
        "logsConfig": {
            "cloudWatchLogs": {
                "status": "ENABLED"
            },
            "s3Logs": {
                "encr**********bled": false,
                "status": "DISABLED"
            }
        },
        "name": "florian-tf-sample",
        "proj*********lity": "PRIVATE",
        "queu**************utes": 480,
        "serviceRole": "arn:aws:iam::616138583583:role/CICD-sample-Role-9662d80",
        "source": {
            "buildspec": "",
            "gitCloneDepth": 1,
            "insecureSsl": false,
            "location": "https://github.com/****************lumi_sample_codebuild.git",
            "repo*********atus": false,
            "type": "GITHUB"
        },
        "tags": [
            {
                "key": "Owner",
                "value": "florian"
            }
        ],
        "time********utes": 30
    }
}

@flostadler
Copy link
Contributor

Opened #3844 to track the UX implications

@t0yv0 t0yv0 removed the needs-triage Needs attention from the triage team label Apr 18, 2024
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Apr 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@flostadler flostadler

Labels
kind/engineering Work that is not visible to an external user p1 A bug severe enough to be the next item assigned to an engineer resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add CODEBUILD_CONFIG_AUTO_DISCOVER environment variable of CodeBuild example pulumi/pulumi-aws
3 participants
@t0yv0 @flostadler @pulumi-bot