ci: use dockerLogs step

[v1v]

What

It archives the docker container details for every stage that runs docker.

How to use it

• Go to the artifact/docker-info folder
• Look for the stage that you'd like to go deeper with
• Open the file docker-containers.txt
• Look for the container ID
• <id>.log is the logs for the container with id
• <id>-cmd.txt is the docker container run parameters
• <id>-inspect.json is the output of the docker inspect command

Tests

(BO view)

Issues

Closes #806

[apmmachine]

💚 Build Succeeded

Expand to view the summary

Build stats

• Build Cause: [Pull request #810 updated]

• Start Time: 2020-06-02T16:49:35.480+0000

• Duration: 72 min 4 sec

Test stats 🧪

Test	Results
Failed	0
Passed	932
Skipped	10
Total	942

Steps errors

Expand to view the steps failures

• Name: Bundlesize

  • Description: #!/bin/bash set -o pipefail npm run bundlesize|tee bundlesize.txt

  • Duration: 1 min 32 sec

  • Start Time: 2020-06-02T16:54:45.657+0000

  • log

• Name: Start Elastic Stack 8.0.0-SNAPSHOT - @elastic/apm-rum-core - saucelabs

  • Description:

  • Duration: 4 min 58 sec

  • Start Time: 2020-06-02T17:15:59.360+0000

  • log

• Name: Error signal

  • Description:

  • Duration: 0 min 0 sec

  • Start Time: 2020-06-02T17:19:57.525+0000

  • log

[codecov-commenter]

Codecov Report

Merging #810 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #810   +/-   ##
=======================================
  Coverage   92.66%   92.66%           
=======================================
  Files          50       50           
  Lines        2291     2291           
  Branches      456      456           
=======================================
  Hits         2123     2123           
  Misses        165      165           
  Partials        3        3           

[v1v]

This is required to be able to run a post-build step within this method. We could potentially add this section to the post-build always step. What do you prefer?

[v1v]

Alright, I'm afraid we cannot do the post-block though, the runAllScopes runs several scopes in a loop :(

[mdelapenya]

Maybe it's a good idea to have it in a post block, to always have it if needed

[cachedout]

I'm worried about this one. Won't docker inspect will dump all environment details? I'm concerned that we might end up leaking sensitive data. Even if that isn't the case now, we might accidentally forget that this is in place in the future.

[v1v]

I'm worried about this one. Won't docker inspect will dump all environment details? I'm concerned that we might end up leaking sensitive data. Even if that isn't the case now, we might accidentally forget that this is in place in the future.

What do you suggest?

[cachedout]

What do you suggest?

Sorry, I didn't see this comment earlier. I don't think we should ever do a docker inspect on a production CI job. I see that elastic/apm-pipeline-library#580 removes this capability so I think we are on the same page here. 👍

[kuisathaverat]

I'm worried about this one. Won't docker inspect will dump all environment details? I'm concerned that we might end up leaking sensitive data. Even if that isn't the case now, we might accidentally forget that this is in place in the future.

should not be secrets references in the docker-compose.yml, and the ones that can contain are related to the local containers and do not give access anywhere. In some cases, we need the inspect to see the status of the container when it died, we can remove the environment from the inspect output when we generate the file.

[cachedout]

we can remove the environment from the inspect output when we generate the file.

Parsing the output and removing the Envrionment value would satisfy my concerns. 👍

[kuisathaverat]

this makes the thing

docker inspect 60754aee9a26 |jq 'del(.[].Config.Env)'