Trace logs to see where CI hangs#210
Conversation
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
There was a problem hiding this comment.
Code Review
This pull request aims to enable verbose logging for debugging CI hangs. However, a significant security vulnerability has been introduced: the modification to entrypoint.sh enables command tracing (set -x), which risks exposing sensitive information passed as command-line arguments in logs. Furthermore, these debugging changes are not suitable for permanent integration due to excessive logging and potential performance degradation. Please address the security vulnerability and revert all debugging changes before merging.
| @@ -1,5 +1,5 @@ | |||
| #!/bin/bash | |||
| set -euo pipefail | |||
| set -xeuo pipefail | |||
There was a problem hiding this comment.
The set -x option introduces a critical security vulnerability by printing all executed commands and their arguments, including sensitive information like passwords or API tokens, to standard error. This poses a significant risk in CI/CD environments where logs are persisted. Furthermore, set -x is overly verbose and not intended for permanent inclusion in production code.
| set -xeuo pipefail | |
| set -euo pipefail |
| let stdout = cmd!( | ||
| sh, | ||
| "{bck} ephemeral run --rm --label {label} --itype u1.micro --execute {script} {image}" | ||
| "{bck} ephemeral run --rm --label {label} --env RUST_LOG=trace --itype u1.micro --execute {script} {image}" |
There was a problem hiding this comment.
Enabling trace-level logging via RUST_LOG=trace is useful for debugging, but it will generate a large amount of log output. This should be removed before merging to avoid excessive noise in test logs.
| "{bck} ephemeral run --rm --label {label} --env RUST_LOG=trace --itype u1.micro --execute {script} {image}" | |
| {bck} ephemeral run --rm --label {label} --itype u1.micro --execute {script} {image} |
|
It passed? I guess #209 just needs a restart? |
No description provided.