Bug: Duplicate logging on artifact uploads
Summary
There is some duplicate logging occurring on GitLab.com where artifact uploads are listed twice. the id
looks the same, so I think it's just logging, but am unsure. Since this is present in the raw log I can assume it's coming from the runner itself
Steps to reproduce
.gitlab-ci.yml
Add the job defection that is failing here
Actual behavior
Artifact upload appears to occur twice within job logs
Expected behavior
Artifact upload should only be listed once within job logs
Relevant logs and/or screenshots
Example Job - https://gitlab.com/gitlab-org/security-products/tests/python-pip/-/jobs/233504430 (there are others in the same pipeline if more are needed)
job log
[0KRunning with gitlab-runner 12.0.0-rc1 (58d8360f)
[0;m[0K on prm-com-gitlab-org ae3bfce2
[0;msection_start:1560857205:prepare_executor
[0K[0KUsing Docker executor with image docker:stable ...
[0;m[0KStarting service docker:stable-dind ...
[0;m[0KPulling docker image docker:stable-dind ...
[0;m[0KUsing docker image sha256:12adad4e12e25288e665131d5235d98a8edf2a39d26679dabbe2728442729e26 for docker:stable-dind ...
[0;m[0KWaiting for services to be up and running...
[0;m[0KPulling docker image docker:stable ...
[0;m[0KUsing docker image sha256:805bea199b249bfed61cdcd7cdbfe240ee998d51f59bbf365674a15b619f5a86 for docker:stable ...
[0;msection_end:1560857230:prepare_executor
[0Ksection_start:1560857230:prepare_script
[0KRunning on runner-ae3bfce2-project-5467277-concurrent-0 via runner-ae3bfce2-prm-1560857119-1e5cc4b7...
section_end:1560857231:prepare_script
[0Ksection_start:1560857231:get_sources
[0K[32;1mFetching changes...[0;m
Initialized empty Git repository in /builds/gitlab-org/security-products/tests/python-pip/.git/
[32;1mCreated fresh repository.[0;m
From https://gitlab.com/gitlab-org/security-products/tests/python-pip
* [new branch] ee-6375 -> origin/ee-6375
* [new branch] enable-dependency-scanning -> origin/enable-dependency-scanning
* [new branch] fcatteau-master-patch-00248 -> origin/fcatteau-master-patch-00248
* [new branch] license_finder -> origin/license_finder
* [new branch] lm-python3 -> origin/lm-python3
* [new branch] master -> origin/master
* [new branch] require-python3 -> origin/require-python3
* [new branch] sast-using-single-docker-image -> origin/sast-using-single-docker-image
* [new branch] sast_QA_10-4-stable-FREEZE -> origin/sast_QA_10-4-stable-FREEZE
* [new branch] sast_QA_10-5-stable-FREEZE -> origin/sast_QA_10-5-stable-FREEZE
* [new branch] sast_QA_base-FREEZE -> origin/sast_QA_base-FREEZE
* [new branch] sast_QA_new_vulns-FREEZE -> origin/sast_QA_new_vulns-FREEZE
* [new branch] sast_QA_old_repo-FREEZE -> origin/sast_QA_old_repo-FREEZE
* [new branch] setup_DS -> origin/setup_DS
* [new branch] try_new_image -> origin/try_new_image
[32;1mChecking out bbc6d2e2 as master...[0;m
[32;1mSkipping Git submodules setup[0;m
section_end:1560857233:get_sources
[0Ksection_start:1560857233:restore_cache
[0Ksection_end:1560857234:restore_cache
[0Ksection_start:1560857234:download_artifacts
[0K[32;1mDownloading artifacts for build (233243933)...[0;m
Downloading artifacts from coordinator... ok [0;m id[0;m=233243933 responseStatus[0;m=200 OK token[0;m=2Ef_cTd1
section_end:1560857236:download_artifacts
[0Ksection_start:1560857236:build_script
[0K[32;1m$ export DS_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}[0;m
[32;1m$ if ! docker info &>/dev/null; then # collapsed multi-line command[0;m
[32;1m$ function propagate_env_vars() { # collapsed multi-line command[0;m
[32;1m$ docker run \ # collapsed multi-line command[0;m
Unable to find image 'registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-0-stable' locally
12-0-stable: Pulling from gitlab-org/security-products/dependency-scanning
f4d7be2b915f: Pulling fs layer
f4d7be2b915f: Verifying Checksum
f4d7be2b915f: Download complete
f4d7be2b915f: Pull complete
Digest: sha256:4ea9f91c222891766a5bbfc0af19a01ee01b4536b846b3b97ebe700e165ea6c4
Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-0-stable
2019/06/18 11:27:18 Copy project directory to containers
2019/06/18 11:27:18 [bundler-audit] Detect project using plugin
2019/06/18 11:27:18 [bundler-audit] Project not compatible
2019/06/18 11:27:18 [gemnasium] Detect project using plugin
2019/06/18 11:27:18 [gemnasium] Project not compatible
2019/06/18 11:27:18 [gemnasium-maven] Detect project using plugin
2019/06/18 11:27:18 [gemnasium-maven] Project not compatible
2019/06/18 11:27:18 [gemnasium-python] Detect project using plugin
2019/06/18 11:27:18 [gemnasium-python] Project is compatible
2019/06/18 11:27:18 [gemnasium-python] Starting analyzer...
2: Pulling from gitlab-org/security-products/analyzers/gemnasium-python
e7c96db7181b: Pulling fs layer
799a5534f213: Pulling fs layer
4203dcf2ab0c: Pulling fs layer
e9524ee50040: Pulling fs layer
7cfa6613f80e: Pulling fs layer
cee1eb7880ba: Pulling fs layer
aa910709f367: Pulling fs layer
c9a029eaea85: Pulling fs layer
7cfa6613f80e: Waiting
cee1eb7880ba: Waiting
aa910709f367: Waiting
c9a029eaea85: Waiting
e9524ee50040: Waiting
799a5534f213: Verifying Checksum
799a5534f213: Download complete
e7c96db7181b: Download complete
e9524ee50040: Verifying Checksum
e9524ee50040: Download complete
7cfa6613f80e: Verifying Checksum
7cfa6613f80e: Download complete
cee1eb7880ba: Verifying Checksum
cee1eb7880ba: Download complete
4203dcf2ab0c: Verifying Checksum
4203dcf2ab0c: Download complete
e7c96db7181b: Pull complete
c9a029eaea85: Verifying Checksum
c9a029eaea85: Download complete
799a5534f213: Pull complete
aa910709f367: Verifying Checksum
aa910709f367: Download complete
4203dcf2ab0c: Pull complete
e9524ee50040: Pull complete
7cfa6613f80e: Pull complete
cee1eb7880ba: Pull complete
aa910709f367: Pull complete
c9a029eaea85: Pull complete
Digest: sha256:8dd2d6c8f28f1b57400ab90fadbf76a545d28051498a1f7f648337f8faff0f88
Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium-python:2
Found project in /tmp/app
Collecting beautifulsoup4==4.6.0 (from -r requirements.txt (line 1))
File was already downloaded /tmp/app/dist/beautifulsoup4-4.6.0-py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/beautifulsoup4-4.6.0-py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/9e/d4/10f46e5cfac773e22707237bfcd51bbffeaf0a576b0a847ec7ab15bd7ace/beautifulsoup4-4.6.0-py3-none-any.whl (86kB)
Saved ./dist/beautifulsoup4-4.6.0-py3-none-any.whl
Collecting Django==1.11.4 (from -r requirements.txt (line 2))
File was already downloaded /tmp/app/dist/Django-1.11.4-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/Django-1.11.4-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/fc/fb/01e0084061c50f1160c2db5565ff1c3d8d76f2a76f67cd282835ee64e04a/Django-1.11.4-py2.py3-none-any.whl (6.9MB)
Saved ./dist/Django-1.11.4-py2.py3-none-any.whl
Collecting django-contrib-comments==1.8.0 (from -r requirements.txt (line 3))
File was already downloaded /tmp/app/dist/django_contrib_comments-1.8.0-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/django_contrib_comments-1.8.0-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/8f/6c/490306f717e242f21485264ef7432b4f6fea42ce17998f6ff3fa0a2a2e2f/django_contrib_comments-1.8.0-py2.py3-none-any.whl (407kB)
Saved ./dist/django_contrib_comments-1.8.0-py2.py3-none-any.whl
Collecting django-js-asset==1.0.0 (from -r requirements.txt (line 4))
File was already downloaded /tmp/app/dist/django_js_asset-1.0.0-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/django_js_asset-1.0.0-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/31/17/93ae0759d3043711e1f3c8187d44d28d57cffb781aadc6e786710350e7d2/django_js_asset-1.0.0-py2.py3-none-any.whl
Saved ./dist/django_js_asset-1.0.0-py2.py3-none-any.whl
Collecting django-mptt==0.9.0 (from -r requirements.txt (line 5))
File was already downloaded /tmp/app/dist/django_mptt-0.9.0-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/django_mptt-0.9.0-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/7d/da/8e9e7d0b7fe7b0bec297622d040353d4f686d7d1cc72287e2ea79ed264cd/django_mptt-0.9.0-py2.py3-none-any.whl (104kB)
Saved ./dist/django_mptt-0.9.0-py2.py3-none-any.whl
Collecting django-tagging==0.4.6 (from -r requirements.txt (line 6))
File was already downloaded /tmp/app/dist/django_tagging-0.4.6-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/django_tagging-0.4.6-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/5e/fc/9d095602bf5d2edcbc2c5721e3d243028544575a145d84ca1ec50f7e2fc1/django_tagging-0.4.6-py2.py3-none-any.whl
Saved ./dist/django_tagging-0.4.6-py2.py3-none-any.whl
Collecting django-xmlrpc==0.1.8 (from -r requirements.txt (line 7))
File was already downloaded /tmp/app/dist/django_xmlrpc-0.1.8-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/django_xmlrpc-0.1.8-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/56/0d/f74c288f63cad0add557d6cdcd752f200f9ff25b2417bc64d82f540325a4/django_xmlrpc-0.1.8-py2.py3-none-any.whl
Saved ./dist/django_xmlrpc-0.1.8-py2.py3-none-any.whl
Collecting mots-vides==2015.5.11 (from -r requirements.txt (line 8))
File was already downloaded /tmp/app/dist/mots_vides-2015.5.11-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/mots_vides-2015.5.11-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/95/34/f5a4ec9cfad0e484b087de46e381efc991d5fde07412de51b85f59853ed7/mots_vides-2015.5.11-py2.py3-none-any.whl (59kB)
Saved ./dist/mots_vides-2015.5.11-py2.py3-none-any.whl
Collecting Pillow==3.3.1 (from -r requirements.txt (line 9))
Downloading https://files.pythonhosted.org/packages/7b/32/e6978aed8fba6398c00eec25f12798fb57647a6cef4f85db1567e3d086ef/Pillow-3.3.1.tar.gz (10.6MB)
Saved ./dist/Pillow-3.3.1.tar.gz
Collecting pyparsing==2.2.0 (from -r requirements.txt (line 10))
File was already downloaded /tmp/app/dist/pyparsing-2.2.0-py2.py3-none-any.whl
WARNING: Previously-downloaded file /tmp/app/dist/pyparsing-2.2.0-py2.py3-none-any.whl has bad hash. Re-downloading.
Downloading https://files.pythonhosted.org/packages/6a/8a/718fd7d3458f9fab8e67186b00abdd345b639976bc7fb3ae722e1b026a50/pyparsing-2.2.0-py2.py3-none-any.whl (56kB)
Saved ./dist/pyparsing-2.2.0-py2.py3-none-any.whl
Collecting pytz==2018.3 (from -r requirements.txt (line 11))
Downloading https://files.pythonhosted.org/packages/3c/80/32e98784a8647880dedf1f6bf8e2c91b195fe18fdecc6767dcf5104598d6/pytz-2018.3-py2.py3-none-any.whl (509kB)
Saved ./dist/pytz-2018.3-py2.py3-none-any.whl
Collecting regex==2018.2.8 (from -r requirements.txt (line 12))
Downloading https://files.pythonhosted.org/packages/be/32/429382300a06eaa12094563ea40665b5a4ecfce50dcbece06200ae703c07/regex-2018.02.08.tar.gz (620kB)
Saved ./dist/regex-2018.02.08.tar.gz
Successfully downloaded beautifulsoup4 Django django-contrib-comments django-js-asset django-mptt django-tagging django-xmlrpc mots-vides Pillow pyparsing pytz regex
Looking in links: ./dist
Collecting beautifulsoup4==4.6.0 (from -r requirements.txt (line 1))
Collecting Django==1.11.4 (from -r requirements.txt (line 2))
Collecting django-contrib-comments==1.8.0 (from -r requirements.txt (line 3))
Collecting django-js-asset==1.0.0 (from -r requirements.txt (line 4))
Collecting django-mptt==0.9.0 (from -r requirements.txt (line 5))
Collecting django-tagging==0.4.6 (from -r requirements.txt (line 6))
Collecting django-xmlrpc==0.1.8 (from -r requirements.txt (line 7))
Collecting mots-vides==2015.5.11 (from -r requirements.txt (line 8))
Collecting Pillow==3.3.1 (from -r requirements.txt (line 9))
Collecting pyparsing==2.2.0 (from -r requirements.txt (line 10))
Collecting pytz==2018.3 (from -r requirements.txt (line 11))
Collecting regex==2018.2.8 (from -r requirements.txt (line 12))
Installing collected packages: beautifulsoup4, pytz, Django, django-contrib-comments, django-js-asset, django-mptt, django-tagging, django-xmlrpc, mots-vides, Pillow, pyparsing, regex
Successfully installed Django-1.11.4 Pillow-3.3.1 beautifulsoup4-4.6.0 django-contrib-comments-1.8.0 django-js-asset-1.0.0 django-mptt-0.9.0 django-tagging-0.4.6 django-xmlrpc-0.1.8 mots-vides-2015.5.11 pyparsing-2.2.0 pytz-2018.3 regex-2018.2.8
2019/06/18 11:27:45 [retire.js] Detect project using plugin
2019/06/18 11:27:45 [retire.js] Project not compatible
+----------------------------------------------------------------------------------------+
| Severity | Tool | Identifier |
+----------------------------------------------------------------------------------------+
| Unknown | Gemnasium | CVE-2019-12308 |
| |
| AdminURLFieldWidget XSS in Django |
| Solution: Upgrade to fixed version or apply patch. |
| In requirements.txt |
+----------------------------------------------------------------------------------------+
| Unknown | Gemnasium | CVE-2017-12794 |
| |
| Possible XSS in traceback section of technical 500 debug page in Django |
| Solution: Upgrade to latest version or apply patch. |
| In requirements.txt |
+----------------------------------------------------------------------------------------+
| Unknown | Gemnasium | CVE-2019-3498 |
| |
| Content Spoofing in Django |
| Solution: Upgrade to fixed version. |
| In requirements.txt |
+----------------------------------------------------------------------------------------+
| Unknown | Gemnasium | CVE-2019-6975 |
| |
| Uncontrolled Memory Consumption in Django |
| Solution: Upgrade to fixed version. |
| In requirements.txt |
+----------------------------------------------------------------------------------------+
| Unknown | Gemnasium | CVE-2016-9190 |
| |
| Sign Extension in Storage.c in Pillow |
| Solution: Upgrade to latest version. |
| In requirements.txt |
+----------------------------------------------------------------------------------------+
| Unknown | Gemnasium | CVE-2016-9189 |
| |
| Integer overflow in Map.c in Pillow |
| Solution: Upgrade to latest version. |
| In requirements.txt |
+----------------------------------------------------------------------------------------+
section_end:1560857266:build_script
[0Ksection_start:1560857266:after_script
[0Ksection_end:1560857268:after_script
[0Ksection_start:1560857268:archive_cache
[0Ksection_end:1560857270:archive_cache
[0Ksection_start:1560857270:upload_artifacts_on_success
[0K[32;1mUploading artifacts...[0;m
gl-dependency-scanning-report.json: found 1 matching files[0;m
Uploading artifacts to coordinator... ok [0;m id[0;m=233504430 responseStatus[0;m=201 Created token[0;m=nT3zboF9
[32;1mUploading artifacts...[0;m
gl-dependency-scanning-report.json: found 1 matching files[0;m
Uploading artifacts to coordinator... ok [0;m id[0;m=233504430 responseStatus[0;m=201 Created token[0;m=nT3zboF9
section_end:1560857273:upload_artifacts_on_success
[0K[32;1mJob succeeded
[0;m
Environment description
config.toml contents
Add your configuration here
Used GitLab Runner version
Possible fixes
Edited by Lucas Charles