From e9f324cf6d085e7e9b87302e5f9df84199b240b0 Mon Sep 17 00:00:00 2001
From: Aleksandr Nogikh <nogikh@google.com>
Date: Fri, 12 May 2023 13:42:45 +0200
Subject: syz-ci: optionally publish GCS objects

Earlier `syz-ci: don't publish uploaded files` commit completely
disabled the GCS object publishing after each object.

However, it turns out that otherwise the objects quickly lose the
`public to internet` flag.

Make the option configurable.
---
 syz-ci/manager.go | 15 +++++++++------
 syz-ci/syz-ci.go  |  2 ++
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/syz-ci/manager.go b/syz-ci/manager.go
index 71bd35980..7ec7ba1cc 100644
--- a/syz-ci/manager.go
+++ b/syz-ci/manager.go
@@ -791,7 +791,7 @@ func (mgr *Manager) uploadCoverReport() error {
 	}
 	defer resp.Body.Close()
 	if directUpload {
-		return uploadFile(mgr.cfg.CoverUploadPath, mgr.name+".html", resp.Body)
+		return mgr.uploadFile(mgr.cfg.CoverUploadPath, mgr.name+".html", resp.Body)
 	}
 	// Upload via the asset storage.
 	newAsset, err := mgr.storage.UploadBuildAsset(resp.Body, mgr.name+".html",
@@ -812,10 +812,10 @@ func (mgr *Manager) uploadCorpus() error {
 		return err
 	}
 	defer f.Close()
-	return uploadFile(mgr.cfg.CorpusUploadPath, mgr.name+"-corpus.db", f)
+	return mgr.uploadFile(mgr.cfg.CorpusUploadPath, mgr.name+"-corpus.db", f)
 }
 
-func uploadFile(dstPath, name string, file io.Reader) error {
+func (mgr *Manager) uploadFile(dstPath, name string, file io.Reader) error {
 	URL, err := url.Parse(dstPath)
 	if err != nil {
 		return fmt.Errorf("failed to parse upload path: %v", err)
@@ -824,17 +824,17 @@ func uploadFile(dstPath, name string, file io.Reader) error {
 	URLStr := URL.String()
 	log.Logf(0, "uploading %v to %v", name, URLStr)
 	if strings.HasPrefix(URLStr, "gs://") {
-		return uploadFileGCS(strings.TrimPrefix(URLStr, "gs://"), file)
+		return uploadFileGCS(strings.TrimPrefix(URLStr, "gs://"), file, mgr.cfg.PublishGCS)
 	}
 	if strings.HasPrefix(URLStr, "http://") ||
 		strings.HasPrefix(URLStr, "https://") {
 		return uploadFileHTTPPut(URLStr, file)
 	}
 	// Use GCS as default to maintain backwards compatibility.
-	return uploadFileGCS(URLStr, file)
+	return uploadFileGCS(URLStr, file, mgr.cfg.PublishGCS)
 }
 
-func uploadFileGCS(URL string, file io.Reader) error {
+func uploadFileGCS(URL string, file io.Reader, publish bool) error {
 	GCS, err := gcs.NewClient()
 	if err != nil {
 		return fmt.Errorf("failed to create GCS client: %v", err)
@@ -851,6 +851,9 @@ func uploadFileGCS(URL string, file io.Reader) error {
 	if err := gcsWriter.Close(); err != nil {
 		return fmt.Errorf("failed to close gcs writer: %v", err)
 	}
+	if publish {
+		return GCS.Publish(URL)
+	}
 	return nil
 }
 
diff --git a/syz-ci/syz-ci.go b/syz-ci/syz-ci.go
index 45671723b..178884ee7 100644
--- a/syz-ci/syz-ci.go
+++ b/syz-ci/syz-ci.go
@@ -105,6 +105,8 @@ type Config struct {
 	// Path to upload corpus.db from managers (optional).
 	// Supported protocols: GCS (gs://) and HTTP PUT (http:// or https://).
 	CorpusUploadPath string `json:"corpus_upload_path"`
+	// Make files uploaded via CoverUploadPath and CorpusUploadPath public.
+	PublishGCS bool `json:"publish_gcs"`
 	// BinDir must point to a dir that contains compilers required to build
 	// older versions of the kernel. For linux, it needs to include several
 	// compiler versions.
-- 
cgit mrf-deployment