From fcbb91582f47b4f1d2d3fb6843dfbc764bd8a6f5 Mon Sep 17 00:00:00 2001 From: Tobias Henkel Date: Sat, 23 Feb 2019 09:18:50 +0100 Subject: Encode zuul.message with base64 Zuul recently added zuul.message which needs to be protected against interpretation by jinja in ansible. This was initially done by marking it with the !unsafe tag. However this has the disadvantage that the inventory is no longer parsable by standard yaml parsers without teaching them the !unsafe tag. There is a similar simple possibility that doesn't rely on this tag by base64 encoding the commit message. Ansible has filters for decoding this so it is still quite easy to deal with base64 encoded vars in ansible via '{{ zuul.message | b64decode }}'. Change-Id: I9628e2770dda120b269612e28bb6217036942b8e --- releasenotes/notes/zuul-message-a36f1a6adc7da31c.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 releasenotes/notes/zuul-message-a36f1a6adc7da31c.yaml (limited to 'releasenotes/notes/zuul-message-a36f1a6adc7da31c.yaml') diff --git a/releasenotes/notes/zuul-message-a36f1a6adc7da31c.yaml b/releasenotes/notes/zuul-message-a36f1a6adc7da31c.yaml new file mode 100644 index 000000000..7f9b08533 --- /dev/null +++ b/releasenotes/notes/zuul-message-a36f1a6adc7da31c.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + Zuul recently added the job variable :var:`zuul.message`. This can contain + jinja tags which can cause problems accessing the zuul variable in the job. + Because of this the message is now base64 encoded and any job evaluating + this variable needs to be changed from ``{{ zuul.message }}`` to + ``{{ zuul.message | b64decode }}``. -- cgit v1.2.1