From 431fb3c4c9a3debd5d84f7dd9f6711cbe501716d Mon Sep 17 00:00:00 2001
From: Tamas Koczka <poprdi@google.com>
Date: Sat, 11 Nov 2023 22:45:56 +0000
Subject: [PATCH] kernelCTF: GHA: artifact backup: folder structure fixes

---
 .github/workflows/kernelctf-submission-verification.yaml | 6 ++++--
 kernelctf/check-submission.py                            | 5 +++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/kernelctf-submission-verification.yaml b/.github/workflows/kernelctf-submission-verification.yaml
index 6d0e69e9..fb4e4d7d 100644
--- a/.github/workflows/kernelctf-submission-verification.yaml
+++ b/.github/workflows/kernelctf-submission-verification.yaml
@@ -222,7 +222,7 @@ jobs:
       - name: Upload repro summary as an artifact
         uses: actions/upload-artifact@v3
         with:
-          name: repro_summary_${{ env.RELEASE_ID }}.txt
+          name: repro_summary_${{ env.RELEASE_ID }}
           path: ./kernelctf/repro/repro_summary.md
 
   backup_artifacts:
@@ -244,5 +244,7 @@ jobs:
         uses: 'google-github-actions/upload-cloud-storage@v1'
         with:
           path: ./artifacts
-          destination: kernelctf-build/artifacts/${{ needs.structure_check.outputs.artifact_backup_dir }}
+          destination: kernelctf-build/artifacts/${{ needs.structure_check.outputs.artifact_backup_dir }}_${{ github.run_id }}
+          parent: false
+          predefinedAcl: publicRead
           process_gcloudignore: false # removes warnings that .gcloudignore file does not exist
diff --git a/kernelctf/check-submission.py b/kernelctf/check-submission.py
index fabad5c9..a0870424 100755
--- a/kernelctf/check-submission.py
+++ b/kernelctf/check-submission.py
@@ -4,7 +4,6 @@
 import json
 import jsonschema
 import hashlib
-from datetime import datetime
 from utils import *
 
 PUBLIC_CSV_URL = "https://docs.google.com/spreadsheets/d/e/2PACX-1vS1REdTA29OJftst8xN5B5x8iIUcxuK6bXdzF8G1UXCmRtoNsoQ9MbebdRdFnj6qZ0Yd7LwQfvYC2oF/pub?output=csv"
@@ -82,6 +81,7 @@
 submissionIds = metadata.get("submission_ids", None) or metadata["submission_id"]
 if isinstance(submissionIds, str):
     submissionIds = [submissionIds]
+submissionIds.sort()
 print(f"[-] Submission IDs = {submissionIds}")
 
 publicCsv = fetch(PUBLIC_CSV_URL, "public.csv")
@@ -92,6 +92,7 @@
     fail(f"submission ID ({submissionId}) was not found on public spreadsheet")
 
 submissionIds = list(set(submissionIds).intersection(publicSheet.keys()))
+submissionIds.sort()
 
 flags = []
 for submissionId in submissionIds:
@@ -149,7 +150,7 @@ def summary(success, text):
         if not exploit_info: continue
         exploits_info[target] = { key: exploit_info[key] for key in ["uses", "requires_separate_kaslr_leak"] if key in exploit_info }
 ghSet("OUTPUT", f"exploits_info={json.dumps(exploits_info)}")
-ghSet("OUTPUT", f"artifact_backup_dir={'_'.join(submissionIds)}_{datetime.utcnow().strftime('%Y%m%d_%H%M%S')}")
+ghSet("OUTPUT", f"artifact_backup_dir={'_'.join(submissionIds)}")
 
 summary(True, f"✅ The file structure verification of the PR was successful!")