PS-1470 Fix issue where artifacts uploaded to custom s3 buckets would have a double slash prefix #3607
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zhming0
reviewed
Dec 4, 2025
Contributor
zhming0
left a comment
zhming0
left a comment
There was a problem hiding this comment.
Is this something we can write an new e2e test for?? with our new e2e test gear
Contributor
Author
|
oooh, good call! |
DrJosh9000
approved these changes
Dec 4, 2025
moskyb
force-pushed
the
fix-double-slashed-custom-bucket-artifacts
branch
4 times, most recently
from
47cb0e5 to
d06c720
Compare
DrJosh9000
reviewed
Dec 4, 2025
internal/e2e/testcase.go
Outdated
| pipeline *buildkite.Pipeline | ||
| } | ||
|
|
||
| var leadingTabsRe = regexp.MustCompile(`(?m)^(\t+)`) |
Contributor
There was a problem hiding this comment.
Suggested change
| var leadingTabsRe = regexp.MustCompile(`(?m)^(\t+)`) | |
| var leadingTabsRE = regexp.MustCompile(`(?m)^(\t+)`) |
DrJosh9000
reviewed
Dec 4, 2025
internal/e2e/artifact_test.go
Outdated
| - commands: | ||
| - echo "hello world" > artifact.txt | ||
| - buildkite-agent artifact upload artifact.txt | ||
| - commands: |
Contributor
There was a problem hiding this comment.
Should this have a depends_on or wait to make the ordering clear?
DrJosh9000
reviewed
Dec 4, 2025
internal/e2e/artifact_test.go
Outdated
Comment on lines
31
to
34
| logs := tc.fetchLogs(ctx, build) | ||
| if !strings.Contains(logs, "\nsuccess") { | ||
| t.Errorf("tc.fetchLogs(ctx, build %q) logs as follows, did not contain 'success'\n%s", build.ID, logs) | ||
| } |
Contributor
There was a problem hiding this comment.
Relying on the job to succeed or fail might be enough. Having to pull the job logs might make the test run longer for not much benefit.
DrJosh9000
reviewed
Dec 4, 2025
Contributor
There was a problem hiding this comment.
I assume you're working on a version that uses a custom S3 bucket?
moskyb
force-pushed
the
fix-double-slashed-custom-bucket-artifacts
branch
from
d06c720 to
cacaf7b
Compare
DrJosh9000
reviewed
Dec 4, 2025
.buildkite/steps/e2e-tests.sh
Outdated
Comment on lines
2
to
4
| set -eo pipefail | ||
|
|
||
| if [[ -z "${BUILDKITE_TRIGGERED_FROM_BUILD_ID}" ]] ; then |
Contributor
There was a problem hiding this comment.
What about:
Suggested change
| set -eo pipefail | |
| if [[ -z "${BUILDKITE_TRIGGERED_FROM_BUILD_ID}" ]] ; then | |
| set -euo pipefail | |
| if [[ -z "${BUILDKITE_TRIGGERED_FROM_BUILD_ID:-}" ]] ; then |
moskyb
force-pushed
the
fix-double-slashed-custom-bucket-artifacts
branch
2 times, most recently
from
ceb7a1c to
e3c643b
Compare
…double slash prefix There's an edge case in URL construction for artifacts uploaded to custom S3 buckets where the key for the object would be generated as `/object-key` (note preceding slash), and then directly appended to a url like `https://my-definitely-realy-s3-bucket.s3.amazonaws.com/`, leading to a final object url of `https://buildkite-benno-artifacts-test.s3.amazonaws.com//object-key` (note the double slash!). See [the implementation](https://github.com/buildkite/agent/blob/2a95448832f3fa4c2eb08dabb69db06ff01782fb/internal/artifact/s3_uploader.go#L147) for more details — `u.BucketPath` is empty by default in custom artifact bucket cases. When we were on the AWS Go SDK v1, this was fine, as the SDK [cleaned urls by default](aws/aws-sdk-go#2559), leading to the object's key being normalized from `/object-key` to `object-key`. However, in an [undocumented breaking change](aws/aws-sdk-go-v2#3095) (🫠), the SDK v2 doesn't do this cleaning, so the object would be uploaded with a leading slash on its key. The artifact downloader relied on the URL cleaning functionality of the go SDK, so when attempting to download the artifact, it would generate a key of `object-key`, without the leading slash, leading to consistent 404s when trying to download artifacts from custom buckets. This PR updates the artifact upload URL generation logic to do a path-join of the key rather than a crude append, essentially emulating the logic that was present in v1 of the AWS Go SDK.
moskyb
force-pushed
the
fix-double-slashed-custom-bucket-artifacts
branch
from
e3c643b to
8e5dfb5
Compare
Contributor
Author
|
i'm going to merge this as is, and add an e2e test for artifact upload/download with a custom bucket in a followup — i've tested this and made sure it works, but there's quite a bit of infra stuff i'll need to do to set up the e2e test, and i don't want that to block shipping a fix to the customer. |
moskyb
force-pushed
the
fix-double-slashed-custom-bucket-artifacts
branch
from
8e5dfb5 to
a79c5af
Compare
moskyb
force-pushed
the
fix-double-slashed-custom-bucket-artifacts
branch
from
a79c5af to
537c838
Compare
This was referenced Dec 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fix issue where artifacts uploaded to custom s3 buckets would have a double slash prefix
There's an edge case in URL construction for artifacts uploaded to custom S3 buckets where the key for the object would be generated as
/object-key(note preceding slash), and then directly appended to a url likehttps://my-definitely-realy-s3-bucket.s3.amazonaws.com/, leading to a final object url ofhttps://my-definitely-real-s3-bucket.s3.amazonaws.com//object-key(note the double slash!). See the implementation for more details —u.BucketPathis empty by default in custom artifact bucket cases.When we were on the AWS Go SDK v1, this was fine, as the SDK cleaned urls by default, leading to the object's key being normalized from
/object-keytoobject-key. However, in an undocumented breaking change (🫠), the SDK v2 doesn't do this cleaning, so the object would be uploaded with a leading slash on its key.The artifact downloader relied on the URL cleaning functionality of the go SDK, so when attempting to download the artifact, it would generate a key of
object-key, without the leading slash, leading to consistent 404s when trying to download artifacts from custom buckets.This PR updates the artifact upload URL generation logic to do a path-join of the key rather than a crude append, essentially emulating the logic that was present in v1 of the AWS Go SDK.
Context
PS-1470
Testing
go test ./...). Buildkite employees may check this if the pipeline has run automatically.go tool gofumpt -extra -w .)\Disclosures / Credits
I used Amp to investigate the issue initially, then wrote the fourteen-character fix all by myself.