Builds pass after failing to generate openapi document

[nadove-ucsc]

In this run, the openapi document failed to generated for the indexer because the log forwarding lambdas weren't patched out. The build then passed.

• Security design review completed; the Resolution of this issue does not …
  • … affect authentication; for example:
    • OAuth 2.0 with the application (API or Swagger UI)
    • Authentication of developers with Google Cloud APIs
    • Authentication of developers with AWS APIs
    • Authentication with a GitLab instance in the system
    • Password and 2FA authentication with GitHub
    • API access token authentication with GitHub
    • Authentication with
  • … affect the permissions of internal users like access to
    • Cloud resources on AWS and GCP
    • GitLab repositories, projects and groups, administration
    • an EC2 instance via SSH
    • GitHub issues, pull requests, commits, commit statuses, wikis, repositories, organizations
  • … affect the permissions of external users like access to
    • TDR snapshots
  • … affect permissions of service or bot accounts
    • Cloud resources on AWS and GCP
  • … affect audit logging in the system, like
    • adding, removing or changing a log message that represents an auditable event
    • changing the routing of log messages through the system
  • … affect monitoring of the system
  • … introduce a new software dependency like
    • Python packages on PYPI
    • Command-line utilities
    • Docker images
    • Terraform providers
  • … add an interface that exposes sensitive or confidential data at the security boundary
  • … affect the encryption of data at rest
  • … require persistence of sensitive or confidential data that might require encryption at rest
  • … require unencrypted transmission of data within the security boundary
  • … affect the network security layer; for example by
    • modifying, adding or removing firewall rules
    • modifying, adding or removing security groups
    • changing or adding a port a service, proxy or load balancer listens on
• Documentation on any unchecked boxes is provided in comments below

[hannes-ucsc]

Something like this should do it:

Index: lambdas/Makefile
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/lambdas/Makefile b/lambdas/Makefile
--- a/lambdas/Makefile	(revision 35f88aee2eba4c10adcd6637e4d46bbe8f9a31a4)
+++ b/lambdas/Makefile	(date 1671408819538)
@@ -17,4 +17,4 @@
 
 .PHONY: clean
 clean: check_env
-	for d in indexer service layer; do $(MAKE) -C $$d clean; done
+	for d in indexer service layer; do $(MAKE) -C $$d clean || ! break; done

[dsotirho-ucsc]

Solve as part of PR #5160 for issue #5051

[hannes-ucsc]

For demo, modify a local clone to break the openapi target for lambdas/indexer but not for lambdas/service. Run the openapi target separately in each. Run make -C lambdas openapi from the root and show evidence that the failure terminates the loop early and propagates to the exit status of the top-level make invocation.