mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-30 00:01:50 +00:00
127e057f26
This will make harder to falsify a decision task. Notably our validation code only needs to verify that the definition of the decision task as given here matches what is used in the task definition in the Chain-Of-Trust artifact, in order to prove that the decision task is a result of what ran in the tree. MozReview-Commit-ID: 4SRO7G1nyyL --HG-- extra : rebase_source : a3b062c5adfa3c2c96a220adf9bd5d2f50d294aa
126 lines
4.4 KiB
YAML
126 lines
4.4 KiB
YAML
---
|
|
version: 0
|
|
metadata:
|
|
name: 'Taskcluster tasks for Gecko'
|
|
description: "The taskcluster task graph for Gecko trees"
|
|
owner: mozilla-taskcluster-maintenance@mozilla.com
|
|
source: {{{source}}}
|
|
|
|
scopes:
|
|
# Note the below scopes are insecure however these get overriden on the server
|
|
# side to whatever scopes are set by mozilla-taskcluster.
|
|
- queue:*
|
|
- docker-worker:*
|
|
- scheduler:*
|
|
|
|
# Available mustache parameters (see the mozilla-taskcluster source):
|
|
#
|
|
# - owner: push user (email address)
|
|
# - source: URL of this YAML file
|
|
# - url: repository URL
|
|
# - project: alias for the destination repository (basename of
|
|
# the repo url)
|
|
# - level: SCM level of the destination repository
|
|
# (1 = try, 3 = core)
|
|
# - revision: (short) hg revision of the head of the push
|
|
# - revision_hash: (long) hg revision of the head of the push
|
|
# - comment: comment of the push
|
|
# - pushlog_id: id in the pushlog table of the repository
|
|
#
|
|
# and functions:
|
|
# - as_slugid: convert a label into a slugId
|
|
# - from_now: generate a timestamp at a fixed offset from now
|
|
|
|
# The resulting tasks' taskGroupId will be equal to the taskId of the first
|
|
# task listed here, which should be the decision task. This gives other tools
|
|
# an easy way to determine the ID of the decision task that created a
|
|
# particular group.
|
|
|
|
tasks:
|
|
- taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
|
|
task:
|
|
created: '{{now}}'
|
|
deadline: '{{#from_now}}1 day{{/from_now}}'
|
|
expires: '{{#from_now}}365 day{{/from_now}}'
|
|
metadata:
|
|
owner: mozilla-taskcluster-maintenance@mozilla.com
|
|
source: {{{source}}}
|
|
name: "Gecko Decision Task"
|
|
description: |
|
|
The task that creates all of the other tasks in the task graph
|
|
|
|
workerType: "gecko-decision"
|
|
provisionerId: "aws-provisioner-v1"
|
|
|
|
tags:
|
|
createdForUser: {{owner}}
|
|
|
|
scopes:
|
|
# Bug 1269443: cache scopes, etc. must be listed explicitly
|
|
- "docker-worker:cache:level-{{level}}-*"
|
|
- "docker-worker:cache:tooltool-cache"
|
|
# mozilla-taskcluster will append the appropriate assume:repo:<repo>
|
|
# scope here.
|
|
|
|
routes:
|
|
- "index.gecko.v2.{{project}}.latest.firefox.decision"
|
|
- "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
|
|
- "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
|
|
|
|
payload:
|
|
env:
|
|
# checkout-gecko uses these to check out the source; the inputs
|
|
# to `mach taskgraph decision` are all on the command line.
|
|
GECKO_BASE_REPOSITORY: 'https://hg.mozilla.org/mozilla-unified'
|
|
GECKO_HEAD_REPOSITORY: '{{{url}}}'
|
|
GECKO_HEAD_REF: '{{revision}}'
|
|
GECKO_HEAD_REV: '{{revision}}'
|
|
HG_STORE_PATH: /home/worker/checkouts/hg-store
|
|
|
|
cache:
|
|
level-{{level}}-checkouts: /home/worker/checkouts
|
|
|
|
features:
|
|
taskclusterProxy: true
|
|
chainOfTrust: true
|
|
|
|
# Note: This task is built server side without the context or tooling that
|
|
# exist in tree so we must hard code the hash
|
|
image: 'taskcluster/decision@sha256:0f59f922d86c471e208b7ea08ab077fc68c3920ed5e6895d69a23e8f3457dc24'
|
|
|
|
maxRunTime: 1800
|
|
|
|
# TODO use mozilla-unified for the base repository once the tc-vcs
|
|
# tar.gz archives are created or tc-vcs isn't being used.
|
|
command:
|
|
- /home/worker/bin/run-task
|
|
- '--vcs-checkout=/home/worker/checkouts/gecko'
|
|
- '--'
|
|
- bash
|
|
- -cx
|
|
- >
|
|
cd /home/worker/checkouts/gecko &&
|
|
ln -s /home/worker/artifacts artifacts &&
|
|
./mach --log-no-times taskgraph decision
|
|
--pushlog-id='{{pushlog_id}}'
|
|
--pushdate='{{pushdate}}'
|
|
--project='{{project}}'
|
|
--message={{#shellquote}}{{{comment}}}{{/shellquote}}
|
|
--owner='{{owner}}'
|
|
--level='{{level}}'
|
|
--base-repository='https://hg.mozilla.org/mozilla-central'
|
|
--head-repository='{{{url}}}'
|
|
--head-ref='{{revision}}'
|
|
--head-rev='{{revision}}'
|
|
--revision-hash='{{revision_hash}}'
|
|
|
|
artifacts:
|
|
'public':
|
|
type: 'directory'
|
|
path: '/home/worker/artifacts'
|
|
expires: '{{#from_now}}364 days{{/from_now}}'
|
|
|
|
extra:
|
|
treeherder:
|
|
symbol: D
|