Skip to content

Commit 5432361

Browse files
ahalahal
authored
Merge pull request #237 from mozilla/ahal/push-wrqnyxlkzsqp
Set L3 context for pushes to `enterprise-main`
2 parents 63bf7c8 + cc75870 commit 5432361

File tree

1 file changed

+125
-121
lines changed

1 file changed

+125
-121
lines changed

.taskcluster.yml

Lines changed: 125 additions & 121 deletions
Original file line numberDiff line numberDiff line change
@@ -343,134 +343,138 @@ tasks:
343343
- $if: 'tasks_for in ["github-push"]'
344344
then:
345345
$let:
346-
trustDomain: enterprise
347-
level: 1
348-
ownerEmail: '${event.pusher.email}'
349-
baseRepoUrl: '${event.repository.html_url}'
350-
repoUrl: '${event.repository.html_url}'
351-
project: '${event.repository.name}'
352-
head_branch: ${event.ref}
353-
head_ref: '${event.ref}'
354-
base_sha: '${event.before}'
355-
head_sha: '${event.after}'
356-
ownTaskId: {$eval: as_slugid("decision_task")}
346+
$merge:
347+
- trustDomain: enterprise
348+
ownTaskId: {$eval: as_slugid("decision_task")}
349+
- $switch:
350+
'tasks_for == "github-push"':
351+
ownerEmail: '${event.pusher.email}'
352+
baseRepoUrl: '${event.repository.html_url}'
353+
repoUrl: '${event.repository.html_url}'
354+
project: '${event.repository.name}'
355+
ref: '${event.ref}'
356+
baseRev: '${event.before}'
357+
headRev: '${event.after}'
357358
in:
358-
$if: >
359-
tasks_for == "github-push" && (head_branch == "refs/heads/enterprise-main" || head_branch == "refs/heads/enterprise-try")
360-
then:
361-
$let:
362-
short_head_ref:
363-
$if: 'head_ref[:10] == "refs/tags/"'
364-
then: {$eval: 'head_ref[10:]'}
365-
else:
366-
$if: 'head_ref[:11] == "refs/heads/"'
367-
then: {$eval: 'head_ref[11:]'}
368-
else: ${head_ref}
369-
in:
370-
taskId: '${ownTaskId}'
371-
taskGroupId: '${ownTaskId}' # same as taskId; this is how automation identifies a decision task
372-
schedulerId: '${trustDomain}-level-${level}'
359+
$let:
360+
shortRef:
361+
$if: 'ref[:11] == "refs/heads/"'
362+
then: {$eval: 'ref[11:]'}
363+
else: ${ref}
364+
in:
365+
$if: >
366+
tasks_for == "github-push" && shortRef in ["enterprise-main", "enterprise-try"]
367+
then:
368+
$let:
369+
level:
370+
$if: 'tasks_for == "github-push" && repoUrl == "https://github.com/mozilla/enterprise-firefox" && shortRef == "enterprise-main"'
371+
then: 3
372+
else: 1
373+
in:
374+
taskId: '${ownTaskId}'
375+
taskGroupId: '${ownTaskId}'
376+
schedulerId: '${trustDomain}-level-${level}'
373377

374-
created: {$fromNow: ''}
375-
deadline: {$fromNow: '1 day'}
376-
expires: {$fromNow: '1 year 1 second'} # 1 second so artifacts expire first
377-
metadata:
378-
owner: "${ownerEmail}"
379-
source: "${repoUrl}/raw/${head_sha}/.taskcluster.yml"
380-
name: "Decision Task (Push)"
381-
description: 'The task that creates all of the other tasks in the task graph'
378+
created: {$fromNow: ''}
379+
deadline: {$fromNow: '1 day'}
380+
expires: {$fromNow: '1 year 1 second'} # 1 second so artifacts expire first
381+
metadata:
382+
owner: "${ownerEmail}"
383+
source: "${repoUrl}/raw/${headRev}/.taskcluster.yml"
384+
name: "Decision Task (Push)"
385+
description: 'The task that creates all of the other tasks in the task graph'
382386

383-
provisionerId: "${trustDomain}-${level}"
384-
workerType: "decision"
387+
provisionerId: "${trustDomain}-${level}"
388+
workerType: "decision"
385389

386-
tags:
387-
createdForUser: "${ownerEmail}"
388-
kind: decision-task
390+
tags:
391+
createdForUser: "${ownerEmail}"
392+
kind: decision-task
389393

390-
routes:
391-
$flattenDeep:
392-
- checks
393-
- $if: 'tasks_for == "github-push"'
394-
then:
395-
- "tc-treeherder.v2.${project}.${head_sha}"
396-
- "index.${trustDomain}.v2.${project}.latest.taskgraph.decision"
397-
- "index.${trustDomain}.v2.${project}.revision.${head_sha}.taskgraph.decision"
398-
scopes:
399-
- 'assume:repo:${repoUrl[8:]}:branch:${short_head_ref}'
400-
dependencies: []
401-
requires: all-completed
402-
priority: very-low
403-
retries: 5
394+
routes:
395+
$flattenDeep:
396+
- checks
397+
- $if: 'tasks_for == "github-push"'
398+
then:
399+
- "tc-treeherder.v2.${project}.${headRev}"
400+
- "index.${trustDomain}.v2.${project}.latest.taskgraph.decision"
401+
- "index.${trustDomain}.v2.${project}.revision.${headRev}.taskgraph.decision"
402+
scopes:
403+
- 'assume:repo:${repoUrl[8:]}:branch:${shortRef}'
404+
dependencies: []
405+
requires: all-completed
406+
priority: very-low
407+
retries: 5
404408

405-
payload:
406-
env:
407-
GECKO_BASE_REPOSITORY: '${baseRepoUrl}'
408-
GECKO_BASE_REV: '${base_sha}'
409-
GECKO_HEAD_REPOSITORY: '${repoUrl}'
410-
GECKO_HEAD_REF: '${head_ref}'
411-
GECKO_HEAD_REV: '${head_sha}'
412-
GECKO_REPOSITORY_TYPE: git
413-
REPOSITORIES: {$json: {gecko: "Mozilla Firefox"}}
414-
TASKCLUSTER_CACHES: /builds/worker/checkouts
415-
TASKCLUSTER_VOLUMES: /builds/worker/artifacts
416-
MOZ_UPLOAD_DIR: /builds/worker/artifacts
417-
MOZ_AUTOMATION: '1'
418-
# mach generates pyc files when reading `mach_commands.py`
419-
# This causes cached_task digest generation to be random for
420-
# some tasks. Disable bytecode generation to work around that.
421-
PYTHONDONTWRITEBYTECODE: '1'
422-
MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE: 'system'
423-
cache:
424-
"${trustDomain}-level-${level}-${project}-checkouts-git-shallow-v1": /builds/worker/checkouts
409+
payload:
410+
env:
411+
GECKO_BASE_REPOSITORY: '${baseRepoUrl}'
412+
GECKO_BASE_REV: '${baseRev}'
413+
GECKO_HEAD_REPOSITORY: '${repoUrl}'
414+
GECKO_HEAD_REF: '${ref}'
415+
GECKO_HEAD_REV: '${headRev}'
416+
GECKO_REPOSITORY_TYPE: git
417+
REPOSITORIES: {$json: {gecko: "Mozilla Firefox"}}
418+
TASKCLUSTER_CACHES: /builds/worker/checkouts
419+
TASKCLUSTER_VOLUMES: /builds/worker/artifacts
420+
MOZ_UPLOAD_DIR: /builds/worker/artifacts
421+
MOZ_AUTOMATION: '1'
422+
# mach generates pyc files when reading `mach_commands.py`
423+
# This causes cached_task digest generation to be random for
424+
# some tasks. Disable bytecode generation to work around that.
425+
PYTHONDONTWRITEBYTECODE: '1'
426+
MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE: 'system'
427+
cache:
428+
"${trustDomain}-level-${level}-${project}-checkouts-git-shallow-v1": /builds/worker/checkouts
425429

426-
features:
427-
taskclusterProxy: true
428-
chainOfTrust: true
430+
features:
431+
taskclusterProxy: true
432+
chainOfTrust: true
429433

430-
image: mozillareleases/taskgraph:run-task-latest
431-
maxRunTime: 1800
432-
command:
433-
- run-task
434-
- '--gecko-checkout=/builds/worker/checkouts/gecko'
435-
- '--gecko-shallow-clone'
436-
- '--'
437-
- bash
438-
- -cx
439-
- >
440-
cd /builds/worker/checkouts/gecko &&
441-
ln -s /builds/worker/artifacts artifacts &&
442-
./mach --log-no-times taskgraph decision \
443-
--pushlog-id='0' \
444-
--pushdate='0' \
445-
--project='${project}' \
446-
--owner='${ownerEmail}' \
447-
--level='${level}' \
448-
--repository-type=git \
449-
--tasks-for='${tasks_for}' \
450-
--base-repository='${baseRepoUrl}' \
451-
--base-rev='${base_sha}' \
452-
--head-repository='${repoUrl}' \
453-
--head-ref='${head_ref}' \
454-
--head-rev='${head_sha}'
434+
image: mozillareleases/taskgraph:run-task-latest
435+
maxRunTime: 1800
436+
command:
437+
- run-task
438+
- '--gecko-checkout=/builds/worker/checkouts/gecko'
439+
- '--gecko-shallow-clone'
440+
- '--'
441+
- bash
442+
- -cx
443+
- >
444+
cd /builds/worker/checkouts/gecko &&
445+
ln -s /builds/worker/artifacts artifacts &&
446+
./mach --log-no-times taskgraph decision \
447+
--pushlog-id='0' \
448+
--pushdate='0' \
449+
--project='${project}' \
450+
--owner='${ownerEmail}' \
451+
--level='${level}' \
452+
--repository-type=git \
453+
--tasks-for='${tasks_for}' \
454+
--base-repository='${baseRepoUrl}' \
455+
--base-rev='${baseRev}' \
456+
--head-repository='${repoUrl}' \
457+
--head-ref='${ref}' \
458+
--head-rev='${headRev}'
455459
456-
artifacts:
457-
'public':
458-
type: 'directory'
459-
path: '/builds/worker/artifacts'
460-
expires: {$fromNow: '1 year'}
461-
'public/docker-contexts':
462-
type: 'directory'
463-
path: '/builds/worker/checkouts/gecko/docker-contexts'
464-
# This needs to be at least the deadline of the
465-
# decision task + the docker-image task deadlines.
466-
# It is set to a week to allow for some time for
467-
# debugging, but they are not useful long-term.
468-
expires: {$fromNow: '7 day'}
460+
artifacts:
461+
'public':
462+
type: 'directory'
463+
path: '/builds/worker/artifacts'
464+
expires: {$fromNow: '1 year'}
465+
'public/docker-contexts':
466+
type: 'directory'
467+
path: '/builds/worker/checkouts/gecko/docker-contexts'
468+
# This needs to be at least the deadline of the
469+
# decision task + the docker-image task deadlines.
470+
# It is set to a week to allow for some time for
471+
# debugging, but they are not useful long-term.
472+
expires: {$fromNow: '7 day'}
469473

470-
extra:
471-
$merge:
472-
- treeherder:
473-
machine:
474-
platform: gecko-decision
475-
symbol: D
476-
- tasks_for: '${tasks_for}'
474+
extra:
475+
$merge:
476+
- treeherder:
477+
machine:
478+
platform: gecko-decision
479+
symbol: D
480+
- tasks_for: '${tasks_for}'

0 commit comments

Comments
 (0)