# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. --- version: 1 reporting: checks-v1 policy: pullRequests: public tasks: - $let: trustDomain: app-services # Github events have this stuff in different places ownerEmail: $if: 'tasks_for in ["cron", "action"]' then: '${tasks_for}@noreply.mozilla.org' else: $if: 'tasks_for == "github-push"' then: '${event.pusher.email}' # Assume Pull Request else: $if: 'tasks_for == "github-pull-request"' then: '${event.pull_request.user.login}@users.noreply.github.com' else: $if: 'tasks_for == "github-release"' then: '${event.sender.login}@users.noreply.github.com' baseRepoUrl: $if: 'tasks_for in ["github-push", "github-release"]' then: '${event.repository.html_url}' else: $if: 'tasks_for == "github-pull-request"' then: '${event.pull_request.base.repo.html_url}' else: $if: 'tasks_for in ["cron", "action"]' then: '${repository.url}' repoUrl: $if: 'tasks_for in ["github-push", "github-release"]' then: '${event.repository.html_url}' else: $if: 'tasks_for == "github-pull-request"' then: '${event.pull_request.head.repo.html_url}' else: $if: 'tasks_for in ["cron", "action"]' then: '${repository.url}' project: $if: 'tasks_for in ["github-push", "github-release"]' then: '${event.repository.name}' else: $if: 'tasks_for == "github-pull-request"' then: '${event.pull_request.head.repo.name}' else: $if: 'tasks_for in ["cron", "action"]' then: '${repository.project}' head_branch: $if: 'tasks_for == "github-pull-request"' then: ${event.pull_request.head.ref} else: $if: 'tasks_for == "github-push"' then: ${event.ref} else: $if: 'tasks_for == "github-release"' then: '${event.release.target_commitish}' else: $if: 'tasks_for in ["cron", "action"]' then: '${push.branch}' head_sha: $if: 'tasks_for == "github-push"' then: '${event.after}' else: $if: 'tasks_for == "github-pull-request"' then: '${event.pull_request.head.sha}' else: $if: 'tasks_for == "github-release"' then: '${event.release.tag_name}' else: $if: 'tasks_for in ["cron", "action"]' then: '${push.revision}' head_tag: $if: 'tasks_for == "github-release"' then: '${event.release.tag_name}' else: '' ownTaskId: $if: '"github" in tasks_for' then: {$eval: as_slugid("decision_task")} else: $if: 'tasks_for == "cron"' then: '${ownTaskId}' pullRequestAction: $if: 'tasks_for == "github-pull-request"' then: ${event.action} else: 'UNDEFINED' releaseAction: $if: 'tasks_for == "github-release"' then: ${event.action} else: 'UNDEFINED' in: $if: > tasks_for in ["action", "cron"] || (tasks_for == "github-pull-request" && pullRequestAction in ["opened", "reopened", "synchronize"]) || (tasks_for == "github-push" && head_branch == 'refs/heads/main') || (tasks_for == "github-release" && releaseAction == "published") then: $let: level: $if: 'tasks_for in ["github-push", "github-release", "action", "cron"] && repoUrl == "https://github.com/mozilla/application-services"' then: '3' else: '1' short_head_branch: $if: 'head_branch[:11] == "refs/heads/"' then: {$eval: 'head_branch[11:]'} in: $mergeDeep: - $if: 'tasks_for != "action"' then: taskId: '${ownTaskId}' - taskGroupId: $if: 'tasks_for == "action"' then: '${action.taskGroupId}' else: '${ownTaskId}' # same as taskId; this is how automation identifies a decision task schedulerId: '${trustDomain}-level-${level}' created: {$fromNow: ''} deadline: {$fromNow: '1 day'} expires: {$fromNow: '1 year 1 second'} # 1 second so artifacts expire first, despite rounding errors metadata: $merge: - owner: "${ownerEmail}" source: '${repoUrl}/raw/${head_sha}/.taskcluster.yml' - $if: 'tasks_for in ["github-push", "github-pull-request", "github-release"]' then: name: "Decision Task" description: 'The task that creates all of the other tasks in the task graph' else: $if: 'tasks_for == "action"' then: name: "Action: ${action.title}" description: | ${action.description} Action triggered by clientID `${clientId}` else: name: "Decision Task for cron job ${cron.job_name}" description: 'Created by a [cron task](https://firefox-ci-tc.services.mozilla.com/tasks/${cron.task_id})' provisionerId: "app-services-${level}" workerType: "decision-gcp" tags: $if: 'tasks_for in ["github-push", "github-pull-request"]' then: kind: decision-task else: $if: 'tasks_for == "action"' then: kind: 'action-callback' else: $if: 'tasks_for == "cron"' then: kind: cron-task routes: $flattenDeep: - checks - $if: 'level == "3"' then: # TODO Bug 1601928: Make this scope fork-friendly once ${project} is better defined. This will enable # staging release promotion on forks. - $if: 'tasks_for == "github-push"' then: - index.project.${project}.v2.branch.${short_head_branch}.latest.taskgraph.decision - index.project.${project}.v2.branch.${short_head_branch}.revision.${head_sha}.taskgraph.decision - index.${trustDomain}.v2.${project}.revision.${head_sha}.taskgraph.decision - $if: 'tasks_for == "cron"' then: # cron context provides ${head_branch} as a short one - index.project.${project}.v2.branch.${head_branch}.latest.taskgraph.decision-${cron.job_name} - index.project.${project}.v2.branch.${head_branch}.revision.${head_sha}.taskgraph.decision-${cron.job_name} - index.project.${project}.v2.branch.${head_branch}.revision.${head_sha}.taskgraph.cron.${ownTaskId} scopes: $if: 'tasks_for == "github-push"' then: # `https://` is 8 characters so, ${repoUrl[8:]} is the repository without the protocol. - 'assume:repo:${repoUrl[8:]}:branch:${short_head_branch}' else: $if: 'tasks_for == "github-pull-request"' then: - 'assume:repo:github.com/${event.pull_request.base.repo.full_name}:pull-request' else: $if: 'tasks_for == "github-release"' then: - 'assume:repo:${repoUrl[8:]}:release:${releaseAction}' else: $if: 'tasks_for == "action"' then: # when all actions are hooks, we can calculate this directly rather than using a variable - '${action.repo_scope}' else: - 'assume:repo:${repoUrl[8:]}:cron:${cron.job_name}' requires: all-completed priority: lowest retries: 5 payload: env: # run-task uses these to check out the source; the inputs # to `mach taskgraph decision` are all on the command line. $merge: - APPSERVICES_BASE_REPOSITORY: '${baseRepoUrl}' APPSERVICES_HEAD_REPOSITORY: '${repoUrl}' APPSERVICES_HEAD_REF: '${head_branch}' APPSERVICES_HEAD_REV: '${head_sha}' APPSERVICES_HEAD_TAG: '${head_tag}' APPSERVICES_PIP_REQUIREMENTS: taskcluster/requirements.txt APPSERVICES_REPOSITORY_TYPE: git REPOSITORIES: {$json: {appservices: "Application Services"}} ANDROID_SDK_ROOT: /builds/worker/android-sdk MOZ_FETCHES_DIR: /builds/worker/fetches - $if: 'tasks_for in ["github-pull-request"]' then: APPSERVICES_PULL_REQUEST_TITLE: '${event.pull_request.title}' APPSERVICES_PULL_REQUEST_NUMBER: '${event.pull_request.number}' - $if: 'tasks_for == "action"' then: ACTION_TASK_GROUP_ID: '${action.taskGroupId}' ACTION_TASK_ID: {$json: {$eval: 'taskId'}} ACTION_INPUT: {$json: {$eval: 'input'}} ACTION_CALLBACK: '${action.cb_name}' features: taskclusterProxy: true chainOfTrust: true # Note: This task is built server side without the context or tooling that # exist in tree so we must hard code the hash image: mozillareleases/taskgraph:decision-mobile-35a3e77038af77191b9eb65d822a2ee34839e44d176859a69c5086f60101947c@sha256:b8638ba91bff32e72f09f74b170a0197093886a91fae1ad0cf757fd0e2c21bf0 maxRunTime: 1800 command: - /usr/local/bin/run-task - '--appservices-checkout=/builds/worker/checkouts/vcs' - '--task-cwd=/builds/worker/checkouts/vcs' - '--' - bash - -cx - $if: 'tasks_for == "action"' then: > ln -s /builds/worker/artifacts artifacts && ~/.local/bin/taskgraph action-callback else: > ln -s /builds/worker/artifacts artifacts && ~/.local/bin/taskgraph decision --pushlog-id='0' --pushdate='0' --project='${project}' --message="" --owner='${ownerEmail}' --level='${level}' --base-repository="$APPSERVICES_BASE_REPOSITORY" --head-repository="$APPSERVICES_HEAD_REPOSITORY" --head-ref="$APPSERVICES_HEAD_REF" --head-rev="$APPSERVICES_HEAD_REV" --head-tag="$APPSERVICES_HEAD_TAG" --repository-type="$APPSERVICES_REPOSITORY_TYPE" --tasks-for='${tasks_for}' artifacts: 'public': type: 'directory' path: '/builds/worker/artifacts' expires: {$fromNow: '1 year'} 'public/docker-contexts': type: 'directory' path: '/builds/worker/checkouts/vcs/docker-contexts' # This needs to be at least the deadline of the # decision task + the docker-image task deadlines. # It is set to a week to allow for some time for # debugging, but they are not useful long-term. expires: {$fromNow: '7 day'} extra: $merge: - treeherder: $merge: - machine: platform: gecko-decision - $if: 'tasks_for in ["github-push", "github-pull-request"]' then: symbol: D else: $if: 'tasks_for == "github-release"' then: symbol: 'ship_app_services' else: $if: 'tasks_for == "action"' then: groupName: 'action-callback' groupSymbol: AC symbol: "${action.symbol}" - $if: 'tasks_for == "action"' then: parent: '${action.taskGroupId}' action: name: '${action.name}' context: taskGroupId: '${action.taskGroupId}' taskId: {$eval: 'taskId'} input: {$eval: 'input'} clientId: {$eval: 'clientId'} - tasks_for: '${tasks_for}'