290 строки
16 KiB
YAML
290 строки
16 KiB
YAML
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
---
|
|
version: 1
|
|
reporting: checks-v1
|
|
policy:
|
|
pullRequests: public
|
|
tasks:
|
|
- $let:
|
|
trustDomain: app-services
|
|
# Github events have this stuff in different places
|
|
ownerEmail:
|
|
$if: 'tasks_for in ["cron", "action"]'
|
|
then: '${tasks_for}@noreply.mozilla.org'
|
|
else:
|
|
$if: 'tasks_for == "github-push"'
|
|
then: '${event.pusher.email}'
|
|
# Assume Pull Request
|
|
else:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then: '${event.pull_request.user.login}@users.noreply.github.com'
|
|
|
|
baseRepoUrl:
|
|
$if: 'tasks_for == "github-push"'
|
|
then: '${event.repository.html_url}'
|
|
else:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then: '${event.pull_request.base.repo.html_url}'
|
|
else:
|
|
$if: 'tasks_for in ["cron", "action"]'
|
|
then: '${repository.url}'
|
|
repoUrl:
|
|
$if: 'tasks_for == "github-push"'
|
|
then: '${event.repository.html_url}'
|
|
else:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then: '${event.pull_request.head.repo.html_url}'
|
|
else:
|
|
$if: 'tasks_for in ["cron", "action"]'
|
|
then: '${repository.url}'
|
|
project:
|
|
$if: 'tasks_for == "github-push"'
|
|
then: '${event.repository.name}'
|
|
else:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then: '${event.pull_request.head.repo.name}'
|
|
else:
|
|
$if: 'tasks_for in ["cron", "action"]'
|
|
then: '${repository.project}'
|
|
head_branch:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then: ${event.pull_request.head.ref}
|
|
else:
|
|
$if: 'tasks_for == "github-push"'
|
|
then: ${event.ref}
|
|
else:
|
|
$if: 'tasks_for in ["cron", "action"]'
|
|
then: '${push.branch}'
|
|
head_sha:
|
|
$if: 'tasks_for == "github-push"'
|
|
then: '${event.after}'
|
|
else:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then: '${event.pull_request.head.sha}'
|
|
else:
|
|
$if: 'tasks_for in ["cron", "action"]'
|
|
then: '${push.revision}'
|
|
ownTaskId:
|
|
$if: '"github" in tasks_for'
|
|
then: {$eval: as_slugid("decision_task")}
|
|
else:
|
|
$if: 'tasks_for == "cron"'
|
|
then: '${ownTaskId}'
|
|
pullRequestAction:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then: ${event.action}
|
|
else: 'UNDEFINED'
|
|
in:
|
|
$if: >
|
|
tasks_for in ["action", "cron"]
|
|
|| (tasks_for == "github-pull-request" && pullRequestAction in ["opened", "reopened", "synchronize"])
|
|
|| (tasks_for == "github-push" && (head_branch == "refs/heads/main" || head_branch[:19] == "refs/heads/release-"))
|
|
then:
|
|
$let:
|
|
level:
|
|
$if: 'tasks_for in ["github-push", "action", "cron"] && repoUrl == "https://github.com/mozilla/application-services"'
|
|
then: '3'
|
|
else: '1'
|
|
short_head_branch:
|
|
$if: 'head_branch[:11] == "refs/heads/"'
|
|
then: {$eval: 'head_branch[11:]'}
|
|
in:
|
|
$mergeDeep:
|
|
- $if: 'tasks_for != "action"'
|
|
then:
|
|
taskId: '${ownTaskId}'
|
|
- taskGroupId:
|
|
$if: 'tasks_for == "action"'
|
|
then:
|
|
'${action.taskGroupId}'
|
|
else:
|
|
'${ownTaskId}' # same as taskId; this is how automation identifies a decision task
|
|
schedulerId: '${trustDomain}-level-${level}'
|
|
created: {$fromNow: ''}
|
|
deadline: {$fromNow: '1 day'}
|
|
expires: {$fromNow: '1 year 1 second'} # 1 second so artifacts expire first, despite rounding errors
|
|
metadata:
|
|
$merge:
|
|
- owner: "${ownerEmail}"
|
|
source: '${repoUrl}/raw/${head_sha}/.taskcluster.yml'
|
|
- $if: 'tasks_for in ["github-push", "github-pull-request"]'
|
|
then:
|
|
name: "Decision Task"
|
|
description: 'The task that creates all of the other tasks in the task graph'
|
|
else:
|
|
$if: 'tasks_for == "action"'
|
|
then:
|
|
name: "Action: ${action.title}"
|
|
description: |
|
|
${action.description}
|
|
|
|
Action triggered by clientID `${clientId}`
|
|
else:
|
|
name: "Decision Task for cron job ${cron.job_name}"
|
|
description: 'Created by a [cron task](https://firefox-ci-tc.services.mozilla.com/tasks/${cron.task_id})'
|
|
provisionerId: "app-services-${level}"
|
|
workerType: "decision-gcp"
|
|
tags:
|
|
$if: 'tasks_for in ["github-push", "github-pull-request"]'
|
|
then:
|
|
kind: decision-task
|
|
else:
|
|
$if: 'tasks_for == "action"'
|
|
then:
|
|
kind: 'action-callback'
|
|
else:
|
|
$if: 'tasks_for == "cron"'
|
|
then:
|
|
kind: cron-task
|
|
routes:
|
|
$flattenDeep:
|
|
- checks
|
|
# We check for not pull-request instead of level 3 to support `staging-application-services`.
|
|
# This is ok as ${project} uniquely identifies the repo within this trust domain, and each
|
|
# project only has scopes to its own index namespace, so namespace collisions shouldn't happen.
|
|
- $if: 'tasks_for != "github-pull-request"'
|
|
then:
|
|
- $if: 'tasks_for == "github-push"'
|
|
then:
|
|
- index.project.${project}.v2.branch.${short_head_branch}.latest.taskgraph.decision
|
|
- index.project.${project}.v2.branch.${short_head_branch}.revision.${head_sha}.taskgraph.decision
|
|
- index.${trustDomain}.v2.${project}.revision.${head_sha}.taskgraph.decision
|
|
- $if: 'tasks_for == "cron"'
|
|
then:
|
|
# cron context provides ${head_branch} as a short one
|
|
- index.project.${project}.v2.branch.${head_branch}.latest.taskgraph.decision-${cron.job_name}
|
|
- index.project.${project}.v2.branch.${head_branch}.revision.${head_sha}.taskgraph.decision-${cron.job_name}
|
|
- index.project.${project}.v2.branch.${head_branch}.revision.${head_sha}.taskgraph.cron.${ownTaskId}
|
|
scopes:
|
|
$if: 'tasks_for == "github-push"'
|
|
then:
|
|
# `https://` is 8 characters so, ${repoUrl[8:]} is the repository without the protocol.
|
|
- 'assume:repo:${repoUrl[8:]}:branch:${short_head_branch}'
|
|
else:
|
|
$if: 'tasks_for == "github-pull-request"'
|
|
then:
|
|
- 'assume:repo:github.com/${event.pull_request.base.repo.full_name}:pull-request'
|
|
else:
|
|
$if: 'tasks_for == "action"'
|
|
then:
|
|
# when all actions are hooks, we can calculate this directly rather than using a variable
|
|
- '${action.repo_scope}'
|
|
else:
|
|
- 'assume:repo:${repoUrl[8:]}:cron:${cron.job_name}'
|
|
requires: all-completed
|
|
priority: lowest
|
|
retries: 5
|
|
|
|
payload:
|
|
env:
|
|
# run-task uses these to check out the source; the inputs
|
|
# to `mach taskgraph decision` are all on the command line.
|
|
$merge:
|
|
- APPSERVICES_BASE_REPOSITORY: '${baseRepoUrl}'
|
|
APPSERVICES_HEAD_REPOSITORY: '${repoUrl}'
|
|
APPSERVICES_HEAD_REF: '${head_branch}'
|
|
APPSERVICES_HEAD_REV: '${head_sha}'
|
|
APPSERVICES_PIP_REQUIREMENTS: taskcluster/requirements.txt
|
|
APPSERVICES_REPOSITORY_TYPE: git
|
|
REPOSITORIES: {$json: {appservices: "Application Services"}}
|
|
ANDROID_SDK_ROOT: /builds/worker/android-sdk
|
|
MOZ_FETCHES_DIR: /builds/worker/fetches
|
|
TASKCLUSTER_CACHES: /builds/worker/checkouts
|
|
- $if: 'tasks_for in ["github-pull-request"]'
|
|
then:
|
|
APPSERVICES_PULL_REQUEST_TITLE: '${event.pull_request.title}'
|
|
APPSERVICES_PULL_REQUEST_NUMBER: '${event.pull_request.number}'
|
|
- $if: 'tasks_for == "action"'
|
|
then:
|
|
ACTION_TASK_GROUP_ID: '${action.taskGroupId}'
|
|
ACTION_TASK_ID: {$json: {$eval: 'taskId'}}
|
|
ACTION_INPUT: {$json: {$eval: 'input'}}
|
|
ACTION_CALLBACK: '${action.cb_name}'
|
|
cache:
|
|
"${trustDomain}-level-${level}-checkouts-v1": /builds/worker/checkouts
|
|
|
|
features:
|
|
taskclusterProxy: true
|
|
chainOfTrust: true
|
|
# Note: This task is built server side without the context or tooling that
|
|
# exist in tree so we must hard code the hash
|
|
image:
|
|
mozillareleases/taskgraph:decision-mobile-35a3e77038af77191b9eb65d822a2ee34839e44d176859a69c5086f60101947c@sha256:b8638ba91bff32e72f09f74b170a0197093886a91fae1ad0cf757fd0e2c21bf0
|
|
|
|
maxRunTime: 1800
|
|
|
|
command:
|
|
- /usr/local/bin/run-task
|
|
- '--appservices-checkout=/builds/worker/checkouts/vcs'
|
|
- '--task-cwd=/builds/worker/checkouts/vcs'
|
|
- '--'
|
|
- bash
|
|
- -cx
|
|
- $let:
|
|
extraArgs: {$if: 'tasks_for == "cron"', then: '${cron.quoted_args}', else: ''}
|
|
in:
|
|
$if: 'tasks_for == "action"'
|
|
then: >
|
|
ln -s /builds/worker/artifacts artifacts &&
|
|
~/.local/bin/taskgraph action-callback
|
|
else: >
|
|
ln -s /builds/worker/artifacts artifacts &&
|
|
~/.local/bin/taskgraph decision
|
|
--pushlog-id='0'
|
|
--pushdate='0'
|
|
--project='${project}'
|
|
--message=""
|
|
--owner='${ownerEmail}'
|
|
--level='${level}'
|
|
--base-repository="$APPSERVICES_BASE_REPOSITORY"
|
|
--head-repository="$APPSERVICES_HEAD_REPOSITORY"
|
|
--head-ref="$APPSERVICES_HEAD_REF"
|
|
--head-rev="$APPSERVICES_HEAD_REV"
|
|
--repository-type="$APPSERVICES_REPOSITORY_TYPE"
|
|
--tasks-for='${tasks_for}'
|
|
${extraArgs}
|
|
artifacts:
|
|
'public':
|
|
type: 'directory'
|
|
path: '/builds/worker/artifacts'
|
|
expires: {$fromNow: '1 year'}
|
|
'public/docker-contexts':
|
|
type: 'directory'
|
|
path: '/builds/worker/checkouts/vcs/docker-contexts'
|
|
# This needs to be at least the deadline of the
|
|
# decision task + the docker-image task deadlines.
|
|
# It is set to a week to allow for some time for
|
|
# debugging, but they are not useful long-term.
|
|
expires: {$fromNow: '7 day'}
|
|
extra:
|
|
$merge:
|
|
- treeherder:
|
|
$merge:
|
|
- machine:
|
|
platform: gecko-decision
|
|
- $if: 'tasks_for in ["github-push", "github-pull-request"]'
|
|
then:
|
|
symbol: D
|
|
else:
|
|
$if: 'tasks_for == "action"'
|
|
then:
|
|
groupName: 'action-callback'
|
|
groupSymbol: AC
|
|
symbol: "${action.symbol}"
|
|
- $if: 'tasks_for == "action"'
|
|
then:
|
|
parent: '${action.taskGroupId}'
|
|
action:
|
|
name: '${action.name}'
|
|
context:
|
|
taskGroupId: '${action.taskGroupId}'
|
|
taskId: {$eval: 'taskId'}
|
|
input: {$eval: 'input'}
|
|
clientId: {$eval: 'clientId'}
|
|
- $if: 'tasks_for == "cron"'
|
|
then:
|
|
cron: {$json: {$eval: 'cron'}}
|
|
- tasks_for: '${tasks_for}'
|