зеркало из
1
0
Форкнуть 0
deepspeech-pkguploadworker/scriptworker.yaml

130 строки
5.2 KiB
YAML
Исходник Обычный вид История

2017-11-16 18:45:49 +03:00
#-----------------------------------------------------------------------------------------------
# Taskcluster worker settings.
# For development, keep the test-dummy-* and dummy-worker-* convention.
# In production, follow the production conventions.
#-----------------------------------------------------------------------------------------------
2019-11-04 13:31:34 +03:00
provisioner_id: proj-deepspeech
2019-11-04 16:27:30 +03:00
worker_group: proj-deepspeech
worker_type: ds-scriptworker
taskcluster_root_url: https://community-tc.services.mozilla.com/
2017-11-16 18:45:49 +03:00
# worker_id will default to env['SCRIPTWORKER_WORKER_ID'] if not set, for CloudOps deployment.
# We may be able to remove that default if we don't use CloudOps deployment for scriptworker
# instances.
worker_id: ds-scriptworker-1
2017-11-16 18:45:49 +03:00
#-----------------------------------------------------------------------------------------------
# Taskcluster credentials.
# Uncomment and edit to specify the taskcluster credentials here.
# Taskcluster credentials can also be set in secrets.json, $HOME/.scriptworker,
# /etc/.scriptworker, or the environment variables TASKCLUSTER_ACCESS_TOKEN,
# TASKCLUSTER_CLIENT_ID, and TASKCLUSTER_CERITIFICATE.
#-----------------------------------------------------------------------------------------------
# credentials:
# clientId:
# accessToken:
# certificate: ...
#-----------------------------------------------------------------------------------------------
# Task configs
#-----------------------------------------------------------------------------------------------
# The timeouts are in seconds.
artifact_upload_timeout: 1200
task_max_timeout: 1200
# This is the command line to execute the task.
task_script: ["python3", "script.py", "config.json"]
# debug logging?
verbose: true
# In tier 1 production, these should all be true.
sign_chain_of_trust: false
verify_chain_of_trust: false
verify_cot_signature: false
# Chain of Trust job type, e.g. signing
cot_job_type: signing
#-----------------------------------------------------------------------------------------------
# Scriptworker paths.
#-----------------------------------------------------------------------------------------------
# Scriptworker logs go here; this is a long-lived directory.
log_dir: "/tmp/log"
# work_dir and artifact_dir will be nuked before every task run.
work_dir: "/tmp/work"
artifact_dir: "/tmp/artifact"
# task_log_dir should be a subdirectory of artifact_dir; its relative path will be the same
# as the log artifacts in taskcluster (i.e., public/logs).
# Set this to private/... if the logs shouldn't be publicly visible.
task_log_dir: "/tmp/artifact/public/logs"
2019-11-04 17:08:04 +03:00
ed25519_private_key_path: "/tmp/my_privkey.asc"
2017-11-16 18:45:49 +03:00
#-----------------------------------------------------------------------------------------------
# GPG and git settings.
# These must be set, but they're not used if sign_chain_of_trust, verify_chain_of_trust,
# and verify_cot_signature are all false.
#-----------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------
# Valid artifact rules.
# This is a list of dictionaries. Each dictionary specifies schemes, netlocs, and path_regexes.
# All valid artifact downloads should match these. `filepath` must be specified in the
# path_regexes.
#
# If `taskId` is specified in the path_regex, it must be in task.dependencies, the decision task,
# or an upstream chain of trust task.
#-----------------------------------------------------------------------------------------------
# valid_artifact_rules:
# netlocs:
# - queue.taskcluster.net
# path_regexes:
# - "^/v1/task/(?P<taskId>[^/]+)(/runs/\\d+)?/artifacts/(?P<filepath>.*)$"
# schemes:
# - https
#-----------------------------------------------------------------------------------------------
# These are allowlists for docker images that are based in docker hub.
#-----------------------------------------------------------------------------------------------
# docker_image_allowlists:
# decision:
# - "sha256:31035ed23eba3ede02b988be39027668d965b9fc45b74b932b2338a4e7936cf9"
# docker-image:
# - "sha256:74c5a18ce1768605ce9b1b5f009abac1ff11b55a007e2d03733cd6e95847c747"
#-----------------------------------------------------------------------------------------------
# gpg_homedirs specifies the layout of cot-gpg-keys.git
# Each key is a top level directory.
#
# `type: flat` means scriptworker will sign each pubkey after importing, making them valid.
#
# `type: signed` means scriptworker will sign and trust each pubkey in the `trusted`
# subdirectory, then import the pubkeys in the `valid` subdirectory without trusting or signing.
# The expectation is one of the keys in the `trusted` subdirectory has already signed the keys
# in the `valid` subdirectory.
#
# `ignore_suffixes` is a list of file suffixes to ignore when importing keys.
#-----------------------------------------------------------------------------------------------
# gpg_homedirs:
# docker-worker:
# type: flat
# ignore_suffixes:
# - .md
# generic-worker:
# type: flat
# ignore_suffixes:
# - .md
# scriptworker:
# type: signed
# ignore_suffixes:
# - .md