1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
Common support for various job types. These functions are all named after the
worker implementation they operate on, and take the same three parameters, for
consistency.
"""
from __future__ import absolute_import, print_function, unicode_literals
SECRET_SCOPE = 'secrets:get:project/releng/gecko/{}/level-{}/{}'
def docker_worker_add_workspace_cache(config, job, taskdesc):
"""Add the workspace cache based on the build platform/type and level,
except on try where workspace caches are not used."""
if config.params['project'] == 'try':
return
taskdesc['worker'].setdefault('caches', []).append({
'type': 'persistent',
'name': 'level-{}-{}-build-{}-{}-workspace'.format(
config.params['level'], config.params['project'],
taskdesc['attributes']['build_platform'],
taskdesc['attributes']['build_type'],
),
'mount-point': "/home/worker/workspace",
})
def docker_worker_add_tc_vcs_cache(config, job, taskdesc):
taskdesc['worker'].setdefault('caches', []).append({
'type': 'persistent',
'name': 'level-{}-{}-tc-vcs'.format(
config.params['level'], config.params['project']),
'mount-point': "/home/worker/.tc-vcs",
})
def docker_worker_add_public_artifacts(config, job, taskdesc):
taskdesc['worker'].setdefault('artifacts', []).append({
'name': 'public/build',
'path': '/home/worker/artifacts/',
'type': 'directory',
})
def docker_worker_add_gecko_vcs_env_vars(config, job, taskdesc):
"""Add the GECKO_BASE_* and GECKO_HEAD_* env vars to the worker."""
env = taskdesc['worker'].setdefault('env', {})
env.update({
'GECKO_BASE_REPOSITORY': config.params['base_repository'],
'GECKO_HEAD_REF': config.params['head_rev'],
'GECKO_HEAD_REPOSITORY': config.params['head_repository'],
'GECKO_HEAD_REV': config.params['head_rev'],
})
def docker_worker_support_vcs_checkout(config, job, taskdesc):
"""Update a job/task with parameters to enable a VCS checkout.
The configuration is intended for tasks using "run-task" and its
VCS checkout behavior.
"""
level = config.params['level']
taskdesc['worker'].setdefault('caches', []).append({
'type': 'persistent',
# History of versions:
#
# ``level-%s-checkouts`` was initially used and contained a number
# of backwards incompatible changes, such as moving HG_STORE_PATH
# from a separate cache to this cache.
#
# ``v1`` was introduced to provide a clean break from the unversioned
# cache.
'name': 'level-%s-checkouts-v1' % level,
'mount-point': '/home/worker/checkouts',
})
taskdesc['worker'].setdefault('env', {}).update({
'GECKO_BASE_REPOSITORY': config.params['base_repository'],
'GECKO_HEAD_REPOSITORY': config.params['head_repository'],
'GECKO_HEAD_REV': config.params['head_rev'],
'HG_STORE_PATH': '/home/worker/checkouts/hg-store',
})
# Give task access to hgfingerprint secret so it can pin the certificate
# for hg.mozilla.org.
taskdesc['scopes'].append('secrets:get:project/taskcluster/gecko/hgfingerprint')
taskdesc['worker']['taskcluster-proxy'] = True
def docker_worker_setup_secrets(config, job, taskdesc):
"""Set up access to secrets via taskcluster-proxy. The value of
run['secrets'] should be a boolean or a list of secret names that
can be accessed."""
if not job['run'].get('secrets'):
return
taskdesc['worker']['taskcluster-proxy'] = True
secrets = job['run']['secrets']
if secrets is True:
secrets = ['*']
for sec in secrets:
taskdesc['scopes'].append(SECRET_SCOPE.format(
job['treeherder']['kind'], config.params['level'], sec))
|
