Unverified Commit d390baef authored by Johan Lorenzo's avatar Johan Lorenzo Committed by GitHub
Browse files

Bug 1608103 - Fix dummy secrets generation (#8855)

parent e6e2dd94

automation/taskcluster/upload_apk_nimbledroid.py

+2 −2
Original line number Diff line number Diff line
@@ -38,8 +38,8 @@ token_file = sys.argv[2] 
with open(token_file) as f:

	key = f.read()



if key.rstrip() == '--':

	print('Nimbledroid key "--" detected. Not uploading anything to the service.')

if key.rstrip() == "faketoken":

	print('Nimbledroid key "faketoken" detected. Not uploading anything to the service.')

	sys.exit(0)



with open(apk_path) as apk_file:

taskcluster/ci/nimbledroid/kind.yml

+3 −2
Original line number Diff line number Diff line
@@ -25,11 +25,12 @@ job-defaults: 
                      key: api_key

                      path: .nimbledroid_token

                default: []

        pre-commands:

        dummy-secrets:

            by-level:

              '3': []

              default:

                - [echo, '--', '>', .nimbledroid_token]

                - content: "faketoken"

                  path: .nimbledroid_token

    run-on-tasks-for: []

    treeherder:

        kind: test

taskcluster/fenix_taskgraph/job.py

+27 −0
Original line number Diff line number Diff line
@@ -19,6 +19,12 @@ secret_schema = { 
    Optional("json"): bool,

}



dummy_secret_schema = {

    Required("content"): text_type,

    Required("path"): text_type,

    Optional("json"): bool,

}



gradlew_schema = Schema({

    Required("using"): "gradlew",

    Optional("pre-gradlew"): [[text_type]],
@@ -28,6 +34,7 @@ gradlew_schema = Schema({ 
    Required("workdir"): text_type,

    Optional("use-caches"): bool,

    Optional("secrets"): [secret_schema],

    Optional("dummy-secrets"): [dummy_secret_schema],

})



run_commands_schema = Schema({
@@ -37,6 +44,7 @@ run_commands_schema = Schema({ 
    Required("workdir"): text_type,

    Optional("use-caches"): bool,

    Optional("secrets"): [secret_schema],

    Optional("dummy-secrets"): [dummy_secret_schema],

})
@@ -44,9 +52,13 @@ run_commands_schema = Schema({ 
def configure_run_commands_schema(config, job, taskdesc):

    run = job["run"]

    pre_commands = run.pop("pre-commands", [])

    pre_commands += [

        _generate_dummy_secret_command(secret) for secret in run.pop("dummy-secrets", [])

    ]

    pre_commands += [

        _generate_secret_command(secret) for secret in run.get("secrets", [])

    ]



    all_commands = pre_commands + run.pop("commands", [])



    run["command"] = _convert_commands_to_string(all_commands)
@@ -72,6 +84,9 @@ def configure_gradlew(config, job, taskdesc): 


def _extract_gradlew_command(run):

    pre_gradle_commands = run.pop("pre-gradlew", [])

    pre_gradle_commands += [

        _generate_dummy_secret_command(secret) for secret in run.pop("dummy-secrets", [])

    ]

    pre_gradle_commands += [

        _generate_secret_command(secret) for secret in run.get("secrets", [])

    ]
@@ -96,6 +111,18 @@ def _generate_secret_command(secret): 
    return secret_command





def _generate_dummy_secret_command(secret):

    secret_command = [

        "taskcluster/scripts/write-dummy-secret.py",

        "-f", secret["path"],

        "-c", secret["content"],

    ]

    if secret.get("json"):

        secret_command.append("--json")



    return secret_command





def _convert_commands_to_string(commands):

    should_artifact_reference = False

    should_task_reference = False

taskcluster/fenix_taskgraph/transforms/build.py

+10 −8
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ def add_variant_config(config, tasks): 
def add_shippable_secrets(config, tasks):

    for task in tasks:

        secrets = task["run"].setdefault("secrets", [])

        dummy_secrets = task["run"].setdefault("dummy-secrets", [])



        if task.pop("include-shippable-secrets", False) and config.params["level"] == "3":

            build_type = task["attributes"]["build-type"]
@@ -50,15 +51,16 @@ def add_shippable_secrets(config, tasks): 
                ('mls', '.mls_token'),

            )])

        else:

            task["run"]["pre-gradlew"] = [[

                "echo", '"{}"'.format(fake_value), ">", target_file

            ] for fake_value, target_file in (

                ("--", ".adjust_token"),

                ("", ".digital_asset_links_token"),

                ("-:-", ".leanplum_token"),

                ("", ".mls_token"),

            dummy_secrets.extend([{

                "content": fake_value,

                "path": target_file,

            } for fake_value, target_file in (

                ("faketoken", ".adjust_token"),

                ("faketoken", ".digital_asset_links_token"),

                ("fake:token", ".leanplum_token"),  # : is used by leanplum

                ("faketoken", ".mls_token"),

                ("https://fake@sentry.prod.mozaws.net/368", ".sentry_token"),

            )]

            )])



        yield task

taskcluster/fenix_taskgraph/transforms/nimbledroid.py

+1 −1
Original line number Diff line number Diff line
@@ -18,7 +18,7 @@ transforms = TransformSequence() 
@transforms.add

def resolve_keys(config, tasks):

    for task in tasks:

        for key in ("run.secrets", "run.pre-commands"):

        for key in ("run.secrets", "run.dummy-secrets"):

            resolve_keyed_by(

                task,

                key,