.taskcluster.yml 20.4 KB
Newer Older
Johan Lorenzo's avatar
Johan Lorenzo committed
1
---
2
version: 1
Johan Lorenzo's avatar
Johan Lorenzo committed
3
reporting: checks-v1
4
policy:
Johan Lorenzo's avatar
Johan Lorenzo committed
5
6
    # XXX We restrict taskcluster to collaborators so priviledged tests (like UI tests) can run on PRs
    pullRequests: collaborators
7
tasks:
Johan Lorenzo's avatar
Johan Lorenzo committed
8
9
10
    - $let:
          taskgraph:
              branch: taskgraph
11
              revision: a458418ef7cdd6778f1283926c6116966255bc24
Johan Lorenzo's avatar
Johan Lorenzo committed
12
          trustDomain: mobile
13
      in:
14
15
16
          $let:
              # Github events have this stuff in different places...
              ownerEmail:
17
18
19
                  $if: 'tasks_for in ["cron", "action"]'
                  then: '${tasks_for}@noreply.mozilla.org'
                  else:
20
21
                      $if: 'event.sender.login == "bors[bot]"'
                      then: 'skaspari+mozlando@mozilla.com'   # It must match what's in bors.toml
Johan Lorenzo's avatar
Johan Lorenzo committed
22
                      else:
23
24
                          $if: 'tasks_for == "github-push"'
                          then: '${event.pusher.email}'
Johan Lorenzo's avatar
Johan Lorenzo committed
25
                          else:
26
27
28
29
30
                              $if: 'tasks_for == "github-pull-request"'
                              then: '${event.pull_request.user.login}@users.noreply.github.com'
                              else:
                                  $if: 'tasks_for == "github-release"'
                                  then: '${event.sender.login}@users.noreply.github.com'
31
32
33
34
35
36
              baseRepoUrl:
                  $if: 'tasks_for in ["github-push", "github-release"]'
                  then: '${event.repository.html_url}'
                  else:
                      $if: 'tasks_for == "github-pull-request"'
                      then: '${event.pull_request.base.repo.html_url}'
Johan Lorenzo's avatar
Johan Lorenzo committed
37
                      else:
38
39
40
41
42
43
44
45
                          $if: 'tasks_for in ["cron", "action"]'
                          then: '${repository.url}'
              repoUrl:
                  $if: 'tasks_for in ["github-push", "github-release"]'
                  then: '${event.repository.html_url}'
                  else:
                      $if: 'tasks_for == "github-pull-request"'
                      then: '${event.pull_request.head.repo.html_url}'
Johan Lorenzo's avatar
Johan Lorenzo committed
46
                      else:
47
48
49
50
51
52
                          $if: 'tasks_for in ["cron", "action"]'
                          then: '${repository.url}'
              project:
                  $if: 'tasks_for in ["github-push", "github-release"]'
                  then: '${event.repository.name}'
                  else:
Johan Lorenzo's avatar
Johan Lorenzo committed
53
                      $if: 'tasks_for == "github-pull-request"'
54
                      then: '${event.pull_request.head.repo.name}'
Johan Lorenzo's avatar
Johan Lorenzo committed
55
                      else:
56
57
58
59
60
61
62
63
64
65
66
                          $if: 'tasks_for in ["cron", "action"]'
                          then: '${repository.project}'
              head_branch:
                  $if: 'tasks_for == "github-pull-request"'
                  then: ${event.pull_request.head.ref}
                  else:
                      $if: 'tasks_for == "github-push"'
                      then: ${event.ref}
                      else:
                          $if: 'tasks_for == "github-release"'
                          then: '${event.release.target_commitish}'
Johan Lorenzo's avatar
Johan Lorenzo committed
67
                          else:
68
                              $if: 'tasks_for in ["action", "cron"]'
Johan Lorenzo's avatar
Johan Lorenzo committed
69
                              then: '${push.branch}'
70
71
72
73
74
75
              head_sha:
                  $if: 'tasks_for == "github-push"'
                  then: '${event.after}'
                  else:
                      $if: 'tasks_for == "github-pull-request"'
                      then: '${event.pull_request.head.sha}'
Johan Lorenzo's avatar
Johan Lorenzo committed
76
                      else:
77
78
                          $if: 'tasks_for == "github-release"'
                          then: '${event.release.tag_name}'
Johan Lorenzo's avatar
Johan Lorenzo committed
79
                          else:
80
                              $if: 'tasks_for in ["action", "cron"]'
Johan Lorenzo's avatar
Johan Lorenzo committed
81
                              then: '${push.revision}'
82

83

84
85
86
87
              head_tag:
                  $if: 'tasks_for == "github-release"'
                  then: '${event.release.tag_name}'
                  else: ''
88
89
90
91
              ownTaskId:
                  $if: '"github" in tasks_for'
                  then: {$eval: as_slugid("decision_task")}
                  else:
92
                      $if: 'tasks_for in ["cron", "action"]'
93
                      then: '${ownTaskId}'
94
95
96
97
              pullRequestAction:
                  $if: 'tasks_for == "github-pull-request"'
                  then: ${event.action}
                  else: 'UNDEFINED'
98
99
100
101
              releaseAction:
                  $if: 'tasks_for == "github-release"'
                  then: ${event.action}
                  else: 'UNDEFINED'
102
          in:
103
104
              $if: >
                tasks_for in ["action", "cron"]
105
                || (tasks_for == "github-pull-request" && pullRequestAction in ["opened", "reopened", "synchronize"])
106
                || (tasks_for == "github-push" && head_branch[:10] != "refs/tags/") && (head_branch != "staging.tmp") && (head_branch != "trying.tmp") && (head_branch[:8] != "mergify/")
107
                || (tasks_for == "github-release" && releaseAction == "published" && (ownerEmail != "mozilla-release-automation-bot@users.noreply.github.com") && (ownerEmail != "mozilla-release-automation-bot-staging@users.noreply.github.com"))
108
              then:
Johan Lorenzo's avatar
Johan Lorenzo committed
109
110
111
112
                  $let:
                      level:
                          $if: 'tasks_for in ["github-push", "github-release", "action", "cron"] && repoUrl == "https://github.com/mozilla-mobile/fenix"'
                          then: '3'
113
                          else: '1'
114
115
116
117

                      short_head_branch:
                          $if: 'head_branch[:11] == "refs/heads/"'
                          then: {$eval: 'head_branch[11:]'}
Johan Lorenzo's avatar
Johan Lorenzo committed
118
                  in:
119
120
                    $mergeDeep:
                        - $if: 'tasks_for != "action"'
Johan Lorenzo's avatar
Johan Lorenzo committed
121
                          then:
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
                              taskId: '${ownTaskId}'
                        - taskGroupId:
                              $if: 'tasks_for == "action"'
                              then:
                                  '${action.taskGroupId}'
                              else:
                                  '${ownTaskId}'  # same as taskId; this is how automation identifies a decision task
                          schedulerId: '${trustDomain}-level-${level}'
                          created: {$fromNow: ''}
                          deadline: {$fromNow: '1 day'}
                          expires: {$fromNow: '1 year 1 second'}  # 1 second so artifacts expire first, despite rounding errors
                          metadata:
                              $merge:
                                  - owner: "${ownerEmail}"
                                    source: '${repoUrl}/raw/${head_sha}/.taskcluster.yml'
                                  - $if: 'tasks_for in ["github-push", "github-pull-request", "github-release"]'
Johan Lorenzo's avatar
Johan Lorenzo committed
138
                                    then:
139
140
                                        name: "Decision Task"
                                        description: 'The task that creates all of the other tasks in the task graph'
Johan Lorenzo's avatar
Johan Lorenzo committed
141
                                    else:
142
143
144
                                        $if: 'tasks_for == "action"'
                                        then:
                                            name: "Action: ${action.title}"
145
146
147
148
                                            description: |
                                                ${action.description}

                                                Action triggered by clientID `${clientId}`
149
150
151
152
153
154
155
                                        else:
                                            name: "Decision Task for cron job ${cron.job_name}"
                                            description: 'Created by a [cron task](https://firefox-ci-tc.services.mozilla.com/tasks/${cron.task_id})'
                          provisionerId: "mobile-${level}"
                          workerType: "decision"
                          tags:
                              $if: 'tasks_for in ["github-push", "github-pull-request"]'
Johan Lorenzo's avatar
Johan Lorenzo committed
156
                              then:
157
                                  kind: decision-task
Johan Lorenzo's avatar
Johan Lorenzo committed
158
                              else:
159
                                  $if: 'tasks_for == "action"'
Johan Lorenzo's avatar
Johan Lorenzo committed
160
                                  then:
161
162
163
164
165
166
167
168
                                      kind: 'action-callback'
                                  else:
                                      $if: 'tasks_for == "cron"'
                                      then:
                                          kind: cron-task
                          routes:
                              $flattenDeep:
                                  - checks
169
                                  - $if: 'level == "3" || repoUrl == "https://github.com/mozilla-releng/staging-fenix"'
170
171
172
173
174
175
                                    then:
                                        - tc-treeherder.v2.${project}.${head_sha}
                                        # TODO Bug 1601928: Make this scope fork-friendly once ${project} is better defined. This will enable
                                        # staging release promotion on forks.
                                        - $if: 'tasks_for == "github-push"'
                                          then:
176
177
                                              - index.mobile.v2.${project}.branch.${short_head_branch}.latest.taskgraph.decision
                                              - index.mobile.v2.${project}.branch.${short_head_branch}.revision.${head_sha}.taskgraph.decision
178
                                              - index.mobile.v2.${project}.revision.${head_sha}.taskgraph.decision
179
180
                                        - $if: 'tasks_for == "cron"'
                                          then:
181
                                              # cron context provides ${head_branch} as a short one
182
183
184
                                              - index.mobile.v2.${project}.branch.${head_branch}.latest.taskgraph.decision-${cron.job_name}
                                              - index.mobile.v2.${project}.branch.${head_branch}.revision.${head_sha}.taskgraph.decision-${cron.job_name}
                                              - index.mobile.v2.${project}.branch.${head_branch}.revision.${head_sha}.taskgraph.cron.${ownTaskId}
185
186
                          scopes:
                              $if: 'tasks_for == "github-push"'
Johan Lorenzo's avatar
Johan Lorenzo committed
187
                              then:
188
189
                                  # `https://` is 8 characters so, ${repoUrl[8:]} is the repository without the protocol.
                                  - 'assume:repo:${repoUrl[8:]}:branch:${short_head_branch}'
Johan Lorenzo's avatar
Johan Lorenzo committed
190
                              else:
191
                                  $if: 'tasks_for == "github-pull-request"'
Johan Lorenzo's avatar
Johan Lorenzo committed
192
                                  then:
193
                                      - 'assume:repo:github.com/${event.pull_request.base.repo.full_name}:pull-request'
Johan Lorenzo's avatar
Johan Lorenzo committed
194
                                  else:
195
                                      $if: 'tasks_for == "github-release"'
196
                                      then:
197
                                          - 'assume:repo:${repoUrl[8:]}:release'
198
                                      else:
199
200
201
202
203
204
                                          $if: 'tasks_for == "action"'
                                          then:
                                              # when all actions are hooks, we can calculate this directly rather than using a variable
                                              - '${action.repo_scope}'
                                          else:
                                              - 'assume:repo:${repoUrl[8:]}:cron:${cron.job_name}'
Johan Lorenzo's avatar
Johan Lorenzo committed
205

206
207
208
                          requires: all-completed
                          priority: lowest
                          retries: 5
Johan Lorenzo's avatar
Johan Lorenzo committed
209

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
                          payload:
                              env:
                                  # run-task uses these to check out the source; the inputs
                                  # to `mach taskgraph decision` are all on the command line.
                                  $merge:
                                      - MOBILE_BASE_REPOSITORY: '${baseRepoUrl}'
                                        MOBILE_HEAD_REPOSITORY: '${repoUrl}'
                                        MOBILE_HEAD_REF: '${head_branch}'
                                        MOBILE_HEAD_REV: '${head_sha}'
                                        MOBILE_HEAD_TAG: '${head_tag}'
                                        MOBILE_REPOSITORY_TYPE: git
                                        TASKGRAPH_BASE_REPOSITORY: https://hg.mozilla.org/ci/taskgraph
                                        TASKGRAPH_HEAD_REPOSITORY: https://hg.mozilla.org/ci/${taskgraph.branch}
                                        TASKGRAPH_HEAD_REV: ${taskgraph.revision}
                                        TASKGRAPH_REPOSITORY_TYPE: hg
                                        REPOSITORIES: {$json: {mobile: "Fenix", taskgraph: "Taskgraph"}}
                                        HG_STORE_PATH: /builds/worker/checkouts/hg-store
                                        ANDROID_SDK_ROOT: /builds/worker/android-sdk
                                      - $if: 'tasks_for in ["github-pull-request"]'
                                        then:
                                            MOBILE_PULL_REQUEST_NUMBER: '${event.pull_request.number}'
                                      - $if: 'tasks_for == "action"'
                                        then:
                                            ACTION_TASK_GROUP_ID: '${action.taskGroupId}'  # taskGroupId of the target task
                                            ACTION_TASK_ID: {$json: {$eval: 'taskId'}}  # taskId of the target task (JSON-encoded)
                                            ACTION_INPUT: {$json: {$eval: 'input'}}
                                            ACTION_CALLBACK: '${action.cb_name}'
                                      - $if: 'tasks_for == "github-release"'
                                        then:
                                            MOBILE_HEAD_TAG: '${event.release.tag_name}'
                              features:
                                  taskclusterProxy: true
                                  chainOfTrust: true
                              # Note: This task is built server side without the context or tooling that
                              # exist in tree so we must hard code the hash
                              image:
246
                                  mozillareleases/taskgraph:decision-mobile-682fbaa1ef17e70ddfe3457da3eaf8e776c4a20fe5bfbdbeba0641fd5bceae2a@sha256:bbb2613aaab79d17e590fbd78c072d0643be40fd1237195703f84280ecc3b302
Johan Lorenzo's avatar
Johan Lorenzo committed
247

248
                              maxRunTime: 1800
Johan Lorenzo's avatar
Johan Lorenzo committed
249

250
251
252
253
254
255
256
257
258
259
260
261
262
263
                              command:
                                  - /usr/local/bin/run-task
                                  - '--mobile-checkout=/builds/worker/checkouts/src'
                                  - '--taskgraph-checkout=/builds/worker/checkouts/taskgraph'
                                  - '--task-cwd=/builds/worker/checkouts/src'
                                  - '--'
                                  - bash
                                  - -cx
                                  - $let:
                                        extraArgs: {$if: 'tasks_for == "cron"', then: '${cron.quoted_args}', else: ''}
                                    in:
                                        $if: 'tasks_for == "action"'
                                        then: >
                                            PIP_IGNORE_INSTALLED=0 pip install --user /builds/worker/checkouts/taskgraph &&
264
                                            PIP_IGNORE_INSTALLED=0 pip install --user mozilla-version &&
265
                                            taskcluster/scripts/decision-install-sdk.sh &&
266
267
268
269
                                            ln -s /builds/worker/artifacts artifacts &&
                                            ~/.local/bin/taskgraph action-callback
                                        else: >
                                            PIP_IGNORE_INSTALLED=0 pip install --user /builds/worker/checkouts/taskgraph &&
270
                                            PIP_IGNORE_INSTALLED=0 pip install --user mozilla-version &&
271
                                            taskcluster/scripts/decision-install-sdk.sh &&
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
                                            ln -s /builds/worker/artifacts artifacts &&
                                            ~/.local/bin/taskgraph decision
                                            --pushlog-id='0'
                                            --pushdate='0'
                                            --project='${project}'
                                            --message=""
                                            --owner='${ownerEmail}'
                                            --level='${level}'
                                            --base-repository="$MOBILE_BASE_REPOSITORY"
                                            --head-repository="$MOBILE_HEAD_REPOSITORY"
                                            --head-ref="$MOBILE_HEAD_REF"
                                            --head-rev="$MOBILE_HEAD_REV"
                                            --head-tag="$MOBILE_HEAD_TAG"
                                            --repository-type="$MOBILE_REPOSITORY_TYPE"
                                            --tasks-for='${tasks_for}'
                                            ${extraArgs}
Johan Lorenzo's avatar
Johan Lorenzo committed
288

289
290
291
292
293
                              artifacts:
                                  'public':
                                      type: 'directory'
                                      path: '/builds/worker/artifacts'
                                      expires: {$fromNow: '1 year'}
Tom Prince's avatar
Tom Prince committed
294
295
296
297
298
299
300
301
                                  'public/docker-contexts':
                                      type: 'directory'
                                      path: '/builds/worker/checkouts/src/docker-contexts'
                                      # This needs to be at least the deadline of the
                                      # decision task + the docker-image task deadlines.
                                      # It is set to a week to allow for some time for
                                      # debugging, but they are not useful long-term.
                                      expires: {$fromNow: '7 day'}
Johan Lorenzo's avatar
Johan Lorenzo committed
302

303
304
305
306
307
308
309
                          extra:
                              $merge:
                                  - treeherder:
                                        $merge:
                                            - machine:
                                                  platform: gecko-decision
                                            - $if: 'tasks_for in ["github-push", "github-pull-request"]'
Johan Lorenzo's avatar
Johan Lorenzo committed
310
                                              then:
311
                                                  symbol: D
Johan Lorenzo's avatar
Johan Lorenzo committed
312
                                              else:
313
                                                  $if: 'tasks_for == "github-release"'
314
                                                  then:
315
                                                      symbol: 'ship_fenix'
316
                                                  else:
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
                                                      $if: 'tasks_for == "action"'
                                                      then:
                                                          groupName: 'action-callback'
                                                          groupSymbol: AC
                                                          symbol: "${action.symbol}"
                                                      else:
                                                          groupSymbol: cron
                                                          symbol: "${cron.job_symbol}"
                                  - $if: 'tasks_for == "action"'
                                    then:
                                        parent: '${action.taskGroupId}'
                                        action:
                                            name: '${action.name}'
                                            context:
                                                taskGroupId: '${action.taskGroupId}'
                                                taskId: {$eval: 'taskId'}
                                                input: {$eval: 'input'}
334
                                                clientId: {$eval: 'clientId'}
335
336
337
338
                                  - $if: 'tasks_for == "cron"'
                                    then:
                                        cron: {$json: {$eval: 'cron'}}
                                  - tasks_for: '${tasks_for}'