All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- Added Gecko GCP decision pools
- Removed esr91 support
- Restricted Android-Components scopes to both android-components and firefox-android repos
- Allowed mozillavpn tasks_for action
- Allowed comm-central to use production bouncer scope
- Added BASE_REF and BASE_REV to CoT verify.
- Added scopes for autoland lv3 tree pushes to cot_restricted_scopes
- Added a new trusted docker-worker CoT key
- Added mozillavpn beetmover scopes to cot_restricted_scopes
- Added pine-stable support
- Removed maple and cedar from the list of privileged branches
- Added a new trusted scriptworker CoT key
- Added a new trusted generic-worker CoT key
- Added esr102 support
- Added py3.10 testing
- Moved the repo automation to taskgraph
- Removed esr78 support
- Mozilla VPN to cot_restricted_scopes
- Support for cedar project
- Support for log rotation with RotatingFileHandler
- Removed obsolete Focus scopes
- Remove Pushsnap support
- Added Focus for android scopes for github-script, signing-script and pushapk-script
- Added xpi scopes for Beetmover and Balrog
- Added microsoft store scopes for Firefox
- Test coverage for utils and cleanup
- Support for non-hook actions in CoT
- CoT bumped to version 7
- Removed unused mpd001 trust domain
- Added new mozillavpn trust domain
- Removed old CoT keys
lint
tox target renamed tocheck
to match other releng repos- Tests now use
coveralls
instead ofpytest-coveralls
- fixed
fenix
prod cot index; old one hadn't been updated in a year - added
adhoc-signing
andxpi-manifest
cot index tests
- Added esr91 to CoT
- Fixed RtD after dropping py36 support
- added support for cot_restricted_scopes to match <scope>*
- Removed py36 support
- Removed obsolete mobile production tests
- Added py39 support
- Require
immutabledict>=1.3.0
to avoid typing bustage - Require
taskcluster<41
instead oftaskcluster<40
to match the latest cluster version - CoT verification now supports
projectId
andtaskQueueId
. - Pinned to
pytest-asyncio<0.15
due to production test bustage
- Fixed immutabledict typing bustage
- Replaced the new docker-worker pubkey in
ed25519_public_keys
: we never used the previous-new keypair, and we're rolling out this keypair. - Added mypy typing to
scriptworker.context
timestamp
->int_timestamp
in arrow calls; set min arrow version to 1.0- production tests no longer require the taskcluster proxy.
- Removed
esr68
; addedpine
to nightly branches.
run_task
now exits with the exit code from the task.reversed_statuses
works now, with statuses of 245 and 241.
- Updated
ed25519_public_keys
with new public keys
- Updated
ignore_keys
to include the comingprojectId
. - Updated tests to use
iscript>=5
- Added a
requirements.txt
with unpinned requirements, for ronin-puppet pinning.
- Updated
ignore_keys
to include the comingtaskQueueId
.
- Removed esr68 prod cot tests
- Allowed for empty
committer
andauthor
in githubcommit_data
- Added cot restricted scopes for mobile github tasks
- Added
semaphore_wrapper
to easily use a semaphore for async coroutines. - Added
context.download_semaphore
to share a download semaphore. - Added
max_concurrent_downloads
pref, defaulting to 5.
- Fixed 4-part versions.
- CoT support for
application-services
as cleanup effort - Removed
aiohttp_max_connections
in favor ofmax_concurrent_downloads
.
- CoT now supports Github
event.before
in the jsone context.
- Reformatted to fix black and isort
- Added support for esr78 for both comm and gecko
- Added build_taskcluster_yml_url
- Allow for github-push, action and cron tasks_for in app-services and glean
- We now build the .taskcluster.yml source url in get_in_tree_template, rather than rely on task.metadata.source
- Added app-services as cot_product in favor of application-services which will be retired
- Added glean as cot_product to support taskgraph in https://github.com/mozilla/glean/
- old docker-worker cot key invalid
- production tests now require
TASKCLUSTER_PROXY_URL
to be set
- Changed the trusted adhoc repo paths to
mozilla-releng/adhoc-{signing,manifest}
.
- Github source urls starting with
ssh://
are now treated as private repositories. verify_cot
now takes--verbose
and--no-check-task
options.
test_production
should no longer leave behind temp...
directories.
- added
cot_product_type
populate_jsone_context
now checkscot_product_type
instead of allowlisting a set ofcot_products
as github
check_interactive_docker_worker
now raisesCoTError
on errors, rather- than returning the list of error messages
check_interactive_docker_worker
now also runs against the chain task, if it's- docker-worker
- added
check_interactive_generic_worker
check_interactive_docker_worker
now raisesCoTError
on errors, rather- than returning the list of error messages
check_interactive_docker_worker
now also runs against the chain task, if it's- docker-worker
- Catch
asyncio.TimeoutError
duringclaimWork
retry_get_task_definition
andget_task_definition
to fix `Bug 1618731- <https://bugzilla.mozilla.org/show_bug.cgi?id=1618731>`__
- Old docker-worker cot key which was removed in 33.0.0, because it broke mobile releases.
- Catch
asyncio.TimeoutError
onload_json_or_yaml_from_url
- Removed old docker-worker cot key
- Catch
asyncio.TimeoutError
on artifact upload
- Added
action_perm
to action hooks
- Added the
scriptworker
cot product configs - Added
adhoc-3
workers
- Removed
aws-provisioner-v1
workers - Removed
esr60
and thebirch
andjamun
project branches
- Added shipitscript scopes to the xpi restricted scopes
- Moved the mpd001 repo to
guardian-vpn-windows
- Production scopes for flatpaks are now correctly set
- Reverted
context.temp_queue
downloads
- Added scopes for flatpakscript
- Scriptworker now uses
context.temp_queue
to download artifacts.
- Added fennec-profile-manager
- Python 3.8 support.
- Swapped out
frozendict
forimmutabledict
.
- Allow action tasks_for on mobile
- "adhoc" product in order to enable adhoc dep-signing.
- Unused
scriptworker_worker_pools
.
utils.retry_sync()
to enable retries on functions that cannot be asynchronous.
- Retry more times whenever github3 raises a ConnectionError
- Added treescript push capabilities to central
- [Bug 1596439](https://bugzilla.mozilla.org/show_bug.cgi?id=1596439) - Cache calls to github's branch_commits
- The default
taskcluster_root_url
is nowhttps://firefox-ci-tc.services.mozilla.com/
- Updated the scriptworker worker pool list
retry_async_decorator
- Methods of
GitHubRepository
are now async and are retried thanks toretry_async
. Only methods making network calls are async/retried. - XPI is now pointing at mozilla-extensions/xpi-manifest
test_production.py
no longer leaves behind a...
test directory
taskcluster_root_url
now defaults toos.environ["TASKCLUSTER_ROOT_URL"]
, with a fallback ofhttps://taskcluster.net
.- The firefox-ci and staging clusters are now in the
valid_artifact_rules
- worker-manager based decision and docker image worker pools are supported
- added
mpd001
CoT support - added
xpi
CoT support - added github action CoT support
- added
require_secret
in trusted vcs config - added support for private github repos in CoT verification
[email protected]
urls will now be translated tossh://github.com/
for the purposes of CoT- we now trust the github task email, because we can’t verify alternate emails
download_file
now takes anauth
kwargload_json_or_yaml_from_url
now takes anauth
kwarg
- removed Focus Nightly from
test_production
for continued bustage due to force pushes
assert_is_parent
to make sure a path is a subset of another pathContext.verify_task
which checks for..
inupstreamArtifacts
download_artifacts
verifies the absolute path of the file is under theparent_dir
get_single_upstream_artifact_full_path
verifies the full path is under theparent_dir
- removed unused
extra_run_task_arguments
- removed extraneous
check_num_tasks
- GitHub: support repo name
- CoT constants for
firefox-tv
- Updated restricted signing scopes for
fenix
- Chain of Trust breakage: Staging cron context were bailing out because repos were unknown.
- run_task returns 1 on non-zero exit code, 0 on success.
- Chain of Trust breakage: Expose repo name and pusher’s email on github pushes.
- Support taskgraph-style github cron contexts.
- Log the scriptworker version in the logs.
- Removed the following stub functions:
verify_balrog_task
verify_bouncer_task
verify_pushapk_task
verify_pushsnap_task
verify_shipit_task
verify_signing_task
### Changed
- Use
verify_scriptworker_task
for workers indirectly using it
- Added new scriptworker names to CoT
- Added
scripts/pin.sh
andscripts/pin-helper.sh
- Added
scriptworker_worker_pools
,valid_decision_worker_pools
, andvalid_docker_image_pools
- Added
get_worker_pool_id
andget_provisioner_id
- We now pin dependencies via
scripts/pin.sh
- Our scriptworker, decision, and docker-image workerType allowlisting
now goes by worker-pool-id, constrained by
cot_product
- Our integration tasks use workerTypes that follow the new workerType name restrictions.
- Removed
scripts/pip
andscripts/Dockerfile
in favor of the newpin.sh
- Removed
scriptworker_worker_types
,valid_decision_worker_types
, andvalid_docker_image_types
- Removed
taskcluster-images
as a valid docker-image workerType
- Support for graceful shutdown without cancelling using SIGUSR1
- Support for old
application-services-r
workerType
- Add support for dedicated per-level workerTypes in application-services
- Don’t include the non-existent top-level
repository
key in github json-e context. - Remove untrusted repos from list of repos accepted by
trace_back_to_tree
controlling tasks allowed as dependencies to tasks with restricted scopes.
- Allow arbitrary github repos (with appropriate scopes, in particular PRs), to use non-restricted scopes.
- Provide more complete github contexts to pull requests.
- Allow using indexed-tasks for decision task images in unrestricted contexts.
- Added support for comm-esr68.
- Allow actions to not pass parameters explicitly.
- Allow longer (up to 38 characters) worker_id
- Log worker_group, worker_id, FQDN
- Fennec Release is now shipped off mozilla-esr68
- Allows
mitchhentges
to do stagingapplication-services
tasks
- Unexpected exceptions are reported to Taskcluster as
internal-error
, rather than silently failing
- Added
context.task_id
- We now set
env['TASK_ID']
when running the script.
- Fennec Beta is now shipped off mozilla-esr68
- Fennec Nightly is now shipped off mozilla-esr68
- Added support for mozilla-esr68.
- Fennec Nightly cannot be shipped off mozilla-beta
- Issue
#331:
Cache
has_commit_landed_on_repository()
results so Github doesn’t error out because we hammered the API too often in a short period of time.
- Fix logging
- Enrich github releases jsone context by adding
event['action']
- Issue
#334:
Github’s
web-flow
user breaking Chain of Trust.
- Support for
application-services
in CoT for beetmoverworkers
_get_additional_github_releases_jsone_context
’sclone_url
now returns the correct url suffixing ingit
s,scriptharness,scriptworker
indocs/conf.py
- specify
rootUrl
forverify_cot
if used without credentials.
- Upload .tar.gz without gzip encoding. Gzip encoding resulted in uncompressing the tarball during download, breaking cot hash verification
- CoT on Github: PRs merged by someone else break CoT
- added
CODE_OF_CONDUCT.md
. verify_cot
now has a--verify-sigs
option to test level 3 chains of trust with signature verification on.- added a
verify_ed25519_signature
endpoint helper script.
- Updated documentation to reflect the new ed25519-only chain of trust world.
docker/run.sh
no longer points/dev/random
to/dev/urandom
, and no longer has hacks to install an old version of gpg.public/chain-of-trust.json
is now a mandatory artifact in cot verification.public/chain-of-trust.json.sig
is mandatory if signature verification is on.public/chainOfTrust.json.asc
is no longer used.- similarly,
public/chainOfTrust.json.asc
is no longer generated or uploaded by scriptworker. add_enumerable_item_to_dict
now usessetdefault
instead oftry/except
.
- added missing modules to the source documentation.
- restored missing test branch coverage.
get_all_artifacts_per_task_id
now returns a sorted, unique list of artifacts, preventing duplicate concurrent downloads of the same file.test_verify_production_cot
now tests win64 repackage-signing instead of linux64 repackage-signing because linux64 stopped running repackage-signing. We also test an esr60 index.
- removed gpg support from chain of trust verification.
- removed
scriptworker.gpg
module and associated tests. - removed the
defusedxml
,pexpect
, andpython-gnupg
dependencies. - removed the
create_gpg_keys.py
andgpg_helper.sh
helper scripts. - removed gpg-specific config.
- removed
ScriptWorkerGPGException
- removed the
rebuild_gpg_homedirs
endpoint. - removed the
check_pubkeys.py
andgen1000keys.py
test scripts.
event.repository.full_name
andevent.pull_request.base.repo.full_name
oncot_verify
(for GitHub repos)
- Allow snapcraft beta scope on mozilla-release
- ed25519 cot signature generation and verification support.
scripts/gen_ed25519_key.py
- a standalone script to generate an ed25519 keypaired25519_private_key_path
anded25519_public_keys
config itemsscriptworker.ed25519
moduleverify_link_gpg_cot_signature
is a new function, but is deprecated and will be removed in a future release.verify_link_ed25519_cot_signature
is a new function.- added
write_to_file
andread_from_file
utils
- gpg support in chain of trust is now deprecated, and will be removed in a future release.
generate_cot
’spath
kwarg is nowparent_path
.generate_cot
now generates up to 3 files:chainOfTrust.json.asc
,chain-of-trust.json
, andchain-of-trust.json.sig
.download_cot
now also downloadschain-of-trust.json
as an optional artifact, and addschain-of-trust.json.sig
as an optional artifact if signature verification is enabled. These will become mandatory artifacts in a future release.chainOfTrust.json.asc
is now a mandatory artifact in cot verification, but is deprecated. We will remove this artifact in a future release.verify_cot_signatures
verifies ed25519, and falls back to gpg. We will make ed25519 signature verification mandatory in a future release, and remove gpg verification.- we now require
cryptography>=2.6.1
for ed25519 support.
is_task_required_by_any_mandatory_artifact
is removed
is_try_or_pull_request()
is now an async (instead of a sync property). So isis_pull_request()
.extract_github_repo_owner_and_name()
,extract_github_repo_and_revision_from_source_url()
have been moved to thegithub
module.
- In the
github
module:is_github_url()
,get_tag_hash()
,has_commit_landed_on_repository()
,is_github_repo_owner_the_official_one()
utils.get_parts_of_url_path()
- update
ci-admin
andci-configuration
to reflect their new homes
- mobile can create in-tree docker images
- Chain of Trust is now able to validate the following
tasks_for
:- github-pull-request (even though pull requests seem risky at first, this enables smoother staging releases - à la gecko’s try)
- github-push
- github.py is a new module to deal with the GitHub API URLs.
- Config must know provide a GitHub OAuth token to request the GitHub API more than 60 times an hour
- load_json_or_yaml() load file handles as if they were always encoded in utf-8. The GitHub API includes emojis in its reponses.
- The mobile decision tasks must define “MOBILE_PUSH_DATE_TIME”.
github-release is the only
tasks_for
to not use this variable (because the piece of data is exposed by the GitHub API) is_try
inscriptworker.cot.verify
was changed byis_try_or_pull_request
tasks_for
are now allowed per cot-product in constants.py
scriptworker.task.KNOWN_TASKS_FOR
in favor ofcontext.config['valid_tasks_for']
which depends on thecot_product
- added
running_tasks
property toContext
- added
WorkerShutdownDuringTask
exception - added
TaskProcess
object andtask_process
submodule - added a
RunTasks
object
upload_artifacts
now takes afiles
argrun_task
now takes ato_cancellable_process
argdo_run_task
takes two new argsdo_upload
takes afiles
arg
- scriptworker should now handle SIGTERM more gracefully, reporting
worker-shutdown
- removed
kill_pid
andkill_proc
functions - removed
noop_sync
from utils
- added
ownTaskId
tojsone_context
. - added an
_EXTENSION_TO_MIME_TYPE
list to allow for differences in system mimetypes
- added
clientId
to action hooks’jsone_context
- Added
git_path
in config to specify an explicit git binary
- Added a
context
argument toget_git_revision
,get_latest_tag
- Fixed some markdown syntax
- Added slowest 10 tests measurement
- Added
BaseDownloadError
andDownload404
exceptions
- No longer retry downloads on a 404.
- Fixed pytest-random-order behavior
- Addressed a number of aiohttp + deprecation warnings
- added
fenix
to the list of approved repositories
- support for GitHub staging releases
- get
actionPerm
fromaction_defn['extra']['actionPerm']
beforeaction_defn['actionPerm']
.
- added an entrypoint to the test docker image and updated docs.
- added relpro action hook support.
- added some filterwarnings to tox.ini to suppress warnings for dependencies.
- pointed
/dev/random
at/dev/urandom
in test docker image to speed up gpg tests. - changed filesystem layout of docker image for more test file separation.
- renamed some of the private
jsone_context
functions inscriptworker.cot.verify
.
- clarified new instance docs.
- fixed common intermittent test failures on travis by removing pytest-xdist.
- Regression around json-e context for mozilla-mobile projects
- Cron tasks are now expected to use correct push information
- Documentation for deploying new instances in AWS has been updated.
- Requirements are now generated using pip-compile-multi.
- Docker images have been updated in preperation for moving to docker deployements.
- whitelisted
mozilla-mobile/android-components
andmozilla-mobile/reference-browser
repos
rootUrl
support fortaskcluster>=5.0.0
- Python 3.7 dockerfile
- support for
github-release
- support cron task scheduled as
github-release
in the casecot_product == "mobile"
- when
cot_product == "mobile"
, json-e verification is no longer skipped
test
andgnupg
dockerfiles are now one.
verify_cot
fortaskcluster>=5.0.0
- add
taskcluster_root_url
to support taskcluster>=5.0.0
- fixed some pytest warnings
- Look for the
cb_name
of actions with kindtask
.
- add
get_action_callback_name
- verify actions properly, even if they share the same name with
another action (
cb_name
is unique;name
is not).
- remove
get_action_name
- Allow staging branches access to staging ship-it and mock snap workers.
- Retry download artifacts on timeouts.
- Allow mozilla-central to update bouncer locations.
- Allow any branch access to the -dev bouncer scriptwork.
- use
task.tags.worker-implementation
as the worker implementation, if specified.
- require py37 to be green
- support and require taskcluster>=4.0.0 (
taskcluster.aio
rather thantaskcluster.async
, becauseasync
is a py37 keyword)
- tests that need an event loop are now all
@pytest.mark.asyncio
and/or using the pytest-asyncioevent_loop
fixture, rather than using the now-removed localevent_loop
fixture. This addresses our intermittent test failures, though we need additional work (e.g., PR #244) - added more test cases around
get_upstream_artifacts_full_paths_per_task_id
, to allow for multipleupstreamArtifacts
entries for a singletaskId
- fixed the hang in
run_task
– we were waiting for themax_timeout
future to exit, which it did after sleeping fortask_max_timeout
seconds, so every task took the full timeout to complete. Now we useasyncio.wait(timeout=...)
. - fixed the unclosed session warnings in tests
- removed
get_future_exception
after removing its last caller - removed
max_timeout
after moving timeout handling intorun_task
viaasyncio.wait
- removed the
event_loop
test fixture; this may have conflicted with thepytest-asyncio
event_loop
fixture
- added
task_max_timeout_status
,reversed_statuses
, andinvalid_reclaim_status
toDEFAULT_CONFIG
- added
get_reversed_statuses
for config-driven reversed statuses - added
task.kill_pid
to kill a process tree - added
task.kill_proc
to kill a subprocess proc - added unit and integration tests for user cancel
- added
utils.get_future_exception
to get the status of a single future
- integration tests now require the
queue:cancel-task:test-dummy-scheduler/*
scope - unit tests now run in random order
max_timeout
is now an async function with sleeps rather than a synchronous function usingcall_later
- split
run_tasks
into several helper functions - all negative exit statuses now log
Automation Error
- task timeouts should result in an
intermittent-task
, rather than a crashed scriptworker - we now kill the task on a
reclaim_task
result of 409, allowing for user cancellation - added logging for uncaught exceptions in
run_tasks
- cancelled the
reclaim_task
future on task completion - pointed docs at the new
mdc1
puppet server - cot verification now renders the entire template rather than the first task
REVERSED_STATUSES
is removed, in favor ofget_reversed_statuses
task.kill
has been removed in favor ofkill_pid
andkill_proc
.- quieted cot verification a bit by removing some
log.debug
lines
- added
loop_function
kwarg tosync_main
for testing
- fixed tests against aiohttp 3.3.0
- fixed concurrent test intermittent errors
- fixed
mobile
prebuilt_docker_image_task_types
- we now log exceptions rather than printing a traceback to stderr
- added a restriction on a.m.o. production scopes.
- added
prebuilt_docker_image_task_types
. These are the task types that allow non-artifact docker images; ifNone
, all task types are allowed. - added
get_in_tree_template
,get_action_context_and_template
,get_jsone_context_and_template
to help support new action hooks. - added
verify_repo_matches_url
to stop using.startswith()
to compare urls - added
REPO_SCOPE_REGEX
to allow us to find therepo_scope
in a task’s scopes. - added
get_repo_scope
to return therepo_scope
in a task’s scopes (orNone
) - added a
test/data/cotv3
dir for action hook test data.
- set
cot_version
to 3. - set
min_cot_version
to 2. - we now require cot artifacts in
verify_docker_image_sha
. - we no longer check docker image shas against an allowlist; they either match chain of trust artifact shas, or they’re a task type that allows prebuilt docker images. If these are defined in-tree, we trace the request to the tree, so these should be as trustable as the tree in question.
- we no longer allow for ignoring decision tasks’
taskGroupId
s. If they differ from thetaskId
, we follow the chain back. - we no longer skip
verify_docker_worker_task
formobile
cot_product
; but we do allow for prebuilt docker images on all task types. get_source_url
now throws aCoTError
if both the source url and repo are defined, and the source url doesn’t match the repo.- quieted the test output significantly.
- default test verbosity is toggled on by the
SCRIPTWORKER_VERBOSE_TESTS
env var. - by default, tests now run concurrently for faster results. To allow this, we no longer close the event loop anywhere.
- we now log the exception at bad git tag signature verification.
- removed cotv1 support
- removed
docker_image_allowlists
- removed
gecko-decision
from the decisionworkerType
s - removed
ACTION_MACH_COMMANDS
andDECISION_MACH_COMMANDS
- removed “fuzzy matching” task definitions in
task-graph.json
. With json-e enabled actions, we should be able to match thetaskId
exactly. - removed
verify_decision_command
; rebuilding the task definition via json-e is more precise. - removed
get_jsone_template
in favor of the other, more specific template functions.
- added
.pytest_cache
to.gitignore
- added py37 testing. This is currently broken due to
ldna_ssl
andPyYAML
; marked this test inallow_failures
. - Support for
mobile
projects and more precisely Firefox Focus
- updated docs to reflect python 3.6.5 update
- updated to add aiohttp 3 support. aiohttp <3 is likely busted.
- stopped closing the event loop.
- dropped python 3.5 support.
- find try: in any line of an hg push comment, and strip any preceding characters
- restrict compariston to the first line of hg push comments for try
- added mozilla-esr60 to restricted branches
- changed
retry_async
logging to be more informative
- added decision docker 2.1.0 to the allowlist
- cot logging now shows retries
- updated cron user to
cron
- added restricted scopes for thunderbird
- update the output filenames of
create_gpg_keys
- updated the docs to not hardcode cltsign.
- update release instructions to generate and use wheels
- added support for addon_scriptworker
client.sync_main()
now loads the taskclient.sync_main()
optionally verifies the loaded taskclient.sync_main()
accepts optional default configurationclient.sync_main()
stubs outcontext.write_json()
- added functions used in script depending on scriptworker.
- added
utils.get_single_item_from_sequence()
- added
script.sync_main()
andscript.validate_task_schema()
- added
exceptions.TaskVerificationError
- added
- added
get_loggable_url
to avoid logging secrets - added integration test for private artifacts
create_artifact
now has a default expiration of the task expiration date.get_artifact_url
now supports signed URLs for private artifactsget_artifact_url
no longer returns unquoted urls (breaks signed urls)validate_artifact_url
unquotes paths before returning them
- fix integration tests for osx py36 #135
- removed the config for
artifact_expiration_hours
. - removed support for taskcluster 0.3.x
- added support for bouncer scriptworker
- renamed
run_loop
torun_tasks
run_tasks
now shuts down gracefully after receiving a SIGTERM: it finishes the current task(s), and exits.
run_tasks
now sleeps 5 if there were no tasks claimed.
- Freeze aiohttp to 2.x.y
valid_vcs_rules
,source_env_prefix
,extra_run_task_arguments
depend oncot_product
cot_product
is defined in example configuration- Support for ship-it tasks
- Added
scriptworker.cot.verify.get_jsone_template
, because action tasks use actions.json instead of .taskcluster.yml
- Added a
tasks_for
argument topopulate_jsone_context
. - Used
format_json
instead ofpprint.pformat
in mostscriptworker.cot.verify
functions.
- Removed
scriptworker.utils.render_jsone
, since it reduced to ajsone.render
call. - Removed the now-unused
scriptworker.constants.max_jsone_iterations
- Added
scriptworker.cot.verify.verify_parent_task_definition
. This is the core change in this release, aka CoT version 2. We now use json-e to rebuild the decision/action task definitions from the tree. - Added
json-e
anddictdiffer
dependencies. arrow
,certifi
,multidict
,taskcluster
, andyarl
have updated their major version numbers.- Added
Context.projects
andContext.populate_projects
. - Added
load_json_or_yaml_from_url
. - Added
DEFAULT_CONFIG['cot_version']
andDEFAULT_CONFIG['min_cot_version']
; this is cotv2. Ifmin_cot_version
is 1, we allow for falling back to the old cot v1 logic. - Added
DEFAULT_CONFIG['project_configuration_url']
andDEFAULT_CONFIG['pushlog_url']
. - Added
scriptworker.task.KNOWN_TASKS_FOR
,scriptworker.task.get_action_name
,scriptworker.task.get_commit_message
,scriptworker.task.get_and_check_project
,scriptworker.task.get_and_check_tasks_for
- Added
scriptworker.utils.remove_empty_keys
since the taskgraph drops key/value pairs where the value is empty. See https://github.com/taskcluster/json-e/issues/223 - Added
scriptworker.utils.render_jsone
to generically render json-e. - Added
max_jsone_iterations
pref; sometimes the values to replace template values are several layers deep. - Added
scriptworker.cot.verify.get_pushlog_info
,scriptworker.cot.verify.get_scm_level
,scriptworker.cot.verify.populate_jsone_context
, andscriptworker.cot.verify.compare_jsone_task_definition
. - Added test files to
scriptworker/test/data/cotv2/
.
- Renamed
load_json
toload_json_or_yaml
. This now takes afile_type
kwarg that defaults tojson
. - Moved
get_repo
,get_revision
,is_try
, andis_action
fromscriptworker.cot.verify
toscriptworker.task
- Moved the sub-function path callback from
scriptworker.cot.verify
toscriptworker.utils.match_url_path_callback
scriptworker.cot.verify.guess_task_type
takes a 2nd arg,task_defn
, to differentiate action tasks from decision/cron tasks.scriptworker.cot.verify.get_all_artifacts_per_task_id
addspublic/actions.json
andpublic/parameters.yml
to decision task artifacts to download, for action task verification.- Removed the
firefox
fromscriptworker.cot.verify
function names. - Tweaked the task ID logging in
verify_cot
.
- Updated
path_regexes
to identify most (all?) valid hg.m.o repo paths, instead of returningNone
.
- Removed
scriptworker.cot.verify.verify_decision_task
andscriptworker.cot.verify.verify_action_task
in favor ofscriptworker.cot.verify.verify_parent_task
.
max_chain_length
pref, defaulting to the arbitrary (but larger than the current 5) int 20.
- Stopped hardcoding the max chain length to 5 due to longer-than-5 valid chains in production.
- Allow projects/birch to use project:releng:signing:cert:release-signing
scriptworker.cot.verify.download_cot
now supports optional upstream artifactsscriptworker.artifacts.get_optional_artifacts_per_task_id
,scriptworker.cot.verify.(is_task_required_by_any_mandatory_artifact, is_artifact_optional)
, andscriptworker.utils.(get_results_and_future_exceptions, add_enumerable_item_to_dict)
are defined and publicly exposed.
scriptworker.artifacts.get_upstream_artifacts_full_paths_per_task_id
returns 2 dictionaries instead of 1.scriptworker.cot.verify.(verify_docker_image_sha, download_cot_artifact)
don’t error out if cot isn’t defined (missing cot are detected earlier)
- Made the exit status more explicit on exit code -11.
- Fixed
verify_sig
to return the message body ifgpg.decrypt
returns an empty body.
- Added integration tests that run
verify_chain_of_trust
against production tasks, to make surecot.verify
changes are backwards compatible.
- stopped verifying docker-worker cot on the chain object, which may not have a cot artifact to verify.
- updated the
retry_exceptions
forretry_request
to includeasyncio.TimeoutError
.
- Removed the
await asyncio.sleep(1)
after running a task.
- scriptworker will now retry (
intermittent-task
status) on a script exit code of -11, which corresponds to a python segfault.
scriptworker.task.get_parent_task_id
to support the newtask.extra.parent
breadcrumb.scriptworker.cot.verify.ACTION_MACH_COMMANDS
andcot.verify.PARENT_TASK_TYPES
to separate action task verification from decision task verification.scriptworker.cot.verify.ChainOfTrust.parent_task_id
to find theparent_task_id
later.scriptworker.cot.verify.LinkOfTrust.parent_task_id
to find theparent_task_id
later.- added a new
action
task type. This uses the same sha allowlist as thedecision
task type. scriptworker.cot.verify.is_action
, since differentiating between a decision task and an action task requires some task definition introspection.verify_firefox_decision_command
now takes amach_commands
kwarg; for action tasks, we set this toACTION_MACH_COMMANDS
verify_action_task
verifies the action task command.verify_parent_task
runs the checks previously inverify_decision_task
; we run this for both action and decision tasks.
find_sorted_task_dependencies
now uses theparent_task_id
rather than thedecision_task_id
for itsparent_tuple
.download_firefox_cot_artifacts
now downloadstask-graph.json
from action tasks as well as decision tasksverify_decision_task
now only checks the command. The other checks have been moved toverify_parent_task
.- decision tasks now run
verify_parent_task
.
- Updated
README.md
to specifytox
rather thanpython setup.py test
- added maple to the list of privileged branches.
- changed the default
poll_interval
to 10.
- updated post-task sleep to 1; we only sleep
poll_interval
only between polls.
- removed date from the list of privileged branches.
- no longer add a decision task’s decision task to the chain of trust to verify. This was a regression.
- cleaned up aurora references from everything but pushapk, which uses it.
- specify the correct docker shas for the new docker images.
- fixed new false error raised on missing command in payload
- updated cot verification to allow for the new docker-image and decision paths (/home/worker -> /builds/worker)
- added
DECISION_MACH_COMMANDS
tocot.verify
, to support action task verification - added
DECISION_TASK_TYPES
tocot.verify
, to support verifying decision tasks viaverify_cot
- added
ChainOfTrust.is_decision
to find if the chain object is a decision task - added
ChainOfTrust.get_all_links_in_chain
. Previously, we ran certain tests against all the links in the chain, and other tests against all links + the chain object. Now, the chain itself may be a decision task; we will add the decision task as a link in the chain, and we no longer want to run verification tests against the chain object. - added new docker image shas
- we now support testing any verifiable
taskType
viaverify_cot
! Previously, only scriptworker task types were verifiable via the commandline tool. - we now support testing action task commandlines in
verify_firefox_decision_command
- we no longer ignore the decision task if the task-to-verify is the
decision task in
find_sorted_task_dependencies
. We want to make sure we verify it. - we no longer raise a
CoTError
if theChainOfTrust
object is not a scriptworker implementation
- fixed
partials
task verification
- added .json as an
ignore_suffix
for docker-worker - added
partials
as a valid task type
- added sparse checkout decision task support in cot verification.
- added decision image 0.1.10 sha to allowlist
watch_log_file
pref, to watch the log file forlogrotate.d
(or other) rotation. Set this to true in production.
- switched from
RotatingFileHandler
toWatchedFileHandler
orFileHandler
, depending on whetherwatch_log_file
is set.
- Non-backwards-compatible: removed
log_max_bytes
andlog_num_backups
prefs. If set in a config file, this will break scriptworker launch. I don’t believe anything sets these, but bumping the major version in case.
- added
prepare_to_run_task
to create a newcurrent_task_info.json
inwork_dir
for easier debugging.
.diff
files now upload astext/plain
.
- updated the decision + docker-image
workerType
s
- closed the contextual log handler to avoid filling up disk with open filehandles
- added a check to verify the cot
taskId
matches the tasktaskId
- added a a
claimWork
debug log message - added a check to prevent
python setup.py register
andpython setup.py upload
- updated the docs to more accurately reflect the new instance steps
- updated the docs to avoid using
python setup.py register sdist upload
- allowed the decision task to be an additional runtime dep
- rewrote chain of trust docs.
- fixed artifact list verification in
task.payload
for generic-worker tasks.
- removed old format balrog scope.
- added
.sh
as anignore_suffix
for generic-worker
- added generic-worker chain of trust support
scriptworker.cot.verify.verify_generic_worker_task
, currently noop
- generic-worker
ignore_suffixes
now includes.in
- Updated Google Play scopes to allow Nightly to ship to the Aurora product
- added
scriptworker.task.claim_work
to use theclaimWork
endpoint instead of polling.
- changed
worker.run_loop
to use the newclaim_work
function. In theory this can handle multiple tasks serially, but in practice should only get one at a time. In the future we can allow for multiple tasks run in parallel in separatework_dir
s, if desired. worker.run_loop
now always sleeps thepoll_interval
. We can adjust this if desired.
- tweaked docstrings to pass pydocstyle>=2.0
- removed
Context.poll_task_urls
- removed
scriptworker.poll
completely
- allowed for retriggering tasks with a subset of
task.dependencies
, specifically to get around expiration of the breakpoint dependency of pushapk tasks.
- added oak to
all-nightly-branches
, for update testing. - added
repackage
as a valid, verifiable task type for cot.
- added log message on startup.
- updated docker image allowlists
- changed balrog nightly branches to
all-nightly-branches
scriptworker.artifacts
now has new functions to deal withupstreamArtifacts
:get_upstream_artifacts_full_paths_per_task_id
,get_and_check_single_upstream_artifact_full_path
, andget_single_upstream_artifact_full_path
.- added a
LinkOfTrust.get_artifact_full_path
method - new
helper_scripts
directory:gpg_helper.sh
is a wrapper to call gpg against a given gpg home directory.create_gpg_keys.py
is a script to create new scriptworker gpg keys.
- updated support, and now require,
aiohttp>=2.0.0
- pointed the pushapk scopes at new
betatest
andauroratest
cot_restricted_trees
aliases - renamed
find_task_dependencies
tofind_sorted_task_dependencies
aiohttp
2.0.0 no longer burns travis jobs.
- update balrog restricted scopes to include
project:releng:balrog:nightly
until we’re done with it
- allow for
/bin/bash
in decision task command line
- don’t add a decision task’s decision task to the dependency chain. In 2.2.0 we stopped verifying that a decision task was part of its decision task’s task graph, but still verified the decision task’s decision task (if any). This release stops tracing back to the original decision task altogether.
- updated balrog restricted scopes
- updated balrog and beetmover restricted scopes
- decision tasks are no longer traced back to decision tasks, even if
their
taskGroupId
doesn’t match theirtaskId
.
- tests now pass under python 3.6; we’ll update the supported version list when taskcluster-client.py has full py36 support
- fixed closed event loop errors from the new aiohttp
- git tests now use a local git repo tarball, instead of running tests on the scriptworker repo
- removed the check for max number of decision tasks per graph
get_artifact_url
now works withtaskcluster==1.0.2
, while keeping 0.3.x compatibility- more verbose upload status
intermittent-task
statusscriptworker.utils.calculate_sleep_time
- added
retry_async_kwargs
kwarg toretry_request
- added
sleeptime_kwargs
kwarg toretry_async
- renamed
release
andnightly
branch aliases toall-release-branches
andall-nightly-branches
- updated pushapk restricted scopes
- reduced
aiohttp_max_connections
to 15 aiohttp
exceptions now result in anintermittent-task
status, rather thanresource-unavailable
scriptworker.artifacts
is a new submodule that defines artifact behavior- we now support
pushapk
scriptworker instance types incot.verify
freeze_values
is nowget_frozen_copy
, and now returns a frozen copy instead of modifying the object in place.unfreeze_values
is nowget_unfrozen_copy
check_config
now callsget_frozen_copy
on theconfig
before comparing againstDEFAULT_CONFIG
create_config
callsget_unfrozen_copy
, resulting in a recursively frozen configDEFAULT_CONFIG
now usesfrozendict
s andtuple
s in nested config items..asc
files are now forced totext/plain
- all
text/plain
artifacts are now gzipped, including .log, .asc, .json, .html, .xml - we no longer have
task_output.log
andtask_error.log
. Instead, we havelive_backing.log
, for more treeherder-friendliness
- stop testing for task environment variables. This is fragile and provides little benefit; let’s push on bug 1328719 instead.
unfreeze_values
, to unfreeze afreeze_values
frozendict.
freeze_values
now recurses.
- delete azure queue entries on status code 409 (already claimed or cancelled). This allows us to clean up cancelled tasks from the queue, speeding up future polling.
- more retries and catches in
find_task
, making it more robust.
- balrog tasks are now verifiable in chain of trust.
verify_signed_tag
, which verifies the tag’s signature and makes sure we’re updated to it.
rebuild_gpg_homedirs
now uses git tags instead of checking for signed commits.get_git_revision
now takes aref
kwarg; it finds the revision for that ref (e.g., tag, branch).update_signed_git_repo
revision
kwarg is now namedref
. It also verifies and updates to the signed git tag instead ofref
.update_signed_git_repo
now returns a tuple (revision, tag)build_gpg_homedirs_from_repo
now usesverify_signed_tag
instead ofverify_signed_git_commit
, and takes a newtag
arg.
- the curl command in
Dockerfile.gnupg
now retries on failure.
verify_signed_git_commit_output
verify_signed_git_commit
- beetmover and balrog scriptworker support in chain of trust verification
cot_restricted_trees
config, which maps branch-nick to branches
- Changed
cot_restricted_scopes
to be a scope to branch-nick dict, indexed bycot_product
- nuke then move the tmp gpg homedir, rather than trying to [wrongly]
use
overwrite_gpg_home
on a parent dir
- Dockerfiles: one for general testing and one for gpg homedir testing, with readme updates
flake8_docstrings
in tox.ini- log chain of trust verification more verbosely, since we no longer have real artifacts uploaded alongside
- download cot artifacts into
work_dir/cot
instead ofartifact_dir/public/cot
, to avoid massive storage dups download_artifacts
now returns a list of full paths instead of relative paths. SinceupstreamArtifacts
contains the relative paths, this should be more helpful.contextual_log_handler
now takes alogging.Formatter
kwarg rather than a log format string.
- check for a new gpg homedir before
run_loop
, because puppet will now userebuild_gpg_homedirs
- updated all docstrings to pass
flake8_docstrings
- switched to a three-phase lockfile for gpg homedir creation to avoid race conditions (locked, ready, unlocked)
- catch
aiohttp.errors.DisconnectedError
andaiohttp.errors.ClientError
inrun_loop
duringupload_artifacts
- compare the built docker-image tarball hash against
imageArtifactHash
- the
create_initial_gpg_homedirs
entry point has been removed in favor ofrebuild_gpg_homedirs
.
scriptworker.cot.verify.raise_on_errors
now takes a kwarg oflevel
, which defaults tologging.CRITICAL
. This is to support fuzzy task matching, where not matching a task is non-critical.scriptworker.cot.verify.verify_link_in_task_graph
now supports fuzzy task matching. If the Link’stask_id
isn’t in the task graph, try to match the task definition against the task graph definitions, and throwCoTError
on failure. This is to support Taskcluster retriggers.verify_cot
is now an entry point, rather than a helper script inscriptworker/test/data/
.
- allowed for
USE_SCCACHE
as a build env var
scriptworker.cot.verify
now verifies the chain of trust for the graph.scriptworker.exceptions.CoTError
now marks chain of trust validation errors.scriptworker.task.get_task_id
,scriptworker.task.get_run_id
,scriptworker.task.get_decision_task_id
,scriptworker.task.get_worker_type
scriptworker.log.contextual_log_handler
for short-term logs- added framework for new docs
- config files are now yaml, to enable comments.
config_example.json
andcot_config_example.json
have been consolidated intoscriptworker.yaml.tmpl
.context.cot_config
items now live incontext.config
. validate_artifact_url
now takes a list of dictionaries as rules, leading to more configurable url checking.scriptworker.cot
is nowscriptworker.cot.generate
. Theget_environment
function has been renamed toget_cot_environment
.scriptworker.gpg.get_body
now takes averify_sig
kwarg.download_artifacts
now takesvalid_artifact_task_ids
as a kwarg.max_connections
is nowaiohttp_max_connections
- scriptworker task definitions now expect an
upstreamArtifacts
list of dictionaries
- docstring single backticks are now double backticks
- catch aiohttp exceptions on upload
- removed all references to
cot_config
- removed the credential update, since puppet restarts scriptworker on config change.
gpg_lockfile
andlast_good_git_revision_file
in configget_last_good_git_revision
andwrite_last_good_git_revision
now return the last good git revision, and write it tolast_good_git_revision_file
, respectively.get_tmp_base_gpg_home_dir
is a helper function to avoid duplication in logic.rebuild_gpg_homedirs
is a new entry point script that allows us to recreate the gpg homedirs in a tmpdir, in a separate processis_lockfile_present
,create_lockfile
, andrm_lockfile
as helper functions for the two gpg homedir entry points.
sign_key
,rebuild_gpg_home_flat
,rebuild_gpg_home_signed
,build_gpg_homedirs_from_repo
are no longer async.overwrite_gpg_home
only keeps one backup.update_signed_git_repo
now returns the latest git revision, instead of a boolean marking whether the revision is new or not. This will help avoid the scenario where we update, fail to generate the gpg homedirs, and then stay on an old revision until the next push.update_logging_config
now takes afile_name
kwarg, which allows us to create new log files for therebuild_gpg_homedirs
andcreate_initial_gpg_homedirs
entry points.
build_gpg_homedirs_from_repo
now waits to verify the contents of the updated git repo before nuking the previous base gpg homedir.create_initial_gpg_homedirs
now creates a logfile
rebuild_gpg_homedirs_loop
is no longer needed, and is removed.
- logged the stacktrace if the
main
loop hits an exception. No longer catch and ignoreRuntimeError
, since it wasn’t clear why that was put in. - updated
check_config
to make sure taskcluster-related configs match taskcluster requirements
- changed the way the polling loop works:
async_main
is now a single pass, whichmain
calls in awhile True
loop. This should fix the situation where polling was dying silently while the git update loop continued running every 5 minutes.
- explicitly pass
taskId
andrunId
toclaim_task
. There’s a newhintId
property that appears inmessage_info['task_info']
that broke things.
- added
git_key_repo_dir
,base_gpg_home_dir
,my_email
, andgpg_path
toconfig_example.json
- added
cot_config_example.json
,cot_config_schema.json
, andscriptworker.config.get_cot_config
for ChainOfTrust config - added
update_signed_git_repo
,verify_signed_git_commit
,build_gpg_homedirs_from_repo
,rebuild_gpg_homedirs_loop
, andcreate_initial_gpg_homedirs
for gpg homedir creation and updates in the background. - added a background call to update the gpg homedirs in
scriptworker.worker.async_main
- added another entry point,
create_initial_gpg_homedirs
, for puppet to create the first gpg homedirs
- default config filename is now
scriptworker.json
instead ofconfig.json
- moved
scriptworker.config.get_context_from_cmdln
out ofscriptworker.worker.main
; now using argparse - changed default
sign_chain_of_trust
to True scriptworker.gpg.sign_key
,scriptworker.gpg.rebuild_gpg_home_flat
, andscriptworker.gpg.rebuild_gpg_home_signed
are now async, so they can happen in parallel in the background- renamed
scriptworker.gpg.latest_signed_git_commit
toscriptworker.gpg.verify_signed_git_commit_output
- combined
scriptworker.log.log_errors
andscriptworker.log.read_stdout
intoscriptworker.log.pipe_to_log
- added
taskGroupId
to the list of default validtaskId
s to download from. This logic will need to change in version 0.9.0 due to the new chain of trust dependency traversal logic
- added missing docstrings to the
download_artifacts
anddownload_file
functions - fixed coverage version in
tox.ini py35-coveralls
sign_key
now supports signing keys with multiple subkeys
- added
DownloadError
exception fordownload_file
- added
scriptworker.task.download_artifacts
- added
scriptworker.util.download_file
DEFAULT_CONFIG
,STATUSES
, andREVERSED_STATUSES
have moved toscriptworker.constants
.list_to_tuple
has been renamedfreeze_values
, and also converts dict values to frozendicts.
- significant gpg support
- ability to create new gpg homedirs
- scriptworker now requires
pexpect
for gpg key signing - docstrings!
- helper scripts to generate 1000 pubkeys and time importing them.
- added
scriptworker.utils.rm
as anrm -rf
function
utils.makedirs
now throwsScriptWorkerException
if the path exists and is not a directory or a softlink pointing to a directory.- gpg functions now take a
gpg_home
kwarg to specify a different homedir - moved
scriptworker.client.integration_create_task_payload
intoscriptworker.test
- renamed
scriptworker.util.get-_hash
kwarghash_type
tohash_alg
- renamed
firefox_cot_schema.json
tocot_v1_schema.json
; also, the schema has changed. - the chain of trust schema has changed to version 1.
- pass a
task
toscriptworker.task.reclaimTask
and exit the loop if it doesn’t matchcontext.task
- we now verify that
context.task
is the same task we scheduledreclaim_task
for.
- Removed
get_temp_creds_from_file
, since we’re not writingtemp_creds
to disk anymore - Removed
scriptworker.task.get_temp_queue
, since we already havecontext.temp_queue
- Removed
pytest-asyncio
dependency. It doesn’t play well withpytest-xdist
. - Removed
scriptworker.task.get_temp_queue
; we can usecontext.temp_queue
- Removed
pytest-asyncio
usage to try to usepytest-xdist
, then turned that back off when it conflicted with the event loop
- added
firefox_cot_schema.json
for firefox chain of trust - added gpg signature creation + verification
- added chain of trust generation
- added
scriptworker.task.worst_level
function for determining overall result of task
unsignedArtifacts
url paths are now unquoted, so%2F
becomes/
validate_task_schema
renamed tovalidate_json_schema
- write task log files directly to the
task_log_dir
; this should be a subdir ofartifact_dir
if we want them uploaded. ScriptWorkerException
now has anexit_code
of 5 (internal-error
);ScriptWorkerRetryException
now has anexit_code
of 4 (resource-unavailable
)- moved
tests
directory toscriptworker/test
- Functions in
test_config
now ignore existingTASKCLUSTER_
env vars for a clean testing environment raise_future_exceptions
no longer throws an exception for an empty list of tasks- Updated
CONTRIBUTING.rst
to reflect reality
- add
scriptworker.utils.filepaths_in_dir
- added setup.cfg for wheels
- added
scriptworker.client.validate_artifact_url
. - added python-gnupg dependency
- test files no longer use a test class.
upload_artifacts
now uploads files in subdirectories ofartifact_dir
, preserving the relative paths.
- Removed unneeded creds file generation.
- Added
requirements-*.txt
files. The-prod
files have pinned versions+hashes, viareqhash
. - Added
raise_future_exceptions
function from signingscript
- Upload artifacts to public/env/
filename
. - Enabled coverage branches in testing.
- Enabled environment variable configuration for credentials+workerid
- Moved source repo to mozilla-releng/scriptworker
- No longer prepend stderr log lines with ERROR
- Reduced debug logging
- Tweaked the config defaults to be a bit more sane.
- Fixed an exception where automated processes without HOME set would fail to launch scriptworker
- Removed
scheduler_id
from config; it’s only used to schedule integration tests.
upload_artifacts
now specifies acontent_type
oftext/plain
for the task logfiles, to fix linux uploading.
- Context now has a
claim_task
property that stores the output fromclaimTask
.Context.task
is now the task definition itself. scriptworker.utils.request
now takes additional kwargs to be a more versatile function.
- bundled version.json
- CHANGELOG.md
- Pinned
pytest-asyncio
to 0.3.0 because 0.4.1 hits closed event loop errors.