From 1f12ee0f8c38f243aebe7aa235ceb6f16835a3d9 Mon Sep 17 00:00:00 2001 From: Mitchell Hentges Date: Wed, 10 Jul 2019 10:32:33 -0700 Subject: [PATCH] Loads firebase secret from Taskcluster for nightly (#3634) * Loads firebase secret from Taskcluster for each release * Nightly legacy should use custom set of secrets --- automation/taskcluster/decision_task.py | 7 ++++--- automation/taskcluster/helper/get-secret.py | 8 ++++++++ automation/taskcluster/lib/tasks.py | 6 +++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/automation/taskcluster/decision_task.py b/automation/taskcluster/decision_task.py index 409ee6efd..31735420a 100644 --- a/automation/taskcluster/decision_task.py +++ b/automation/taskcluster/decision_task.py @@ -153,7 +153,7 @@ def nightly_to_production_app(is_staging, version_name): push_tasks = {} build_task_id = taskcluster.slugId() - build_tasks[build_task_id] = BUILDER.craft_assemble_release_task(architectures, build_type, is_staging, version_name, index_channel='nightly') + build_tasks[build_task_id] = BUILDER.craft_assemble_release_task(architectures, build_type, is_staging, version_name) signing_task_id = taskcluster.slugId() signing_tasks[signing_task_id] = BUILDER.craft_release_signing_task( @@ -194,6 +194,7 @@ if __name__ == "__main__": release_parser = subparsers.add_parser('github-release') release_parser.add_argument('tag') + release_parser.add_argument('--staging', action='store_true') result = parser.parse_args() command = result.command @@ -214,9 +215,9 @@ if __name__ == "__main__": beta_semver = re.compile(r'^v\d+\.\d+\.\d+-beta\.\d+$') production_semver = re.compile(r'^v\d+\.\d+\.\d+(-rc\.\d+)?$') if beta_semver.match(result.tag): - ordered_groups_of_tasks = release('beta', False, version) + ordered_groups_of_tasks = release('beta', result.staging, version) elif production_semver.match(result.tag): - ordered_groups_of_tasks = release('production', False, version) + ordered_groups_of_tasks = release('production', result.staging, version) else: raise ValueError('Github tag must be in semver format and prefixed with a "v", ' 'e.g.: "v1.0.0-beta.0" (beta), "v1.0.0-rc.0" (production) or "v1.0.0" (production)') diff --git a/automation/taskcluster/helper/get-secret.py b/automation/taskcluster/helper/get-secret.py index fe8bed711..bb55175d3 100644 --- a/automation/taskcluster/helper/get-secret.py +++ b/automation/taskcluster/helper/get-secret.py @@ -5,10 +5,18 @@ import argparse import base64 import os + +import errno import taskcluster def write_secret_to_file(path, data, key, base64decode=False, append=False, prefix=''): path = os.path.join(os.path.dirname(__file__), '../../../' + path) + try: + os.makedirs(os.path.dirname(path)) + except OSError as error: + if error.errno != errno.EEXIST: + raise + with open(path, 'a' if append else 'w') as f: value = data['secret'][key] if base64decode: diff --git a/automation/taskcluster/lib/tasks.py b/automation/taskcluster/lib/tasks.py index 7827f192c..9748fe144 100644 --- a/automation/taskcluster/lib/tasks.py +++ b/automation/taskcluster/lib/tasks.py @@ -40,8 +40,7 @@ class TaskBuilder(object): self.date = arrow.get(date_string) self.trust_level = trust_level - def craft_assemble_release_task(self, architectures, build_type, is_staging, version_name, index_channel=None): - index_channel = index_channel or build_type + def craft_assemble_release_task(self, architectures, build_type, is_staging, version_name): artifacts = { 'public/target.{}.apk'.format(arch): { "type": 'file', @@ -55,7 +54,7 @@ class TaskBuilder(object): if is_staging: secret_index = 'garbage/staging/project/mobile/fenix' else: - secret_index = 'project/mobile/fenix/{}'.format(index_channel) + secret_index = 'project/mobile/fenix/{}'.format(build_type) pre_gradle_commands = ( 'python automation/taskcluster/helper/get-secret.py -s {} -k {} -f {}'.format( @@ -65,6 +64,7 @@ class TaskBuilder(object): ('sentry_dsn', '.sentry_token'), ('leanplum', '.leanplum_token'), ('adjust', '.adjust_token'), + ('firebase', 'app/src/{}/res/values/firebase.xml'.format(build_type)), ) )