Fix trust level in decision task
parent
9ba45779c2
commit
f9c791c93b
|
@ -43,20 +43,15 @@ tasks:
|
|||
then: ${event.pull_request.base.repo.full_name}
|
||||
else: ${event.repository.full_name}
|
||||
|
||||
is_repo_trusted:
|
||||
trust_level:
|
||||
# Pull requests on main repository can't be trusted because anybody can open a PR on it, without a review
|
||||
$if: 'tasks_for in ["github-push", "github-release", "cron"] && event.repository.html_url == "https://github.com/mozilla-mobile/fenix"'
|
||||
then: true
|
||||
else: false
|
||||
then: 3
|
||||
else: 1
|
||||
in:
|
||||
$let:
|
||||
decision_worker_type:
|
||||
$if: 'is_repo_trusted'
|
||||
then: mobile-3-decision
|
||||
else: mobile-1-decision
|
||||
|
||||
track:
|
||||
$if: 'is_repo_trusted'
|
||||
$if: 'trust_level == 3'
|
||||
then: 'nightly'
|
||||
else: 'staging-nightly'
|
||||
|
||||
|
@ -82,7 +77,7 @@ tasks:
|
|||
deadline: {$fromNow: '2 hours'}
|
||||
expires: ${expires_in}
|
||||
provisionerId: aws-provisioner-v1
|
||||
workerType: ${decision_worker_type}
|
||||
workerType: mobile-${trust_level}-decision
|
||||
priority: ${tasks_priority}
|
||||
requires: all-completed # Must be explicit because of Chain of Trust
|
||||
retries: 5
|
||||
|
@ -106,6 +101,7 @@ tasks:
|
|||
SCHEDULER_ID: ${scheduler_id}
|
||||
TASK_ID: ${decision_task_id}
|
||||
TASKS_PRIORITY: ${tasks_priority}
|
||||
TRUST_LEVEL: ${trust_level}
|
||||
features:
|
||||
taskclusterProxy: true
|
||||
extra:
|
||||
|
@ -169,7 +165,7 @@ tasks:
|
|||
$mergeDeep:
|
||||
- {$eval: 'default_task_definition'}
|
||||
- scopes:
|
||||
- $if: is_repo_trusted
|
||||
- $if: 'trust_level == 3'
|
||||
then: assume:hook-id:project-mobile/fenix-nightly
|
||||
else: assume:hook-id:project-mobile/fenix-nightly-staging
|
||||
routes:
|
||||
|
|
|
@ -37,6 +37,7 @@ BUILDER = TaskBuilder(
|
|||
scheduler_id=os.environ.get('SCHEDULER_ID', 'taskcluster-github'),
|
||||
tasks_priority=os.environ.get('TASKS_PRIORITY'),
|
||||
date_string=os.environ.get('BUILD_DATE'),
|
||||
trust_level=os.environ.get('TRUST_LEVEL'),
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ _OFFICIAL_REPO_URL = 'https://github.com/mozilla-mobile/fenix'
|
|||
class TaskBuilder(object):
|
||||
def __init__(
|
||||
self, task_id, repo_url, branch, commit, owner, source, scheduler_id, date_string,
|
||||
tasks_priority='lowest'
|
||||
tasks_priority='lowest', trust_level=1
|
||||
):
|
||||
self.task_id = task_id
|
||||
self.repo_url = repo_url
|
||||
|
@ -30,6 +30,7 @@ class TaskBuilder(object):
|
|||
self.scheduler_id = scheduler_id
|
||||
self.tasks_priority = tasks_priority
|
||||
self.date = arrow.get(date_string)
|
||||
self.trust_level = trust_level
|
||||
|
||||
def craft_assemble_release_task(self, apks, is_staging=False):
|
||||
artifacts = {
|
||||
|
@ -82,7 +83,6 @@ class TaskBuilder(object):
|
|||
],
|
||||
artifacts=artifacts,
|
||||
routes=routes,
|
||||
is_staging=is_staging,
|
||||
treeherder={
|
||||
'jobKind': 'build',
|
||||
'machine': {
|
||||
|
@ -231,7 +231,7 @@ class TaskBuilder(object):
|
|||
|
||||
def _craft_build_ish_task(
|
||||
self, name, description, command, dependencies=None, artifacts=None, scopes=None,
|
||||
routes=None, is_staging=True, treeherder=None
|
||||
routes=None, treeherder=None
|
||||
):
|
||||
dependencies = [] if dependencies is None else dependencies
|
||||
artifacts = {} if artifacts is None else artifacts
|
||||
|
@ -269,7 +269,7 @@ class TaskBuilder(object):
|
|||
}
|
||||
|
||||
return self._craft_default_task_definition(
|
||||
'mobile-1-b-fenix' if is_staging else 'mobile-3-b-fenix',
|
||||
'mobile-{}-b-fenix'.format(self.trust_level),
|
||||
'aws-provisioner-v1',
|
||||
dependencies,
|
||||
routes,
|
||||
|
|
Loading…
Reference in New Issue