Bug 1383993 - Produce a chain of trust artifact from toolchain jobs. r?aki
We'll want chain of trust to be able to verify the toolchain artifacts
used by TC builds, which means the toolchain jobs producing them need to
output the chain of trust artifacts.
--- a/taskcluster/taskgraph/transforms/job/toolchain.py
+++ b/taskcluster/taskgraph/transforms/job/toolchain.py
@@ -75,16 +75,17 @@ def add_optimizations(config, run, taskd
@run_job_using("docker-worker", "toolchain-script", schema=toolchain_run_schema)
def docker_worker_toolchain(config, job, taskdesc):
run = job['run']
taskdesc['run-on-projects'] = ['trunk', 'try']
worker = taskdesc['worker']
worker['artifacts'] = []
worker['caches'] = []
+ worker['chain-of-trust'] = True
docker_worker_add_public_artifacts(config, job, taskdesc)
docker_worker_add_tc_vcs_cache(config, job, taskdesc)
docker_worker_add_gecko_vcs_env_vars(config, job, taskdesc)
support_vcs_checkout(config, job, taskdesc)
env = worker['env']
env.update({
@@ -141,16 +142,17 @@ def windows_toolchain(config, job, taskd
taskdesc['run-on-projects'] = ['trunk', 'try']
worker = taskdesc['worker']
worker['artifacts'] = [{
'path': r'public\build',
'type': 'directory',
}]
+ worker['chain-of-trust'] = True
docker_worker_add_gecko_vcs_env_vars(config, job, taskdesc)
# We fetch LLVM SVN into this.
svn_cache = 'level-{}-toolchain-clang-cl-build-svn'.format(config.params['level'])
worker['mounts'] = [{
'cache-name': svn_cache,
'directory': r'llvm-sources',