Bug 1388431 - [win32/64, macosx64] Devedition: mars should be signed with Nightly key r=Callek
MozReview-Commit-ID: LEJ1OsZNSm9
--- a/taskcluster/taskgraph/transforms/repackage_signing.py
+++ b/taskcluster/taskgraph/transforms/repackage_signing.py
@@ -5,17 +5,17 @@
Transform the repackage signing task into an actual task description.
"""
from __future__ import absolute_import, print_function, unicode_literals
from taskgraph.transforms.base import TransformSequence
from taskgraph.util.attributes import copy_attributes_from_dependent_job
from taskgraph.util.schema import validate_schema, Schema
-from taskgraph.util.scriptworker import get_signing_cert_scope
+from taskgraph.util.scriptworker import get_signing_cert_scope_per_platform
from taskgraph.transforms.task import task_description_schema
from voluptuous import Required, Optional
# Voluptuous uses marker objects as dictionary *keys*, but they are not
# comparable, so we cast all of the keys back to regular strings
task_description_schema = {str(k): v for k, v in task_description_schema.schema.iteritems()}
transforms = TransformSequence()
@@ -72,40 +72,44 @@ def make_repackage_signing_description(c
attributes['repackage_type'] = 'repackage-signing'
locale_str = ""
if dep_job.attributes.get('locale'):
treeherder['symbol'] = 'tc-rs({})'.format(dep_job.attributes.get('locale'))
attributes['locale'] = dep_job.attributes.get('locale')
locale_str = "{}/".format(dep_job.attributes.get('locale'))
- scopes = [get_signing_cert_scope(config),
- "project:releng:signing:format:mar_sha384"]
+ build_platform = dep_job.attributes.get('build_platform')
+ is_nightly = dep_job.attributes.get('nightly')
+ signing_cert_scope = get_signing_cert_scope_per_platform(
+ build_platform, is_nightly, config
+ )
+ scopes = [signing_cert_scope, 'project:releng:signing:format:mar_sha384']
upstream_artifacts = [{
"taskId": {"task-reference": "<repackage>"},
"taskType": "repackage",
"paths": [
"public/build/{}target.complete.mar".format(locale_str),
],
"formats": ["mar_sha384"]
}]
- if 'win' in dep_job.attributes.get('build_platform'):
+ if 'win' in build_platform:
upstream_artifacts.append({
"taskId": {"task-reference": "<repackage>"},
"taskType": "repackage",
"paths": [
"public/build/{}target.installer.exe".format(locale_str),
],
"formats": ["sha2signcode"]
})
scopes.append("project:releng:signing:format:sha2signcode")
# Stub installer is only generated on win32
- if '32' in dep_job.attributes.get('build_platform'):
+ if '32' in build_platform:
upstream_artifacts.append({
"taskId": {"task-reference": "<repackage>"},
"taskType": "repackage",
"paths": [
"public/build/{}target.stub-installer.exe".format(locale_str),
],
"formats": ["sha2signcodestub"]
})
@@ -125,17 +129,16 @@ def make_repackage_signing_description(c
'treeherder': treeherder,
}
funsize_platforms = [
'macosx64-nightly',
'win32-nightly',
'win64-nightly'
]
- if dep_job.attributes.get('build_platform') in funsize_platforms and \
- dep_job.attributes.get('nightly'):
+ if build_platform in funsize_platforms and is_nightly:
route_template = "project.releng.funsize.level-{level}.{project}"
task['routes'] = [
route_template.format(project=config.params['project'],
level=config.params['level'])
]
yield task
--- a/taskcluster/taskgraph/transforms/signing.py
+++ b/taskcluster/taskgraph/transforms/signing.py
@@ -5,17 +5,17 @@
Transform the signing task into an actual task description.
"""
from __future__ import absolute_import, print_function, unicode_literals
from taskgraph.transforms.base import TransformSequence
from taskgraph.util.attributes import copy_attributes_from_dependent_job
from taskgraph.util.schema import validate_schema, Schema
-from taskgraph.util.scriptworker import get_signing_cert_scope, get_devedition_signing_cert_scope
+from taskgraph.util.scriptworker import get_signing_cert_scope_per_platform
from taskgraph.transforms.task import task_description_schema
from voluptuous import Any, Required, Optional
# Voluptuous uses marker objects as dictionary *keys*, but they are not
# comparable, so we cast all of the keys back to regular strings
task_description_schema = {str(k): v for k, v in task_description_schema.schema.iteritems()}
@@ -112,26 +112,19 @@ def make_task_description(config, jobs):
attributes = copy_attributes_from_dependent_job(dep_job)
attributes['signed'] = True
if dep_job.attributes.get('chunk_locales'):
# Used for l10n attribute passthrough
attributes['chunk_locales'] = dep_job.attributes.get('chunk_locales')
- # This code wasn't originally written with the possibility of using different
- # signing cert scopes for different platforms on the same branch. This isn't
- # ideal, but it's what we currently have to make this possible.
- if dep_job.attributes.get('build_platform') in set(
- ['linux64-devedition-nightly', 'linux-devedition-nightly']):
- signing_cert_scope = get_devedition_signing_cert_scope(config)
- elif is_nightly:
- signing_cert_scope = get_signing_cert_scope(config)
- else:
- signing_cert_scope = 'project:releng:signing:cert:dep-signing'
+ signing_cert_scope = get_signing_cert_scope_per_platform(
+ dep_job.attributes.get('build_platform'), is_nightly, config
+ )
task = {
'label': label,
'description': description,
'worker-type': _generate_worker_type(signing_cert_scope),
'worker': {'implementation': 'scriptworker-signing',
'upstream-artifacts': job['upstream-artifacts'],
'max-run-time': 3600},
--- a/taskcluster/taskgraph/util/scriptworker.py
+++ b/taskcluster/taskgraph/util/scriptworker.py
@@ -414,8 +414,21 @@ def get_release_config(config):
build_number = str(os.environ.get("BUILD_NUMBER", ""))
if not build_number.isdigit():
raise ValueError("Release graphs must specify `BUILD_NUMBER` in the environment!")
release_config['build_number'] = int(build_number)
with open(VERSION_PATH, "r") as fh:
version = fh.readline().rstrip()
release_config['version'] = version
return release_config
+
+
+def get_signing_cert_scope_per_platform(build_platform, is_nightly, config):
+ if build_platform in (
+ 'linux-devedition-nightly', 'linux64-devedition-nightly',
+ 'macosx64-devedition-nightly',
+ 'win32-devedition-nightly', 'win64-devedition-nightly',
+ ):
+ return get_devedition_signing_cert_scope(config)
+ elif is_nightly:
+ return get_signing_cert_scope(config)
+ else:
+ return 'project:releng:signing:cert:dep-signing'