Bug 1411688 - Part 2: Include secrets in Android single-locale repacks. r=aki
Single-locale repacks need to run aapt (--without-gradle) or Gradle
(--with-gradle). When running --with-gradle, they need to compile the
Java source code again (in order to produce a fresh R.java with
correct IDs). That compile will be part of the shipping APK, so it
needs to be configured "the same" as the underlying repacked. *This
is a significant change in behaviour, but necessary to support newer
Gradle/aapt versions, which do not maintain R.java ID mappings across
invocations.*
Part of the configuration are the secret keys and features that are
gated on them. This commit makes those secrets available to
single-locale repacks.
MozReview-Commit-ID: 4REPsIb5TgN
--- a/taskcluster/ci/l10n/kind.yml
+++ b/taskcluster/ci/l10n/kind.yml
@@ -41,16 +41,20 @@ job-template:
android-api-16-l10n: 18000
docker-image:
by-build-platform:
default:
in-tree: desktop-build
android-api-16-l10n:
in-tree: android-build
win.*: null
+ secrets:
+ by-build-platform:
+ default: false
+ android-api-16-l10n: true
toolchains:
by-build-platform:
default: []
android-api-16-l10n:
- android-gradle-dependencies
- android-sdk-linux
- proguard-jar
tooltool:
@@ -105,17 +109,18 @@ job-template:
- total-chunks=1
- this-chunk=1
default:
- total-chunks=1
- this-chunk=1
actions:
by-build-platform:
default: [clone-locales list-locales setup repack summary]
- android-api-16-l10n: [clone-locales list-locales setup repack
+ android-api-16-l10n: [get-secrets
+ clone-locales list-locales setup repack
upload-repacks summary]
script:
by-build-platform:
default: mozharness/scripts/desktop_l10n.py
android-api-16-l10n: mozharness/scripts/mobile_l10n.py
when:
files-changed:
- browser/locales/l10n-changesets.json
--- a/taskcluster/ci/nightly-l10n/kind.yml
+++ b/taskcluster/ci/nightly-l10n/kind.yml
@@ -44,16 +44,20 @@ job-template:
android-api-16-nightly: 18000
docker-image:
by-build-platform:
default:
in-tree: desktop-build
android-api-16-nightly:
in-tree: android-build
win.*: null
+ secrets:
+ by-build-platform:
+ default: false
+ android-api-16-nightly: true
toolchains:
by-build-platform:
default: []
android-api-16-nightly:
- android-gradle-dependencies
- android-sdk-linux
- proguard-jar
tooltool:
@@ -166,14 +170,15 @@ job-template:
- config=single_locale/tc_win64.py
- config=taskcluster_nightly.py
- revision=$GECKO_HEAD_REV
default: [ ]
actions:
by-build-platform:
default: ['clone-locales', 'list-locales', 'setup', 'repack',
'submit-to-balrog', 'summary']
- android-api-16-nightly: ['clone-locales', 'list-locales', 'setup', 'repack',
+ android-api-16-nightly: ['get-secrets',
+ 'clone-locales', 'list-locales', 'setup', 'repack',
'upload-repacks', 'submit-to-balrog', 'summary']
script:
by-build-platform:
default: mozharness/scripts/desktop_l10n.py
android-api-16-nightly: mozharness/scripts/mobile_l10n.py
--- a/taskcluster/taskgraph/transforms/l10n.py
+++ b/taskcluster/taskgraph/transforms/l10n.py
@@ -102,16 +102,23 @@ l10n_description_schema = Schema({
Required('docker-image'): _by_platform(Any(
# an in-tree generated docker image (from `taskcluster/docker/<name>`)
{'in-tree': basestring},
None,
)),
Optional('toolchains'): _by_platform([basestring]),
+ # The set of secret names to which the task has access; these are prefixed
+ # with `project/releng/gecko/{treeherder.kind}/level-{level}/`. Setting
+ # this will enable any worker features required and set the task's scopes
+ # appropriately. `true` here means ['*'], all secrets. Not supported on
+ # Windows
+ Required('secrets', default=False): _by_platform(Any(bool, [basestring])),
+
# Information for treeherder
Required('treeherder'): {
# Platform to display the task on in treeherder
Required('platform'): _by_platform(basestring),
# Symbol to use
Required('symbol'): basestring,
@@ -246,16 +253,17 @@ def handle_keyed_by(config, jobs):
"""Resolve fields that can be keyed by platform, etc."""
fields = [
"locales-file",
"locales-per-chunk",
"worker-type",
"description",
"run-time",
"docker-image",
+ "secrets",
"toolchains",
"tooltool",
"env",
"ignore-locales",
"mozharness.config",
"mozharness.options",
"mozharness.actions",
"mozharness.script",
@@ -380,16 +388,17 @@ def make_job_description(config, jobs):
'description': job['description'],
'run': {
'using': 'mozharness',
'job-script': 'taskcluster/scripts/builder/build-l10n.sh',
'config': job['mozharness']['config'],
'script': job['mozharness']['script'],
'actions': job['mozharness']['actions'],
'options': job['mozharness']['options'],
+ 'secrets': job['secrets'],
},
'attributes': job['attributes'],
'treeherder': {
'kind': 'build',
'tier': job['treeherder']['tier'],
'symbol': job['treeherder']['symbol'],
'platform': job['treeherder']['platform'],
},
--- a/testing/mozharness/configs/single_locale/tc_android-api-16.py
+++ b/testing/mozharness/configs/single_locale/tc_android-api-16.py
@@ -10,9 +10,42 @@ config = {
"tooltool_servers": ['http://relengapi/tooltool/'],
"upload_env": {
'UPLOAD_HOST': 'localhost',
'UPLOAD_PATH': '/builds/worker/artifacts/',
},
"mozilla_dir": "src/",
"simple_name_move": True,
+ 'secret_files': [
+ {'filename': '/builds/gapi.data',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/gapi.data',
+ 'min_scm_level': 1},
+ {'filename': '/builds/mozilla-fennec-geoloc-api.key',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/mozilla-fennec-geoloc-api.key',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/adjust-sdk.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/adjust-sdk.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/adjust-sdk-beta.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/adjust-sdk-beta.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/leanplum-sdk-release.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/leanplum-sdk-release.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/leanplum-sdk-beta.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/leanplum-sdk-beta.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/leanplum-sdk-nightly.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/leanplum-sdk-nightly.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/pocket-api-release.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/pocket-api-release.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/pocket-api-beta.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/pocket-api-beta.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+ {'filename': '/builds/pocket-api-nightly.token',
+ 'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/pocket-api-nightly.token',
+ 'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+
+ ],
}
--- a/testing/mozharness/scripts/mobile_l10n.py
+++ b/testing/mozharness/scripts/mobile_l10n.py
@@ -33,26 +33,27 @@ from mozharness.base.transfer import Tra
from mozharness.mozilla.buildbot import BuildbotMixin
from mozharness.mozilla.purge import PurgeMixin
from mozharness.mozilla.release import ReleaseMixin
from mozharness.mozilla.signing import MobileSigningMixin
from mozharness.mozilla.tooltool import TooltoolMixin
from mozharness.base.vcs.vcsbase import MercurialScript
from mozharness.mozilla.l10n.locales import LocalesMixin
from mozharness.mozilla.mock import MockMixin
+from mozharness.mozilla.secrets import SecretsMixin
from mozharness.mozilla.updates.balrog import BalrogMixin
from mozharness.base.python import VirtualenvMixin
from mozharness.mozilla.taskcluster_helper import Taskcluster
# MobileSingleLocale {{{1
class MobileSingleLocale(MockMixin, LocalesMixin, ReleaseMixin,
MobileSigningMixin, TransferMixin, TooltoolMixin,
BuildbotMixin, PurgeMixin, MercurialScript, BalrogMixin,
- VirtualenvMixin):
+ VirtualenvMixin, SecretsMixin):
config_options = [[
['--locale', ],
{"action": "extend",
"dest": "locales",
"type": "string",
"help": "Specify the locale(s) to sign and update"
}
], [
@@ -119,16 +120,17 @@ class MobileSingleLocale(MockMixin, Loca
"type": "string",
"help": "Override the gecko revision to use (otherwise use buildbot supplied"
" value, or en-US revision) "}
]]
def __init__(self, require_config_file=True):
buildscript_kwargs = {
'all_actions': [
+ "get-secrets",
"clobber",
"pull",
"clone-locales",
"list-locales",
"setup",
"repack",
"validate-repacks-signed",
"upload-repacks",