--- a/testing/docker/recipes/run-task
+++ b/testing/docker/recipes/run-task
@@ -70,35 +70,26 @@ def run_and_prefix_output(prefix, args,
if data == b'':
break
print_line(prefix, data)
return p.wait()
-def vcs_checkout(args):
- # TODO get VCS parameters from arguments.
- base_repo = os.environ.get('GECKO_BASE_REPOSITORY')
-
- # We set the base repository to mozilla-central so tc-vcs doesn't get
- # confused. Switch to mozilla-unified because robustcheckout works best
- # with it.
- if base_repo == 'https://hg.mozilla.org/mozilla-central':
- base_repo = b'https://hg.mozilla.org/mozilla-unified'
-
+def vcs_checkout(source_repo, dest, base_repo=None, revision=None, branch=None):
# Specify method to checkout a revision. This defaults to revisions as
# SHA-1 strings, but also supports symbolic revisions like `tip` via the
# branch flag.
- if os.environ.get('GECKO_HEAD_REV'):
+ if revision:
revision_flag = b'--revision'
- revision = os.environ['GECKO_HEAD_REV']
- elif os.environ.get('GECKO_HEAD_REF'):
+ revision_value = revision
+ elif branch:
revision_flag = b'--branch'
- revision = os.environ['GECKO_HEAD_REF']
+ revision_value = branch
else:
print('revision is not specified for checkout')
sys.exit(1)
# Obtain certificate fingerprints.
try:
print_line(b'vcs', 'fetching hg.mozilla.org fingerprint from %s\n' %
FINGERPRINT_URL)
@@ -111,39 +102,46 @@ def vcs_checkout(args):
try:
secret = json.loads(secret, encoding='utf-8')
except ValueError:
print('invalid JSON in hg fingerprint secret')
sys.exit(1)
hgmo_fingerprint = secret['secret']['fingerprints'].encode('ascii')
- res = run_and_prefix_output(b'vcs', [
+ args = [
b'/usr/bin/hg',
b'--config', b'hostsecurity.hg.mozilla.org:fingerprints=%s' % hgmo_fingerprint,
b'robustcheckout',
b'--sharebase', b'/home/worker/hg-shared',
b'--purge',
- b'--upstream', base_repo,
- revision_flag, revision,
- os.environ['GECKO_HEAD_REPOSITORY'], args.vcs_checkout
- ], extra_env={b'PYTHONUNBUFFERED': b'1'})
+ ]
+
+ if base_repo:
+ args.extend([b'--upstream', base_repo])
+ args.extend([
+ revision_flag, revision_value,
+ source_repo, dest,
+ ])
+
+ res = run_and_prefix_output(b'vcs', args,
+ extra_env={b'PYTHONUNBUFFERED': b'1'})
if res:
sys.exit(res)
# Update the current revision hash and ensure that it is well formed.
revision = subprocess.check_output(
[b'/usr/bin/hg', b'log',
b'--rev', b'.',
b'--template', b'{node}'],
- cwd=args.vcs_checkout)
+ cwd=dest)
assert re.match('^[a-f0-9]{40}$', revision)
- os.environ['GECKO_HEAD_REV'] = revision
+ return revision
def main(args):
print_line(b'setup', b'run-task started\n')
if os.getuid() != 0:
print('assertion failed: not running as root')
return 1
@@ -220,45 +218,62 @@ def main(args):
for root, dirs, files in os.walk(path):
for d in dirs:
set_dir_permissions(os.path.join(root, d), uid, gid)
for f in files:
os.chown(os.path.join(root, f), uid, gid)
- checkout = args.vcs_checkout
- if checkout:
+ def prepare_checkout_dir(checkout):
+ if not checkout:
+ return
+
# Ensure the directory for the source checkout exists.
try:
os.makedirs(os.path.dirname(checkout))
except OSError as e:
if e.errno != errno.EEXIST:
raise
# And that it is owned by the appropriate user/group.
os.chown('/home/worker/hg-shared', uid, gid)
os.chown(os.path.dirname(checkout), uid, gid)
+ prepare_checkout_dir(args.vcs_checkout)
+
# Drop permissions to requested user.
# This code is modeled after what `sudo` was observed to do in a Docker
# container. We do not bother calling setrlimit() because containers have
# their own limits.
print_line(b'setup', b'running as %s:%s\n' % (args.user, args.group))
os.setgroups(gids)
os.umask(022)
os.setresgid(gid, gid, gid)
os.setresuid(uid, uid, uid)
# Checkout the repository, setting the GECKO_HEAD_REV to the current
# revision hash. Revision hashes have priority over symbolic revisions. We
# disallow running tasks with symbolic revisions unless they have been
# resolved by a checkout.
- if checkout:
- vcs_checkout(args)
+ if args.vcs_checkout:
+ base_repo = os.environ.get('GECKO_BASE_REPOSITORY')
+ # Some callers set the base repository to mozilla-central for historical
+ # reasons. Switch to mozilla-unified because robustcheckout works best
+ # with it.
+ if base_repo == 'https://hg.mozilla.org/mozilla-central':
+ base_repo = b'https://hg.mozilla.org/mozilla-unified'
+
+ os.environ['GECKO_HEAD_REV'] = vcs_checkout(
+ os.environ['GECKO_HEAD_REPOSITORY'],
+ args.vcs_checkout,
+ base_repo=base_repo,
+ revision=os.environ.get('GECKO_HEAD_REV'),
+ branch=os.environ.get('GECKO_HEAD_REF'))
+
elif not os.environ.get('GECKO_HEAD_REV') and \
os.environ.get('GECKO_HEAD_REF'):
print('task should be defined in terms of non-symbolic revision')
return 1
return run_and_prefix_output(b'task', task_args)