horok/firefox
1
0
Fork 0
Code Activity
firefox/taskcluster/docker/funsize-update-generator/runme.sh
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

61 lines
2.1 KiB
Bash
Raw Permalink Blame History

#!/bin/sh
set -xe
test "$TASK_ID"
test "$SIGNING_CERT"
ARTIFACTS_DIR="/home/worker/artifacts"
mkdir -p "$ARTIFACTS_DIR"
# Strip trailing / if present
TASKCLUSTER_ROOT_URL="${TASKCLUSTER_ROOT_URL%/}"
export TASKCLUSTER_ROOT_URL
# duplicate the functionality of taskcluster-lib-urls, but in bash..
queue_base="${TASKCLUSTER_ROOT_URL%/}/api/queue/v1"
curl --location --retry 10 --retry-delay 10 -o /home/worker/task.json "$queue_base/task/$TASK_ID"
# auth:aws-s3:read-write:tc-gp-private-1d-us-east-1/releng/mbsdiff-cache/
# -> bucket of tc-gp-private-1d-us-east-1, path of releng/mbsdiff-cache/
# Trailing slash is important, due to prefix permissions in S3.
S3_BUCKET_AND_PATH=$(jq -r '.scopes[] | select(contains ("auth:aws-s3"))' /home/worker/task.json | awk -F: '{print $4}')
# Will be empty if there's no scope for AWS S3.
if [ -n "${S3_BUCKET_AND_PATH}" ] && getent hosts taskcluster
then
# Does this parse as we expect?
S3_PATH=${S3_BUCKET_AND_PATH#*/}
AWS_BUCKET_NAME=${S3_BUCKET_AND_PATH%/"${S3_PATH}"*}
test "${S3_PATH}"
test "${AWS_BUCKET_NAME}"
set +x # Don't echo these.
secret_url="${TASKCLUSTER_PROXY_URL}/api/auth/v1/aws/s3/read-write/${AWS_BUCKET_NAME}/${S3_PATH}"
AUTH=$(curl "${secret_url}")
AWS_ACCESS_KEY_ID=$(echo "${AUTH}" | jq -r '.credentials.accessKeyId')
AWS_SECRET_ACCESS_KEY=$(echo "${AUTH}" | jq -r '.credentials.secretAccessKey')
AWS_SESSION_TOKEN=$(echo "${AUTH}" | jq -r '.credentials.sessionToken')
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN
AUTH=
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ]; then
# Pass the full bucket/path prefix, as the script just appends local files.
export MBSDIFF_HOOK="/home/worker/bin/mbsdiff_hook.sh -S ${S3_BUCKET_AND_PATH}"
fi
set -x
else
# disable caching
export MBSDIFF_HOOK=
fi
# EXTRA_PARAMS is optional
# shellcheck disable=SC2086
python3 /home/worker/bin/funsize.py \
--artifacts-dir "$ARTIFACTS_DIR" \
--task-definition /home/worker/task.json \
--signing-cert "/home/worker/keys/${SIGNING_CERT}.pubkey" \
$EXTRA_PARAMS
View git blame Copy permalink