diff options
Diffstat (limited to 'taskcluster/ci/config.yml')
-rw-r--r-- | taskcluster/ci/config.yml | 879 |
1 files changed, 879 insertions, 0 deletions
diff --git a/taskcluster/ci/config.yml b/taskcluster/ci/config.yml new file mode 100644 index 0000000000..73496c538b --- /dev/null +++ b/taskcluster/ci/config.yml @@ -0,0 +1,879 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +--- +trust-domain: gecko +project-repo-param-prefix: '' +product-dir: 'browser' +treeherder: + group-names: + 'cram': 'Cram tests' + 'js-bench-sm': 'JavaScript shell benchmarks with Spidermonkey' + 'js-bench-v8': 'JavaScript shell benchmarks with Google V8' + 'node': 'Node tests' + 'py3': 'Python 3 unit tests' + 'A': 'Android Gradle tests' + 'Bpgo': 'Profile-guided optimization builds' + 'Btime': 'Browsertime performance tests on Firefox' + 'Btime-cache': 'Browsertime performance tests on Firefox with populated bytecode cache.' + 'Btime-1proc': 'Browsertime performance tests on Firefox without e10s' + 'Btime-nofis': 'Browsertime tests on Firefox without fission enabled' + 'Btime-P-nofis': 'Browsertime power tests on Firefox without fission enabled' + 'Btime-Prof-nofis': 'Browsertime tests on Firefox with profiling and without fission enabled' + 'Btime-P-nofis-refbrow': 'Browsertime Power Usage Tests on reference browser without fission enabled' + 'Btime-P-nofis-fenix': 'Browsertime Power Usage Tests on Fenix without fission enabled' + 'Btime-live-nofis-fenix': 'Browsertime tests on Fenix without fission enabled using live sites' + 'Btime-nofis-fenix': 'Browsertime tests on Fenix without fission enabled' + 'Btime-webext-nofis-fenix': 'Browsertime performance tests on Fenix with extensions and without fission enabled' + 'Btime-webext': 'Browsertime performance tests on Firefox with extensions' + 'Btime-live-nofis': 'Browsertime tests on Firefox without fission enabled using live sites' + 'Btime-nofis-refbrow': 'Browsertime tests on reference browser without fission enabled' + 'Btime-live-nofis-ChR': 'Browsertime tests on Chrome without fission enabled using live sites' + 'Btime-Prof': 'Browsertime performance tests on Firefox with Gecko Profiling' + 'Btime-Prof-1proc': 'Browsertime performance tests on Firefox with Gecko Profiling and without e10s' + 'Btime-live': 'Browsertime performance tests on Firefox' + 'Btime-live-fenix': 'Browsertime performance tests on Firefox' + 'Btime-live-ChR': 'Browsertime performance tests on Firefox' + 'Btime-live-Cr': 'Browsertime performance tests on Google Chromium' + 'Btime-live-Saf': 'Browsertime performance tests on Safari' + 'Btime-ChR': 'Browsertime performance tests on Google Chrome Release' + 'Btime-nofis-ChR': 'Browsertime performance tests on Google Chrome Release without fission enabled' + 'Btime-Cr': 'Browsertime performance tests on Google Chromium' + 'Btime-P': 'Browsertime power tests on Firefox/Geckoview' + 'Btime-P-fenix': 'Browsertime power tests on Fenix' + 'Btime-P-refbrow': 'Browsertime power tests on reference browser' + 'Btime-fenix': 'Browsertime performance tests on Fenix' + 'Btime-refbrow': 'Browsertime performance tests on the reference browser' + 'Btime-Saf': 'Browsertime performance tests on Safari' + 'Btime-CaR': 'Browsertime performance tests on Chromium-as-Release' + 'Btime-nofis-CaR': 'Browsertime performance tests on Chromium-as-Release without fission enabled' + 'Fetch': 'Fetch and store content' + 'Fxfn': 'Firefox functional tests' + 'l10n-bump': 'L10n Bumper' + 'M': 'Mochitests' + 'M-cf': 'Mochitests confirm failure' + 'M-condprof': "Mochitests with conditioned profile" + 'M-condprof-cf': "Mochitests confirm failure with conditioned profile" + 'M-fis-hv': "Mochitests that run on Fission with isolateHighValue isolation strategy (Android-specific)" + 'M-fis-hv-cf': "Mochitests confirm failure that run on Fission with isolateHighValue isolation strategy (Android-specific)" + 'M-headless': 'Headless Mochitests' + 'M-headless-cf': 'Headless Mochitests confirm failure' + 'M-headless-spi-nw': 'Headless Mochitests with fission and socketprocess networking.' + 'M-headless-spi-nw-cf': 'Headless Mochitests confirm failure with fission and socketprocess networking.' + 'M-http3': 'Mochitests with Http/3 server' + 'M-http3-cf': 'Mochitests confirm failure with Http/3 server' + 'M-http2': 'Mochitests with Http/2 server' + 'M-http2-cf': 'Mochitests confirm failure with Http/2 server' + 'M-aab': 'Mochitests with AAB test_runner.' + 'M-aab-cf': 'Mochitests confirm failure with AAB test_runner.' + 'M-aab-nofis': 'Mochitests with AAB test_runner without fission enabled.' + 'M-aab-nofis-cf': 'Mochitests confirm failure with AAB test_runner without fission enabled.' + 'M-1proc': 'Mochitests without e10s or fission' + 'M-1proc-cf': 'Mochitests confirm failure without e10s or fission' + 'M-a11y-checks': 'Mochitests with accessibility checks enabled' + 'M-a11y-checks-cf': 'Mochitests confirm failure with accessibility checks enabled' + 'M-xorig': 'Mochitests with cross-origin and fission enabled' + 'M-xorig-cf': 'Mochitests confirm failure with cross-origin and fission enabled' + 'M-gli': 'Mochitests with WebGL over IPC' + 'M-gli-cf': 'Mochitests confirm failure with WebGL over IPC' + 'M-nofis': 'Mochitests without fission enabled' + 'M-nofis-cf': 'Mochitests confirm failure without fission enabled' + 'M-spi': 'Mochitests with socket process' + 'M-spi-cf': 'Mochitests confirm failure with socket process' + 'M-spi-nofis': 'Mochitests with socket process without fission enabled' + 'M-spi-nofis-cf': 'Mochitests confirm failure with socket process without fission enabled' + 'M-spi-nw': 'Mochitests with networking on socket process' + 'M-spi-nw-cf': 'Mochitests confirm failure with networking on socket process' + 'M-spi-nw-nofis': 'Mochitests with networking on socket process without fission enabled' + 'M-spi-nw-nofis-cf': 'Mochitests confirm failure with networking on socket process without fission enabled' + 'M-spi-nw-1proc': 'Mochitests with networking on socket process without e10s' + 'M-spi-nw-1proc-cf': 'Mochitests confirm failure with networking on socket process without e10s' + 'M-swr': 'Mochitests with software webrender enabled' + 'M-swr-cf': 'Mochitests confirm failure with software webrender enabled' + 'M-swr-a11y-checks': 'Mochitests with software webrender and accessibility checks enabled' + 'M-swr-a11y-checks-cf': 'Mochitests confirm failure with software webrender and accessibility checks enabled' + 'M-swr-1proc': 'Mochitests with software webrender enabled without e10s' + 'M-swr-1proc-cf': 'Mochitests confirm failure with software webrender enabled without e10s' + 'M-swr-nofis': 'Mochitests with software webrender without fission enabled' + 'M-swr-nofis-cf': 'Mochitests confirm failure with software webrender without fission enabled' + 'M-wmfme': 'Mochitests with Windows Media Foundation media engine enabled' + 'M-wmfme-cf': 'Mochitests confirm failure with Windows Media Foundation media engine enabled' + 'M-mda-gpu': 'Mochitests Media on GPU worker' + 'M-mda-gpu-cf': 'Mochitests confirm failure Media on GPU worker' + 'M-f': 'Mochitest failures' + 'M-f-swr': 'Mochitest failures software webrender' + 'M-f-cf': 'Mochitest failures w/confirm failure' + 'M-f-swr-cf': 'Mochitest failures software webrender w/confirm failure' + 'M-dt-no-eft-nofis': 'DevTools Mochitests with EFT disabled without fission enabled' + 'M-dt-no-eft-nofis-cf': 'DevTools Mochitests confirm failure with EFT disabled without fission enabled' + 'M-msix': 'Mochitests from MSIX builds' + 'M-msix-cf': 'Mochitests confirm failure from MSIX builds' + 'MSI': 'Repack installers into MSIs' + 'MSIs': 'Signing of Repacked installers of MSIs' + 'MSIX': 'Repack into MSIX package' + 'MSIXs': 'Signing of Repack into MSIX package' + 'Pup': "Puppeteer tests" + 'R': 'Reftests' + 'R-cf': 'Reftests confirm failure' + 'R-nofis': 'Reftests without fission enabled' + 'R-nofis-cf': 'Reftests confirm failure without fission enabled' + 'R-swr': 'Reftests with software webrender enabled' + 'R-swr-cf': 'Reftests confirm failure with software webrender enabled' + 'R-swr-nofis': 'Reftests with software webrender enabled without fission enabled' + 'R-swr-nofis-cf': 'Reftests confirm failure with software webrender enabled without fission enabled' + 'R-wr-dc0': 'Reftests with dcomp disabled' + 'R-wr-dc0-cf': 'Reftests confirm failure with dcomp disabled' + 'R-wr-dc1-p': 'Reftests with dcomp present but not overlays' + 'R-wr-dc1-p-cf': 'Reftests confirm failure with dcomp present but not overlays' + 'R-wr-dc2-o': 'Reftests with dcomp overlays but not compositing' + 'R-wr-dc2-o-cf': 'Reftests confirm failure with dcomp overlays but not compositing' + 'R-wr-dc3-c': 'Reftests with dcomp compositing' + 'R-wr-dc3-c-cf': 'Reftests confirm failure with dcomp compositing' + 'Rap': 'Raptor performance tests on Firefox' + 'Rap-live': 'Raptor performance tests on Firefox with live sites' + 'Rap-Prof': 'Raptor performance tests on Firefox with Gecko Profiling' + 'Rap-ChR': 'Raptor performance tests on Google Chrome Release' + 'Rap-Cr': 'Raptor performance tests on Google Chromium' + 'Rap-refbrow': 'Raptor performance tests on the reference browser' + 'T': 'Talos performance tests' + 'T-gli': 'Talos performance tests with WebGL over IPC' + 'T-Prof': 'Talos performance tests on Firefox with Gecko Profiling' + 'T-Prof-gli': 'Talos performance tests with WebGL over IPC and Gecko Profiling' + 'T-swr': 'Talos performance tests with software webrender enabled' + 'tt': 'Telemetry tests' + 'tt-nofis': 'Telemetry tests without fission enabled' + 'SY': 'Are we slim yet tests by TaskCluster' + 'W': 'Web platform tests' + 'W-cf': 'Web platform tests confirm failure' + 'W-nofis': 'Web platform tests without fission enabled' + 'W-nofis-cf': 'Web platform tests confirm failure without fission enabled' + 'W-headless': 'Headless web platform tests' + 'W-headless-cf': 'Headless web platform tests confirm failure' + 'W-swr-nofis': 'Web platform tests with software webrender enabled without fission enabled' + 'W-swr-nofis-cf': 'Web platform tests confirm failure with software webrender enabled without fission enabled' + 'W-swr': 'Web platform tests with software webrender enabled' + 'W-swr-cf': 'Web platform tests confirm falure with software webrender enabled' + 'W-b': 'Web platform tests (backlog)' + 'W-b-nofis': 'Web platform tests (backlog) without fission enabled' + 'W-pb': 'Web platform tests with private browsing enabled' + 'X': 'Xpcshell tests' + 'X-cf': 'Xpcshell tests confirm failure' + 'X-condprof': 'Xpcshell tests with a conditioned profile' + 'X-condprof-cf': 'Xpcshell tests confirm failure with a conditioned profile' + 'X-nofis': 'Xpcshell tests without fission enabled' + 'X-nofis-cf': 'Xpcshell tests confirm failure without fission enabled' + 'X-spi-nw': 'Xpcshell tests with networking on socket process' + 'X-spi-nw-cf': 'Xpcshell tests confirm failure with networking on socket process' + 'X-spi-nw-nofis': 'Xpcshell tests with networking on socket process without fission enabled' + 'X-spi-nw-nofis-cf': 'Xpcshell tests confirm failure with networking on socket process without fission enabled' + 'X-f': 'Xpcshell tests that fail on a given config' + 'X-f-spi-nw': 'Xpcshell tests that fail on a given config w/socket process' + 'X-msix': 'Xpcshell tests on msix packages' + 'X-msix-cf': 'Xpcshell tests confirm failure on msix packages' + 'L10n': 'Localised Repacks' + 'L10n-Rpk': 'Localized Repackaged Repacks' + 'deb-L10n': 'Localized Debian Repacks' + 'BM': 'Beetmover' + 'BMR': 'Beetmover repackages' + 'BM-apt': 'Beetmover .deb packages' + 'c-Up': 'Balrog submission of complete updates' + 'css': 'Checksum signing for source' + 'rs': 'Repackage signing' + 'BMcs': 'Beetmover checksums' + 'BMcslang': 'Beetmover checksums for language packs' + 'BMcss': 'Beetmover checksums for source' + 'Deb8': 'Packages for Debian 8' + 'Deb8-32': 'Packages for Debian 8 32-bits' + 'Deb9': 'Packages for Debian 9' + 'Deb10': 'Packages for Debian 10' + 'Deb11': 'Packages for Debian 11' + 'Deb12': 'Packages for Debian 12' + 'Ub18': 'Packages for Ubuntu 18.04' + 'Ub20': 'Packages for Ubuntu 20.04' + 'Ub22': 'Packages for Ubuntu 22.04' + 'I': 'Docker Image Builds' + 'TA': 'Toolchain builds for Android' + 'TL': 'Toolchain builds for Linux 64-bits' + 'TL32': 'Toolchain builds for Linux 32-bits' + 'TM': 'Toolchain builds for OSX' + 'TMW': 'Toolchain builds for Windows MinGW' + 'TW32': 'Toolchain builds for Windows 32-bits' + 'TW64': 'Toolchain builds for Windows 64-bits' + 'WMC32': 'MinGW-Clang builds for Windows 32-bits' + 'WMC64': 'MinGW-Clang builds for Windows 64-bits' + 'Searchfox': 'Searchfox builds' + 'SM': 'Spidermonkey builds' + 'p': 'Partial generation' + 'ps': 'Partials signing' + 'ms': 'Complete MAR signing' + 'ms-stage': 'Autograph-stage MAR signing test' + 'Rel': 'Release promotion' + 'Snap': 'Snap image generation' + 'Flatpak': 'Flatpak image generation' + 'langpack': 'Langpack sigatures and uploads' + 'TPS': 'Sync tests' + 'UV': 'Update verify' + 'UVnext': 'Update verify for esr-next' + 'pydep': 'python dependency update' + 'WR': 'WebRender standalone' + 'Wgpu': 'WebGPU standalone' + 'cpp': 'C/C++ checks' + 'pedantic': 'pedantic checks' + 'text': 'Check on texts' + 'misc': 'Misc checks' + 'js': 'JavaScript checks' + 'py': 'Python checks' + 'java': 'Java checks' + 'rust': 'Rust checks' + 'Static-Analysis': 'Full tree static-analysis' + 'SS': 'Shadow scheduler' + 'Sel': 'Selenium Snap tests' + 'Sentry': 'Sentry synchronization' + 'test-info': 'Test manifest skip/fail information' + 'condprof': 'Conditioned Profile Builder' + 'doc': 'Documentation' + 'GhS': 'GitHub Synchronization' + 'perftest': 'Performance tests' + 'perftest-detect': 'Performance regression detection tooling' + 'perftest-chrome': 'Performance tests using Chrone' + 'perftest-http3': 'Performance tests with HTTP/3' + 'l10n': 'Localization checks' + 'fxrec': 'Desktop startup recorder (fxrecord)' + 'wc': 'webcompat' + 'Boot': 'Bootstrap' + 'Attr-L10n': 'Build Attribution' + +index: + products: + - 'firefox' + - 'fennec' + - 'mobile' + - 'static-analysis' + - 'devedition' + - 'source' + - 'system-symbols' + - 'geckodriver' + +try: + # We have a few platforms for which we want to do some "extra" builds, or at + # least build-ish things. Sort of. Anyway, these other things are implemented + # as different "platforms". These do *not* automatically ride along with "-p + # all" + ridealong-builds: + 'linux': + - 'sm-plain-linux32' + - 'sm-arm-sim-linux32' + 'linux64': + - 'sm-plain-linux64' + - 'sm-nojit-linux64' + - 'sm-nonunified-linux64' + - 'sm-arm-sim-linux32' + - 'sm-arm64-sim-linux64' + - 'sm-compacting-linux64' + - 'sm-rootanalysis-linux64' + - 'sm-package-linux64' + - 'sm-tsan-linux64' + - 'sm-asan-linux64' + - 'sm-msan-linux64' + - 'sm-fuzzing-linux64' + 'win32': + - 'sm-plain-win32' + - 'sm-compacting-win32' + +release-promotion: + products: + - 'devedition' + - 'fennec' + - 'firefox' + rebuild-kinds: + - docker-image + - fetch + - packages + - toolchain + flavors: + promote_devedition: + product: devedition + target-tasks-method: promote_desktop + partial-updates: true + promote_firefox: + product: firefox + target-tasks-method: promote_desktop + partial-updates: true + promote_firefox_partner_repack: + product: firefox + rebuild-kinds: + - release-partner-repack + - release-partner-repack-chunking-dummy + - release-partner-repack-signing + - release-partner-repack-mac-signing + - release-partner-repack-mac-notarization + - release-partner-repack-repackage + - release-partner-repack-repackage-signing + - release-partner-repack-beetmover + target-tasks-method: promote_desktop + promote_firefox_partner_attribution: + product: firefox + rebuild-kinds: + - release-partner-attribution + - release-partner-attribution-beetmover + target-tasks-method: promote_desktop + promote_firefox_rc: + product: firefox + is-rc: true + target-tasks-method: promote_desktop + partial-updates: true + push_devedition: + product: devedition + target-tasks-method: push_desktop + partial-updates: true + push_firefox: + product: firefox + target-tasks-method: push_desktop + partial-updates: true + ship_devedition: + product: devedition + target-tasks-method: ship_desktop + version-bump: true + partial-updates: true + ship_firefox: + product: firefox + target-tasks-method: ship_desktop + version-bump: true + partial-updates: true + ship_firefox_rc: + product: firefox + is-rc: true + target-tasks-method: ship_desktop + partial-updates: true + + +merge-automation: + behaviors: + central-to-beta: + fetch-version-from: "browser/config/version.txt" + version-files: + - filename: "config/milestone.txt" + new-suffix: '' + - filename: "browser/config/version.txt" + new-suffix: '' + - filename: "browser/config/version_display.txt" + new-suffix: 'b1' + replacements: + - - browser/config/mozconfigs/linux32/l10n-mozconfig + - ac_add_options --with-branding=browser/branding/nightly + - ac_add_options --enable-official-branding + - - browser/config/mozconfigs/linux64/l10n-mozconfig + - ac_add_options --with-branding=browser/branding/nightly + - ac_add_options --enable-official-branding + - - browser/config/mozconfigs/win32/l10n-mozconfig + - ac_add_options --with-branding=browser/branding/nightly + - ac_add_options --enable-official-branding + - - browser/config/mozconfigs/win64/l10n-mozconfig + - ac_add_options --with-branding=browser/branding/nightly + - ac_add_options --enable-official-branding + - - browser/config/mozconfigs/win64-aarch64/l10n-mozconfig + - ac_add_options --with-branding=browser/branding/nightly + - ac_add_options --enable-official-branding + - - browser/config/mozconfigs/macosx64/l10n-mozconfig + - ac_add_options --with-branding=browser/branding/nightly + - ac_add_options --enable-official-branding + merge-old-head: true + base-tag: 'FIREFOX_BETA_{major_version}_BASE' + end-tag: 'FIREFOX_BETA_{major_version}_END' + from-repo: 'https://hg.mozilla.org/mozilla-central' + from-branch: 'central' + to-repo: 'https://hg.mozilla.org/releases/mozilla-beta' + to-branch: 'beta' + early-to-late-beta: + fetch-version-from: "browser/config/version.txt" + version-files: [] + replacements: + - - build/defines.sh + - EARLY_BETA_OR_EARLIER=1 + - EARLY_BETA_OR_EARLIER= + merge-old-head: false + to-repo: 'https://hg.mozilla.org/releases/mozilla-beta' + to-branch: 'beta' + beta-to-release: + fetch-version-from: "browser/config/version.txt" + version-files: + - filename: "browser/config/version_display.txt" + new-suffix: '' + replacements: [] + merge-old-head: true + base-tag: 'FIREFOX_RELEASE_{major_version}_BASE' + end-tag: 'FIREFOX_RELEASE_{major_version}_END' + from-repo: 'https://hg.mozilla.org/releases/mozilla-beta' + from-branch: 'beta' + to-repo: 'https://hg.mozilla.org/releases/mozilla-release' + to-branch: 'release' + release-to-esr: + fetch-version-from: "browser/config/version.txt" + version-files: + - filename: "browser/config/version_display.txt" + new-suffix: 'esr' + replacements: [] + merge-old-head: false + end-tag: "FIREFOX_ESR_{major_version}_BASE" + to-repo: 'https://hg.mozilla.org/releases/mozilla-esr115' + to-branch: 'esr115' + bump-central: + fetch-version-from: "browser/config/version.txt" + version-files: + - filename: "config/milestone.txt" + version-bump: "major" + new-suffix: 'a1' + - filename: "browser/config/version.txt" + version-bump: "major" + new-suffix: 'a1' + - filename: "browser/config/version_display.txt" + version-bump: "major" + new-suffix: 'a1' + replacements: + - - "services/sync/modules/constants.sys.mjs" + - 'WEAVE_VERSION = "1.{current_weave_version}.0"' + - 'WEAVE_VERSION = "1.{next_weave_version}.0"' + merge-old-head: false + end-tag: 'FIREFOX_NIGHTLY_{major_version}_END' + to-repo: 'https://hg.mozilla.org/mozilla-central' + to-branch: 'central' + bump-esr115: + fetch-version-from: "browser/config/version.txt" + version-files: + - filename: "config/milestone.txt" + version-bump: "minor" + - filename: "browser/config/version.txt" + version-bump: "minor" + - filename: "browser/config/version_display.txt" + version-bump: "minor" + replacements: [] + merge-old-head: false + to-repo: 'https://hg.mozilla.org/releases/mozilla-esr115' + to-branch: 'esr115' + +scriptworker: + # See additional configuration in taskcluster/gecko_taskgraph/util/scriptworker.py + scope-prefix: 'project:releng' + +partner-urls: + release-partner-repack: + by-release-product: + default: null + firefox: + by-release-type: + default: null + beta|release.*: + by-release-level: + production: 'git@github.com:mozilla-partners/repack-manifests.git' + staging: 'git@github.com:moz-releng-automation-stage/repack-manifests.git' + esr.*: + by-release-level: + production: 'git@github.com:mozilla-partners/esr-repack-manifests.git' + staging: 'git@github.com:moz-releng-automation-stage/esr-repack-manifests.git' + release-partner-attribution: + by-release-product: + default: null + firefox: + by-release-type: + default: null + beta|release.*: + by-release-level: + production: 'git@github.com:mozilla-partners/repack-manifests.git' + staging: 'git@github.com:moz-releng-automation-stage/repack-manifests.git' + esr.*: + by-release-level: + production: 'git@github.com:mozilla-partners/esr-repack-manifests.git' + staging: 'git@github.com:moz-releng-automation-stage/esr-repack-manifests.git' + release-eme-free-repack: + by-release-product: + default: null + firefox: + by-release-type: + default: null + beta|release.*: + by-release-level: + production: 'git@github.com:mozilla-partners/mozilla-EME-free-manifest.git' + staging: 'git@github.com:moz-releng-automation-stage/mozilla-EME-free-manifest.git' + + +task-priority: + by-project: + 'mozilla-release': 'highest' + 'mozilla-esr.*': 'very-high' + 'mozilla-beta': 'high' + 'mozilla-central': 'medium' + 'autoland': 'low' + 'mozilla-inbound': 'low' + 'default': 'very-low' + +taskgraph: + register: gecko_taskgraph:register + +workers: + aliases: + b-linux.*: + provisioner: '{trust-domain}-{level}' + implementation: docker-worker + os: linux + worker-type: '{alias}' + b-win2012: + provisioner: '{trust-domain}-{level}' + implementation: generic-worker + os: windows + worker-type: '{alias}-azure' + b-win2022: + provisioner: '{trust-domain}-{level}' + implementation: generic-worker + os: windows + worker-type: '{alias}' + image: + provisioner: '{trust-domain}-{level}' + implementation: docker-worker + os: linux + worker-type: '{alias}' + images: + provisioner: '{trust-domain}-{level}' + implementation: docker-worker + os: linux + worker-type: '{alias}' + images-gcp: + provisioner: '{trust-domain}-{level}' + implementation: docker-worker + os: linux + worker-type: '{alias}' + addon: + provisioner: scriptworker-k8s + implementation: push-addons + os: scriptworker + worker-type: + by-release-level: + production: '{trust-domain}-3-addon' + staging: '{trust-domain}-1-addon' + balrog: + provisioner: scriptworker-k8s + implementation: balrog + os: scriptworker + worker-type: + by-release-level: + production: '{trust-domain}-3-balrog' + staging: '{trust-domain}-1-balrog' + bouncer: + provisioner: scriptworker-k8s + # Note that this implementation doesn't correspond with an + # payload_builder, there are several `bouncer-*` implemenations. + implementation: bouncer + os: scriptworker + worker-type: + by-release-level: + production: '{trust-domain}-3-bouncer' + staging: '{trust-domain}-1-bouncer' + beetmover: + provisioner: scriptworker-k8s + implementation: beetmover + os: scriptworker + worker-type: + by-release-level: + production: '{trust-domain}-3-beetmover' + staging: '{trust-domain}-1-beetmover' + shipit: + provisioner: scriptworker-k8s + implementation: shipit + os: scriptworker + worker-type: + by-release-level: + production: '{trust-domain}-3-shipit' + staging: '{trust-domain}-1-shipit' + linux-depsigning: + provisioner: scriptworker-k8s + implementation: scriptworker-signing + os: linux + worker-type: '{trust-domain}-t-signing' + linux-signing: + provisioner: scriptworker-k8s + implementation: scriptworker-signing + os: linux + worker-type: + by-release-level: + production: '{trust-domain}-3-signing' + staging: '{trust-domain}-t-signing' + mac-depsigning: + provisioner: scriptworker-prov-v1 + implementation: scriptworker-signing + os: macosx + worker-type: depsigning-mac-v1 + mac-signing: + provisioner: scriptworker-prov-v1 + implementation: scriptworker-signing + os: macosx + worker-type: + by-release-level: + production: signing-mac-v1 + staging: depsigning-mac-v1 + tree: + provisioner: scriptworker-k8s + implementation: treescript + os: scriptworker + worker-type: + by-release-level: + production: '{trust-domain}-3-tree' + staging: + by-project: + autoland: '{trust-domain}-3-tree' + default: '{trust-domain}-1-tree' + tree-dev: + provisioner: scriptworker-k8s + implementation: treescript + os: scriptworker + worker-type: '{trust-domain}-1-tree-dev' + t-bitbar-gw.*: + provisioner: proj-autophone + implementation: generic-worker + os: linux-bitbar + worker-type: 'gecko-{alias}' + t-linux(-large|-xlarge|-xlarge-source): + provisioner: '{trust-domain}-t' + implementation: docker-worker + os: linux + worker-type: '{alias}-gcp' + t-linux-kvm: + provisioner: '{trust-domain}-t' + implementation: docker-worker + os: linux + worker-type: 't-linux-kvm-gcp' + t-linux-talos: + provisioner: releng-hardware + implementation: generic-worker + os: linux + worker-type: 'gecko-{alias}' + t-linux-talos-1804: + provisioner: releng-hardware + implementation: generic-worker + os: linux + worker-type: 'gecko-{alias}' + t-linux-wayland: + provisioner: '{trust-domain}-t' + implementation: generic-worker + os: linux + worker-type: 't-linux-vm-2204-wayland' + t-osx-1015-r8: + provisioner: releng-hardware + implementation: generic-worker + os: macosx + worker-type: 'gecko-{alias}' + t-osx-1100-m1: + provisioner: releng-hardware + implementation: generic-worker + os: macosx + worker-type: 'gecko-{alias}' + t-osx-1400-m2: + provisioner: releng-hardware + implementation: generic-worker + os: macosx + worker-type: 'gecko-{alias}' + t-osx-1015-power: + provisioner: releng-hardware + implementation: generic-worker + os: macosx + worker-type: 'gecko-{alias}' + t-linux-xlarge-pgo: + provisioner: + by-level: + '3': '{trust-domain}-{level}' + default: '{trust-domain}-t' + implementation: docker-worker + os: linux + worker-type: 't-linux-xlarge-gcp' + b-osx-1015: + provisioner: releng-hardware + implementation: generic-worker + os: macosx + worker-type: + by-level: + '3': 'gecko-3-b-osx-1015' + default: 'gecko-1-b-osx-1015' + b-osx-arm64: + provisioner: releng-hardware + implementation: generic-worker + os: macosx + worker-type: + by-level: + '3': 'gecko-3-b-osx-arm64' + default: 'gecko-1-b-osx-arm64' + t-win10-64(|-gpu-s|-source): + provisioner: '{trust-domain}-t' + implementation: generic-worker + os: windows + worker-type: '{alias}' + t-win10-64(-hw|-ref-hw|-1803-hw): + provisioner: releng-hardware + implementation: generic-worker + os: windows + worker-type: 'gecko-{alias}' + win11-64-2009(-hw-ref): + provisioner: releng-hardware + implementation: generic-worker + os: windows + worker-type: '{alias}' + win10-64-2009(|-gpu|-ssd|-source|-ssd-gpu): + provisioner: 'gecko-t' + implementation: generic-worker + os: windows + worker-type: '{alias}' + t-win11-64(|-gpu-s|-source): + provisioner: '{trust-domain}-t' + implementation: generic-worker + os: windows + worker-type: '{alias}' + win11-64-2009(|-gpu|-ssd|-source|-ssd-gpu): + provisioner: 'gecko-t' + implementation: generic-worker + os: windows + worker-type: '{alias}' + t-win7-32-gpu: + provisioner: '{trust-domain}-t' + implementation: generic-worker + os: windows + worker-type: '{alias}' + t-win7-32: + provisioner: releng-hardware + implementation: generic-worker + os: windows + worker-type: 'gecko-{alias}-hw' + t-win64-aarch64-laptop: + provisioner: bitbar + implementation: generic-worker + os: windows + worker-type: 'gecko-{alias}' + succeed: + provisioner: built-in + implementation: succeed + os: none + worker-type: succeed + misc: + provisioner: '{trust-domain}-t' + implementation: docker-worker + os: linux + worker-type: misc-gcp + + +mac-notarization: + mac-entitlements: + by-platform: + macosx64.*: + by-release-level: + production: security/mac/hardenedruntime/v1/production/browser.xml + default: security/mac/hardenedruntime/v1/developer/browser.xml + default: '' + mac-requirements: + by-platform: + macosx64.*: build/package/mac_osx/requirements.plist + default: '' + +mac-signing: + hardened-sign-config: + by-hardened-signing-type: + production: + - deep: false + runtime: true + force: true + entitlements: security/mac/hardenedruntime/v2/production/plugin-container.xml + globs: + - "/Contents/MacOS/plugin-container.app" + + - deep: false + runtime: true + force: true + entitlements: security/mac/hardenedruntime/v2/production/media-plugin-helper.xml + globs: + - "/Contents/MacOS/media-plugin-helper.app" + + - deep: false + runtime: true + force: true + # These files are signed wihtout entitlements + globs: + - "/Contents/MacOS/crashreporter.app" + - "/Contents/MacOS/updater.app" + - "/Contents/Library/LaunchServices/org.mozilla.updater" + - "/Contents/MacOS/XUL" + - "/Contents/MacOS/pingsender" + - "/Contents/MacOS/minidump-analyzer" + - "/Contents/MacOS/*.dylib" + - "/Contents/Resources/gmp-clearkey/*/*.dylib" + + - deep: false + runtime: true + force: true + entitlements: + by-build-platform: + .*devedition.*: security/mac/hardenedruntime/v2/production/firefoxdeveloperedition.browser.xml + default: + by-project: + mozilla-central: security/mac/hardenedruntime/v2/production/nightly.browser.xml + default: security/mac/hardenedruntime/v2/production/firefox.browser.xml + globs: + - "/" # The .app + + default: + - deep: false + runtime: true + force: true + entitlements: security/mac/hardenedruntime/v2/developer/plugin-container.xml + globs: + - "/Contents/MacOS/plugin-container.app" + + - deep: false + runtime: true + force: true + entitlements: security/mac/hardenedruntime/v2/developer/media-plugin-helper.xml + globs: + - "/Contents/MacOS/media-plugin-helper.app" + + - deep: false + runtime: true + force: true + entitlements: security/mac/hardenedruntime/v2/developer/utility.xml + globs: + - "/Contents/MacOS/crashreporter.app" + - "/Contents/MacOS/updater.app" + - "/Contents/Library/LaunchServices/org.mozilla.updater" + - "/Contents/MacOS/pingsender" + - "/Contents/MacOS/minidump-analyzer" + + - deep: false + runtime: true + force: true + # These files are signed without entitlements + globs: + - "/Contents/MacOS/XUL" + - "/Contents/MacOS/*.dylib" + - "/Contents/Resources/gmp-clearkey/*/*.dylib" + + - deep: false + runtime: true + force: true + entitlements: security/mac/hardenedruntime/v2/developer/browser.xml + globs: + - "/" # The .app + +expiration-policy: + by-project: + try: + default: 28 days + shortest: 7 days + short: 14 days + medium: 28 days + long: 28 days + autoland: + default: 1 year + shortest: 14 days + short: 3 months + medium: 1 year + # To avoid keeping shippable builds for over a year + long: 1 year + default: + default: 3 months + shortest: 7 days + short: 1 month + medium: 1 year + long: 1 year |