# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. --- trust-domain: gecko project-repo-param-prefix: '' product-dir: 'browser' treeherder: group-names: 'cram': 'Cram tests' 'js-bench-sm': 'JavaScript shell benchmarks with Spidermonkey' 'js-bench-v8': 'JavaScript shell benchmarks with Google V8' 'node': 'Node tests' 'py3': 'Python 3 unit tests' 'A': 'Android Gradle tests' 'Bpgo': 'Profile-guided optimization builds' 'Btime': 'Browsertime performance tests on Firefox' 'Btime-cache': 'Browsertime performance tests on Firefox with populated bytecode cache.' 'Btime-1proc': 'Browsertime performance tests on Firefox without e10s' 'Btime-nofis': 'Browsertime tests on Firefox without fission enabled' 'Btime-P-nofis': 'Browsertime power tests on Firefox without fission enabled' 'Btime-Prof-nofis': 'Browsertime tests on Firefox with profiling and without fission enabled' 'Btime-P-nofis-refbrow': 'Browsertime Power Usage Tests on reference browser without fission enabled' 'Btime-P-nofis-fenix': 'Browsertime Power Usage Tests on Fenix without fission enabled' 'Btime-live-nofis-fenix': 'Browsertime tests on Fenix without fission enabled using live sites' 'Btime-nofis-fenix': 'Browsertime tests on Fenix without fission enabled' 'Btime-webext-nofis-fenix': 'Browsertime performance tests on Fenix with extensions and without fission enabled' 'Btime-webext': 'Browsertime performance tests on Firefox with extensions' 'Btime-live-nofis': 'Browsertime tests on Firefox without fission enabled using live sites' 'Btime-nofis-refbrow': 'Browsertime tests on reference browser without fission enabled' 'Btime-live-nofis-ChR': 'Browsertime tests on Chrome without fission enabled using live sites' 'Btime-Prof': 'Browsertime performance tests on Firefox with Gecko Profiling' 'Btime-Prof-1proc': 'Browsertime performance tests on Firefox with Gecko Profiling and without e10s' 'Btime-live': 'Browsertime performance tests on Firefox' 'Btime-live-fenix': 'Browsertime performance tests on Firefox' 'Btime-live-ChR': 'Browsertime performance tests on Firefox' 'Btime-live-Cr': 'Browsertime performance tests on Google Chromium' 'Btime-live-Saf': 'Browsertime performance tests on Safari' 'Btime-ChR': 'Browsertime performance tests on Google Chrome Release' 'Btime-nofis-ChR': 'Browsertime performance tests on Google Chrome Release without fission enabled' 'Btime-Cr': 'Browsertime performance tests on Google Chromium' 'Btime-P': 'Browsertime power tests on Firefox/Geckoview' 'Btime-P-fenix': 'Browsertime power tests on Fenix' 'Btime-P-refbrow': 'Browsertime power tests on reference browser' 'Btime-fenix': 'Browsertime performance tests on Fenix' 'Btime-refbrow': 'Browsertime performance tests on the reference browser' 'Btime-Saf': 'Browsertime performance tests on Safari' 'Btime-CaR': 'Browsertime performance tests on Chromium-as-Release' 'Btime-nofis-CaR': 'Browsertime performance tests on Chromium-as-Release without fission enabled' 'Fetch': 'Fetch and store content' 'Fxfn': 'Firefox functional tests' 'l10n-bump': 'L10n Bumper' 'M': 'Mochitests' 'M-cf': 'Mochitests confirm failure' 'M-condprof': "Mochitests with conditioned profile" 'M-condprof-cf': "Mochitests confirm failure with conditioned profile" 'M-fis-hv': "Mochitests that run on Fission with isolateHighValue isolation strategy (Android-specific)" 'M-fis-hv-cf': "Mochitests confirm failure that run on Fission with isolateHighValue isolation strategy (Android-specific)" 'M-headless': 'Headless Mochitests' 'M-headless-cf': 'Headless Mochitests confirm failure' 'M-headless-spi-nw': 'Headless Mochitests with fission and socketprocess networking.' 'M-headless-spi-nw-cf': 'Headless Mochitests confirm failure with fission and socketprocess networking.' 'M-http3': 'Mochitests with Http/3 server' 'M-http3-cf': 'Mochitests confirm failure with Http/3 server' 'M-http2': 'Mochitests with Http/2 server' 'M-http2-cf': 'Mochitests confirm failure with Http/2 server' 'M-aab': 'Mochitests with AAB test_runner.' 'M-aab-cf': 'Mochitests confirm failure with AAB test_runner.' 'M-aab-nofis': 'Mochitests with AAB test_runner without fission enabled.' 'M-aab-nofis-cf': 'Mochitests confirm failure with AAB test_runner without fission enabled.' 'M-1proc': 'Mochitests without e10s or fission' 'M-1proc-cf': 'Mochitests confirm failure without e10s or fission' 'M-a11y-checks': 'Mochitests with accessibility checks enabled' 'M-a11y-checks-cf': 'Mochitests confirm failure with accessibility checks enabled' 'M-xorig': 'Mochitests with cross-origin and fission enabled' 'M-xorig-cf': 'Mochitests confirm failure with cross-origin and fission enabled' 'M-gli': 'Mochitests with WebGL over IPC' 'M-gli-cf': 'Mochitests confirm failure with WebGL over IPC' 'M-nofis': 'Mochitests without fission enabled' 'M-nofis-cf': 'Mochitests confirm failure without fission enabled' 'M-spi': 'Mochitests with socket process' 'M-spi-cf': 'Mochitests confirm failure with socket process' 'M-spi-nofis': 'Mochitests with socket process without fission enabled' 'M-spi-nofis-cf': 'Mochitests confirm failure with socket process without fission enabled' 'M-spi-nw': 'Mochitests with networking on socket process' 'M-spi-nw-cf': 'Mochitests confirm failure with networking on socket process' 'M-spi-nw-nofis': 'Mochitests with networking on socket process without fission enabled' 'M-spi-nw-nofis-cf': 'Mochitests confirm failure with networking on socket process without fission enabled' 'M-spi-nw-1proc': 'Mochitests with networking on socket process without e10s' 'M-spi-nw-1proc-cf': 'Mochitests confirm failure with networking on socket process without e10s' 'M-swr': 'Mochitests with software webrender enabled' 'M-swr-cf': 'Mochitests confirm failure with software webrender enabled' 'M-swr-a11y-checks': 'Mochitests with software webrender and accessibility checks enabled' 'M-swr-a11y-checks-cf': 'Mochitests confirm failure with software webrender and accessibility checks enabled' 'M-swr-1proc': 'Mochitests with software webrender enabled without e10s' 'M-swr-1proc-cf': 'Mochitests confirm failure with software webrender enabled without e10s' 'M-swr-nofis': 'Mochitests with software webrender without fission enabled' 'M-swr-nofis-cf': 'Mochitests confirm failure with software webrender without fission enabled' 'M-wmfme': 'Mochitests with Windows Media Foundation media engine enabled' 'M-wmfme-cf': 'Mochitests confirm failure with Windows Media Foundation media engine enabled' 'M-mda-gpu': 'Mochitests Media on GPU worker' 'M-mda-gpu-cf': 'Mochitests confirm failure Media on GPU worker' 'M-f': 'Mochitest failures' 'M-f-swr': 'Mochitest failures software webrender' 'M-f-cf': 'Mochitest failures w/confirm failure' 'M-f-swr-cf': 'Mochitest failures software webrender w/confirm failure' 'M-dt-no-eft-nofis': 'DevTools Mochitests with EFT disabled without fission enabled' 'M-dt-no-eft-nofis-cf': 'DevTools Mochitests confirm failure with EFT disabled without fission enabled' 'M-msix': 'Mochitests from MSIX builds' 'M-msix-cf': 'Mochitests confirm failure from MSIX builds' 'MSI': 'Repack installers into MSIs' 'MSIs': 'Signing of Repacked installers of MSIs' 'MSIX': 'Repack into MSIX package' 'MSIXs': 'Signing of Repack into MSIX package' 'Pup': "Puppeteer tests" 'R': 'Reftests' 'R-cf': 'Reftests confirm failure' 'R-nofis': 'Reftests without fission enabled' 'R-nofis-cf': 'Reftests confirm failure without fission enabled' 'R-swr': 'Reftests with software webrender enabled' 'R-swr-cf': 'Reftests confirm failure with software webrender enabled' 'R-swr-nofis': 'Reftests with software webrender enabled without fission enabled' 'R-swr-nofis-cf': 'Reftests confirm failure with software webrender enabled without fission enabled' 'R-wr-dc0': 'Reftests with dcomp disabled' 'R-wr-dc0-cf': 'Reftests confirm failure with dcomp disabled' 'R-wr-dc1-p': 'Reftests with dcomp present but not overlays' 'R-wr-dc1-p-cf': 'Reftests confirm failure with dcomp present but not overlays' 'R-wr-dc2-o': 'Reftests with dcomp overlays but not compositing' 'R-wr-dc2-o-cf': 'Reftests confirm failure with dcomp overlays but not compositing' 'R-wr-dc3-c': 'Reftests with dcomp compositing' 'R-wr-dc3-c-cf': 'Reftests confirm failure with dcomp compositing' 'Rap': 'Raptor performance tests on Firefox' 'Rap-live': 'Raptor performance tests on Firefox with live sites' 'Rap-Prof': 'Raptor performance tests on Firefox with Gecko Profiling' 'Rap-ChR': 'Raptor performance tests on Google Chrome Release' 'Rap-Cr': 'Raptor performance tests on Google Chromium' 'Rap-refbrow': 'Raptor performance tests on the reference browser' 'T': 'Talos performance tests' 'T-gli': 'Talos performance tests with WebGL over IPC' 'T-Prof': 'Talos performance tests on Firefox with Gecko Profiling' 'T-Prof-gli': 'Talos performance tests with WebGL over IPC and Gecko Profiling' 'T-swr': 'Talos performance tests with software webrender enabled' 'tt': 'Telemetry tests' 'tt-nofis': 'Telemetry tests without fission enabled' 'SY': 'Are we slim yet tests by TaskCluster' 'W': 'Web platform tests' 'W-cf': 'Web platform tests confirm failure' 'W-nofis': 'Web platform tests without fission enabled' 'W-nofis-cf': 'Web platform tests confirm failure without fission enabled' 'W-headless': 'Headless web platform tests' 'W-headless-cf': 'Headless web platform tests confirm failure' 'W-swr-nofis': 'Web platform tests with software webrender enabled without fission enabled' 'W-swr-nofis-cf': 'Web platform tests confirm failure with software webrender enabled without fission enabled' 'W-swr': 'Web platform tests with software webrender enabled' 'W-swr-cf': 'Web platform tests confirm falure with software webrender enabled' 'W-b': 'Web platform tests (backlog)' 'W-b-nofis': 'Web platform tests (backlog) without fission enabled' 'W-pb': 'Web platform tests with private browsing enabled' 'X': 'Xpcshell tests' 'X-cf': 'Xpcshell tests confirm failure' 'X-condprof': 'Xpcshell tests with a conditioned profile' 'X-condprof-cf': 'Xpcshell tests confirm failure with a conditioned profile' 'X-nofis': 'Xpcshell tests without fission enabled' 'X-nofis-cf': 'Xpcshell tests confirm failure without fission enabled' 'X-spi-nw': 'Xpcshell tests with networking on socket process' 'X-spi-nw-cf': 'Xpcshell tests confirm failure with networking on socket process' 'X-spi-nw-nofis': 'Xpcshell tests with networking on socket process without fission enabled' 'X-spi-nw-nofis-cf': 'Xpcshell tests confirm failure with networking on socket process without fission enabled' 'X-f': 'Xpcshell tests that fail on a given config' 'X-f-spi-nw': 'Xpcshell tests that fail on a given config w/socket process' 'X-msix': 'Xpcshell tests on msix packages' 'X-msix-cf': 'Xpcshell tests confirm failure on msix packages' 'L10n': 'Localised Repacks' 'L10n-Rpk': 'Localized Repackaged Repacks' 'deb-L10n': 'Localized Debian Repacks' 'BM': 'Beetmover' 'BMR': 'Beetmover repackages' 'BM-apt': 'Beetmover .deb packages' 'c-Up': 'Balrog submission of complete updates' 'css': 'Checksum signing for source' 'rs': 'Repackage signing' 'BMcs': 'Beetmover checksums' 'BMcslang': 'Beetmover checksums for language packs' 'BMcss': 'Beetmover checksums for source' 'Deb8': 'Packages for Debian 8' 'Deb8-32': 'Packages for Debian 8 32-bits' 'Deb9': 'Packages for Debian 9' 'Deb10': 'Packages for Debian 10' 'Deb11': 'Packages for Debian 11' 'Deb12': 'Packages for Debian 12' 'Ub18': 'Packages for Ubuntu 18.04' 'Ub20': 'Packages for Ubuntu 20.04' 'Ub22': 'Packages for Ubuntu 22.04' 'I': 'Docker Image Builds' 'TA': 'Toolchain builds for Android' 'TL': 'Toolchain builds for Linux 64-bits' 'TL32': 'Toolchain builds for Linux 32-bits' 'TM': 'Toolchain builds for OSX' 'TMW': 'Toolchain builds for Windows MinGW' 'TW32': 'Toolchain builds for Windows 32-bits' 'TW64': 'Toolchain builds for Windows 64-bits' 'WMC32': 'MinGW-Clang builds for Windows 32-bits' 'WMC64': 'MinGW-Clang builds for Windows 64-bits' 'Searchfox': 'Searchfox builds' 'SM': 'Spidermonkey builds' 'p': 'Partial generation' 'ps': 'Partials signing' 'ms': 'Complete MAR signing' 'ms-stage': 'Autograph-stage MAR signing test' 'Rel': 'Release promotion' 'Snap': 'Snap image generation' 'Flatpak': 'Flatpak image generation' 'langpack': 'Langpack sigatures and uploads' 'TPS': 'Sync tests' 'UV': 'Update verify' 'UVnext': 'Update verify for esr-next' 'pydep': 'python dependency update' 'WR': 'WebRender standalone' 'Wgpu': 'WebGPU standalone' 'cpp': 'C/C++ checks' 'pedantic': 'pedantic checks' 'text': 'Check on texts' 'misc': 'Misc checks' 'js': 'JavaScript checks' 'py': 'Python checks' 'java': 'Java checks' 'rust': 'Rust checks' 'Static-Analysis': 'Full tree static-analysis' 'SS': 'Shadow scheduler' 'Sel': 'Selenium Snap tests' 'Sentry': 'Sentry synchronization' 'test-info': 'Test manifest skip/fail information' 'condprof': 'Conditioned Profile Builder' 'doc': 'Documentation' 'GhS': 'GitHub Synchronization' 'perftest': 'Performance tests' 'perftest-detect': 'Performance regression detection tooling' 'perftest-chrome': 'Performance tests using Chrone' 'perftest-http3': 'Performance tests with HTTP/3' 'l10n': 'Localization checks' 'fxrec': 'Desktop startup recorder (fxrecord)' 'wc': 'webcompat' 'Boot': 'Bootstrap' 'Attr-L10n': 'Build Attribution' index: products: - 'firefox' - 'fennec' - 'mobile' - 'static-analysis' - 'devedition' - 'source' - 'system-symbols' - 'geckodriver' try: # We have a few platforms for which we want to do some "extra" builds, or at # least build-ish things. Sort of. Anyway, these other things are implemented # as different "platforms". These do *not* automatically ride along with "-p # all" ridealong-builds: 'linux': - 'sm-plain-linux32' - 'sm-arm-sim-linux32' 'linux64': - 'sm-plain-linux64' - 'sm-nojit-linux64' - 'sm-nonunified-linux64' - 'sm-arm-sim-linux32' - 'sm-arm64-sim-linux64' - 'sm-compacting-linux64' - 'sm-rootanalysis-linux64' - 'sm-package-linux64' - 'sm-tsan-linux64' - 'sm-asan-linux64' - 'sm-msan-linux64' - 'sm-fuzzing-linux64' 'win32': - 'sm-plain-win32' - 'sm-compacting-win32' release-promotion: products: - 'devedition' - 'fennec' - 'firefox' rebuild-kinds: - docker-image - fetch - packages - toolchain flavors: promote_devedition: product: devedition target-tasks-method: promote_desktop partial-updates: true promote_firefox: product: firefox target-tasks-method: promote_desktop partial-updates: true promote_firefox_partner_repack: product: firefox rebuild-kinds: - release-partner-repack - release-partner-repack-chunking-dummy - release-partner-repack-signing - release-partner-repack-mac-signing - release-partner-repack-mac-notarization - release-partner-repack-repackage - release-partner-repack-repackage-signing - release-partner-repack-beetmover target-tasks-method: promote_desktop promote_firefox_partner_attribution: product: firefox rebuild-kinds: - release-partner-attribution - release-partner-attribution-beetmover target-tasks-method: promote_desktop promote_firefox_rc: product: firefox is-rc: true target-tasks-method: promote_desktop partial-updates: true push_devedition: product: devedition target-tasks-method: push_desktop partial-updates: true push_firefox: product: firefox target-tasks-method: push_desktop partial-updates: true ship_devedition: product: devedition target-tasks-method: ship_desktop version-bump: true partial-updates: true ship_firefox: product: firefox target-tasks-method: ship_desktop version-bump: true partial-updates: true ship_firefox_rc: product: firefox is-rc: true target-tasks-method: ship_desktop partial-updates: true merge-automation: behaviors: central-to-beta: fetch-version-from: "browser/config/version.txt" version-files: - filename: "config/milestone.txt" new-suffix: '' - filename: "browser/config/version.txt" new-suffix: '' - filename: "browser/config/version_display.txt" new-suffix: 'b1' replacements: - - browser/config/mozconfigs/linux32/l10n-mozconfig - ac_add_options --with-branding=browser/branding/nightly - ac_add_options --enable-official-branding - - browser/config/mozconfigs/linux64/l10n-mozconfig - ac_add_options --with-branding=browser/branding/nightly - ac_add_options --enable-official-branding - - browser/config/mozconfigs/win32/l10n-mozconfig - ac_add_options --with-branding=browser/branding/nightly - ac_add_options --enable-official-branding - - browser/config/mozconfigs/win64/l10n-mozconfig - ac_add_options --with-branding=browser/branding/nightly - ac_add_options --enable-official-branding - - browser/config/mozconfigs/win64-aarch64/l10n-mozconfig - ac_add_options --with-branding=browser/branding/nightly - ac_add_options --enable-official-branding - - browser/config/mozconfigs/macosx64/l10n-mozconfig - ac_add_options --with-branding=browser/branding/nightly - ac_add_options --enable-official-branding merge-old-head: true base-tag: 'FIREFOX_BETA_{major_version}_BASE' end-tag: 'FIREFOX_BETA_{major_version}_END' from-repo: 'https://hg.mozilla.org/mozilla-central' from-branch: 'central' to-repo: 'https://hg.mozilla.org/releases/mozilla-beta' to-branch: 'beta' early-to-late-beta: fetch-version-from: "browser/config/version.txt" version-files: [] replacements: - - build/defines.sh - EARLY_BETA_OR_EARLIER=1 - EARLY_BETA_OR_EARLIER= merge-old-head: false to-repo: 'https://hg.mozilla.org/releases/mozilla-beta' to-branch: 'beta' beta-to-release: fetch-version-from: "browser/config/version.txt" version-files: - filename: "browser/config/version_display.txt" new-suffix: '' replacements: [] merge-old-head: true base-tag: 'FIREFOX_RELEASE_{major_version}_BASE' end-tag: 'FIREFOX_RELEASE_{major_version}_END' from-repo: 'https://hg.mozilla.org/releases/mozilla-beta' from-branch: 'beta' to-repo: 'https://hg.mozilla.org/releases/mozilla-release' to-branch: 'release' release-to-esr: fetch-version-from: "browser/config/version.txt" version-files: - filename: "browser/config/version_display.txt" new-suffix: 'esr' replacements: [] merge-old-head: false end-tag: "FIREFOX_ESR_{major_version}_BASE" to-repo: 'https://hg.mozilla.org/releases/mozilla-esr115' to-branch: 'esr115' bump-central: fetch-version-from: "browser/config/version.txt" version-files: - filename: "config/milestone.txt" version-bump: "major" new-suffix: 'a1' - filename: "browser/config/version.txt" version-bump: "major" new-suffix: 'a1' - filename: "browser/config/version_display.txt" version-bump: "major" new-suffix: 'a1' replacements: - - "services/sync/modules/constants.sys.mjs" - 'WEAVE_VERSION = "1.{current_weave_version}.0"' - 'WEAVE_VERSION = "1.{next_weave_version}.0"' merge-old-head: false end-tag: 'FIREFOX_NIGHTLY_{major_version}_END' to-repo: 'https://hg.mozilla.org/mozilla-central' to-branch: 'central' bump-esr115: fetch-version-from: "browser/config/version.txt" version-files: - filename: "config/milestone.txt" version-bump: "minor" - filename: "browser/config/version.txt" version-bump: "minor" - filename: "browser/config/version_display.txt" version-bump: "minor" replacements: [] merge-old-head: false to-repo: 'https://hg.mozilla.org/releases/mozilla-esr115' to-branch: 'esr115' scriptworker: # See additional configuration in taskcluster/gecko_taskgraph/util/scriptworker.py scope-prefix: 'project:releng' partner-urls: release-partner-repack: by-release-product: default: null firefox: by-release-type: default: null beta|release.*: by-release-level: production: 'git@github.com:mozilla-partners/repack-manifests.git' staging: 'git@github.com:moz-releng-automation-stage/repack-manifests.git' esr.*: by-release-level: production: 'git@github.com:mozilla-partners/esr-repack-manifests.git' staging: 'git@github.com:moz-releng-automation-stage/esr-repack-manifests.git' release-partner-attribution: by-release-product: default: null firefox: by-release-type: default: null beta|release.*: by-release-level: production: 'git@github.com:mozilla-partners/repack-manifests.git' staging: 'git@github.com:moz-releng-automation-stage/repack-manifests.git' esr.*: by-release-level: production: 'git@github.com:mozilla-partners/esr-repack-manifests.git' staging: 'git@github.com:moz-releng-automation-stage/esr-repack-manifests.git' release-eme-free-repack: by-release-product: default: null firefox: by-release-type: default: null beta|release.*: by-release-level: production: 'git@github.com:mozilla-partners/mozilla-EME-free-manifest.git' staging: 'git@github.com:moz-releng-automation-stage/mozilla-EME-free-manifest.git' task-priority: by-project: 'mozilla-release': 'highest' 'mozilla-esr.*': 'very-high' 'mozilla-beta': 'high' 'mozilla-central': 'medium' 'autoland': 'low' 'mozilla-inbound': 'low' 'default': 'very-low' taskgraph: register: gecko_taskgraph:register workers: aliases: b-linux.*: provisioner: '{trust-domain}-{level}' implementation: docker-worker os: linux worker-type: '{alias}' b-win2012: provisioner: '{trust-domain}-{level}' implementation: generic-worker os: windows worker-type: '{alias}-azure' b-win2022: provisioner: '{trust-domain}-{level}' implementation: generic-worker os: windows worker-type: '{alias}' image: provisioner: '{trust-domain}-{level}' implementation: docker-worker os: linux worker-type: '{alias}' images: provisioner: '{trust-domain}-{level}' implementation: docker-worker os: linux worker-type: '{alias}' images-gcp: provisioner: '{trust-domain}-{level}' implementation: docker-worker os: linux worker-type: '{alias}' addon: provisioner: scriptworker-k8s implementation: push-addons os: scriptworker worker-type: by-release-level: production: '{trust-domain}-3-addon' staging: '{trust-domain}-1-addon' balrog: provisioner: scriptworker-k8s implementation: balrog os: scriptworker worker-type: by-release-level: production: '{trust-domain}-3-balrog' staging: '{trust-domain}-1-balrog' bouncer: provisioner: scriptworker-k8s # Note that this implementation doesn't correspond with an # payload_builder, there are several `bouncer-*` implemenations. implementation: bouncer os: scriptworker worker-type: by-release-level: production: '{trust-domain}-3-bouncer' staging: '{trust-domain}-1-bouncer' beetmover: provisioner: scriptworker-k8s implementation: beetmover os: scriptworker worker-type: by-release-level: production: '{trust-domain}-3-beetmover' staging: '{trust-domain}-1-beetmover' shipit: provisioner: scriptworker-k8s implementation: shipit os: scriptworker worker-type: by-release-level: production: '{trust-domain}-3-shipit' staging: '{trust-domain}-1-shipit' linux-depsigning: provisioner: scriptworker-k8s implementation: scriptworker-signing os: linux worker-type: '{trust-domain}-t-signing' linux-signing: provisioner: scriptworker-k8s implementation: scriptworker-signing os: linux worker-type: by-release-level: production: '{trust-domain}-3-signing' staging: '{trust-domain}-t-signing' mac-depsigning: provisioner: scriptworker-prov-v1 implementation: scriptworker-signing os: macosx worker-type: depsigning-mac-v1 mac-signing: provisioner: scriptworker-prov-v1 implementation: scriptworker-signing os: macosx worker-type: by-release-level: production: signing-mac-v1 staging: depsigning-mac-v1 tree: provisioner: scriptworker-k8s implementation: treescript os: scriptworker worker-type: by-release-level: production: '{trust-domain}-3-tree' staging: by-project: autoland: '{trust-domain}-3-tree' default: '{trust-domain}-1-tree' tree-dev: provisioner: scriptworker-k8s implementation: treescript os: scriptworker worker-type: '{trust-domain}-1-tree-dev' t-bitbar-gw.*: provisioner: proj-autophone implementation: generic-worker os: linux-bitbar worker-type: 'gecko-{alias}' t-linux(-large|-xlarge|-xlarge-source): provisioner: '{trust-domain}-t' implementation: docker-worker os: linux worker-type: '{alias}-gcp' t-linux-kvm: provisioner: '{trust-domain}-t' implementation: docker-worker os: linux worker-type: 't-linux-kvm-gcp' t-linux-talos: provisioner: releng-hardware implementation: generic-worker os: linux worker-type: 'gecko-{alias}' t-linux-talos-1804: provisioner: releng-hardware implementation: generic-worker os: linux worker-type: 'gecko-{alias}' t-linux-wayland: provisioner: '{trust-domain}-t' implementation: generic-worker os: linux worker-type: 't-linux-vm-2204-wayland' t-osx-1015-r8: provisioner: releng-hardware implementation: generic-worker os: macosx worker-type: 'gecko-{alias}' t-osx-1100-m1: provisioner: releng-hardware implementation: generic-worker os: macosx worker-type: 'gecko-{alias}' t-osx-1400-m2: provisioner: releng-hardware implementation: generic-worker os: macosx worker-type: 'gecko-{alias}' t-osx-1015-power: provisioner: releng-hardware implementation: generic-worker os: macosx worker-type: 'gecko-{alias}' t-linux-xlarge-pgo: provisioner: by-level: '3': '{trust-domain}-{level}' default: '{trust-domain}-t' implementation: docker-worker os: linux worker-type: 't-linux-xlarge-gcp' b-osx-1015: provisioner: releng-hardware implementation: generic-worker os: macosx worker-type: by-level: '3': 'gecko-3-b-osx-1015' default: 'gecko-1-b-osx-1015' b-osx-arm64: provisioner: releng-hardware implementation: generic-worker os: macosx worker-type: by-level: '3': 'gecko-3-b-osx-arm64' default: 'gecko-1-b-osx-arm64' t-win10-64(|-gpu-s|-source): provisioner: '{trust-domain}-t' implementation: generic-worker os: windows worker-type: '{alias}' t-win10-64(-hw|-ref-hw|-1803-hw): provisioner: releng-hardware implementation: generic-worker os: windows worker-type: 'gecko-{alias}' win11-64-2009(-hw-ref): provisioner: releng-hardware implementation: generic-worker os: windows worker-type: '{alias}' win10-64-2009(|-gpu|-ssd|-source|-ssd-gpu): provisioner: 'gecko-t' implementation: generic-worker os: windows worker-type: '{alias}' t-win11-64(|-gpu-s|-source): provisioner: '{trust-domain}-t' implementation: generic-worker os: windows worker-type: '{alias}' win11-64-2009(|-gpu|-ssd|-source|-ssd-gpu): provisioner: 'gecko-t' implementation: generic-worker os: windows worker-type: '{alias}' t-win7-32-gpu: provisioner: '{trust-domain}-t' implementation: generic-worker os: windows worker-type: '{alias}' t-win7-32: provisioner: releng-hardware implementation: generic-worker os: windows worker-type: 'gecko-{alias}-hw' t-win64-aarch64-laptop: provisioner: bitbar implementation: generic-worker os: windows worker-type: 'gecko-{alias}' succeed: provisioner: built-in implementation: succeed os: none worker-type: succeed misc: provisioner: '{trust-domain}-t' implementation: docker-worker os: linux worker-type: misc-gcp mac-notarization: mac-entitlements: by-platform: macosx64.*: by-release-level: production: security/mac/hardenedruntime/v1/production/browser.xml default: security/mac/hardenedruntime/v1/developer/browser.xml default: '' mac-requirements: by-platform: macosx64.*: build/package/mac_osx/requirements.plist default: '' mac-signing: hardened-sign-config: by-hardened-signing-type: production: - deep: false runtime: true force: true entitlements: security/mac/hardenedruntime/v2/production/plugin-container.xml globs: - "/Contents/MacOS/plugin-container.app" - deep: false runtime: true force: true entitlements: security/mac/hardenedruntime/v2/production/media-plugin-helper.xml globs: - "/Contents/MacOS/media-plugin-helper.app" - deep: false runtime: true force: true # These files are signed wihtout entitlements globs: - "/Contents/MacOS/crashreporter.app" - "/Contents/MacOS/updater.app" - "/Contents/Library/LaunchServices/org.mozilla.updater" - "/Contents/MacOS/XUL" - "/Contents/MacOS/pingsender" - "/Contents/MacOS/minidump-analyzer" - "/Contents/MacOS/nmhproxy" - "/Contents/MacOS/*.dylib" - "/Contents/Resources/gmp-clearkey/*/*.dylib" - deep: false runtime: true force: true entitlements: by-build-platform: .*devedition.*: security/mac/hardenedruntime/v2/production/firefoxdeveloperedition.browser.xml default: by-project: mozilla-central: security/mac/hardenedruntime/v2/production/nightly.browser.xml default: security/mac/hardenedruntime/v2/production/firefox.browser.xml globs: - "/" # The .app default: - deep: false runtime: true force: true entitlements: security/mac/hardenedruntime/v2/developer/plugin-container.xml globs: - "/Contents/MacOS/plugin-container.app" - deep: false runtime: true force: true entitlements: security/mac/hardenedruntime/v2/developer/media-plugin-helper.xml globs: - "/Contents/MacOS/media-plugin-helper.app" - deep: false runtime: true force: true entitlements: security/mac/hardenedruntime/v2/developer/utility.xml globs: - "/Contents/MacOS/crashreporter.app" - "/Contents/MacOS/updater.app" - "/Contents/Library/LaunchServices/org.mozilla.updater" - "/Contents/MacOS/pingsender" - "/Contents/MacOS/minidump-analyzer" - "/Contents/MacOS/nmhproxy" - deep: false runtime: true force: true # These files are signed without entitlements globs: - "/Contents/MacOS/XUL" - "/Contents/MacOS/*.dylib" - "/Contents/Resources/gmp-clearkey/*/*.dylib" - deep: false runtime: true force: true entitlements: security/mac/hardenedruntime/v2/developer/browser.xml globs: - "/" # The .app expiration-policy: by-project: try: default: 28 days shortest: 7 days short: 14 days medium: 28 days long: 28 days autoland: default: 1 year shortest: 14 days short: 3 months medium: 1 year # To avoid keeping shippable builds for over a year long: 1 year default: default: 3 months shortest: 7 days short: 1 month medium: 1 year long: 1 year