1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
from gecko_taskgraph.util.scriptworker import get_signing_cert_scope
from taskgraph.transforms.base import TransformSequence
from taskgraph.util.schema import resolve_keyed_by
from ..build_config import CHECKSUMS_EXTENSIONS
transforms = TransformSequence()
@transforms.add
def resolve_keys(config, tasks):
for task in tasks:
for key in (
"index",
"worker-type",
"treeherder.symbol",
):
resolve_keyed_by(
task,
key,
item_name=task["name"],
**{
"build-type": task["attributes"]["build-type"],
"level": config.params["level"],
}
)
yield task
@transforms.add
def set_signing_attributes(config, tasks):
for task in tasks:
task["attributes"]["signed"] = True
yield task
@transforms.add
def filter_out_checksums(config, tasks):
for task in tasks:
task["attributes"]["artifacts"] = {
extension: path
for extension, path in task["attributes"]["artifacts"].items()
if not any(map(path.endswith, CHECKSUMS_EXTENSIONS))
}
for upstream_artifact in task["worker"]["upstream-artifacts"]:
upstream_artifact["paths"] = [
path
for path in upstream_artifact["paths"]
if not any(map(path.endswith, CHECKSUMS_EXTENSIONS))
]
yield task
_DETACHED_SIGNATURE_EXTENSION = ".asc"
@transforms.add
def set_detached_signature_artifacts(config, tasks):
for task in tasks:
task["attributes"]["artifacts"] = {
extension
+ _DETACHED_SIGNATURE_EXTENSION: path
+ _DETACHED_SIGNATURE_EXTENSION
for extension, path in task["attributes"]["artifacts"].items()
}
yield task
@transforms.add
def set_signing_format(config, tasks):
for task in tasks:
for upstream_artifact in task["worker"]["upstream-artifacts"]:
upstream_artifact["formats"] = ["autograph_gpg"]
yield task
@transforms.add
def add_signing_cert_scope(config, tasks):
signing_cert_scope = get_signing_cert_scope(config)
for task in tasks:
task.setdefault("scopes", []).append(signing_cert_scope)
yield task
|