1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
Transform the repackage signing task into an actual task description.
"""
from taskgraph.transforms.base import TransformSequence
from taskgraph.util.treeherder import inherit_treeherder_from_dep
from voluptuous import Optional
from gecko_taskgraph.loader.single_dep import schema
from gecko_taskgraph.transforms.task import task_description_schema
from gecko_taskgraph.util.attributes import copy_attributes_from_dependent_job
from gecko_taskgraph.util.scriptworker import get_signing_cert_scope_per_platform
transforms = TransformSequence()
signing_description_schema = schema.extend(
{
Optional("label"): str,
Optional("extra"): object,
Optional("shipping-product"): task_description_schema["shipping-product"],
Optional("shipping-phase"): task_description_schema["shipping-phase"],
}
)
transforms.add_validate(signing_description_schema)
@transforms.add
def make_signing_description(config, jobs):
for job in jobs:
dep_job = job["primary-dependency"]
attributes = dep_job.attributes
build_platform = dep_job.attributes.get("build_platform")
is_nightly = True # cert_scope_per_platform uses this to choose the right cert
description = (
"Signing of OpenH264 Binaries for '"
"{build_platform}/{build_type}'".format(
build_platform=attributes.get("build_platform"),
build_type=attributes.get("build_type"),
)
)
# we have a genuine repackage job as our parent
dependencies = {"openh264": dep_job.label}
my_attributes = copy_attributes_from_dependent_job(dep_job)
signing_cert_scope = get_signing_cert_scope_per_platform(
build_platform, is_nightly, config
)
scopes = [signing_cert_scope]
worker_type = "linux-signing"
worker = {
"implementation": "scriptworker-signing",
"max-run-time": 3600,
}
rev = attributes["openh264_rev"]
upstream_artifact = {
"taskId": {"task-reference": "<openh264>"},
"taskType": "build",
}
if "win" in build_platform:
# job['primary-dependency'].task['payload']['command']
upstream_artifact["formats"] = ["autograph_authenticode_sha2"]
elif "mac" in build_platform:
upstream_artifact["formats"] = ["mac_single_file"]
upstream_artifact["singleFileGlobs"] = ["libgmpopenh264.dylib"]
worker_type = "mac-signing"
worker["mac-behavior"] = "mac_notarize_single_file"
else:
upstream_artifact["formats"] = ["autograph_gpg"]
upstream_artifact["paths"] = [
f"private/openh264/openh264-{build_platform}-{rev}.zip",
]
worker["upstream-artifacts"] = [upstream_artifact]
treeherder = inherit_treeherder_from_dep(job, dep_job)
treeherder.setdefault(
"symbol",
_generate_treeherder_symbol(
dep_job.task.get("extra", {}).get("treeherder", {}).get("symbol")
),
)
task = {
"label": job["label"],
"description": description,
"worker-type": worker_type,
"worker": worker,
"scopes": scopes,
"dependencies": dependencies,
"attributes": my_attributes,
"run-on-projects": dep_job.attributes.get("run_on_projects"),
"treeherder": treeherder,
}
yield task
def _generate_treeherder_symbol(build_symbol):
symbol = build_symbol + "s"
return symbol
|
