Bug 1618897 [wpt PR 22021] - [CSP] Factorize SVGElement & MHTMLElement nonce hiding...
[gecko.git] / .taskcluster.yml
blob00a19aca974c6d124d16a012bcf8fabcccf04323
1 # This file is rendered via JSON-e by
2 # - mozilla-taskcluster - See
3 #   https://docs.taskcluster.net/reference/integrations/mozilla-taskcluster/docs/taskcluster-yml
4 #   {
5 #     tasks_for: 'hg-push',
6 #     push: {owner, comment, pushlog_id, pushdate},
7 #     repository: {url, project, level},
8 #     now,
9 #     as_slugid: // function
10 #     ownTaskId: // taskId of the task that will be created
11 #   }
13 # - cron tasks - See taskcluster/taskgraph/cron/decision.py
14 #   {
15 #     tasks_for: 'cron',
16 #     push: {revision, pushlog_id, pushdate, owner}
17 #     repository: {url, project, level},
18 #     cron: {task_id, job_name, job_symbol, quoted_args},
19 #     now,
20 #     ownTaskId: // taskId of the task that will be created
21 #   }
23 # - action tasks - See:
24 #   * taskcluster/taskgraph/actions/registry.py,
25 #   * https://docs.taskcluster.net/docs/manual/using/actions/spec
26 #   * ci-admin:ciadmin/generate/in_tree_actions.py
28 #   The registry generates the hookPayload that appears in actions.json, and
29 #   contains data from the decision task as well as JSON-e code to combine that
30 #   with data supplied as part of the action spec.  When the hook is fired, the
31 #   hookPayload is rendered with JSON-e to produce a payload for the hook task
32 #   template.
34 #   The ci-admin code wraps the content of this file (.taskcluster.yml) with a
35 #   JSON-e $let statement that produces the context described below, and
36 #   installs that as the hook task template.
38 #   {
39 #     tasks_for: 'action',
40 #     push: {owner, pushlog_id, revision},
41 #     repository: {url, project, level},
42 #     input,
43 #     taskId,      // targetted taskId
44 #     taskGroupId, // targetted taskGroupId
45 #     action: {name, title, description, taskGroupId, symbol, repo_scope, cb_name}
46 #     ownTaskId:   // taskId of the task that will be created
47 #     clientId:    // clientId that triggered this hook
48 #   }
50 version: 1
51 tasks:
52   # NOTE: support for actions in ci-admin requires that the `tasks` property be an array *before* JSON-e rendering
53   # takes place.
54   - $if: 'tasks_for in ["hg-push", "action", "cron"]'
55     then:
56       $let:
57         # sometimes the push user is just `ffxbld` or the like, but we want an email-like field..
58         ownerEmail: {$if: '"@" in push.owner', then: '${push.owner}', else: '${push.owner}@noreply.mozilla.org'}
59         # ensure there's no trailing `/` on the repo URL
60         repoUrl: {$if: 'repository.url[-1] == "/"', then: {$eval: 'repository.url[:-1]'}, else: {$eval: 'repository.url'}}
61         # expire try earlier than other branches
62         expires:
63           $if: 'repository.project == "try"'
64           then: {$fromNow: '28 days'}
65           else: {$fromNow: '1 year'}
66       in:
67         taskId: {$if: 'tasks_for != "action"', then: '${ownTaskId}'}
68         taskGroupId:
69           $if: 'tasks_for == "action"'
70           then:
71             '${action.taskGroupId}'
72           else:
73             '${ownTaskId}' # same as taskId; this is how automation identifies a decision tsak
74         schedulerId: 'gecko-level-${repository.level}'
76         created: {$fromNow: ''}
77         deadline: {$fromNow: '1 day'}
78         expires: {$eval: 'expires'}
79         metadata:
80           $merge:
81             - owner: "${ownerEmail}"
82               source: "${repoUrl}/raw-file/${push.revision}/.taskcluster.yml"
83             - $if: 'tasks_for == "hg-push"'
84               then:
85                 name: "Gecko Decision Task"
86                 description: 'The task that creates all of the other tasks in the task graph'
87               else:
88                 $if: 'tasks_for == "action"'
89                 then:
90                   name: "Action: ${action.title}"
91                   description: |
92                       ${action.description}
93                       
94                       Action triggered by clientID `${clientId}`
95                 else:
96                   name: "Decision Task for cron job ${cron.job_name}"
97                   description: 'Created by a [cron task](https://tools.taskcluster.net/tasks/${cron.task_id})'
99         provisionerId: "gecko-${repository.level}"
100         workerType: "decision"
102         tags:
103           $if: 'tasks_for == "hg-push"'
104           then:
105             createdForUser: "${ownerEmail}"
106             kind: decision-task
107           else:
108             $if: 'tasks_for == "action"'
109             then:
110               createdForUser: '${ownerEmail}'
111               kind: 'action-callback'
112             else:
113               $if: 'tasks_for == "cron"'
114               then:
115                 kind: cron-task
117         routes:
118           $flattenDeep:
119             - "tc-treeherder.v2.${repository.project}.${push.revision}.${push.pushlog_id}"
120             - $if: 'tasks_for == "hg-push"'
121               then:
122                 - "index.gecko.v2.${repository.project}.latest.taskgraph.decision"
123                 - "index.gecko.v2.${repository.project}.revision.${push.revision}.taskgraph.decision"
124                 - "index.gecko.v2.${repository.project}.pushlog-id.${push.pushlog_id}.decision"
125                 - "notify.email.${ownerEmail}.on-failed"
126                 - "notify.email.${ownerEmail}.on-exception"
127                 # Send a notification email if the push comes from try
128                 - $if: 'repository.project == "try"'
129                   then:
130                     "notify.email.${ownerEmail}.on-completed"
131                 # These are the old index routes for the decision task.
132                 # They are still here so external tools that referenced them continue to work.
133                 - "index.gecko.v2.${repository.project}.latest.firefox.decision"
134                 - "index.gecko.v2.${repository.project}.revision.${push.revision}.firefox.decision"
135               else:
136                 $if: 'tasks_for == "action"'
137                 then:
138                 - "index.gecko.v2.${repository.project}.pushlog-id.${push.pushlog_id}.actions.${ownTaskId}"
139                 else:  # cron
140                 - "index.gecko.v2.${repository.project}.latest.taskgraph.decision-${cron.job_name}"
141                 - "index.gecko.v2.${repository.project}.revision.${push.revision}.taskgraph.decision-${cron.job_name}"
142                 - "index.gecko.v2.${repository.project}.pushlog-id.${push.pushlog_id}.decision-${cron.job_name}"
143                 # list each cron task on this revision, so actions can find them
144                 - 'index.gecko.v2.${repository.project}.revision.${push.revision}.cron.${ownTaskId}'
145                 # BUG 1500166 Notify ciduty by email if a nightly hook fails
146                 - $if: 'repository.project != "try"'
147                   then:
148                   - "notify.email.ciduty+failedcron@mozilla.com.on-failed"
149                   - "notify.email.ciduty+exceptioncron@mozilla.com.on-exception"
150                   - "notify.email.sheriffs+failedcron@mozilla.org.on-failed"
151                   - "notify.email.sheriffs+exceptioncron@mozilla.org.on-exception"
152                 # These are the old index routes for the decision task.
153                 - "index.gecko.v2.${repository.project}.latest.firefox.decision-${cron.job_name}"
155         scopes:
156           $if: 'tasks_for == "hg-push"'
157           then:
158             - 'assume:repo:${repoUrl[8:]}:branch:default'
159             - 'queue:route:notify.email.${ownerEmail}.*'
160             - 'in-tree:hook-action:project-gecko/in-tree-action-${repository.level}-*'
161           else:
162             $if: 'tasks_for == "action"'
163             then:
164               # when all actions are hooks, we can calculate this directly rather than using a variable
165               - '${action.repo_scope}'
166             else:
167               - 'assume:repo:${repoUrl[8:]}:cron:${cron.job_name}'
169         dependencies: []
170         requires: all-completed
172         priority:
173           # Most times, there is plenty of worker capacity so everything runs
174           # quickly, but sometimes a storm of action tasks lands.  Then we
175           # want, from highest to lowest:
176           # - cron tasks (time-sensitive) (low)
177           # - action tasks (avoid interfering with the other two) (very-low)
178           # - decision tasks (minimize user-visible delay) (lowest)
179           # SCM levels all use different workerTypes, so there is no need for priority
180           # between levels; "low" is the highest priority available at all levels, and
181           # nothing runs at any higher priority on these workerTypes.
182           $if: "tasks_for == 'cron'"
183           then: low
184           else:
185             $if: "tasks_for == 'action'"
186             then: very-low
187             else: lowest  # tasks_for == 'hg-push'
188         retries: 5
190         payload:
191           env:
192             # checkout-gecko uses these to check out the source; the inputs
193             # to `mach taskgraph decision` are all on the command line.
194             $merge:
195               - GECKO_BASE_REPOSITORY: 'https://hg.mozilla.org/mozilla-unified'
196                 GECKO_HEAD_REPOSITORY: '${repoUrl}'
197                 GECKO_HEAD_REF: '${push.revision}'
198                 GECKO_HEAD_REV: '${push.revision}'
199                 HG_STORE_PATH: /builds/worker/checkouts/hg-store
200                 TASKCLUSTER_CACHES: /builds/worker/checkouts
201                 # mach generates pyc files when reading `mach_commands.py`
202                 # This causes cached_task digest generation to be random for
203                 # some tasks. Disable bytecode generation to work around that.
204                 PYTHONDONTWRITEBYTECODE: '1'
205                 # someday, these will be provided by the worker - Bug 1492664
206                 TASKCLUSTER_ROOT_URL: https://taskcluster.net
207                 TASKCLUSTER_PROXY_URL: http://taskcluster
208               - $if: 'tasks_for == "action"'
209                 then:
210                   ACTION_TASK_GROUP_ID: '${action.taskGroupId}'     # taskGroupId of the target task
211                   ACTION_TASK_ID: {$json: {$eval: 'taskId'}} # taskId of the target task (JSON-encoded)
212                   ACTION_INPUT: {$json: {$eval: 'input'}}
213                   ACTION_CALLBACK: '${action.cb_name}'
215           cache:
216             gecko-level-${repository.level}-checkouts-sparse-v2: /builds/worker/checkouts
218           features:
219             taskclusterProxy: true
220             chainOfTrust: true
222           # Note: This task is built server side without the context or tooling that
223           # exist in tree so we must hard code the hash
224           image: 'taskcluster/decision:2.2.0@sha256:0e9689e94605eb8395f5b49141a48148416b0d825f6f7be04c29642d1a85ee3d'
226           maxRunTime: 1800
228           command:
229             - /builds/worker/bin/run-task
230             - '--gecko-checkout=/builds/worker/checkouts/gecko'
231             - '--gecko-sparse-profile=build/sparse-profiles/taskgraph'
232             - '--'
233             - bash
234             - -cx
235             - $let:
236                 extraArgs: {$if: 'tasks_for == "cron"', then: '${cron.quoted_args}', else: ''}
237               in:
238                 $if: 'tasks_for == "action"'
239                 then: >
240                   cd /builds/worker/checkouts/gecko &&
241                   ln -s /builds/worker/artifacts artifacts &&
242                   ./mach --log-no-times taskgraph action-callback
243                 else: >
244                   cd /builds/worker/checkouts/gecko &&
245                   ln -s /builds/worker/artifacts artifacts &&
246                   ./mach --log-no-times taskgraph decision
247                   --pushlog-id='${push.pushlog_id}'
248                   --pushdate='${push.pushdate}'
249                   --project='${repository.project}'
250                   --owner='${ownerEmail}'
251                   --level='${repository.level}'
252                   --tasks-for='${tasks_for}'
253                   --base-repository="$GECKO_BASE_REPOSITORY"
254                   --head-repository="$GECKO_HEAD_REPOSITORY"
255                   --head-ref="$GECKO_HEAD_REF"
256                   --head-rev="$GECKO_HEAD_REV"
257                   ${extraArgs}
259           artifacts:
260             'public':
261               type: 'directory'
262               path: '/builds/worker/artifacts'
263               expires: {$eval: expires}
265         extra:
266           $merge:
267             - treeherder:
268                 $merge:
269                   - machine:
270                       platform: gecko-decision
271                   - $if: 'tasks_for == "hg-push"'
272                     then:
273                       symbol: D
274                     else:
275                       $if: 'tasks_for == "action"'
276                       then:
277                         groupName: 'action-callback'
278                         groupSymbol: AC
279                         symbol: "${action.symbol}"
280                       else:
281                         groupSymbol: cron
282                         symbol: "${cron.job_symbol}"
283             - $if: 'tasks_for == "action"'
284               then:
285                 parent: '${action.taskGroupId}'
286                 action:
287                   name: '${action.name}'
288                   context:
289                     taskGroupId: '${action.taskGroupId}'
290                     taskId: {$eval: 'taskId'}
291                     input: {$eval: 'input'}
292                     clientId: {$eval: 'clientId'}
293             - $if: 'tasks_for == "cron"'
294               then:
295                 cron: {$json: {$eval: 'cron'}}
296             - tasks_for: '${tasks_for}'
297             # Email for all pushes should link to treeherder
298             - $if: 'tasks_for == "hg-push"'
299               then:
300                 notify:
301                   email:
302                     $merge:
303                       - link:
304                           text: "Treeherder Jobs"
305                           href: "https://treeherder.mozilla.org/#/jobs?repo=${repository.project}&revision=${push.revision}"
306                       # Email for try pushes should thank you for your revision
307                       - $if: 'repository.project == "try"'
308                         then:
309                           subject: "Thank you for your try submission of ${push.revision}. It's the best!"
310                           content: "Your try push has been submitted. It's the best! Use the link to view the status of your jobs."