# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. --- version: 1 reporting: checks-v1 policy: allowComments: collaborators pullRequests: public tasks: - $let: trustDomain: app-services isPullRequest: $eval: 'tasks_for == "github-pull-request" || tasks_for == "github-issue-comment"' pullRequestAction: $if: 'tasks_for == "github-pull-request"' then: ${event.action} else: 'UNDEFINED' issueCommentAction: $if: 'tasks_for == "github-issue-comment"' then: ${event.action} else: 'UNDEFINED' ownTaskId: $if: '"github" in tasks_for' then: {$eval: as_slugid("decision_task")} else: $if: 'tasks_for == "cron"' then: '${ownTaskId}' in: $let: # Github events have this stuff in different places ownerEmail: $switch: 'tasks_for == "github-push"': '${event.pusher.email}' isPullRequest: '${event.pull_request.user.login}@users.noreply.github.com' 'tasks_for in ["cron", "action"]': '${tasks_for}@noreply.mozilla.org' baseRepoUrl: $switch: 'tasks_for == "github-push"': '${event.repository.html_url}' isPullRequest: '${event.pull_request.base.repo.html_url}' 'tasks_for in ["cron", "action"]': '${repository.url}' repoUrl: $switch: 'tasks_for == "github-push"': '${event.repository.html_url}' isPullRequest: '${event.pull_request.head.repo.html_url}' 'tasks_for in ["cron", "action"]': '${repository.url}' project: $switch: 'tasks_for == "github-push"': '${event.repository.name}' isPullRequest: '${event.pull_request.head.repo.name}' 'tasks_for in ["cron", "action"]': '${repository.project}' head_branch: $switch: 'tasks_for == "github-push"': ${event.ref} isPullRequest: ${event.pull_request.head.ref} 'tasks_for in ["cron", "action"]': '${push.branch}' head_sha: $switch: 'tasks_for == "github-push"': '${event.after}' isPullRequest: '${event.pull_request.head.sha}' 'tasks_for in ["cron", "action"]': '${push.revision}' in: $if: > tasks_for in ["action", "cron"] || (isPullRequest && pullRequestAction in ["opened", "reopened", "synchronize"]) || (isPullRequest && issueCommentAction in ["created", "edited"]) || (tasks_for == "github-push" && (head_branch == "refs/heads/main" || head_branch[:19] == "refs/heads/release-")) then: $let: level: $if: 'tasks_for in ["github-push", "action", "cron"] && repoUrl == "https://github.com/mozilla/application-services"' then: '3' else: '1' short_head_branch: $if: 'head_branch[:11] == "refs/heads/"' then: {$eval: 'head_branch[11:]'} in: $mergeDeep: - $if: 'tasks_for != "action"' then: taskId: '${ownTaskId}' - taskGroupId: $if: 'tasks_for == "action"' then: '${action.taskGroupId}' else: '${ownTaskId}' # same as taskId; this is how automation identifies a decision task schedulerId: '${trustDomain}-level-${level}' created: {$fromNow: ''} deadline: {$fromNow: '1 day'} expires: {$fromNow: '1 year 1 second'} # 1 second so artifacts expire first, despite rounding errors metadata: $merge: - owner: "${ownerEmail}" source: '${repoUrl}/raw/${head_sha}/.taskcluster.yml' - $if: 'tasks_for in ["github-push", "github-pull-request", "github-issue-comment"]' then: name: "Decision Task (${tasks_for[7:]})" # strip out "github-" from tasks_for description: 'The task that creates all of the other tasks in the task graph' else: $if: 'tasks_for == "action"' then: name: "Action: ${action.title}" description: | ${action.description} Action triggered by clientID `${clientId}` else: name: "Decision Task for cron job ${cron.job_name}" description: 'Created by a [cron task](https://firefox-ci-tc.services.mozilla.com/tasks/${cron.task_id})' provisionerId: "app-services-${level}" workerType: "decision" tags: $if: 'tasks_for in ["github-push", "github-pull-request", "github-issue-comment"]' then: kind: decision-task else: $if: 'tasks_for == "action"' then: kind: 'action-callback' else: $if: 'tasks_for == "cron"' then: kind: cron-task routes: $flattenDeep: - checks # We check for not pull-request instead of level 3 to support `staging-application-services`. # This is ok as ${project} uniquely identifies the repo within this trust domain, and each # project only has scopes to its own index namespace, so namespace collisions shouldn't happen. - $if: '!isPullRequest' then: - $if: 'tasks_for == "github-push"' then: - index.project.${project}.v2.branch.${short_head_branch}.latest.taskgraph.decision - index.project.${project}.v2.branch.${short_head_branch}.revision.${head_sha}.taskgraph.decision - index.${trustDomain}.v2.${project}.revision.${head_sha}.taskgraph.decision - $if: 'tasks_for == "cron"' then: # cron context provides ${head_branch} as a short one - index.project.${project}.v2.branch.${head_branch}.latest.taskgraph.decision-${cron.job_name} - index.project.${project}.v2.branch.${head_branch}.revision.${head_sha}.taskgraph.decision-${cron.job_name} - index.project.${project}.v2.branch.${head_branch}.revision.${head_sha}.taskgraph.cron.${ownTaskId} scopes: $if: 'tasks_for == "github-push"' then: # `https://` is 8 characters so, ${repoUrl[8:]} is the repository without the protocol. - 'assume:repo:${repoUrl[8:]}:branch:${short_head_branch}' else: $if: isPullRequest then: - 'assume:repo:github.com/${event.pull_request.base.repo.full_name}:pull-request' else: $if: 'tasks_for == "action"' then: # when all actions are hooks, we can calculate this directly rather than using a variable - '${action.repo_scope}' else: - 'assume:repo:${repoUrl[8:]}:cron:${cron.job_name}' requires: all-completed priority: lowest retries: 5 payload: env: # run-task uses these to check out the source; the inputs # to `mach taskgraph decision` are all on the command line. $merge: - APPSERVICES_BASE_REPOSITORY: '${baseRepoUrl}' APPSERVICES_HEAD_REPOSITORY: '${repoUrl}' APPSERVICES_HEAD_REF: '${head_branch}' APPSERVICES_HEAD_REV: '${head_sha}' APPSERVICES_PIP_REQUIREMENTS: taskcluster/requirements.txt APPSERVICES_REPOSITORY_TYPE: git REPOSITORIES: {$json: {appservices: "Application Services"}} ANDROID_SDK_ROOT: /builds/worker/android-sdk MOZ_FETCHES_DIR: /builds/worker/fetches TASKCLUSTER_CACHES: /builds/worker/checkouts - $if: 'tasks_for in ["github-pull-request"]' then: APPSERVICES_PULL_REQUEST_TITLE: '${event.pull_request.title}' APPSERVICES_PULL_REQUEST_NUMBER: '${event.pull_request.number}' - $if: 'tasks_for == "action"' then: ACTION_TASK_GROUP_ID: '${action.taskGroupId}' ACTION_TASK_ID: {$json: {$eval: 'taskId'}} ACTION_INPUT: {$json: {$eval: 'input'}} ACTION_CALLBACK: '${action.cb_name}' cache: "${trustDomain}-level-${level}-checkouts-v1": /builds/worker/checkouts features: taskclusterProxy: true chainOfTrust: true # Note: This task is built server side without the context or tooling that # exist in tree so we must hard code the hash image: mozillareleases/taskgraph:decision-v11.2.4@sha256:eb53b1ca6b86b1344d61f55aab77b130048c0ae007eef181ec82eec327e91e07 maxRunTime: 1800 command: - /usr/local/bin/run-task - '--appservices-checkout=/builds/worker/checkouts/vcs' - '--task-cwd=/builds/worker/checkouts/vcs' - '--' - bash - -cx - $let: # Can't use $switch statement here, see https://github.com/json-e/json-e/issues/541 extraArgs: $if: 'tasks_for == "cron"' then: '${cron.quoted_args}' else: $if: 'tasks_for == "github-issue-comment" && event.taskcluster_comment == "ci full"' then: '--target-tasks-method=pr-full' else: '' in: $if: 'tasks_for == "action"' then: > ln -s /builds/worker/artifacts artifacts && taskgraph action-callback else: > ln -s /builds/worker/artifacts artifacts && taskgraph decision --pushlog-id='0' --pushdate='0' --project='${project}' --message="" --owner='${ownerEmail}' --level='${level}' --base-repository="$APPSERVICES_BASE_REPOSITORY" --head-repository="$APPSERVICES_HEAD_REPOSITORY" --head-ref="$APPSERVICES_HEAD_REF" --head-rev="$APPSERVICES_HEAD_REV" --repository-type="$APPSERVICES_REPOSITORY_TYPE" --tasks-for='${tasks_for}' ${extraArgs} artifacts: 'public': type: 'directory' path: '/builds/worker/artifacts' expires: {$fromNow: '1 year'} 'public/docker-contexts': type: 'directory' path: '/builds/worker/checkouts/vcs/docker-contexts' # This needs to be at least the deadline of the # decision task + the docker-image task deadlines. # It is set to a week to allow for some time for # debugging, but they are not useful long-term. expires: {$fromNow: '7 day'} extra: $merge: - treeherder: $merge: - machine: platform: gecko-decision - $if: 'tasks_for in ["github-push", "github-pull-request"]' then: symbol: D else: $if: 'tasks_for == "action"' then: groupName: 'action-callback' groupSymbol: AC symbol: "${action.symbol}" - $if: 'tasks_for == "action"' then: parent: '${action.taskGroupId}' action: name: '${action.name}' context: taskGroupId: '${action.taskGroupId}' taskId: {$eval: 'taskId'} input: {$eval: 'input'} clientId: {$eval: 'clientId'} - $if: 'tasks_for == "cron"' then: cron: {$json: {$eval: 'cron'}} - tasks_for: '${tasks_for}'