Bug 1481121: [release] Record signed artifacts in `release-artifacts`; r=Callek
authorTom Prince <mozilla@hocat.ca>
Mon, 20 Aug 2018 12:29:58 -0600
changeset 433916 d08523e5c65744629acae475dd3ec2734a52c2d9
parent 433915 a702b39447f197ed7ec5d89416c6642505a5411d
child 433917 6c58897fc9956b2c47d8a79d073bcca5ff46acf3
push id107201
push usermozilla@hocat.ca
push dateWed, 29 Aug 2018 18:17:27 +0000
treeherdermozilla-inbound@b6a3ea1e6c1b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersCallek
bugs1481121
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1481121: [release] Record signed artifacts in `release-artifacts`; r=Callek Differential Revision: https://phabricator.services.mozilla.com/D3815
taskcluster/taskgraph/transforms/task.py
taskcluster/taskgraph/util/signed_artifacts.py
--- a/taskcluster/taskgraph/transforms/task.py
+++ b/taskcluster/taskgraph/transforms/task.py
@@ -28,16 +28,17 @@ from taskgraph.util.schema import (
     resolve_keyed_by,
     OptimizationSchema,
 )
 from taskgraph.util.scriptworker import (
     BALROG_ACTIONS,
     get_release_config,
     add_scope_prefix,
 )
+from taskgraph.util.signed_artifacts import get_signed_artifacts
 from voluptuous import Any, Required, Optional, Extra
 from taskgraph import GECKO, MAX_DEPENDENCIES
 from ..util import docker as dockerutil
 
 RUN_TASK = os.path.join(GECKO, 'taskcluster', 'scripts', 'run-task')
 
 
 @memoize
@@ -1035,16 +1036,26 @@ def build_generic_worker_payload(config,
 def build_scriptworker_signing_payload(config, task, task_def):
     worker = task['worker']
 
     task_def['payload'] = {
         'maxRunTime': worker['max-run-time'],
         'upstreamArtifacts':  worker['upstream-artifacts']
     }
 
+    artifacts = set(task.get('release-artifacts', []))
+    for upstream_artifact in worker['upstream-artifacts']:
+        for path in upstream_artifact['paths']:
+            artifacts.update(get_signed_artifacts(
+                input=path,
+                formats=upstream_artifact['formats'],
+            ))
+
+    task['release-artifacts'] = list(artifacts)
+
 
 @payload_builder('binary-transparency')
 def build_binary_transparency_payload(config, task, task_def):
     release_config = get_release_config(config)
 
     task_def['payload'] = {
         'version': release_config['version'],
         'chain': 'TRANSPARENCY.pem',
--- a/taskcluster/taskgraph/util/signed_artifacts.py
+++ b/taskcluster/taskgraph/util/signed_artifacts.py
@@ -92,8 +92,23 @@ def _strip_widevine_for_partners(artifac
     """ Partner repacks should not resign that's previously signed for fear of breaking partial
     updates
     """
     for spec in artifacts_specifications:
         if 'widevine' in spec['formats']:
             spec['formats'].remove('widevine')
 
     return artifacts_specifications
+
+
+def get_signed_artifacts(input, formats):
+    """
+    Get the list of signed artifacts for the given input and formats.
+    """
+    artifacts = set()
+    if input.endswith('.dmg'):
+        artifacts.add(input.replace('.dmg', '.tar.gz'))
+    else:
+        artifacts.add(input)
+    if 'gpg' in formats:
+        artifacts.add('{}.asc'.format(input))
+
+    return artifacts