Bug 1613281 - Follow-up: Allow for empty format lists on notarized signing jobs. r=darktrojan
authorRob Lemley <rob@thunderbird.net>
Wed, 26 Feb 2020 17:22:22 -0500
changeset 37440 3f02fbbeaffa2f39fba0cada8c6180d343f40a40
parent 37439 b6948968da8c459ded34fc2e929d21222962cba8
child 37441 f12bdc4069d5d2b4cb6adfc14ffd8131e3a958ca
push id2566
push userclokep@gmail.com
push dateMon, 09 Mar 2020 19:20:31 +0000
treeherdercomm-beta@a352facfa0a4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdarktrojan
bugs1613281
Bug 1613281 - Follow-up: Allow for empty format lists on notarized signing jobs. r=darktrojan Signing jobs that are step-3 of macOS notarization will not have any formats in the payload. For regular signing jobs that's not valid, but it is in this case. It's possible to set up macOS a build-signing job without notarization, so checking the platform and kind may not be sufficient.
taskcluster/comm_taskgraph/transforms/signing.py
--- a/taskcluster/comm_taskgraph/transforms/signing.py
+++ b/taskcluster/comm_taskgraph/transforms/signing.py
@@ -1,19 +1,31 @@
 #  This Source Code Form is subject to the terms of the Mozilla Public
 #  License, v. 2.0. If a copy of the MPL was not distributed with this
 #  file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 from __future__ import absolute_import, print_function, unicode_literals
 
+from taskgraph.util.signed_artifacts import is_notarization_kind
+
 from taskgraph.transforms.base import TransformSequence
 
 transforms = TransformSequence()
 
 
+def check_notarization(dependencies):
+    """
+    Determine whether a signing job is the last step of a notarization
+    by looking at its dependencies.
+    """
+    for dep in dependencies:
+        if is_notarization_kind(dep):
+            return True
+
+
 @transforms.add
 def remove_widevine(config, jobs):
     """
     Remove references to widevine signing.
 
     This is to avoid adding special cases for handling signed artifacts
     in mozilla-central code. Artifact signature formats are determined in
     taskgraph.util.signed_artifacts. There's no override mechanism so we
@@ -44,16 +56,32 @@ def no_sign_langpacks(config, jobs):
         task = job['task']
         payload = task['payload']
 
         if 'upstreamArtifacts' in payload:
             for artifact in payload['upstreamArtifacts']:
                 if 'autograph_langpack' in artifact.get('formats', []):
                     artifact['formats'].remove('autograph_langpack')
 
-                if 'formats' in artifact:
-                    if not artifact['formats']:  # length zero list is False
+        yield job
+
+
+@transforms.add
+def check_for_no_formats(config, jobs):
+    """
+    Check for signed artifacts without signature formats and remove them to
+    avoid scriptworker errors.
+    Signing jobs that use macOS notarization do not have formats, so keep
+    those.
+    """
+    for job in jobs:
+        if not check_notarization(job['dependencies']):
+            task = job['task']
+            payload = task['payload']
+
+            if 'upstreamArtifacts' in payload:
+                for artifact in payload['upstreamArtifacts']:
+                    if 'formats' in artifact and not artifact['formats']:
                         for remove_path in artifact['paths']:
                             job['release-artifacts'].remove(remove_path)
 
                         payload['upstreamArtifacts'].remove(artifact)
-
         yield job