Bug 1411688 - Part 2: Include secrets in Android single-locale repacks. r=aki
☠☠ backed out by a73e202ca31d ☠ ☠
authorNick Alexander <nalexander@mozilla.com>
Thu, 02 Nov 2017 10:03:01 -0700
changeset 440948 866854a996b8671c8fbe1f7f6e2cfc3329727ae2
parent 440947 34f83aab44e6c0a68a448c3c10f61267c0eb649e
child 440949 8ba514bd8ed6265d08ba97592111933ad2542546
push id8120
push userryanvm@gmail.com
push dateSat, 04 Nov 2017 17:45:29 +0000
treeherdermozilla-beta@78568f0b1068 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaki
bugs1411688
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1411688 - Part 2: Include secrets in Android single-locale repacks. r=aki Single-locale repacks need to run aapt (--without-gradle) or Gradle (--with-gradle). When running --with-gradle, they need to compile the Java source code again (in order to produce a fresh R.java with correct IDs). That compile will be part of the shipping APK, so it needs to be configured "the same" as the underlying repacked. *This is a significant change in behaviour, but necessary to support newer Gradle/aapt versions, which do not maintain R.java ID mappings across invocations.* Part of the configuration are the secret keys and features that are gated on them. This commit makes those secrets available to single-locale repacks. MozReview-Commit-ID: 4REPsIb5TgN
taskcluster/ci/l10n/kind.yml
taskcluster/ci/nightly-l10n/kind.yml
taskcluster/taskgraph/transforms/l10n.py
testing/mozharness/configs/single_locale/tc_android-api-16.py
testing/mozharness/scripts/mobile_l10n.py
--- a/taskcluster/ci/l10n/kind.yml
+++ b/taskcluster/ci/l10n/kind.yml
@@ -41,16 +41,20 @@ job-template:
          android-api-16-l10n: 18000
    docker-image:
       by-build-platform:
          default:
            in-tree: desktop-build
          android-api-16-l10n:
            in-tree: android-build
          win.*: null
+   secrets:
+      by-build-platform:
+         default: false
+         android-api-16-l10n: true
    toolchains:
       by-build-platform:
          default: []
          android-api-16-l10n:
             - android-gradle-dependencies
             - android-sdk-linux
             - proguard-jar
    tooltool:
@@ -105,17 +109,18 @@ job-template:
                - total-chunks=1
                - this-chunk=1
             default:
                - total-chunks=1
                - this-chunk=1
       actions:
          by-build-platform:
             default: [clone-locales list-locales setup repack summary]
-            android-api-16-l10n: [clone-locales list-locales setup repack
+            android-api-16-l10n: [get-secrets
+                                  clone-locales list-locales setup repack
                                   upload-repacks summary]
       script:
          by-build-platform:
             default: mozharness/scripts/desktop_l10n.py
             android-api-16-l10n: mozharness/scripts/mobile_l10n.py
    when:
       files-changed:
          - browser/locales/l10n-changesets.json
--- a/taskcluster/ci/nightly-l10n/kind.yml
+++ b/taskcluster/ci/nightly-l10n/kind.yml
@@ -44,16 +44,20 @@ job-template:
          android-api-16-nightly: 18000
    docker-image:
       by-build-platform:
          default:
            in-tree: desktop-build
          android-api-16-nightly:
            in-tree: android-build
          win.*: null
+   secrets:
+      by-build-platform:
+         default: false
+         android-api-16-nightly: true
    toolchains:
       by-build-platform:
          default: []
          android-api-16-nightly:
             - android-gradle-dependencies
             - android-sdk-linux
             - proguard-jar
    tooltool:
@@ -166,14 +170,15 @@ job-template:
                - config=single_locale/tc_win64.py
                - config=taskcluster_nightly.py
                - revision=$GECKO_HEAD_REV
             default: [ ]
       actions:
          by-build-platform:
             default: ['clone-locales', 'list-locales', 'setup', 'repack',
                       'submit-to-balrog', 'summary']
-            android-api-16-nightly: ['clone-locales', 'list-locales', 'setup', 'repack',
+            android-api-16-nightly: ['get-secrets',
+                                     'clone-locales', 'list-locales', 'setup', 'repack',
                                      'upload-repacks', 'submit-to-balrog', 'summary']
       script:
          by-build-platform:
             default: mozharness/scripts/desktop_l10n.py
             android-api-16-nightly: mozharness/scripts/mobile_l10n.py
--- a/taskcluster/taskgraph/transforms/l10n.py
+++ b/taskcluster/taskgraph/transforms/l10n.py
@@ -102,16 +102,23 @@ l10n_description_schema = Schema({
     Required('docker-image'): _by_platform(Any(
         # an in-tree generated docker image (from `taskcluster/docker/<name>`)
         {'in-tree': basestring},
         None,
     )),
 
     Optional('toolchains'): _by_platform([basestring]),
 
+    # The set of secret names to which the task has access; these are prefixed
+    # with `project/releng/gecko/{treeherder.kind}/level-{level}/`.  Setting
+    # this will enable any worker features required and set the task's scopes
+    # appropriately.  `true` here means ['*'], all secrets.  Not supported on
+    # Windows
+    Required('secrets', default=False): _by_platform(Any(bool, [basestring])),
+
     # Information for treeherder
     Required('treeherder'): {
         # Platform to display the task on in treeherder
         Required('platform'): _by_platform(basestring),
 
         # Symbol to use
         Required('symbol'): basestring,
 
@@ -246,16 +253,17 @@ def handle_keyed_by(config, jobs):
     """Resolve fields that can be keyed by platform, etc."""
     fields = [
         "locales-file",
         "locales-per-chunk",
         "worker-type",
         "description",
         "run-time",
         "docker-image",
+        "secrets",
         "toolchains",
         "tooltool",
         "env",
         "ignore-locales",
         "mozharness.config",
         "mozharness.options",
         "mozharness.actions",
         "mozharness.script",
@@ -380,16 +388,17 @@ def make_job_description(config, jobs):
             'description': job['description'],
             'run': {
                 'using': 'mozharness',
                 'job-script': 'taskcluster/scripts/builder/build-l10n.sh',
                 'config': job['mozharness']['config'],
                 'script': job['mozharness']['script'],
                 'actions': job['mozharness']['actions'],
                 'options': job['mozharness']['options'],
+                'secrets': job['secrets'],
             },
             'attributes': job['attributes'],
             'treeherder': {
                 'kind': 'build',
                 'tier': job['treeherder']['tier'],
                 'symbol': job['treeherder']['symbol'],
                 'platform': job['treeherder']['platform'],
             },
--- a/testing/mozharness/configs/single_locale/tc_android-api-16.py
+++ b/testing/mozharness/configs/single_locale/tc_android-api-16.py
@@ -10,9 +10,42 @@ config = {
     "tooltool_servers": ['http://relengapi/tooltool/'],
 
     "upload_env": {
         'UPLOAD_HOST': 'localhost',
         'UPLOAD_PATH': '/builds/worker/artifacts/',
     },
     "mozilla_dir": "src/",
     "simple_name_move": True,
+    'secret_files': [
+        {'filename': '/builds/gapi.data',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/gapi.data',
+         'min_scm_level': 1},
+        {'filename': '/builds/mozilla-fennec-geoloc-api.key',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/mozilla-fennec-geoloc-api.key',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/adjust-sdk.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/adjust-sdk.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/adjust-sdk-beta.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/adjust-sdk-beta.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/leanplum-sdk-release.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/leanplum-sdk-release.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/leanplum-sdk-beta.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/leanplum-sdk-beta.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/leanplum-sdk-nightly.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/leanplum-sdk-nightly.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/pocket-api-release.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/pocket-api-release.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/pocket-api-beta.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/pocket-api-beta.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+        {'filename': '/builds/pocket-api-nightly.token',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/pocket-api-nightly.token',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+
+    ],
 }
--- a/testing/mozharness/scripts/mobile_l10n.py
+++ b/testing/mozharness/scripts/mobile_l10n.py
@@ -33,26 +33,27 @@ from mozharness.base.transfer import Tra
 from mozharness.mozilla.buildbot import BuildbotMixin
 from mozharness.mozilla.purge import PurgeMixin
 from mozharness.mozilla.release import ReleaseMixin
 from mozharness.mozilla.signing import MobileSigningMixin
 from mozharness.mozilla.tooltool import TooltoolMixin
 from mozharness.base.vcs.vcsbase import MercurialScript
 from mozharness.mozilla.l10n.locales import LocalesMixin
 from mozharness.mozilla.mock import MockMixin
+from mozharness.mozilla.secrets import SecretsMixin
 from mozharness.mozilla.updates.balrog import BalrogMixin
 from mozharness.base.python import VirtualenvMixin
 from mozharness.mozilla.taskcluster_helper import Taskcluster
 
 
 # MobileSingleLocale {{{1
 class MobileSingleLocale(MockMixin, LocalesMixin, ReleaseMixin,
                          MobileSigningMixin, TransferMixin, TooltoolMixin,
                          BuildbotMixin, PurgeMixin, MercurialScript, BalrogMixin,
-                         VirtualenvMixin):
+                         VirtualenvMixin, SecretsMixin):
     config_options = [[
         ['--locale', ],
         {"action": "extend",
          "dest": "locales",
          "type": "string",
          "help": "Specify the locale(s) to sign and update"
          }
     ], [
@@ -119,16 +120,17 @@ class MobileSingleLocale(MockMixin, Loca
          "type": "string",
          "help": "Override the gecko revision to use (otherwise use buildbot supplied"
                  " value, or en-US revision) "}
     ]]
 
     def __init__(self, require_config_file=True):
         buildscript_kwargs = {
             'all_actions': [
+                "get-secrets",
                 "clobber",
                 "pull",
                 "clone-locales",
                 "list-locales",
                 "setup",
                 "repack",
                 "validate-repacks-signed",
                 "upload-repacks",