Bug 1508056 - Create function for determining autographing scope. r=aki a=release
authorRob Lemley <rob@thunderbird.net>
Thu, 13 Dec 2018 09:10:00 +0000
changeset 506229 9eff0feefcf92ed0cd1232c484686108965f4474
parent 506228 6f8e2bdfd8b61347c2ccd7a29841ef277d055d04
child 506230 d2bd2bb0c329208ce96e3c6fcb5e741f88c35227
push id10337
push userasasaki@mozilla.com
push dateFri, 14 Dec 2018 22:26:06 +0000
treeherdermozilla-beta@9eff0feefcf9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaki, release
bugs1508056, 1501878
milestone65.0
Bug 1508056 - Create function for determining autographing scope. r=aki a=release The deferred mar signing feature in Bug 1501878 has a taskcluster scope value in mar_signing.py hardcoded to something Firefox specific. This patch introduces a new function, get_autograph_format_scope, that will produce the right value for Firefox and Thunderbird. Differential Revision: https://phabricator.services.mozilla.com/D13567
taskcluster/taskgraph/transforms/mar_signing.py
taskcluster/taskgraph/util/scriptworker.py
--- a/taskcluster/taskgraph/transforms/mar_signing.py
+++ b/taskcluster/taskgraph/transforms/mar_signing.py
@@ -8,16 +8,17 @@ from __future__ import absolute_import, 
 
 import os
 
 from taskgraph.transforms.base import TransformSequence
 from taskgraph.util.attributes import copy_attributes_from_dependent_job, sorted_unique_list
 from taskgraph.util.scriptworker import (
     get_signing_cert_scope_per_platform,
     get_worker_type_for_scope,
+    get_autograph_format_scope,
 )
 from taskgraph.util.partials import get_balrog_platform_name, get_partials_artifacts
 from taskgraph.util.taskcluster import get_artifact_prefix
 from taskgraph.util.treeherder import join_symbol
 
 import logging
 logger = logging.getLogger(__name__)
 
@@ -125,18 +126,19 @@ def make_task_description(config, jobs):
         else:
             upstream_artifacts = generate_complete_artifacts(dep_job)
 
         build_platform = dep_job.attributes.get('build_platform')
         is_nightly = dep_job.attributes.get('nightly')
         signing_cert_scope = get_signing_cert_scope_per_platform(
             build_platform, is_nightly, config
         )
+        autograph_hash_format_scope = get_autograph_format_scope(config)
 
-        scopes = [signing_cert_scope, 'project:releng:signing:format:autograph_hash_only_mar384']
+        scopes = [signing_cert_scope, autograph_hash_format_scope]
         if any("mar" in upstream_details["formats"] for upstream_details in upstream_artifacts):
             scopes.append('project:releng:signing:format:mar')
 
         task = {
             'label': label,
             'description': "{} {}".format(
                 dep_job.task["metadata"]["description"], job['description-suffix']),
             'worker-type': get_worker_type_for_scope(config, signing_cert_scope),
--- a/taskcluster/taskgraph/util/scriptworker.py
+++ b/taskcluster/taskgraph/util/scriptworker.py
@@ -366,16 +366,20 @@ def get_signing_cert_scope_per_platform(
     if 'devedition' in build_platform:
         return get_devedition_signing_cert_scope(config)
     elif is_nightly or build_platform in ('firefox-source', 'fennec-source', 'thunderbird-source'):
         return get_signing_cert_scope(config)
     else:
         return add_scope_prefix(config, 'signing:cert:dep-signing')
 
 
+def get_autograph_format_scope(config):
+    return add_scope_prefix(config, 'signing:format:autograph_hash_only_mar384')
+
+
 def get_worker_type_for_scope(config, scope):
     """Get the scriptworker type that will accept the given scope.
 
     Args:
         config (TransformConfig): The configuration for the kind being transformed.
         scope (string): The scope being used.
 
     Returns: