Bug 1529921: Use secrets from taskcluster for windows builds; r=aki
authorTom Prince <mozilla@hocat.ca>
Sun, 24 Feb 2019 09:24:52 +0000
changeset 518644 dac57a397973f6d36d7dd453cf52ecbdf3f95e5a
parent 518643 6bce33478b6b0645d81c5597ac84639f9d67beec
child 518645 94e616a3a7a0bed27cdf035b910895e9e658648b
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaki
bugs1529921
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1529921: Use secrets from taskcluster for windows builds; r=aki Differential Revision: https://phabricator.services.mozilla.com/D20849
browser/config/mozconfigs/win32/common-opt
browser/config/mozconfigs/win64-aarch64/common-opt
browser/config/mozconfigs/win64/common-opt
browser/config/mozconfigs/win64/nightly-asan-reporter
taskcluster/ci/build/windows.yml
taskcluster/ci/searchfox/kind.yml
taskcluster/taskgraph/transforms/job/common.py
taskcluster/taskgraph/transforms/job/hazard.py
taskcluster/taskgraph/transforms/job/mozharness.py
testing/mozharness/configs/builds/taskcluster_base_windows.py
--- a/browser/config/mozconfigs/win32/common-opt
+++ b/browser/config/mozconfigs/win32/common-opt
@@ -1,24 +1,19 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . "$topsrcdir/build/mozconfig.stylo"
 
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
 
-if [ -f /c/builds/gapi.data ]; then
-  _gapi_keyfile=c:/builds/gapi.data
-else
-  _gapi_keyfile=e:/builds/gapi.data
-fi
-ac_add_options --with-google-api-keyfile=${_gapi_keyfile}
+ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
 
-ac_add_options --with-mozilla-api-keyfile=c:/builds/mozilla-desktop-geoloc-api.key
+ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
 
 . $topsrcdir/build/win32/mozconfig.vs-latest
 
--- a/browser/config/mozconfigs/win64-aarch64/common-opt
+++ b/browser/config/mozconfigs/win64-aarch64/common-opt
@@ -1,24 +1,19 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . "$topsrcdir/build/mozconfig.stylo"
 
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
 
-if [ -f /c/builds/gapi.data ]; then
-  _gapi_keyfile=c:/builds/gapi.data
-else
-  _gapi_keyfile=e:/builds/gapi.data
-fi
-ac_add_options --with-google-api-keyfile=${_gapi_keyfile}
+ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
 
-ac_add_options --with-mozilla-api-keyfile=c:/builds/mozilla-desktop-geoloc-api.key
+ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
 
 . $topsrcdir/build/win64-aarch64/mozconfig.vs-latest
 
--- a/browser/config/mozconfigs/win64/common-opt
+++ b/browser/config/mozconfigs/win64/common-opt
@@ -1,24 +1,19 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . "$topsrcdir/build/mozconfig.stylo"
 
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
 
-if [ -f /c/builds/gapi.data ]; then
-  _gapi_keyfile=c:/builds/gapi.data
-else
-  _gapi_keyfile=e:/builds/gapi.data
-fi
-ac_add_options --with-google-api-keyfile=${_gapi_keyfile}
+ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
 
-ac_add_options --with-mozilla-api-keyfile=c:/builds/mozilla-desktop-geoloc-api.key
+ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
 
 . $topsrcdir/build/win64/mozconfig.vs-latest
 
--- a/browser/config/mozconfigs/win64/nightly-asan-reporter
+++ b/browser/config/mozconfigs/win64/nightly-asan-reporter
@@ -1,18 +1,13 @@
 MOZ_AUTOMATION_L10N_CHECK=0
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-if [ -f /c/builds/gapi.data ]; then
-  _gapi_keyfile=c:/builds/gapi.data
-else
-  _gapi_keyfile=e:/builds/gapi.data
-fi
-ac_add_options --with-google-api-keyfile=${_gapi_keyfile}
-ac_add_options --with-mozilla-api-keyfile=c:/builds/mozilla-desktop-geoloc-api.key
+ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 . "$topsrcdir/build/mozconfig.win-common"
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --disable-debug
 ac_add_options --enable-optimize="-O2 -gline-tables-only"
 ac_add_options --enable-address-sanitizer-reporter
 
--- a/taskcluster/ci/build/windows.yml
+++ b/taskcluster/ci/build/windows.yml
@@ -17,16 +17,17 @@ win32/debug:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
             - builds/taskcluster_sub_win32/debug.py
         mozconfig-variant: debug
     toolchains:
         - win64-clang-cl
@@ -51,16 +52,17 @@ win32/opt:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
         extra-config:
             stage_platform: win32
     run-on-projects: ['mozilla-central', 'try']
     toolchains:
@@ -86,16 +88,17 @@ win32/pgo:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 9000
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
         options: [enable-pgo, append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
         extra-config:
             stage_platform: win32
     toolchains:
         - win64-clang-cl
@@ -120,16 +123,17 @@ win64/debug:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/debug.py
         mozconfig-variant: debug
     toolchains:
         - win64-clang-cl
@@ -155,16 +159,17 @@ win64-fuzzing/debug:
     worker:
         max-run-time: 7200
         env:
             PERFHERDER_EXTRA_OPTIONS: fuzzing
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/debug.py
         mozconfig-variant: debug-fuzzing
     run-on-projects: ['trunk', 'try']
     toolchains:
@@ -187,16 +192,17 @@ win64-plain/debug:
         tier: 2
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 7200
         env:
             PERFHERDER_EXTRA_OPTIONS: plain
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
+        actions: [build, check-test]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
         extra-config:
             disable_package_metrics: true
@@ -224,16 +230,17 @@ win64/opt:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
         extra-config:
             stage_platform: win64
     run-on-projects: ['mozilla-central', 'try']
     toolchains:
@@ -303,19 +310,19 @@ win32-nightly/opt:
         symbol: N
         tier: 1
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 10800
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
-        actions: [build, check-test]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
             - taskcluster_nightly.py
         extra-config:
             stage_platform: win32
     toolchains:
@@ -342,19 +349,19 @@ win64-nightly/opt:
         symbol: N
         tier: 1
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 10800
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
-        actions: [build, check-test]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - taskcluster_nightly.py
         extra-config:
             stage_platform: win64
     toolchains:
@@ -379,16 +386,17 @@ win64/pgo:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 10800
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [enable-pgo, append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
         extra-config:
             stage_platform: win64
     toolchains:
         - win64-clang-cl
@@ -411,16 +419,17 @@ win32-add-on-devel/opt:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 10800
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: "mozharness/scripts/fx_desktop_build.py"
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
         extra-config:
             stage_platform: win32-add-on-devel
         mozconfig-variant: add-on-devel
     run-on-projects: ['mozilla-beta', 'mozilla-release']
@@ -445,16 +454,17 @@ win64-add-on-devel/opt:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 10800
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: "mozharness/scripts/fx_desktop_build.py"
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
         extra-config:
             stage_platform: win64-on-devel
         mozconfig-variant: add-on-devel
     run-on-projects: ['mozilla-beta', 'mozilla-release']
@@ -479,16 +489,17 @@ win64-noopt/debug:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/noopt_debug.py
         mozconfig-variant: noopt-debug
     run-on-projects: ['trunk', 'try']
     toolchains:
@@ -512,16 +523,17 @@ win32-noopt/debug:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
             - builds/taskcluster_sub_win32/noopt_debug.py
         mozconfig-variant: noopt-debug
     run-on-projects: ['trunk', 'try']
     toolchains:
@@ -544,19 +556,20 @@ win32-rusttests/opt:
         tier: 1
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 5400
         env:
             PERFHERDER_EXTRA_OPTIONS: rusttests
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
-        actions: [build]
+        actions: [get-secrets, build]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
         extra-config:
             stage_platform: win32-rusttests
             artifact_flag_build_variant_in_try: null
             build_targets: ['pre-export', 'export', 'recurse_rusttests']
@@ -582,19 +595,20 @@ win32-rusttests/debug:
         tier: 1
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 5400
         env:
             PERFHERDER_EXTRA_OPTIONS: rusttests
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
-        actions: [build]
+        actions: [get-secrets, build]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
         extra-config:
             stage_platform: win32-rusttests
             artifact_flag_build_variant_in_try: null
             build_targets: ['pre-export', 'export', 'recurse_rusttests']
@@ -620,18 +634,20 @@ win64-rusttests/opt:
         tier: 1
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 5400
         env:
             PERFHERDER_EXTRA_OPTIONS: rusttests
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
+        actions: [get-secrets, build]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/rusttests_opt.py
         mozconfig-variant: rusttests
     run-on-projects: ['trunk', 'try']
     toolchains:
@@ -653,18 +669,20 @@ win64-rusttests/debug:
         tier: 1
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 5400
         env:
             PERFHERDER_EXTRA_OPTIONS: rusttests
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
+        actions: [get-secrets, build]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/rusttests_opt.py
         mozconfig-variant: rusttests-debug
     run-on-projects: ['trunk', 'try']
     toolchains:
@@ -691,16 +709,17 @@ win64-ccov/debug:
               path: build\src\obj-firefox\code-coverage-grcov.zip
               type: file
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/ccov_debug.py
         mozconfig-variant: code-coverage
     run-on-projects: ['mozilla-central', 'try']
     toolchains:
@@ -728,16 +747,17 @@ win64-asan/debug:
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
             PERFHERDER_EXTRA_OPTIONS: "debug asan"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/asan_debug.py
         mozconfig-variant: debug-asan
     run-on-projects: ['trunk', 'try']
     toolchains:
@@ -762,16 +782,17 @@ win64-asan/opt:
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
             PERFHERDER_EXTRA_OPTIONS: "opt asan"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
         extra-config:
             stage_platform: win64-asan
         mozconfig-variant: nightly-asan
     run-on-projects: ['trunk', 'try']
@@ -803,16 +824,17 @@ win64-asan-reporter-nightly/opt:
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
             PERFHERDER_EXTRA_OPTIONS: "asan-reporter"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - builds/taskcluster_sub_win64/asan_reporter_opt.py
             - taskcluster_nightly.py
         extra-config:
             stage_platform: win64-asan-reporter
@@ -838,16 +860,17 @@ win64-asan-fuzzing/opt:
     worker:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
             PERFHERDER_EXTRA_OPTIONS: fuzzing-asan
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
         extra-config:
             stage_platform: win64-fuzzing-asan
         mozconfig-variant: nightly-fuzzing-asan
     run-on-projects: ['trunk', 'try']
@@ -884,16 +907,17 @@ win32-devedition-nightly/opt:
         tier: 1
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 10800
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win32/releng.manifest"
     run:
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         options: [enable-pgo, append-env-variables-from-configs]
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win32.py
             - taskcluster_nightly.py
         extra-config:
             stage_platform: win32-devedition
@@ -925,16 +949,17 @@ win64-devedition-nightly/opt:
     worker-type: aws-provisioner-v1/gecko-{level}-b-win2012
     worker:
         max-run-time: 10800
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
     run:
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
             - taskcluster_nightly.py
         extra-config:
             stage_platform: win64-devedition
         mozconfig-variant: devedition
@@ -963,16 +988,17 @@ win64-aarch64/debug:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/aarch64.manifest"
             PERFHERDER_EXTRA_OPTIONS: aarch64
     run:
         actions: [get-secrets, build]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_sub_win64/debug.py
         extra-config:
             mozconfig_platform: win64-aarch64
         mozconfig-variant: debug
     toolchains:
@@ -999,16 +1025,17 @@ win64-aarch64/opt:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/aarch64.manifest"
             PERFHERDER_EXTRA_OPTIONS: aarch64
     run:
         actions: [get-secrets, build]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - builds/taskcluster_base_win64.py
         extra-config:
             stage_platform: win64-aarch64
             mozconfig_platform: win64-aarch64
     toolchains:
@@ -1039,16 +1066,17 @@ win64-aarch64-nightly/opt:
         max-run-time: 7200
         env:
             TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/aarch64.manifest"
             PERFHERDER_EXTRA_OPTIONS: aarch64
     run:
         actions: [get-secrets, build]
         options: [append-env-variables-from-configs]
         script: mozharness/scripts/fx_desktop_build.py
+        secrets: true
         config:
             - builds/releng_base_firefox.py
             - builds/taskcluster_base_windows.py
             - taskcluster_nightly.py
         extra-config:
             stage_platform: win64-aarch64
             mozconfig_platform: win64-aarch64
     toolchains:
--- a/taskcluster/ci/searchfox/kind.yml
+++ b/taskcluster/ci/searchfox/kind.yml
@@ -99,16 +99,17 @@ jobs:
             max-run-time: 36000
             env:
                 TOOLTOOL_MANIFEST: "browser/config/tooltool-manifests/win64/releng.manifest"
                 PERFHERDER_EXTRA_OPTIONS: searchfox
                 RUSTC_BOOTSTRAP: "1"
                 MOZSEARCH_PLATFORM: "windows"
         run:
             using: mozharness
+            actions: [build]
             use-caches: false
             options: [append-env-variables-from-configs]
             script: mozharness/scripts/fx_desktop_build.py
             config:
                 - builds/releng_base_firefox.py
                 - builds/taskcluster_base_windows.py
                 - builds/taskcluster_base_win64.py
                 - builds/taskcluster_sub_win64/searchfox_debug.py
--- a/taskcluster/taskgraph/transforms/job/common.py
+++ b/taskcluster/taskgraph/transforms/job/common.py
@@ -186,17 +186,17 @@ def generic_worker_hg_commands(base_repo
             revision=head_rev,
             source_repo=head_repo,
             repo_name=head_repo.split('/')[-1]),
     ]
 
     return [' '.join(args), ' '.join(logging_args)]
 
 
-def docker_worker_setup_secrets(config, job, taskdesc):
+def setup_secrets(config, job, taskdesc):
     """Set up access to secrets via taskcluster-proxy.  The value of
     run['secrets'] should be a boolean or a list of secret names that
     can be accessed."""
     if not job['run'].get('secrets'):
         return
 
     taskdesc['worker']['taskcluster-proxy'] = True
     secrets = job['run']['secrets']
--- a/taskcluster/taskgraph/transforms/job/hazard.py
+++ b/taskcluster/taskgraph/transforms/job/hazard.py
@@ -8,17 +8,17 @@ Support for running hazard jobs via dedi
 from __future__ import absolute_import, print_function, unicode_literals
 
 from taskgraph.util.schema import Schema
 from voluptuous import Required, Optional, Any
 
 from taskgraph.transforms.job import run_job_using
 from taskgraph.transforms.job.common import (
     docker_worker_add_workspace_cache,
-    docker_worker_setup_secrets,
+    setup_secrets,
     docker_worker_add_artifacts,
     docker_worker_add_tooltool,
     support_vcs_checkout,
 )
 
 haz_run_schema = Schema({
     Required('using'): 'hazard',
 
@@ -45,17 +45,17 @@ def docker_worker_hazard(config, job, ta
     run = job['run']
 
     worker = taskdesc['worker']
     worker['artifacts'] = []
 
     docker_worker_add_artifacts(config, job, taskdesc)
     docker_worker_add_workspace_cache(config, job, taskdesc)
     docker_worker_add_tooltool(config, job, taskdesc)
-    docker_worker_setup_secrets(config, job, taskdesc)
+    setup_secrets(config, job, taskdesc)
     support_vcs_checkout(config, job, taskdesc)
 
     env = worker['env']
     env.update({
         'MOZ_BUILD_DATE': config.params['moz_build_date'],
         'MOZ_SCM_LEVEL': config.params['level'],
     })
 
--- a/taskcluster/taskgraph/transforms/job/mozharness.py
+++ b/taskcluster/taskgraph/transforms/job/mozharness.py
@@ -15,17 +15,17 @@ from textwrap import dedent
 
 from taskgraph.util.schema import Schema
 from voluptuous import Required, Optional, Any
 from voluptuous.validators import Match
 
 from taskgraph.transforms.job import run_job_using
 from taskgraph.transforms.job.common import (
     docker_worker_add_workspace_cache,
-    docker_worker_setup_secrets,
+    setup_secrets,
     docker_worker_add_artifacts,
     docker_worker_add_tooltool,
     generic_worker_add_artifacts,
     generic_worker_hg_commands,
     support_vcs_checkout,
 )
 
 mozharness_run_schema = Schema({
@@ -213,17 +213,17 @@ def mozharness_on_docker_worker_setup(co
 
     if run['tooltool-downloads']:
         internal = run['tooltool-downloads'] == 'internal'
         docker_worker_add_tooltool(config, job, taskdesc, internal=internal)
 
     # Retry if mozharness returns TBPL_RETRY
     worker['retry-exit-status'] = [4]
 
-    docker_worker_setup_secrets(config, job, taskdesc)
+    setup_secrets(config, job, taskdesc)
 
     command = [
         '{workdir}/bin/run-task'.format(**run),
         '--gecko-checkout', env['GECKO_PATH'],
     ]
     if run['comm-checkout']:
         command.append('--comm-checkout={workdir}/workspace/build/src/comm'.format(**run))
 
@@ -242,28 +242,29 @@ def mozharness_on_docker_worker_setup(co
                defaults=mozharness_defaults)
 def mozharness_on_generic_worker(config, job, taskdesc):
     assert job['worker']['os'] == 'windows', 'only supports windows right now'
 
     run = job['run']
 
     # fail if invalid run options are included
     invalid = []
-    for prop in ['tooltool-downloads',
-                 'secrets', 'taskcluster-proxy', 'need-xvfb']:
+    for prop in ['tooltool-downloads', 'taskcluster-proxy', 'need-xvfb']:
         if prop in run and run[prop]:
             invalid.append(prop)
     if not run.get('keep-artifacts', True):
         invalid.append('keep-artifacts')
     if invalid:
         raise Exception("Jobs run using mozharness on Windows do not support properties " +
                         ', '.join(invalid))
 
     worker = taskdesc['worker']
 
+    setup_secrets(config, job, taskdesc)
+
     taskdesc['worker'].setdefault('artifacts', []).append({
         'name': 'public/logs',
         'path': 'logs',
         'type': 'directory'
     })
     if not worker.get('skip-artifacts', False):
         generic_worker_add_artifacts(config, job, taskdesc)
     support_vcs_checkout(config, job, taskdesc)
--- a/testing/mozharness/configs/builds/taskcluster_base_windows.py
+++ b/testing/mozharness/configs/builds/taskcluster_base_windows.py
@@ -1,12 +1,13 @@
 import os
 
 config = {
     'default_actions': [
+        'get-secrets',
         'build',
         'check-test',
     ],
     'app_ini_path': '%(obj_dir)s/dist/bin/application.ini',
     'vcs_share_base': os.path.join('y:', os.sep, 'hg-shared'),
     'max_build_output_timeout': 60 * 80,
 
     'env': {
@@ -16,13 +17,22 @@ config = {
         'HG_SHARE_BASE_DIR': os.path.join('y:', os.sep, 'hg-shared'),
         'MOZBUILD_STATE_PATH': os.path.join(os.getcwd(), '.mozbuild'),
         'MOZ_CRASHREPORTER_NO_REPORT': '1',
         'MOZ_OBJDIR': '%(abs_obj_dir)s',
         'TINDERBOX_OUTPUT': '1',
         'TOOLTOOL_CACHE': 'c:/builds/tooltool_cache',
         'TOOLTOOL_HOME': '/c/builds',
         'MSYSTEM': 'MINGW32',
+        'WORKSPACE': '%(base_work_dir)s',
     },
     'upload_env': {
         'UPLOAD_PATH': os.path.join(os.getcwd(), 'public', 'build'),
     },
+    'secret_files': [
+        {'filename': 'gapi.data',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/gapi.data',
+         'min_scm_level': 1},
+        {'filename': 'mozilla-desktop-geoloc-api.key',
+         'secret_name': 'project/releng/gecko/build/level-%(scm-level)s/mozilla-desktop-geoloc-api.key',
+         'min_scm_level': 2, 'default': 'try-build-has-no-secrets'},
+    ],
 }