Create client for fennec nightly builds

RESOLVED FIXED

Status

Firefox Build System
Task Configuration
RESOLVED FIXED
2 years ago
2 months ago

People

(Reporter: amiyaguchi, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
I want to create a client with appropriate scopes for bug 1282180. This client would be used with the amiyaguchi/nightly-fennec/mozilla-central hook.

This new client for fennec nightlies should be able create the decision task and sign and upload build binaries from scriptworker, using mozilla-central as the base repository. In addition, this client should have access to a dummy signing worker. I currently have a worker that requires queue:create-task:scriptworker-prov-v1/dummy-worker-miya1. 

I think some form of the project/taskcluster/mozilla-taskcluster/staging client scopes with modifications would be appropriate for this hook. These are listed below:

> assume:repo:hg.mozilla.org/*
> assume:scheduler-id:task-graph-scheduler/*
> queue:cancel-task
> scheduler:create-task-graph

The following scopes are required by the dummy signing script under scriptworker:

> queue:create-task:scriptworker-prov-v1/dummy-worker-miya1
> project:releng:signing:cert:dep-signing scopes
(Reporter)

Updated

2 years ago
Flags: needinfo?(jopsen)
It seems that this should have fewer repo scopes than * -- I assume nightlies are built from mozilla-central, so it seems that
  assume:repo:hg.mozilla.org/mozilla-central
would be better.

The scheduler- and queue-related scopes I will leave to Jonas's discretion.  I imagine this client will not be cancelling anything, and won't be using the task-graph-scheduler, so I expect they are all not required.
Oh, and what would you like this client to be called?  It may be best to create the client (project/releng/<something>) and then Jonas or I can add any required scopes to it which you don't possess.
(Reporter)

Comment 3

2 years ago
Limiting it now and adding scopes as needed sounds good. I don't know what the minimum set of required scopes are for this project so I just listed a very broad set of them. There will probably be a few more additions for the balrog upload scriptworker too.

I think project/releng/nightly-fennec/development would be a good name.
As this is for development and amiyaguchi isn't the releng LDAP group, we had to do personally assigned scopes....

Following role was created:
https://tools.taskcluster.net/auth/roles/#mozilla-user:amiyaguchi@mozilla.com

@amiyaguchi, please remind us to clean this up some day, enjoy.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(jopsen)
Resolution: --- → FIXED

Updated

2 months ago
Product: TaskCluster → Firefox Build System
You need to log in before you can comment on or make changes to this bug.