Closed
Bug 1385094
Opened 7 years ago
Closed 7 years ago
Allow support for taskgraph taks to refer to indexed docker images, in addition to in-tree and docker-hub images.
Categories
(Firefox Build System :: Task Configuration, task)
Firefox Build System
Task Configuration
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla57
People
(Reporter: tomprince, Assigned: tomprince)
References
Details
Attachments
(2 files)
No description provided.
|
Assignee | |
Comment 1•7 years ago
|
||
As a minimal product, I intend to depend on the latest images generated from mozilla-central, rather building them in-tree. Thunderbird doesn't currently have any dependencies over-and-above those needed for firefox, so this avoids needing to figure out how to manage generating images to get a working taskcluster build going. There is a potential race condition, if the docker images changes and then a comm-central build is triggered before the corresponding mozilla-central build of the docker image has completed, but Thunderbird has a low enough velocity that that is worth worrying about for an MVP.
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 4•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8897975 [details] Bug 1385094 - Don't include docker image in chain of trust for builds if not using an in-tree image; https://reviewboard.mozilla.org/r/169284/#review174626 There are also chain-of-trust refernces in the l10n and repackage transforms. But I wonder if it would make more sense to add the docker-image task to the chain-of-trust inputs once when converting the 'in-tree' to an explicit task-reference, rather than having that code spread out handling that. My inclination is to land this as-is for the moment, and file a bug to followup centralizing the cot handling of docker images.
|
||
Comment 5•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8891063 [details] Bug 1385094 - Allow support for taskgraph taks to refer to indexed docker images, in addition to in-tree and docker-hub images. https://reviewboard.mozilla.org/r/162242/#review174954
Attachment #8891063 -
Flags: review?(dustin) → review+
|
|
||
Updated•7 years ago
|
Attachment #8897975 -
Flags: review?(aki)
|
|
||
Comment 6•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8897975 [details] Bug 1385094 - Don't include docker image in chain of trust for builds if not using an in-tree image; https://reviewboard.mozilla.org/r/169284/#review174990
Attachment #8897975 -
Flags: review?(dustin) → review+
|
||
Comment 7•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8897975 [details] Bug 1385094 - Don't include docker image in chain of trust for builds if not using an in-tree image; https://reviewboard.mozilla.org/r/169284/#review174996 This makes sense. I believe docker-worker builds that don't have allowlisted docker shas (currently decision, docker-image tasks), that don't have this `task.extra.chainOfTrust.inputs` specified, will fail chain of trust verification. This patch should allow for the task graph generation to proceed, however.
Attachment #8897975 -
Flags: review?(aki) → review+
|
|
Assignee | |
Updated•7 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Comment 8•7 years ago
|
||
| mozreview-review-reply | ||
Comment on attachment 8897975 [details] Bug 1385094 - Don't include docker image in chain of trust for builds if not using an in-tree image; https://reviewboard.mozilla.org/r/169284/#review174996 Yeah. I'm planning on using this in comm-central, which is some ways away from caring about chain-of-trust. My plan is to use indexed images from gecko builds for these, so it may be possible to chain trust that way. But I'm just going to kick this can down the road for the moment.
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/3a098a3e8e05 Allow support for taskgraph taks to refer to indexed docker images, in addition to in-tree and docker-hub images. r=dustin https://hg.mozilla.org/integration/autoland/rev/9eb2c6019ba0 Don't include docker image in chain of trust for builds if not using an in-tree image; r=aki,dustin
Keywords: checkin-needed
|
||
Comment 10•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/3a098a3e8e05 https://hg.mozilla.org/mozilla-central/rev/9eb2c6019ba0
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
|
||
Updated•6 years ago
|
Product: TaskCluster → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•