Closed
Bug 1437738
Opened 8 years ago
Closed 8 years ago
Trees closed: action tasks require 'assume:repo:hg.mozilla.org/{repo}:*', backfill and add new jobs broken
Categories
(Firefox Build System :: General, defect)
Firefox Build System
General
Tracking
(firefox-esr52 fixed, firefox58 fixed, firefox59 fixed, firefox60 fixed)
RESOLVED
FIXED
mozilla60
People
(Reporter: jonasfj, Assigned: dustin)
References
Details
Attachments
(2 files)
|
59 bytes,
text/x-review-board-request
|
jonasfj
:
review+
pmoore
:
review+
ritu
:
approval-mozilla-beta+
ritu
:
approval-mozilla-release+
|
Details |
|
1.07 KB,
patch
|
bstack
:
review+
ritu
:
approval-mozilla-esr52+
|
Details | Diff | Splinter Review |
decision task has scopes like:
assume:repo:hg.mozilla.org/try:branch:default
but action tasks seems to require:
assume:repo:hg.mozilla.org/try:*
This causes action tasks to fail, as we in treeherder and taskcluster-tools don't allow
action tasks to run with more scopes than the decision task has. We make this reduction
client side using authorizedScopes. This is to protect users from being phished by someone to
run an evil action task.
I'm guessing the problem is:
https://dxr.mozilla.org/mozilla-central/rev/9a0655ea8ae02f4d96bf23a607a94641f1c57f1b/taskcluster/taskgraph/actions/registry.py#183-184
But I'm not entirely sure. Help?
I'm not sure where the ."branch:default" comes from.
@dustin: didn't you recently make changes with scopes and roles. I recall something about :branch:default, but maybe I'm remembering wrong.
Flags: needinfo?(dustin)
|
||
Comment 1•8 years ago
|
||
If we can't backfill or add new jobs (which we can't), then we can't have mozilla-inbound and autoland open, since every bustage will require pushing multiple backouts to try and waiting for builds and then tests. Trees closed.
Severity: normal → blocker
Summary: try action tasks require 'assume:repo:hg.mozilla.org/try:*' → Trees closed: action tasks require 'assume:repo:hg.mozilla.org/{repo}:*', backfill and add new jobs broken
|
||
Updated•8 years ago
|
Assignee: nobody → bstack
Status: NEW → ASSIGNED
| Comment hidden (mozreview-request) |
|
|
||
Updated•8 years ago
|
Attachment #8950496 -
Flags: review?(dustin)
|
Reporter | |
Comment 3•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8950496 [details]
Bug 1437738 - Update actions to new repo scopes
https://reviewboard.mozilla.org/r/219780/#review225478
What about actions on other branches? Is branches not something we use..
Note: I recognize that this will open trees so r+, as it's better than nothing.
Attachment #8950496 -
Flags: review+
|
||
Comment 5•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8950496 [details]
Bug 1437738 - Update actions to new repo scopes
https://reviewboard.mozilla.org/r/219780/#review225494
Attachment #8950496 -
Flags: review+
|
|
||
Updated•8 years ago
|
Attachment #8950496 -
Flags: review?(dustin)
Pushed by pmoore@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/72e9066eef54
Update actions to new repo scopes,r=jonasfj. CLOSED TREE
Keywords: checkin-needed
Pushed by nerli@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/4403805b3b66
Update actions to new repo scopes r=jonasfj r=pmoore a=Aryx on a CLOSED TREE
|
||
Comment 8•8 years ago
|
||
We're sorry - something has gone wrong while rewriting or rebasing your commits. The commits being pushed no longer match what was requested. Please file a bug.
|
Assignee | |
Comment 9•8 years ago
|
||
Despite autoland's confusion, this appears to have landed and merged around.
This was exactly the right fix. I'm sorry to leave it for Brian and Pete to land it.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(dustin)
Resolution: --- → FIXED
|
|
||
Comment 10•8 years ago
|
||
Please request approval to land this on release branches. It will need a new patch for ESR52.
Flags: needinfo?(bstack)
|
|
Assignee | |
Updated•8 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Updated•8 years ago
|
Assignee: bstack → dustin
Flags: needinfo?(bstack)
|
|
Assignee | |
Comment 11•8 years ago
|
||
OK, esr52 doesn't have action tasks, but I can see a similar patch to action.yml that might avoid issues.
I see a recent esr52 push has a decision task with assume:repo:hg.mozilla.org/releases/mozilla-esr52:branch:default and nothing exploded.
So I think we just need to uplift the existing change to the other release branches.
|
|
Assignee | |
Comment 12•8 years ago
|
||
..fishing for a component with uplift flags..
Component: Task Configuration → Build Config
Product: Taskcluster → Core
|
|
Assignee | |
Comment 13•8 years ago
|
||
[Feature/regressing bug #]: 1437562
[User impact if declined]: No user impact -- no ability to ship release
[Describe test coverage new/current, TBPL]: tested on m-c
[Risks and why]: Low risk - NPOTB
[String/UUID change made/needed]: none
status-firefox58:
--- → ?
status-firefox59:
--- → ?
status-firefox60:
--- → ?
tracking-firefox58:
--- → ?
tracking-firefox59:
--- → ?
tracking-firefox60:
--- → ?
|
|
Assignee | |
Updated•8 years ago
|
status-firefox58:
? → ---
status-firefox59:
? → ---
status-firefox60:
? → ---
tracking-firefox58:
? → ---
tracking-firefox59:
? → ---
tracking-firefox60:
? → ---
|
|
Assignee | |
Comment 14•8 years ago
|
||
Comment on attachment 8950496 [details]
Bug 1437738 - Update actions to new repo scopes
Approval Request Comment
[Feature/Bug causing the regression]: bug 1437562
[User impact if declined]: inability to make release
[Is this code covered by automated tests?]: no
[Has the fix been verified in Nightly?]: yes
[Needs manual test from QE? If yes, steps to reproduce]: no
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: NPOTB
[String changes made/needed]: none
Attachment #8950496 -
Flags: approval-mozilla-release?
Attachment #8950496 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Comment 15•8 years ago
|
||
[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration:
User impact if declined: allow actions on the esr52 branch
Fix Landed on Version: 59
Risk to taking this patch (and alternatives if risky): low (I don't think actions are used at all on this branch)
String or UUID changes made by this patch: none
This will need to skip mozilla-central and land directly on esr52, as it no longer applies on mozilla-central (this action-task mechanism has been removed).
Attachment #8950698 -
Flags: review?(bstack)
Attachment #8950698 -
Flags: approval-mozilla-esr52?
|
|
||
Updated•8 years ago
|
Attachment #8950698 -
Flags: review?(bstack) → review+
status-firefox59:
--- → affected
status-firefox60:
--- → affected
status-firefox-esr52:
--- → affected
Comment on attachment 8950496 [details]
Bug 1437738 - Update actions to new repo scopes
NPOTB, Beta59+, Release58+
Attachment #8950496 -
Flags: approval-mozilla-release?
Attachment #8950496 -
Flags: approval-mozilla-release+
Attachment #8950496 -
Flags: approval-mozilla-beta?
Attachment #8950496 -
Flags: approval-mozilla-beta+
Comment on attachment 8950698 [details] [diff] [review]
esr52.patch
ESR52.7+
Attachment #8950698 -
Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
|
|
||
Comment 18•8 years ago
|
||
This already got pushed to beta: https://hg.mozilla.org/releases/mozilla-beta/rev/fc80116ddfa63a8300df745b0078fda6897dd90b
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
|
|
||
Comment 20•8 years ago
|
||
| bugherder | ||
|
|
||
Comment 22•8 years ago
|
||
| bugherder uplift | ||
status-firefox58:
--- → fixed
|
||
Comment 23•8 years ago
|
||
| bugherder uplift | ||
|
||
Updated•7 years ago
|
Product: Core → Firefox Build System
|
|
||
Updated•7 years ago
|
Target Milestone: --- → mozilla60
You need to log in
before you can comment on or make changes to this bug.
Description
•