Closed
Bug 1488766
Opened 6 years ago
Closed 6 years ago
retrigger-decision hook needs more scopes
Categories
(Firefox Build System :: Task Configuration, enhancement)
Firefox Build System
Task Configuration
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: dustin)
References
Details
Attachments
(3 files)
https://tools.taskcluster.net/groups/St8FfZMJTYO7PDZnzVx5sA/tasks/CujE-vTJTVmAg918WJgbPg/runs/0/logs/public%2Flogs%2Flive.log [task 2018-09-05T13:51:54.435Z] Creating task with taskId AauekzJxTPGVyLVX_eOjpw for Gecko Decision Task [task 2018-09-05T13:51:54.608Z] You do not have sufficient scopes. You are missing the following scopes: [task 2018-09-05T13:51:54.608Z] [task 2018-09-05T13:51:54.608Z] ``` [task 2018-09-05T13:51:54.608Z] { [task 2018-09-05T13:51:54.608Z] "AllOf": [ [task 2018-09-05T13:51:54.608Z] "assume:repo:hg.mozilla.org/integration/mozilla-inbound:branch:default", [task 2018-09-05T13:51:54.608Z] "in-tree:hook-action:project-gecko/in-tree-action-3-*" [task 2018-09-05T13:51:54.608Z] ] [task 2018-09-05T13:51:54.608Z] } [task 2018-09-05T13:51:54.608Z] ```
|
Assignee | |
Comment 1•6 years ago
|
||
I think we want something like
- grant:
- assume:repo:hg.mozilla.org/{hgmo_path}:branch:default
- in-tree:hook-action:project-gecko/in-tree-action-{level}-*
to:
project:
feature: gecko-actions
job: action:retrigger-decision
(hgmo_path isn't supported yet, but adding support is easy)|
|
Assignee | |
Comment 2•6 years ago
|
||
|
|
Assignee | |
Comment 3•6 years ago
|
||
|
|
Assignee | |
Comment 4•6 years ago
|
||
I'm concerned about the impacts of this change. But it's just a gut feeling -- I can't figure out why. What could go wrong here?
|
|
Assignee | |
Comment 5•6 years ago
|
||
Diffs look like
@@ -146030,16 +146220,26 @@ Role=repo:hg.mozilla.org/releases/comm-esr52:*:
- secrets:get:project/taskcluster/gecko/build/level-3/*
- secrets:get:project/taskcluster/gecko/hgfingerprint
- worker:cache:level-1-*
- worker:privileged:manual-packet/tc-worker-docker-v0
- worker:privileged:terraform-packet/tc-worker-docker-v1
- worker:privileged:terraform-packet/tc-worker-docker-v1-*
- worker:relengapi-proxy:tooltool.download.internal
- worker:relengapi-proxy:tooltool.download.public
+
+ Role=repo:hg.mozilla.org/releases/comm-esr52:action:retrigger-decision:
+ roleId: repo:hg.mozilla.org/releases/comm-esr52:action:retrigger-decision
+ description:
+ *DO NOT EDIT* - This resource is configured automatically by [ci-admin](https://hg.mozilla.org/build/ci-admin).
+
+ Scopes in this role are defined in [https://hg.mozilla.org/build/ci-configuration/file/tip/grants.yml](ci-configuration/grants.yml).
+ scopes:
+ - assume:repo:hg.mozilla.org/releases/comm-esr52:branch:default
+ - in-tree:hook-action:project-gecko/in-tree-action-3-*
|
||
Comment 6•6 years ago
|
||
Comment on attachment 9006949 [details] Bug 1488766: also substitute {hgmo_path} Tom Prince [:tomprince] has approved the revision.
Attachment #9006949 -
Flags: review+
|
|
||
Comment 7•6 years ago
|
||
Comment on attachment 9006956 [details] Bug 1488766: improve error handling for malformed grants.yml Tom Prince [:tomprince] has approved the revision.
Attachment #9006956 -
Flags: review+
|
|
||
Comment 8•6 years ago
|
||
Comment on attachment 9006958 [details] Bug 1488766: add scopes for retrigger-decision action Tom Prince [:tomprince] has approved the revision.
Attachment #9006958 -
Flags: review+
|
||
Comment 9•6 years ago
|
||
Comment on attachment 9006958 [details] Bug 1488766: add scopes for retrigger-decision action Justin Wood (:Callek) has approved the revision.
Attachment #9006958 -
Flags: review+
|
|
Assignee | |
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•