[tracking] general scopes cleanup since RelEng manages ciadmin for mobile world
Categories
(Release Engineering :: General, enhancement)
Tracking
(Not tracked)
People
(Reporter: mtabara, Assigned: mtabara)
References
(Depends on 2 open bugs)
Details
Attachments
(1 file)
This is to track and identify inconsistencies in scopes. Once they are fixed, we can enforce ciadmin control over the mobile repositories.
This is currently blocking the enable of ciadmin.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
•
|
||
Currently my leftovers / follow-ups are:
- [general] address all occurrences of
TODO
in the code in both repositories - [ci-configs] we may want to revisit trust-domains instead of my current approach
[ci-configs] how to solve the staging releases story for scopes?- [general] await https://github.com/taskcluster/taskcluster/pull/110 + in-tree mobile Docker work is done to unify workerTypes under *-linux instances for build types
[general] remove docker-worker:cache scopes altogether as they are not needed- [general] rename 'focus-nightly-sched' to 'mobile-cron-sched' or better to mobile-level-{level} ??
[general] remove android-components-g as workerType- [general] cleanup https://tools.taskcluster.net/auth/roles/repo%3Agithub.com%2Fmozilla-mobile%2F*
- [general] what do we do with Focus?
- [general] get rid of assume:project:taskcluster:mozilla-github-repository
- [ci-admin] add proper checks for github level in ci-admin check_levels.py
- [ci-configs] move the fenix beta/release stuff from
cron:nightly
roles once we're ready to ship. Those should be part of Github releases.
Assignee | ||
Comment 2•5 years ago
|
||
(In reply to Mihai Tabara [:mtabara]⌚️GMT from comment #1)
- [ci-admin] add proper checks for github level in ci-admin check_levels.py
I might ask for some Github expertise from Johan's bug 1529990 to solve this one.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
More scopes cleanup
Assignee | ||
Comment 4•5 years ago
|
||
I'm cleaning out https://tools.taskcluster.net/auth/roles/repo%3Agithub.com%2Fmozilla-mobile%2F* to remove the following two scopes:
docker-worker:cache:android-components-*
queue:create-task:highest:aws-provisioner-v1/android-components-g
If things go south anywhere, we simply need to re-add these back.
Assignee | ||
Comment 5•5 years ago
|
||
Note to self: I need to terminate instances + remove definition from https://tools.taskcluster.net/aws-provisioner/android-components-g/resources as well once the scopes are being removed in comment 4.
Assignee | ||
Comment 6•5 years ago
|
||
(In reply to Mihai Tabara [:mtabara]⌚️GMT from comment #4)
I'm cleaning out https://tools.taskcluster.net/auth/roles/repo%3Agithub.com%2Fmozilla-mobile%2F* to remove the following two scopes:
docker-worker:cache:android-components-* queue:create-task:highest:aws-provisioner-v1/android-components-g
If things go south anywhere, we simply need to re-add these back.
Done.
Assignee | ||
Comment 7•5 years ago
|
||
(In reply to Mihai Tabara [:mtabara]⌚️GMT from comment #5)
Note to self: I need to terminate instances + remove definition from https://tools.taskcluster.net/aws-provisioner/android-components-g/resources as well once the scopes are being removed in comment 4.
I'll wait another couple of days just to make sure no other workers complain about an unknown usage of the aforementioned removed scopes. Set myself a reminder to remove these by Friday.
Assignee | ||
Comment 8•5 years ago
|
||
https://tools.taskcluster.net/auth/scopes/ shows no occurrence of queue:create-task:highest:aws-provisioner-v1/android-components-g
so I assume we can slowly remove the workers.
Reducing the TODO
to 0 under https://tools.taskcluster.net/aws-provisioner/android-components-g/edit to see if anyone complains. I'm expecting the existing instances will be decommissioned naturally.
Assignee | ||
Comment 9•5 years ago
|
||
(In reply to Mihai Tabara [:mtabara]⌚️GMT from comment #8)
https://tools.taskcluster.net/auth/scopes/ shows no occurrence of
queue:create-task:highest:aws-provisioner-v1/android-components-g
so I assume we can slowly remove the workers.Reducing the
TODO
to 0 under https://tools.taskcluster.net/aws-provisioner/android-components-g/edit to see if anyone complains. I'm expecting the existing instances will be decommissioned naturally.
I removed the workerType with a backup of its config on my local disk.
Assignee | ||
Comment 10•5 years ago
|
||
Found in triaging - we can close this bug as we're in a much better state now + we're moving away to Firefox CI cluster which means a natural cleansing anyway along with the migration.
Description
•