Closed Bug 1613281 Opened 4 years ago Closed 4 years ago

Port bug 1562412: macOS notarization multi-step process

Categories

(Thunderbird :: Build Config, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
Thunderbird 75.0

People

(Reporter: rjl, Assigned: rjl)

References

Details

Attachments

(4 files, 3 obsolete files)

macOS signing and notarization is moving to a multi-task process to avoid problems when Apple has an outage.

Thunderbird changes go here.

Attached patch macos_notariz_bug1613281.patch (obsolete) — Splinter Review
I've based this on what is currently in Phabricator for bug 1562412.

Aki, I had a question about this block in config.yml:
```
mac-notarization-poller:
    provisioner: scriptworker-prov-v1
    implementation: notarization-poller
    os: macosx
    worker-type: mac-notarization-poller
```

Will that be the worker type for Thunderbird or will it be prefixed like
the signing workers? tb-mac-notarization-poller?
Attachment #9125992 - Flags: feedback?(aki)

Hm. We could split this out, but we could also use the same pool. Not sure if you or others have strong opinions here?

I don't think it matters a whole lot from Thunderbird's perspective. But a lot of work has been done to separate Thunderbird from Firefox builds. So it's probably better to split it now if possible.

Comment on attachment 9125992 [details] [diff] [review]
macos_notariz_bug1613281.patch

Review of attachment 9125992 [details] [diff] [review]:
-----------------------------------------------------------------

`mac-notarization-poller` is the fx pool. Sounds like we want to create another pool, so `tb-mac-notarization-poller` for tb.
Attachment #9125992 - Flags: feedback?(aki) → feedback+
Attached patch macos_notariz_bug1613281.patch (obsolete) — Splinter Review
- Updated the notarization-poller worker type in config.yml
- Updated with the effects of bug 1614998 in mind.

There may be more revisions necessary.
Attachment #9125992 - Attachment is obsolete: true
Attached patch macos_notariz_bug1613281.patch (obsolete) — Splinter Review

Reflects updates made today to changes in progress on bug 1562412 .

Attachment #9126266 - Attachment is obsolete: true

I've tested this as much as possible.

Attachment #9127712 - Attachment is obsolete: true
Attachment #9128627 - Flags: review?(geoff)
Comment on attachment 9128627 [details] [diff] [review]
macos_notariz_bug1613281.patch

Review of attachment 9128627 [details] [diff] [review]:
-----------------------------------------------------------------

This looks good as far as I can tell.
Attachment #9128627 - Flags: review?(geoff) → review+

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/0498fb268e27
Port bug 1562412: multi-step macOS signing and notarization. r=darktrojan

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Signing jobs that are step-3 of the macOS will not have any formats in the
payload. For regular signing jobs that's not valid, but it is in this case.

It's possible to set up macOS a build-signing job without notarization, so
checking the platform and kind may not be sufficient.
Attachment #9129314 - Flags: review?(geoff)
Status: RESOLVED → REOPENED
Keywords: leave-open
Resolution: FIXED → ---
Comment on attachment 9129314 [details] [diff] [review]
Allow notarized signing jobs to have no signature formats

Review of attachment 9129314 [details] [diff] [review]:
-----------------------------------------------------------------

I think there's a word missing from the commit message: "… step-3 of the macOS will not …". Apart from that, all good.
Attachment #9129314 - Flags: review?(geoff) → review+
Pushed by thunderbird@calypsoblue.org:
https://hg.mozilla.org/comm-central/rev/3f02fbbeaffa
Follow-up: Allow for empty format lists on notarized signing jobs. r=darktrojan
Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 75.0
Version: unspecified → 75
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Port of https://phabricator.services.mozilla.com/D64684.
The transforms copies attributes from dependencies, but only if attributes
are not specified in its own configuration. As a result, the 'shippable'
attribute is not present on the poller task and it gets dropped, throwing
off when notarization part-3 starts.
Attachment #9129673 - Flags: review?(geoff)
Attachment #9129673 - Flags: review?(geoff) → review+

Pushed by thunderbird@calypsoblue.org:
https://hg.mozilla.org/comm-central/rev/95a306e52d3c
Follow-up: Drop shipping_phase attribute from shippable-l10n-notarization-poller. r=darktrojan

Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
Keywords: leave-open
Resolution: --- → FIXED
Regressions: 1620043
You need to log in before you can comment on or make changes to this bug.