update release automation documentation for ship it!

RESOLVED FIXED

Status

Release Engineering
Release Automation
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: bhearsum, Assigned: bhearsum)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

5 years ago
doo eeeet
(Assignee)

Comment 1

5 years ago
Done:
https://wiki.mozilla.org/index.php?title=Release%3ARelease_Automation_on_Mercurial%3AStarting_a_Release&action=historysubmit&diff=503314&oldid=498021
https://wiki.mozilla.org/index.php?title=Releases%2FRelEngChecklist&action=historysubmit&diff=503319&oldid=503300

Note that the "run release runner" section will be removed after {{bug|810393}} is completed.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Assignee)

Comment 2

5 years ago
From e-mail:
On Mon, Mar 11, 2013 at 11:24:46AM +1300, Nick Thomas wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Thanks for writing up the docs, great to have.
> 
> My paranoid-o-meter is going off at using our own keys for release
> runner. Do we have any safeguards in place to prevent our higher
> commit privs from landing staging changes in the prod buildbot-configs
> and so on ? Looks like this could happen if the release-runner.ini was
> not pointed at user repos, which seems quite possible if someone takes
>  http://mxr.mozilla.org/build/source/tools/buildfarm/release/release-runner.ini.example
> as the basis for their own copy.
> 
> Perhaps putting staging ffxbld key on dev-master01 and running
> release-runner there would avoid this.
> 

That's a good point - it's definitely something that could happen in the circumstance you describe.

My original thought was to have things running on dev-master01 with our own keys, but that hit the trouble of the private key not being available. I'll give things a try with the stage-ffxbld key and see if that will work.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 3

5 years ago
Nick, I made the change to ffxbld and tested it. Would you mind reviewing?

https://wiki.mozilla.org/index.php?title=Release%3ARelease_Automation_on_Mercurial%3AStaging_Specific_Notes&action=historysubmit&diff=606353&oldid=547885
Flags: needinfo?(nthomas)
Much nicer. You could possibly avoid the authorized_keys change by having a separate account for release-runner, or by teaching fabric not to bother sshing if the local hostname is the same as the destination.
Flags: needinfo?(nthomas)
(Assignee)

Comment 5

5 years ago
(In reply to Nick Thomas [:nthomas] from comment #4)
> Much nicer. You could possibly avoid the authorized_keys change by having a
> separate account for release-runner, or by teaching fabric not to bother
> sshing if the local hostname is the same as the destination.

Not to try and be lazy, but I'm going to stick with what we've got now - I think it works well enough.
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → FIXED
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.