diff options
| -rw-r--r-- | etc/taskcluster/decision_task.py | 47 | ||||
| -rw-r--r-- | etc/taskcluster/decisionlib.py | 16 | ||||
| -rw-r--r-- | python/servo/package_commands.py | 40 |
3 files changed, 59 insertions, 44 deletions
diff --git a/etc/taskcluster/decision_task.py b/etc/taskcluster/decision_task.py index 0bc77b599e4..880b6191abd 100644 --- a/etc/taskcluster/decision_task.py +++ b/etc/taskcluster/decision_task.py @@ -282,15 +282,13 @@ def android_nightly(job): android_build_task("Release build") .with_treeherder("Android " + details[job]["name"], "Nightly") .with_features("taskclusterProxy") + .with_scopes("secrets:get:project/servo/s3-upload") .with_script(""" ./mach build {flag} --release ./mach package {flag} --release --maven - """.format(flag=details[job]["mach_flag"]) - .with_s3_upload_secret() - .with_script(""" - ./mach upload-nightly android - ./mach upload-nightly maven - """) + ./mach upload-nightly android --secret-from-taskcluster + ./mach upload-nightly maven --secret-from-taskcluster + """.format(flag=details[job]["mach_flag"])) .with_artifacts( "/repo/target/android/%s/release/servoapp.apk" % details[job]["target"], "/repo/target/android/%s/release/servoview.aar" % details[job]["target"], @@ -397,10 +395,10 @@ def windows_nightly(): return ( windows_build_task("Release build") .with_treeherder("Windows x64", "Nightly") + .with_scopes("secrets:get:project/servo/s3-upload") .with_script("mach build --release", - "mach package --release") - .with_s3_upload_secret() - .with_script("mach upload-nightly windows-msvc") + "mach package --release", + "mach upload-nightly windows-msvc --secret-from-taskcluster") .with_artifacts("repo/target/release/msi/Servo.exe", "repo/target/release/msi/Servo.zip") .find_or_create("build.windows_x64_nightly." + CONFIG.git_sha) @@ -412,15 +410,13 @@ def linux_nightly(): linux_build_task("Nightly build and upload") .with_treeherder("Linux x64", "Nightly") .with_features("taskclusterProxy") + .with_scopes("secrets:get:project/servo/s3-upload") # Not reusing the build made for WPT because it has debug assertions - .with_script(""" - ./mach build --release - ./mach package --release - """) - .with_s3_upload_secret() - .with_script(""" - ./mach upload-nightly linux - """) + .with_script( + "./mach build --release", + "./mach package --release", + "./mach upload-nightly linux --secret-from-taskcluster", + ) .with_artifacts("/repo/target/release/servo-tech-demo.tar.gz") .find_or_create("build.linux_x64_nightly" + CONFIG.git_sha) ) @@ -452,14 +448,17 @@ def macos_nightly(): macos_build_task("Release build") .with_treeherder("macOS x64", "Nightly") .with_features("taskclusterProxy") - .with_script(""" - ./mach build --release - ./mach package --release - """) - .with_s3_upload_secret() - .with_script("./mach upload-nightly mac") + .with_scopes( + "secrets:get:project/servo/s3-upload", + "secrets:get:project/servo/github-homebrew-token", + "secrets:get:project/servo/wpt-sync", + ) + .with_script( + "./mach build --release", + "./mach package --release", + "./mach upload-nightly mac --secret-from-taskcluster", + ) .with_artifacts("repo/target/release/servo-tech-demo.dmg") - .with_scopes("secrets:get:project/servo/wpt-sync") .with_env(PY2="""if 1: import urllib, json url = "http://taskcluster/secrets/v1/secret/project/servo/wpt-sync" diff --git a/etc/taskcluster/decisionlib.py b/etc/taskcluster/decisionlib.py index 1bb662a24c2..6ba349e8d0d 100644 --- a/etc/taskcluster/decisionlib.py +++ b/etc/taskcluster/decisionlib.py @@ -173,22 +173,6 @@ class Task: self.treeherder_required = False # Taken care of return self - def with_s3_upload_secret(self): - return ( - self - .with_scopes("secrets:get:project/servo/s3-upload") - .with_env(PY=r"""if 1: - import urllib, json, os - from os.path import expanduser, join - url = "http://taskcluster/secrets/v1/secret/project/servo/s3-upload" - secret = json.load(urllib.urlopen(url))["secret"] - aws_dir = expanduser("~/.aws") - os.mkdir(aws_dir) - open(join(aws_dir, "credentials"), "w").write(secret["credentials_file"]) - """) - .with_script('python -c "$PY"') - ) - def build_worker_payload(self): # pragma: no cover """ Overridden by sub-classes to return a dictionary in a worker-specific format, diff --git a/python/servo/package_commands.py b/python/servo/package_commands.py index 94a30dfe421..6dd788f5fa4 100644 --- a/python/servo/package_commands.py +++ b/python/servo/package_commands.py @@ -19,6 +19,7 @@ import shutil import subprocess import sys import tempfile +import urllib from mach.decorators import ( CommandArgument, @@ -538,9 +539,25 @@ class PackageCommands(CommandBase): @CommandArgument('platform', choices=PACKAGES.keys(), help='Package platform type to upload') - def upload_nightly(self, platform): + @CommandArgument('--secret-from-taskcluster', + action='store_true', + help='Retrieve the appropriate secrets from taskcluster.') + def upload_nightly(self, platform, secret_from_taskcluster): import boto3 + def get_taskcluster_secret(name): + url = "http://taskcluster/secrets/v1/secret/project/servo/" + name + return json.load(urllib.urlopen(url))["secret"] + + def get_s3_secret(): + aws_access_key = None + aws_secret_access_key = None + if secret_from_taskcluster: + secret = get_taskcluster_secret("s3-upload-credentials") + aws_access_key = secret["aws_access_key_id"] + aws_secret_access_key = secret["aws_secret_access_key"] + return (aws_access_key, aws_secret_access_key) + def nightly_filename(package, timestamp): return '{}-{}'.format( timestamp.isoformat() + 'Z', # The `Z` denotes UTC @@ -548,7 +565,12 @@ class PackageCommands(CommandBase): ) def upload_to_s3(platform, package, timestamp): - s3 = boto3.client('s3') + (aws_access_key, aws_secret_access_key) = get_s3_secret() + s3 = boto3.client( + 's3', + aws_access_key_id=aws_access_key, + aws_secret_access_key=aws_secret_access_key + ) BUCKET = 'servo-builds' nightly_dir = 'nightly/{}'.format(platform) @@ -565,7 +587,12 @@ class PackageCommands(CommandBase): s3.copy(copy_source, BUCKET, latest_upload_key) def update_maven(directory): - s3 = boto3.client('s3') + (aws_access_key, aws_secret_access_key) = get_s3_secret() + s3 = boto3.client( + 's3', + aws_access_key_id=aws_access_key, + aws_secret_access_key=aws_secret_access_key + ) BUCKET = 'servo-builds' nightly_dir = 'nightly/maven' @@ -626,13 +653,18 @@ class PackageCommands(CommandBase): '--message=Version Bump: {}'.format(brew_version), ]) + if secret_from_taskcluster: + token = get_taskcluster_secret('github-homebrew-token')["token"] + else: + token = os.environ['GITHUB_HOMEBREW_TOKEN'] + push_url = 'https://{}@github.com/servo/homebrew-servo.git' # TODO(aneeshusa): Use subprocess.DEVNULL with Python 3.3+ with open(os.devnull, 'wb') as DEVNULL: call_git([ 'push', '-qf', - push_url.format(os.environ['GITHUB_HOMEBREW_TOKEN']), + push_url.format(token), 'master', ], stdout=DEVNULL, stderr=DEVNULL) |