feat(ci): connect repo to Community-TC

taskcluster · Nov 28, 2022 · 92a38b2 · 92a38b2 · community-tc-integration · Nov 29, 2022
1 parent 1fc8f5f
commit 92a38b2
Show file tree

Hide file tree

Showing 11 changed files with 754 additions and 9 deletions.
diff --git a/.git-template/hooks/pre-commit b/.git-template/hooks/pre-commit
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+if [ -f .pre-commit-config.yaml ]; then
+    echo 'pre-commit configuration detected, but `pre-commit install` was never run' 1>&2
+    exit 1
+fi
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,21 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.3.0
+    hooks:
+        # Trims trailing whitespace
+    -   id: trailing-whitespace
+        # Makes sure files end in a newline and only a newline
+    -   id: end-of-file-fixer
+        # Check for files that contain merge conflict strings
+    -   id: check-merge-conflict
+
+-   repo: https://github.com/marco-c/taskcluster_yml_validator
+    rev: v0.0.9
+    hooks:
+        # Validates .taskcluster.yml file against possible GitHub events
+    -   id: taskcluster_yml
+
+ci:
+    skip: [taskcluster_yml]
diff --git a/.taskcluster.yml b/.taskcluster.yml
@@ -0,0 +1,153 @@
+---
+version: 1
+reporting: checks-v1
+policy:
+  pullRequests: public
+tasks:
+  - $let:
+      ownerEmail:
+        $if: 'tasks_for == "github-push"'
+        then: '${event.pusher.email}'
+        else:
+          $if: 'tasks_for == "github-pull-request"'
+          then: '${event.pull_request.user.login}@users.noreply.github.com'
+          else:
+            $if: 'tasks_for == "github-release"'
+            then: '${event.sender.login}@users.noreply.github.com'
+      baseRepoUrl:
+        $if: 'tasks_for == "github-push"'
+        then: '${event.repository.html_url}'
+        else:
+          $if: 'tasks_for == "github-pull-request"'
+          then: '${event.pull_request.base.repo.html_url}'
+      base_ref:
+        $if: 'tasks_for[:19] == "github-pull-request"'
+        then: ${event.pull_request.base.ref}
+        else:
+          # event.base_ref is barely documented[1]. Testing showed it's only
+          # defined when creating a new branch. It's null when pushing to an
+          # existing branch
+          #
+          # [1] https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
+          # [2] https://taskcluster-taskgraph.readthedocs.io/en/latest/reference/parameters.html#base-ref
+          $if: 'tasks_for == "github-push" && event.base_ref'
+          then: ${event.base_ref}
+          else:
+            $if: 'tasks_for == "github-push"'
+            then: ${event.ref}
+            else:
+              $if: 'tasks_for in ["cron", "action"]'
+              then: '${push.branch}'
+      repoUrl:
+        $if: 'tasks_for == "github-push"'
+        then: '${event.repository.html_url}'
+        else:
+          $if: 'tasks_for == "github-pull-request"'
+          then: '${event.pull_request.head.repo.html_url}'
+      project:
+        $if: 'tasks_for == "github-push"'
+        then: '${event.repository.name}'
+        else:
+          $if: 'tasks_for == "github-pull-request"'
+          then: '${event.pull_request.head.repo.name}'
+      headBranch:
+        $if: 'tasks_for == "github-pull-request"'
+        then: ${event.pull_request.head.ref}
+        else:
+          $if: 'tasks_for == "github-push"'
+          then: ${event.ref}
+      headSha:
+        $if: 'tasks_for == "github-push"'
+        then: '${event.after}'
+        else:
+          $if: 'tasks_for == "github-pull-request"'
+          then: '${event.pull_request.head.sha}'
+      pullRequestAction:
+        $if: 'tasks_for == "github-pull-request"'
+        then: ${event.action}
+        else: 'UNDEFINED'
+    in:
+      $if: >
+        tasks_for == "github-push" && headBranch == "main"
+        || (tasks_for == "github-pull-request" && pullRequestAction in ["opened", "reopened", "synchronize"])
+      then:
+        taskId: {$eval: as_slugid("decision_task")}
+        taskGroupId: {$eval: as_slugid("decision_task")}
+        schedulerId: homebrew-level-1
+        created: {$fromNow: ''}
+        deadline: {$fromNow: '1 day'}
+        expires: {$fromNow: '1 year 1 second'}  # 1 second so artifacts expire first, despite rounding errors
+        metadata:
+          owner: "${ownerEmail}"
+          name: Decision Task
+          description: Task that generates a taskgraph and submits it to Taskcluster
+          source: '${repoUrl}/raw/${headSha}/.taskcluster.yml'
+        provisionerId: proj-taskcluster
+        workerType: ci
+        scopes:
+          $if: 'tasks_for == "github-push"'
+          then:
+            # ${repoUrl[8:]} strips out the leading 'https://'
+            # while ${headBranch[11:]} strips out 'refs/heads/'
+            - 'assume:repo:${repoUrl[8:]}:branch:${headBranch[11:]}'
+          else:
+            $if: 'tasks_for == "github-pull-request"'
+            then:
+              - 'assume:repo:github.com/${event.pull_request.base.repo.full_name}:pull-request'
+        dependencies: []
+        requires: all-completed
+        payload:
+          image: mozillareleases/taskgraph:decision-d1ddb5593679cec9d7d2cdd8e9b8e2228b14ebe9b844411276cc3cfe37d189aa@sha256:b236321d98367f9cdbbd28c47bad7c0df34884897b75d266185d2e9e569ac0fa
+          cache:
+            homebrew-level-1-checkouts-sparse-v2: /builds/worker/checkouts
+          features:
+            taskclusterProxy: true
+            # chainOfTrust: true
+          maxRunTime: 300
+          env:
+            $merge:
+              # run-task uses these environment variables to clone your
+              # repo and checkout the proper revision
+              - HOMEBREW_BASE_REPOSITORY: '${baseRepoUrl}'
+                HOMEBREW_BASE_REF: '${base_ref}'
+                HOMEBREW_HEAD_REPOSITORY: '${repoUrl}'
+                HOMEBREW_HEAD_REF: '${headBranch}'
+                HOMEBREW_HEAD_REV: '${headSha}'
+                HOMEBREW_PIP_REQUIREMENTS: taskcluster/requirements.txt
+                HOMEBREW_REPOSITORY_TYPE: git
+                REPOSITORIES: {$json: {homebrew: "homebrew"}}
+          command:
+            - run-task
+            - '--homebrew-checkout=/builds/worker/checkouts/src'
+            - '--task-cwd=/builds/worker/checkouts/src'
+            - '--'
+            - bash
+            - -cx
+            - >
+              ~/.local/bin/taskgraph decision
+              --pushlog-id='0'
+              --pushdate='0'
+              --project='${project}'
+              --message=""
+              --owner='${ownerEmail}'
+              --level='1'
+              --base-repository="$HOMEBREW_BASE_REPOSITORY"
+              --base-ref="$HOMEBREW_BASE_REF"
+              --head-repository="$HOMEBREW_HEAD_REPOSITORY"
+              --head-ref="$HOMEBREW_HEAD_REF"
+              --head-rev="$HOMEBREW_HEAD_REV"
+              --repository-type="$HOMEBREW_REPOSITORY_TYPE"
+              --tasks-for='${tasks_for}'
+          artifacts:
+            'public':
+              type: 'directory'
+              path: '/builds/worker/artifacts'
+              expires: {$fromNow: '1 year'}
+            'public/docker-contexts':
+              type: 'directory'
+              path: '/builds/worker/checkouts/src/docker-contexts'
+              # This needs to be at least the deadline of the
+              # decision task + the docker-image task deadlines.
+              # It is set to a week to allow for some time for
+              # debugging, but they are not useful long-term.
+              expires: {$fromNow: '7 day'}
diff --git a/Formula/taskcluster.rb b/Formula/taskcluster.rb
@@ -1,20 +1,23 @@
+# frozen_string_literal: true
+
+# Homebrew formula for taskcluster CLI
 class Taskcluster < Formula
-  desc "A Taskcluster client library for the command line"
+  desc "Client library for the Taskcluster CLI"
   homepage "https://github.com/taskcluster/taskcluster/tree/main/clients/client-shell"
-  version "v44.17.2"
+  version "44.23.4"
   license "MPL-2.0"
 
   if OS.mac?
     if Hardware::CPU.physical_cpu_arm64?
-      url "https://github.com/taskcluster/taskcluster/releases/download/#{version}/taskcluster-darwin-arm64", :using => :curl
-      sha256 "1ccf56972988f45c88e9a21a536728f1064eabef49a9d085e16ac41db14214a5"
+      url "https://github.com/taskcluster/taskcluster/releases/download/v#{version}/taskcluster-darwin-arm64"
+      sha256 "fe1ae43849952a5797edcad202b12ca138498c8530057ec6e2add3c78f1ddee4"
     else
-      url "https://github.com/taskcluster/taskcluster/releases/download/#{version}/taskcluster-darwin-amd64", :using => :curl
-      sha256 "7897baf6c27350e5a6fe46e93f9bb4890f5dd98a117196acfb4267e639624a5c"
+      url "https://github.com/taskcluster/taskcluster/releases/download/v#{version}/taskcluster-darwin-amd64"
+      sha256 "c8c613d722122cce47a8df2189f5e278211ec71ad093533d363c88161d60f2e8"
     end
   elsif OS.linux?
-    url "https://github.com/taskcluster/taskcluster/releases/download/#{version}/taskcluster-linux-amd64", :using => :curl
-    sha256 "d12b40c048e96bd5376f9d28c4831075ee6b74b3c8b9bd3d85f57cc1a9ec1971"
+    url "https://github.com/taskcluster/taskcluster/releases/download/v#{version}/taskcluster-linux-amd64"
+    sha256 "618203d0fe3d6938b635b4d89d39507f608db5027fda55ebcabf251a1da0fa39"
   end
 
   def install
@@ -30,6 +33,6 @@ def install
   end
 
   test do
-    system "#{bin}/taskcluster --help"
+    system "#{bin}/taskcluster", "--help"
   end
 end
diff --git a/README.md b/README.md
@@ -27,6 +27,23 @@ brew install taskcluster/tap/taskcluster
 brew install taskcluster
 ```
 
+### Testing Formulae
+
+To test any changes to a specific formula, such as `taskcluster`, you can use the following commands:
+
+```bash
+# check formula for Homebrew coding style violations
+brew audit --strict --online --formula ./Formula/taskcluster.rb
+```
+```bash
+# check to be sure formula can be installed still
+brew install --formula ./Formula/taskcluster.rb
+```
+```bash
+# run tests for formula
+brew test --verbose ./Formula/taskcluster.rb
+```
+
 ### Uninstalling Formulae
 
 To uninstall a specific formula, such as `taskcluster`, you can use the following command:

diff --git a/taskcluster/ci/config.yml b/taskcluster/ci/config.yml
@@ -0,0 +1,25 @@
+---
+trust-domain: homebrew
+treeherder:
+  group-names:
+    'I': 'Docker Image Builds'
+
+task-priority: low
+
+taskgraph:
+  repositories:
+    ci:
+      name: homebrew
+
+workers:
+  aliases:
+    images:
+      provisioner: proj-taskcluster
+      os: linux
+      implementation: docker-worker
+      worker-type: ci
+    ci:
+      provisioner: proj-taskcluster
+      os: linux
+      implementation: docker-worker
+      worker-type: ci
diff --git a/taskcluster/ci/docker-image/kind.yml b/taskcluster/ci/docker-image/kind.yml
@@ -0,0 +1,10 @@
+loader: taskgraph.loader.transform:loader
+
+transforms:
+  - taskgraph.transforms.docker_image:transforms
+  - taskgraph.transforms.cached_tasks:transforms
+  - taskgraph.transforms.task:transforms
+
+tasks:
+  homebrew:
+    symbol: I(homebrew-image)
diff --git a/taskcluster/ci/homebrew/kind.yml b/taskcluster/ci/homebrew/kind.yml
@@ -0,0 +1,23 @@
+---
+loader: taskgraph.loader.transform:loader
+
+transforms:
+  - taskgraph.transforms.job:transforms
+  - taskgraph.transforms.task:transforms
+
+tasks:
+  tests:
+    description: brew {audit, install, test}
+    worker-type: ci
+    worker:
+      max-run-time: 300
+      docker-image:
+        in-tree: homebrew
+    run:
+      using: run-task
+      cwd: '{checkout}'
+      cache-dotcache: true
+      command: >-
+        brew audit --strict --online --formula ./Formula/taskcluster.rb &&
+        brew install --formula ./Formula/taskcluster.rb &&
+        brew test ./Formula/taskcluster.rb
diff --git a/taskcluster/docker/homebrew/Dockerfile b/taskcluster/docker/homebrew/Dockerfile
@@ -0,0 +1,31 @@
+FROM homebrew/brew
+
+USER root
+
+# Add worker user and setup its workspace.
+RUN mkdir /builds && \
+    groupadd -g 1001 worker && \
+    useradd -u 1001 -g 1001 -d /builds/worker -s /bin/bash -m worker && \
+    mkdir -p /builds/worker/workspace && \
+    chown -R worker:worker /builds && \
+    apt-get update && \
+    apt-get upgrade -y
+
+USER linuxbrew
+
+RUN brew update && \
+    brew upgrade && \
+    brew cleanup
+
+# Declare default working folder
+WORKDIR /builds/worker
+
+ENV SHELL=/bin/bash \
+    HOME=/builds/worker \
+    PATH=/builds/worker/.local/bin:$PATH
+
+VOLUME /builds/worker/checkouts
+VOLUME /builds/worker/.cache
+
+# Set a default command useful for debugging
+CMD ["/bin/bash", "--login"]
diff --git a/taskcluster/requirements.in b/taskcluster/requirements.in
@@ -0,0 +1,7 @@
+# For instructions on managing dependencies, see:
+# https://taskcluster-taskgraph.readthedocs.io/en/latest/howto/bootstrap-taskgraph.html
+
+arrow
+pyyaml
+taskcluster
+taskcluster-taskgraph