This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.8.0esr-11.0-1 in repository tor-browser.
commit 269bf5c2fbe3363351054059dca46ae59715a7aa Author: Andrew Halberstadt ahal@mozilla.com AuthorDate: Thu Mar 3 09:16:09 2022 -0500
Bug 1740631 - Add requirements-plist-url to mac signing payloads, r=aki,glandium a=RyanVM
This file will get picked up by our mac signing infrastructure and be forwarded to the `productbuild` invocation. --- taskcluster/ci/config.yml | 4 ++++ taskcluster/taskgraph/transforms/signing.py | 22 ++++++++++++++++++++-- taskcluster/taskgraph/transforms/task.py | 6 ++++-- 3 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/taskcluster/ci/config.yml b/taskcluster/ci/config.yml index 5acb629d54583..66daa4c86023c 100644 --- a/taskcluster/ci/config.yml +++ b/taskcluster/ci/config.yml @@ -627,3 +627,7 @@ mac-notarization: production: security/mac/hardenedruntime/production.entitlements.xml default: security/mac/hardenedruntime/developer.entitlements.xml default: '' + mac-requirements: + by-platform: + macosx64.*: build/package/mac_osx/requirements.plist + default: '' diff --git a/taskcluster/taskgraph/transforms/signing.py b/taskcluster/taskgraph/transforms/signing.py index 619a7a6cfdff0..2afb0332ae7ca 100644 --- a/taskcluster/taskgraph/transforms/signing.py +++ b/taskcluster/taskgraph/transforms/signing.py @@ -92,6 +92,23 @@ def add_entitlements_link(config, jobs): yield job
+@transforms.add +def add_requirements_link(config, jobs): + for job in jobs: + requirements_path = evaluate_keyed_by( + config.graph_config["mac-notarization"]["mac-requirements"], + "mac requirements", + { + "platform": job["primary-dependency"].attributes.get("build_platform"), + }, + ) + if requirements_path: + job["requirements-plist-url"] = config.params.file_url( + requirements_path, + ) + yield job + + @transforms.add def make_task_description(config, jobs): for job in jobs: @@ -220,8 +237,9 @@ def make_task_description(config, jobs): " ({} not found in mapping)".format(worker_type_alias) ) worker_type_alias = worker_type_alias_map[worker_type_alias] - if job.get("entitlements-url"): - task["worker"]["entitlements-url"] = job["entitlements-url"] + for attr in ("entitlements-url", "requirements-plist-url"): + if job.get(attr): + task["worker"][attr] = job[attr]
task["worker-type"] = worker_type_alias if treeherder: diff --git a/taskcluster/taskgraph/transforms/task.py b/taskcluster/taskgraph/transforms/task.py index c54f06f415aba..925c5823531c2 100644 --- a/taskcluster/taskgraph/transforms/task.py +++ b/taskcluster/taskgraph/transforms/task.py @@ -841,6 +841,7 @@ def build_generic_worker_payload(config, task, task_def): "mac_single_file", ), Optional("entitlements-url"): text_type, + Optional("requirements-plist-url"): str, }, ) def build_scriptworker_signing_payload(config, task, task_def): @@ -852,8 +853,9 @@ def build_scriptworker_signing_payload(config, task, task_def): } if worker.get("mac-behavior"): task_def["payload"]["behavior"] = worker["mac-behavior"] - if worker.get("entitlements-url"): - task_def["payload"]["entitlements-url"] = worker["entitlements-url"] + for attribute in ("entitlements-url", "requirements-plist-url"): + if worker.get(attribute): + task_def["payload"][attribute] = worker[attribute] artifacts = set(task.get("release-artifacts", [])) for upstream_artifact in worker["upstream-artifacts"]: for path in upstream_artifact["paths"]: