[tor-commits] [tor-browser] 06/76: Bug 1740631 - Add requirements-plist-url to mac signing payloads, r=aki, glandium a=RyanVM
gitolite role
git at cupani.torproject.org
Wed Mar 30 20:39:34 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.8.0esr-11.0-1
in repository tor-browser.
commit 269bf5c2fbe3363351054059dca46ae59715a7aa
Author: Andrew Halberstadt <ahal at mozilla.com>
AuthorDate: Thu Mar 3 09:16:09 2022 -0500
Bug 1740631 - Add requirements-plist-url to mac signing payloads, r=aki,glandium a=RyanVM
This file will get picked up by our mac signing infrastructure and be
forwarded to the `productbuild` invocation.
---
taskcluster/ci/config.yml | 4 ++++
taskcluster/taskgraph/transforms/signing.py | 22 ++++++++++++++++++++--
taskcluster/taskgraph/transforms/task.py | 6 ++++--
3 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/taskcluster/ci/config.yml b/taskcluster/ci/config.yml
index 5acb629d54583..66daa4c86023c 100644
--- a/taskcluster/ci/config.yml
+++ b/taskcluster/ci/config.yml
@@ -627,3 +627,7 @@ mac-notarization:
production: security/mac/hardenedruntime/production.entitlements.xml
default: security/mac/hardenedruntime/developer.entitlements.xml
default: ''
+ mac-requirements:
+ by-platform:
+ macosx64.*: build/package/mac_osx/requirements.plist
+ default: ''
diff --git a/taskcluster/taskgraph/transforms/signing.py b/taskcluster/taskgraph/transforms/signing.py
index 619a7a6cfdff0..2afb0332ae7ca 100644
--- a/taskcluster/taskgraph/transforms/signing.py
+++ b/taskcluster/taskgraph/transforms/signing.py
@@ -92,6 +92,23 @@ def add_entitlements_link(config, jobs):
yield job
+ at transforms.add
+def add_requirements_link(config, jobs):
+ for job in jobs:
+ requirements_path = evaluate_keyed_by(
+ config.graph_config["mac-notarization"]["mac-requirements"],
+ "mac requirements",
+ {
+ "platform": job["primary-dependency"].attributes.get("build_platform"),
+ },
+ )
+ if requirements_path:
+ job["requirements-plist-url"] = config.params.file_url(
+ requirements_path,
+ )
+ yield job
+
+
@transforms.add
def make_task_description(config, jobs):
for job in jobs:
@@ -220,8 +237,9 @@ def make_task_description(config, jobs):
" ({} not found in mapping)".format(worker_type_alias)
)
worker_type_alias = worker_type_alias_map[worker_type_alias]
- if job.get("entitlements-url"):
- task["worker"]["entitlements-url"] = job["entitlements-url"]
+ for attr in ("entitlements-url", "requirements-plist-url"):
+ if job.get(attr):
+ task["worker"][attr] = job[attr]
task["worker-type"] = worker_type_alias
if treeherder:
diff --git a/taskcluster/taskgraph/transforms/task.py b/taskcluster/taskgraph/transforms/task.py
index c54f06f415aba..925c5823531c2 100644
--- a/taskcluster/taskgraph/transforms/task.py
+++ b/taskcluster/taskgraph/transforms/task.py
@@ -841,6 +841,7 @@ def build_generic_worker_payload(config, task, task_def):
"mac_single_file",
),
Optional("entitlements-url"): text_type,
+ Optional("requirements-plist-url"): str,
},
)
def build_scriptworker_signing_payload(config, task, task_def):
@@ -852,8 +853,9 @@ def build_scriptworker_signing_payload(config, task, task_def):
}
if worker.get("mac-behavior"):
task_def["payload"]["behavior"] = worker["mac-behavior"]
- if worker.get("entitlements-url"):
- task_def["payload"]["entitlements-url"] = worker["entitlements-url"]
+ for attribute in ("entitlements-url", "requirements-plist-url"):
+ if worker.get(attribute):
+ task_def["payload"][attribute] = worker[attribute]
artifacts = set(task.get("release-artifacts", []))
for upstream_artifact in worker["upstream-artifacts"]:
for path in upstream_artifact["paths"]:
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tor-commits
mailing list