All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- New trusted scriptworker CoT key (#669)
- Pull projects.yml from GitHub instead of hg.mozilla.org (#666)
- Set User-Agent in http requests (#661)
- Support github-pull-request-untrusted in CoT verification (https://bugzilla.mozilla.org/show_bug.cgi?id=1906748)
- Pull project from the default branch in projects.yml (#665)
- Values for Firefox Translations training repository scriptworker constants
- Support for deferring upstream artifact selection until runtime
- Ensure GitHub pull request head sha is set correctly during chain of trust verification
- Values for ESR 128 to scriptworker constants
- CoT support for the now archived mozilla-mobile/firefox-android repo
- CoT verification issue where parent repo was always used for PRs, even when base repo was the same as head repo.
- Typo in CoT constant enumerating scriptworker decision task pools.
- Add new scriptworker scopes to cot_restricted_scopes for firefox-android's migration to mozilla-central
- Add larch project branch to all-nightly-branches
- Distrusted CoT keys from the Feb 2023 rotation
- Allow comm-esr115 to handle thunderbird releases (fixes regression from 49.0.0)
- New trusted CoT keys (Dec 2023 rotation)
- Removed mozilla-esr102 and comm-esr102 projects
- Python 3.11 is now tested and supported
- Added Support for the comm-release project
- Added new Thunderbird pushflatpak scopes to cot_restricted_scopes
- Tasks killed by a signal no longer report "success" to taskcluster
- Add maple to trusted vcs projects
- Add maple project branch to all-release-branches
- Fixes a minor flake8 issue in tests
- Add pine project branch to all-nightly-branches
- Add new Thunderbird scopes for Microsoft Store to cot_restricted_scopes
- Fixed spelling of comm-esr115 in constants.py
- Add new application-services scopes to cot_restricted_scopes
- Add esr115 support
- Add birch branch to CoT
- 2022 scriptworker / docker-worker / generic-worker Chain of Trust keys
- Use a new 2022 generic-worker Chain of Trust public key
- Re-added the 2022 scriptworker Chain of Trust public key
- 2022 scriptworker Chain of Trust public keys
- 2023 generic-worker / docker-worker CoT keys
- 2023 scriptworker CoT public keys
- 2021 Chain of Trust public key
- References to the old android-components repository. Code now lives in firefox-android.
- Added GCP decision and images pools for all trust domains
- Added Gecko GCP decision pools
- Removed esr91 support
- Restricted Android-Components scopes to both android-components and firefox-android repos
- Allowed mozillavpn tasks_for action
- Allowed comm-central to use production bouncer scope
- Added BASE_REF and BASE_REV to CoT verify.
- Added scopes for autoland lv3 tree pushes to cot_restricted_scopes
- Added a new trusted docker-worker CoT key
- Added mozillavpn beetmover scopes to cot_restricted_scopes
- Added pine-stable support
- Removed maple and cedar from the list of privileged branches
- Added a new trusted scriptworker CoT key
- Added a new trusted generic-worker CoT key
- Added esr102 support
- Added py3.10 testing
- Moved the repo automation to taskgraph
- Removed esr78 support
- Mozilla VPN to cot_restricted_scopes
- Support for cedar project
- Support for log rotation with RotatingFileHandler
- Removed obsolete Focus scopes
- Remove Pushsnap support
- Added Focus for android scopes for github-script, signing-script and pushapk-script
- Added xpi scopes for Beetmover and Balrog
- Added microsoft store scopes for Firefox
- Test coverage for utils and cleanup
- Support for non-hook actions in CoT
- CoT bumped to version 7
- Removed unused mpd001 trust domain
- Added new mozillavpn trust domain
- Removed old CoT keys
linttox target renamed tocheckto match other releng repos- Tests now use
coverallsinstead ofpytest-coveralls - fixed
fenixprod cot index; old one hadn't been updated in a year - added
adhoc-signingandxpi-manifestcot index tests
- Added esr91 to CoT
- Fixed RtD after dropping py36 support
- added support for cot_restricted_scopes to match <scope>*
- Removed py36 support
- Removed obsolete mobile production tests
- Added py39 support
- Require
immutabledict>=1.3.0to avoid typing bustage - Require
taskcluster<41instead oftaskcluster<40to match the latest cluster version - CoT verification now supports
projectIdandtaskQueueId. - Pinned to
pytest-asyncio<0.15due to production test bustage
- Fixed immutabledict typing bustage
- Replaced the new docker-worker pubkey in
ed25519_public_keys: we never used the previous-new keypair, and we're rolling out this keypair. - Added mypy typing to
scriptworker.context
timestamp->int_timestampin arrow calls; set min arrow version to 1.0- production tests no longer require the taskcluster proxy.
- Removed
esr68; addedpineto nightly branches.
run_tasknow exits with the exit code from the task.reversed_statusesworks now, with statuses of 245 and 241.
- Updated
ed25519_public_keyswith new public keys
- Updated
ignore_keysto include the comingprojectId. - Updated tests to use
iscript>=5
- Added a
requirements.txtwith unpinned requirements, for ronin-puppet pinning.
- Updated
ignore_keysto include the comingtaskQueueId.
- Removed esr68 prod cot tests
- Allowed for empty
committerandauthorin githubcommit_data
- Added cot restricted scopes for mobile github tasks
- Added
semaphore_wrapperto easily use a semaphore for async coroutines. - Added
context.download_semaphoreto share a download semaphore. - Added
max_concurrent_downloadspref, defaulting to 5.
- Fixed 4-part versions.
- CoT support for
application-servicesas cleanup effort - Removed
aiohttp_max_connectionsin favor ofmax_concurrent_downloads.
- CoT now supports Github
event.beforein the jsone context.
- Reformatted to fix black and isort
- Added support for esr78 for both comm and gecko
- Added build_taskcluster_yml_url
- Allow for github-push, action and cron tasks_for in app-services and glean
- We now build the .taskcluster.yml source url in get_in_tree_template, rather than rely on task.metadata.source
- Added app-services as cot_product in favor of application-services which will be retired
- Added glean as cot_product to support taskgraph in https://github.com/mozilla/glean/
- old docker-worker cot key invalid
- production tests now require
TASKCLUSTER_PROXY_URLto be set
- Changed the trusted adhoc repo paths to
mozilla-releng/adhoc-{signing,manifest}.
- Github source urls starting with
ssh://are now treated as private repositories. verify_cotnow takes--verboseand--no-check-taskoptions.
test_productionshould no longer leave behind temp...directories.
- added
cot_product_type
populate_jsone_contextnow checkscot_product_typeinstead of allowlisting a set ofcot_productsas github
check_interactive_docker_workernow raisesCoTErroron errors, rather- than returning the list of error messages
check_interactive_docker_workernow also runs against the chain task, if it's- docker-worker
- added
check_interactive_generic_worker
check_interactive_docker_workernow raisesCoTErroron errors, rather- than returning the list of error messages
check_interactive_docker_workernow also runs against the chain task, if it's- docker-worker
- Catch
asyncio.TimeoutErrorduringclaimWork
retry_get_task_definitionandget_task_definitionto fix `Bug 1618731- <https://bugzilla.mozilla.org/show_bug.cgi?id=1618731>`__
- Old docker-worker cot key which was removed in 33.0.0, because it broke mobile releases.
- Catch
asyncio.TimeoutErroronload_json_or_yaml_from_url
- Removed old docker-worker cot key
- Catch
asyncio.TimeoutErroron artifact upload
- Added
action_permto action hooks
- Added the
scriptworkercot product configs - Added
adhoc-3workers
- Removed
aws-provisioner-v1workers - Removed
esr60and thebirchandjamunproject branches
- Added shipitscript scopes to the xpi restricted scopes
- Moved the mpd001 repo to
guardian-vpn-windows
- Production scopes for flatpaks are now correctly set
- Reverted
context.temp_queuedownloads
- Added scopes for flatpakscript
- Scriptworker now uses
context.temp_queueto download artifacts.
- Added fennec-profile-manager
- Python 3.8 support.
- Swapped out
frozendictforimmutabledict.
- Allow action tasks_for on mobile
- "adhoc" product in order to enable adhoc dep-signing.
- Unused
scriptworker_worker_pools.
utils.retry_sync()to enable retries on functions that cannot be asynchronous.
- Retry more times whenever github3 raises a ConnectionError
- Added treescript push capabilities to central
- [Bug 1596439](https://bugzilla.mozilla.org/show_bug.cgi?id=1596439) - Cache calls to github's branch_commits
- The default
taskcluster_root_urlis nowhttps://firefox-ci-tc.services.mozilla.com/ - Updated the scriptworker worker pool list
retry_async_decorator
- Methods of
GitHubRepositoryare now async and are retried thanks toretry_async. Only methods making network calls are async/retried. - XPI is now pointing at mozilla-extensions/xpi-manifest
test_production.pyno longer leaves behind a...test directory
taskcluster_root_urlnow defaults toos.environ["TASKCLUSTER_ROOT_URL"], with a fallback ofhttps://taskcluster.net.- The firefox-ci and staging clusters are now in the
valid_artifact_rules
- worker-manager based decision and docker image worker pools are supported
- added
mpd001CoT support - added
xpiCoT support - added github action CoT support
- added
require_secretin trusted vcs config - added support for private github repos in CoT verification
[email protected]urls will now be translated tossh://github.com/for the purposes of CoT- we now trust the github task email, because we can’t verify alternate emails
download_filenow takes anauthkwargload_json_or_yaml_from_urlnow takes anauthkwarg
- removed Focus Nightly from
test_productionfor continued bustage due to force pushes
assert_is_parentto make sure a path is a subset of another pathContext.verify_taskwhich checks for..inupstreamArtifacts
download_artifactsverifies the absolute path of the file is under theparent_dirget_single_upstream_artifact_full_pathverifies the full path is under theparent_dir
- removed unused
extra_run_task_arguments - removed extraneous
check_num_tasks
- GitHub: support repo name
- CoT constants for
firefox-tv
- Updated restricted signing scopes for
fenix
- Chain of Trust breakage: Staging cron context were bailing out because repos were unknown.
- run_task returns 1 on non-zero exit code, 0 on success.
- Chain of Trust breakage: Expose repo name and pusher’s email on github pushes.
- Support taskgraph-style github cron contexts.
- Log the scriptworker version in the logs.
- Removed the following stub functions:
verify_balrog_taskverify_bouncer_taskverify_pushapk_taskverify_pushsnap_taskverify_shipit_taskverify_signing_task### Changed
- Use
verify_scriptworker_taskfor workers indirectly using it
- Added new scriptworker names to CoT
- Added
scripts/pin.shandscripts/pin-helper.sh - Added
scriptworker_worker_pools,valid_decision_worker_pools, andvalid_docker_image_pools - Added
get_worker_pool_idandget_provisioner_id
- We now pin dependencies via
scripts/pin.sh - Our scriptworker, decision, and docker-image workerType allowlisting
now goes by worker-pool-id, constrained by
cot_product - Our integration tasks use workerTypes that follow the new workerType name restrictions.
- Removed
scripts/pipandscripts/Dockerfilein favor of the newpin.sh - Removed
scriptworker_worker_types,valid_decision_worker_types, andvalid_docker_image_types - Removed
taskcluster-imagesas a valid docker-image workerType
- Support for graceful shutdown without cancelling using SIGUSR1
- Support for old
application-services-rworkerType
- Add support for dedicated per-level workerTypes in application-services
- Don’t include the non-existent top-level
repositorykey in github json-e context. - Remove untrusted repos from list of repos accepted by
trace_back_to_treecontrolling tasks allowed as dependencies to tasks with restricted scopes.
- Allow arbitrary github repos (with appropriate scopes, in particular PRs), to use non-restricted scopes.
- Provide more complete github contexts to pull requests.
- Allow using indexed-tasks for decision task images in unrestricted contexts.
- Added support for comm-esr68.
- Allow actions to not pass parameters explicitly.
- Allow longer (up to 38 characters) worker_id
- Log worker_group, worker_id, FQDN
- Fennec Release is now shipped off mozilla-esr68
- Allows
mitchhentgesto do stagingapplication-servicestasks
- Unexpected exceptions are reported to Taskcluster as
internal-error, rather than silently failing
- Added
context.task_id
- We now set
env['TASK_ID']when running the script.
- Fennec Beta is now shipped off mozilla-esr68
- Fennec Nightly is now shipped off mozilla-esr68
- Added support for mozilla-esr68.
- Fennec Nightly cannot be shipped off mozilla-beta
- Issue
#331:
Cache
has_commit_landed_on_repository()results so Github doesn’t error out because we hammered the API too often in a short period of time.
- Fix logging
- Enrich github releases jsone context by adding
event['action']
- Issue
#334:
Github’s
web-flowuser breaking Chain of Trust.
- Support for
application-servicesin CoT for beetmoverworkers
_get_additional_github_releases_jsone_context’sclone_urlnow returns the correct url suffixing ingit
s,scriptharness,scriptworkerindocs/conf.py- specify
rootUrlforverify_cotif used without credentials.
- Upload .tar.gz without gzip encoding. Gzip encoding resulted in uncompressing the tarball during download, breaking cot hash verification
- CoT on Github: PRs merged by someone else break CoT
- added
CODE_OF_CONDUCT.md. verify_cotnow has a--verify-sigsoption to test level 3 chains of trust with signature verification on.- added a
verify_ed25519_signatureendpoint helper script.
- Updated documentation to reflect the new ed25519-only chain of trust world.
docker/run.shno longer points/dev/randomto/dev/urandom, and no longer has hacks to install an old version of gpg.public/chain-of-trust.jsonis now a mandatory artifact in cot verification.public/chain-of-trust.json.sigis mandatory if signature verification is on.public/chainOfTrust.json.ascis no longer used.- similarly,
public/chainOfTrust.json.ascis no longer generated or uploaded by scriptworker. add_enumerable_item_to_dictnow usessetdefaultinstead oftry/except.
- added missing modules to the source documentation.
- restored missing test branch coverage.
get_all_artifacts_per_task_idnow returns a sorted, unique list of artifacts, preventing duplicate concurrent downloads of the same file.test_verify_production_cotnow tests win64 repackage-signing instead of linux64 repackage-signing because linux64 stopped running repackage-signing. We also test an esr60 index.
- removed gpg support from chain of trust verification.
- removed
scriptworker.gpgmodule and associated tests. - removed the
defusedxml,pexpect, andpython-gnupgdependencies. - removed the
create_gpg_keys.pyandgpg_helper.shhelper scripts. - removed gpg-specific config.
- removed
ScriptWorkerGPGException - removed the
rebuild_gpg_homedirsendpoint. - removed the
check_pubkeys.pyandgen1000keys.pytest scripts.
event.repository.full_nameandevent.pull_request.base.repo.full_nameoncot_verify(for GitHub repos)
- Allow snapcraft beta scope on mozilla-release
- ed25519 cot signature generation and verification support.
scripts/gen_ed25519_key.py- a standalone script to generate an ed25519 keypaired25519_private_key_pathanded25519_public_keysconfig itemsscriptworker.ed25519moduleverify_link_gpg_cot_signatureis a new function, but is deprecated and will be removed in a future release.verify_link_ed25519_cot_signatureis a new function.- added
write_to_fileandread_from_fileutils
- gpg support in chain of trust is now deprecated, and will be removed in a future release.
generate_cot’spathkwarg is nowparent_path.generate_cotnow generates up to 3 files:chainOfTrust.json.asc,chain-of-trust.json, andchain-of-trust.json.sig.download_cotnow also downloadschain-of-trust.jsonas an optional artifact, and addschain-of-trust.json.sigas an optional artifact if signature verification is enabled. These will become mandatory artifacts in a future release.chainOfTrust.json.ascis now a mandatory artifact in cot verification, but is deprecated. We will remove this artifact in a future release.verify_cot_signaturesverifies ed25519, and falls back to gpg. We will make ed25519 signature verification mandatory in a future release, and remove gpg verification.- we now require
cryptography>=2.6.1for ed25519 support.
is_task_required_by_any_mandatory_artifactis removed
is_try_or_pull_request()is now an async (instead of a sync property). So isis_pull_request().extract_github_repo_owner_and_name(),extract_github_repo_and_revision_from_source_url()have been moved to thegithubmodule.
- In the
githubmodule:is_github_url(),get_tag_hash(),has_commit_landed_on_repository(),is_github_repo_owner_the_official_one()
utils.get_parts_of_url_path()
- update
ci-adminandci-configurationto reflect their new homes
- mobile can create in-tree docker images
- Chain of Trust is now able to validate the following
tasks_for:- github-pull-request (even though pull requests seem risky at first, this enables smoother staging releases - à la gecko’s try)
- github-push
- github.py is a new module to deal with the GitHub API URLs.
- Config must know provide a GitHub OAuth token to request the GitHub API more than 60 times an hour
- load_json_or_yaml() load file handles as if they were always encoded in utf-8. The GitHub API includes emojis in its reponses.
- The mobile decision tasks must define “MOBILE_PUSH_DATE_TIME”.
github-release is the only
tasks_forto not use this variable (because the piece of data is exposed by the GitHub API) is_tryinscriptworker.cot.verifywas changed byis_try_or_pull_requesttasks_forare now allowed per cot-product in constants.py
scriptworker.task.KNOWN_TASKS_FORin favor ofcontext.config['valid_tasks_for']which depends on thecot_product
- added
running_tasksproperty toContext - added
WorkerShutdownDuringTaskexception - added
TaskProcessobject andtask_processsubmodule - added a
RunTasksobject
upload_artifactsnow takes afilesargrun_tasknow takes ato_cancellable_processargdo_run_tasktakes two new argsdo_uploadtakes afilesarg
- scriptworker should now handle SIGTERM more gracefully, reporting
worker-shutdown
- removed
kill_pidandkill_procfunctions - removed
noop_syncfrom utils
- added
ownTaskIdtojsone_context. - added an
_EXTENSION_TO_MIME_TYPElist to allow for differences in system mimetypes
- added
clientIdto action hooks’jsone_context
- Added
git_pathin config to specify an explicit git binary
- Added a
contextargument toget_git_revision,get_latest_tag
- Fixed some markdown syntax
- Added slowest 10 tests measurement
- Added
BaseDownloadErrorandDownload404exceptions
- No longer retry downloads on a 404.
- Fixed pytest-random-order behavior
- Addressed a number of aiohttp + deprecation warnings
- added
fenixto the list of approved repositories
- support for GitHub staging releases
- get
actionPermfromaction_defn['extra']['actionPerm']beforeaction_defn['actionPerm'].
- added an entrypoint to the test docker image and updated docs.
- added relpro action hook support.
- added some filterwarnings to tox.ini to suppress warnings for dependencies.
- pointed
/dev/randomat/dev/urandomin test docker image to speed up gpg tests. - changed filesystem layout of docker image for more test file separation.
- renamed some of the private
jsone_contextfunctions inscriptworker.cot.verify.
- clarified new instance docs.
- fixed common intermittent test failures on travis by removing pytest-xdist.
- Regression around json-e context for mozilla-mobile projects
- Cron tasks are now expected to use correct push information
- Documentation for deploying new instances in AWS has been updated.
- Requirements are now generated using pip-compile-multi.
- Docker images have been updated in preperation for moving to docker deployements.
- whitelisted
mozilla-mobile/android-componentsandmozilla-mobile/reference-browserrepos
rootUrlsupport fortaskcluster>=5.0.0- Python 3.7 dockerfile
- support for
github-release - support cron task scheduled as
github-releasein the casecot_product == "mobile"
- when
cot_product == "mobile", json-e verification is no longer skipped
testandgnupgdockerfiles are now one.
verify_cotfortaskcluster>=5.0.0
- add
taskcluster_root_urlto support taskcluster>=5.0.0
- fixed some pytest warnings
- Look for the
cb_nameof actions with kindtask.
- add
get_action_callback_name
- verify actions properly, even if they share the same name with
another action (
cb_nameis unique;nameis not).
- remove
get_action_name
- Allow staging branches access to staging ship-it and mock snap workers.
- Retry download artifacts on timeouts.
- Allow mozilla-central to update bouncer locations.
- Allow any branch access to the -dev bouncer scriptwork.
- use
task.tags.worker-implementationas the worker implementation, if specified.
- require py37 to be green
- support and require taskcluster>=4.0.0 (
taskcluster.aiorather thantaskcluster.async, becauseasyncis a py37 keyword)
- tests that need an event loop are now all
@pytest.mark.asyncioand/or using the pytest-asyncioevent_loopfixture, rather than using the now-removed localevent_loopfixture. This addresses our intermittent test failures, though we need additional work (e.g., PR #244) - added more test cases around
get_upstream_artifacts_full_paths_per_task_id, to allow for multipleupstreamArtifactsentries for a singletaskId
- fixed the hang in
run_task– we were waiting for themax_timeoutfuture to exit, which it did after sleeping fortask_max_timeoutseconds, so every task took the full timeout to complete. Now we useasyncio.wait(timeout=...). - fixed the unclosed session warnings in tests
- removed
get_future_exceptionafter removing its last caller - removed
max_timeoutafter moving timeout handling intorun_taskviaasyncio.wait - removed the
event_looptest fixture; this may have conflicted with thepytest-asyncioevent_loopfixture
- added
task_max_timeout_status,reversed_statuses, andinvalid_reclaim_statustoDEFAULT_CONFIG - added
get_reversed_statusesfor config-driven reversed statuses - added
task.kill_pidto kill a process tree - added
task.kill_procto kill a subprocess proc - added unit and integration tests for user cancel
- added
utils.get_future_exceptionto get the status of a single future
- integration tests now require the
queue:cancel-task:test-dummy-scheduler/*scope - unit tests now run in random order
max_timeoutis now an async function with sleeps rather than a synchronous function usingcall_later- split
run_tasksinto several helper functions - all negative exit statuses now log
Automation Error
- task timeouts should result in an
intermittent-task, rather than a crashed scriptworker - we now kill the task on a
reclaim_taskresult of 409, allowing for user cancellation - added logging for uncaught exceptions in
run_tasks - cancelled the
reclaim_taskfuture on task completion - pointed docs at the new
mdc1puppet server - cot verification now renders the entire template rather than the first task
REVERSED_STATUSESis removed, in favor ofget_reversed_statusestask.killhas been removed in favor ofkill_pidandkill_proc.- quieted cot verification a bit by removing some
log.debuglines
- added
loop_functionkwarg tosync_mainfor testing
- fixed tests against aiohttp 3.3.0
- fixed concurrent test intermittent errors
- fixed
mobileprebuilt_docker_image_task_types - we now log exceptions rather than printing a traceback to stderr
- added a restriction on a.m.o. production scopes.
- added
prebuilt_docker_image_task_types. These are the task types that allow non-artifact docker images; ifNone, all task types are allowed. - added
get_in_tree_template,get_action_context_and_template,get_jsone_context_and_templateto help support new action hooks. - added
verify_repo_matches_urlto stop using.startswith()to compare urls - added
REPO_SCOPE_REGEXto allow us to find therepo_scopein a task’s scopes. - added
get_repo_scopeto return therepo_scopein a task’s scopes (orNone) - added a
test/data/cotv3dir for action hook test data.
- set
cot_versionto 3. - set
min_cot_versionto 2. - we now require cot artifacts in
verify_docker_image_sha. - we no longer check docker image shas against an allowlist; they either match chain of trust artifact shas, or they’re a task type that allows prebuilt docker images. If these are defined in-tree, we trace the request to the tree, so these should be as trustable as the tree in question.
- we no longer allow for ignoring decision tasks’
taskGroupIds. If they differ from thetaskId, we follow the chain back. - we no longer skip
verify_docker_worker_taskformobilecot_product; but we do allow for prebuilt docker images on all task types. get_source_urlnow throws aCoTErrorif both the source url and repo are defined, and the source url doesn’t match the repo.- quieted the test output significantly.
- default test verbosity is toggled on by the
SCRIPTWORKER_VERBOSE_TESTSenv var. - by default, tests now run concurrently for faster results. To allow this, we no longer close the event loop anywhere.
- we now log the exception at bad git tag signature verification.
- removed cotv1 support
- removed
docker_image_allowlists - removed
gecko-decisionfrom the decisionworkerTypes - removed
ACTION_MACH_COMMANDSandDECISION_MACH_COMMANDS - removed “fuzzy matching” task definitions in
task-graph.json. With json-e enabled actions, we should be able to match thetaskIdexactly. - removed
verify_decision_command; rebuilding the task definition via json-e is more precise. - removed
get_jsone_templatein favor of the other, more specific template functions.
- added
.pytest_cacheto.gitignore
- added py37 testing. This is currently broken due to
ldna_sslandPyYAML; marked this test inallow_failures. - Support for
mobileprojects and more precisely Firefox Focus
- updated docs to reflect python 3.6.5 update
- updated to add aiohttp 3 support. aiohttp <3 is likely busted.
- stopped closing the event loop.
- dropped python 3.5 support.
- find try: in any line of an hg push comment, and strip any preceding characters
- restrict compariston to the first line of hg push comments for try
- added mozilla-esr60 to restricted branches
- changed
retry_asynclogging to be more informative
- added decision docker 2.1.0 to the allowlist
- cot logging now shows retries
- updated cron user to
cron
- added restricted scopes for thunderbird
- update the output filenames of
create_gpg_keys - updated the docs to not hardcode cltsign.
- update release instructions to generate and use wheels
- added support for addon_scriptworker
client.sync_main()now loads the taskclient.sync_main()optionally verifies the loaded taskclient.sync_main()accepts optional default configurationclient.sync_main()stubs outcontext.write_json()
- added functions used in script depending on scriptworker.
- added
utils.get_single_item_from_sequence() - added
script.sync_main()andscript.validate_task_schema() - added
exceptions.TaskVerificationError
- added
- added
get_loggable_urlto avoid logging secrets - added integration test for private artifacts
create_artifactnow has a default expiration of the task expiration date.get_artifact_urlnow supports signed URLs for private artifactsget_artifact_urlno longer returns unquoted urls (breaks signed urls)validate_artifact_urlunquotes paths before returning them
- fix integration tests for osx py36 #135
- removed the config for
artifact_expiration_hours. - removed support for taskcluster 0.3.x
- added support for bouncer scriptworker
- renamed
run_looptorun_tasks run_tasksnow shuts down gracefully after receiving a SIGTERM: it finishes the current task(s), and exits.
run_tasksnow sleeps 5 if there were no tasks claimed.
- Freeze aiohttp to 2.x.y
valid_vcs_rules,source_env_prefix,extra_run_task_argumentsdepend oncot_productcot_productis defined in example configuration- Support for ship-it tasks
- Added
scriptworker.cot.verify.get_jsone_template, because action tasks use actions.json instead of .taskcluster.yml
- Added a
tasks_forargument topopulate_jsone_context. - Used
format_jsoninstead ofpprint.pformatin mostscriptworker.cot.verifyfunctions.
- Removed
scriptworker.utils.render_jsone, since it reduced to ajsone.rendercall. - Removed the now-unused
scriptworker.constants.max_jsone_iterations
- Added
scriptworker.cot.verify.verify_parent_task_definition. This is the core change in this release, aka CoT version 2. We now use json-e to rebuild the decision/action task definitions from the tree. - Added
json-eanddictdifferdependencies. arrow,certifi,multidict,taskcluster, andyarlhave updated their major version numbers.- Added
Context.projectsandContext.populate_projects. - Added
load_json_or_yaml_from_url. - Added
DEFAULT_CONFIG['cot_version']andDEFAULT_CONFIG['min_cot_version']; this is cotv2. Ifmin_cot_versionis 1, we allow for falling back to the old cot v1 logic. - Added
DEFAULT_CONFIG['project_configuration_url']andDEFAULT_CONFIG['pushlog_url']. - Added
scriptworker.task.KNOWN_TASKS_FOR,scriptworker.task.get_action_name,scriptworker.task.get_commit_message,scriptworker.task.get_and_check_project,scriptworker.task.get_and_check_tasks_for - Added
scriptworker.utils.remove_empty_keyssince the taskgraph drops key/value pairs where the value is empty. See https://github.com/taskcluster/json-e/issues/223 - Added
scriptworker.utils.render_jsoneto generically render json-e. - Added
max_jsone_iterationspref; sometimes the values to replace template values are several layers deep. - Added
scriptworker.cot.verify.get_pushlog_info,scriptworker.cot.verify.get_scm_level,scriptworker.cot.verify.populate_jsone_context, andscriptworker.cot.verify.compare_jsone_task_definition. - Added test files to
scriptworker/test/data/cotv2/.
- Renamed
load_jsontoload_json_or_yaml. This now takes afile_typekwarg that defaults tojson. - Moved
get_repo,get_revision,is_try, andis_actionfromscriptworker.cot.verifytoscriptworker.task - Moved the sub-function path callback from
scriptworker.cot.verifytoscriptworker.utils.match_url_path_callback scriptworker.cot.verify.guess_task_typetakes a 2nd arg,task_defn, to differentiate action tasks from decision/cron tasks.scriptworker.cot.verify.get_all_artifacts_per_task_idaddspublic/actions.jsonandpublic/parameters.ymlto decision task artifacts to download, for action task verification.- Removed the
firefoxfromscriptworker.cot.verifyfunction names. - Tweaked the task ID logging in
verify_cot.
- Updated
path_regexesto identify most (all?) valid hg.m.o repo paths, instead of returningNone.
- Removed
scriptworker.cot.verify.verify_decision_taskandscriptworker.cot.verify.verify_action_taskin favor ofscriptworker.cot.verify.verify_parent_task.
max_chain_lengthpref, defaulting to the arbitrary (but larger than the current 5) int 20.
- Stopped hardcoding the max chain length to 5 due to longer-than-5 valid chains in production.
- Allow projects/birch to use project:releng:signing:cert:release-signing
scriptworker.cot.verify.download_cotnow supports optional upstream artifactsscriptworker.artifacts.get_optional_artifacts_per_task_id,scriptworker.cot.verify.(is_task_required_by_any_mandatory_artifact, is_artifact_optional), andscriptworker.utils.(get_results_and_future_exceptions, add_enumerable_item_to_dict)are defined and publicly exposed.
scriptworker.artifacts.get_upstream_artifacts_full_paths_per_task_idreturns 2 dictionaries instead of 1.scriptworker.cot.verify.(verify_docker_image_sha, download_cot_artifact)don’t error out if cot isn’t defined (missing cot are detected earlier)
- Made the exit status more explicit on exit code -11.
- Fixed
verify_sigto return the message body ifgpg.decryptreturns an empty body.
- Added integration tests that run
verify_chain_of_trustagainst production tasks, to make surecot.verifychanges are backwards compatible.
- stopped verifying docker-worker cot on the chain object, which may not have a cot artifact to verify.
- updated the
retry_exceptionsforretry_requestto includeasyncio.TimeoutError.
- Removed the
await asyncio.sleep(1)after running a task.
- scriptworker will now retry (
intermittent-taskstatus) on a script exit code of -11, which corresponds to a python segfault.
scriptworker.task.get_parent_task_idto support the newtask.extra.parentbreadcrumb.scriptworker.cot.verify.ACTION_MACH_COMMANDSandcot.verify.PARENT_TASK_TYPESto separate action task verification from decision task verification.scriptworker.cot.verify.ChainOfTrust.parent_task_idto find theparent_task_idlater.scriptworker.cot.verify.LinkOfTrust.parent_task_idto find theparent_task_idlater.- added a new
actiontask type. This uses the same sha allowlist as thedecisiontask type. scriptworker.cot.verify.is_action, since differentiating between a decision task and an action task requires some task definition introspection.verify_firefox_decision_commandnow takes amach_commandskwarg; for action tasks, we set this toACTION_MACH_COMMANDSverify_action_taskverifies the action task command.verify_parent_taskruns the checks previously inverify_decision_task; we run this for both action and decision tasks.
find_sorted_task_dependenciesnow uses theparent_task_idrather than thedecision_task_idfor itsparent_tuple.download_firefox_cot_artifactsnow downloadstask-graph.jsonfrom action tasks as well as decision tasksverify_decision_tasknow only checks the command. The other checks have been moved toverify_parent_task.- decision tasks now run
verify_parent_task.
- Updated
README.mdto specifytoxrather thanpython setup.py test
- added maple to the list of privileged branches.
- changed the default
poll_intervalto 10.
- updated post-task sleep to 1; we only sleep
poll_intervalonly between polls.
- removed date from the list of privileged branches.
- no longer add a decision task’s decision task to the chain of trust to verify. This was a regression.
- cleaned up aurora references from everything but pushapk, which uses it.
- specify the correct docker shas for the new docker images.
- fixed new false error raised on missing command in payload
- updated cot verification to allow for the new docker-image and decision paths (/home/worker -> /builds/worker)
- added
DECISION_MACH_COMMANDStocot.verify, to support action task verification - added
DECISION_TASK_TYPEStocot.verify, to support verifying decision tasks viaverify_cot - added
ChainOfTrust.is_decisionto find if the chain object is a decision task - added
ChainOfTrust.get_all_links_in_chain. Previously, we ran certain tests against all the links in the chain, and other tests against all links + the chain object. Now, the chain itself may be a decision task; we will add the decision task as a link in the chain, and we no longer want to run verification tests against the chain object. - added new docker image shas
- we now support testing any verifiable
taskTypeviaverify_cot! Previously, only scriptworker task types were verifiable via the commandline tool. - we now support testing action task commandlines in
verify_firefox_decision_command - we no longer ignore the decision task if the task-to-verify is the
decision task in
find_sorted_task_dependencies. We want to make sure we verify it. - we no longer raise a
CoTErrorif theChainOfTrustobject is not a scriptworker implementation
- fixed
partialstask verification
- added .json as an
ignore_suffixfor docker-worker - added
partialsas a valid task type
- added sparse checkout decision task support in cot verification.
- added decision image 0.1.10 sha to allowlist
watch_log_filepref, to watch the log file forlogrotate.d(or other) rotation. Set this to true in production.
- switched from
RotatingFileHandlertoWatchedFileHandlerorFileHandler, depending on whetherwatch_log_fileis set.
- Non-backwards-compatible: removed
log_max_bytesandlog_num_backupsprefs. If set in a config file, this will break scriptworker launch. I don’t believe anything sets these, but bumping the major version in case.
- added
prepare_to_run_taskto create a newcurrent_task_info.jsoninwork_dirfor easier debugging.
.difffiles now upload astext/plain.
- updated the decision + docker-image
workerTypes
- closed the contextual log handler to avoid filling up disk with open filehandles
- added a check to verify the cot
taskIdmatches the tasktaskId - added a a
claimWorkdebug log message - added a check to prevent
python setup.py registerandpython setup.py upload
- updated the docs to more accurately reflect the new instance steps
- updated the docs to avoid using
python setup.py register sdist upload - allowed the decision task to be an additional runtime dep
- rewrote chain of trust docs.
- fixed artifact list verification in
task.payloadfor generic-worker tasks.
- removed old format balrog scope.
- added
.shas anignore_suffixfor generic-worker
- added generic-worker chain of trust support
scriptworker.cot.verify.verify_generic_worker_task, currently noop
- generic-worker
ignore_suffixesnow includes.in
- Updated Google Play scopes to allow Nightly to ship to the Aurora product
- added
scriptworker.task.claim_workto use theclaimWorkendpoint instead of polling.
- changed
worker.run_loopto use the newclaim_workfunction. In theory this can handle multiple tasks serially, but in practice should only get one at a time. In the future we can allow for multiple tasks run in parallel in separatework_dirs, if desired. worker.run_loopnow always sleeps thepoll_interval. We can adjust this if desired.
- tweaked docstrings to pass pydocstyle>=2.0
- removed
Context.poll_task_urls - removed
scriptworker.pollcompletely
- allowed for retriggering tasks with a subset of
task.dependencies, specifically to get around expiration of the breakpoint dependency of pushapk tasks.
- added oak to
all-nightly-branches, for update testing. - added
repackageas a valid, verifiable task type for cot.
- added log message on startup.
- updated docker image allowlists
- changed balrog nightly branches to
all-nightly-branches
scriptworker.artifactsnow has new functions to deal withupstreamArtifacts:get_upstream_artifacts_full_paths_per_task_id,get_and_check_single_upstream_artifact_full_path, andget_single_upstream_artifact_full_path.- added a
LinkOfTrust.get_artifact_full_pathmethod - new
helper_scriptsdirectory:gpg_helper.shis a wrapper to call gpg against a given gpg home directory.create_gpg_keys.pyis a script to create new scriptworker gpg keys.
- updated support, and now require,
aiohttp>=2.0.0 - pointed the pushapk scopes at new
betatestandauroratestcot_restricted_treesaliases - renamed
find_task_dependenciestofind_sorted_task_dependencies
aiohttp2.0.0 no longer burns travis jobs.
- update balrog restricted scopes to include
project:releng:balrog:nightlyuntil we’re done with it
- allow for
/bin/bashin decision task command line
- don’t add a decision task’s decision task to the dependency chain. In 2.2.0 we stopped verifying that a decision task was part of its decision task’s task graph, but still verified the decision task’s decision task (if any). This release stops tracing back to the original decision task altogether.
- updated balrog restricted scopes
- updated balrog and beetmover restricted scopes
- decision tasks are no longer traced back to decision tasks, even if
their
taskGroupIddoesn’t match theirtaskId.
- tests now pass under python 3.6; we’ll update the supported version list when taskcluster-client.py has full py36 support
- fixed closed event loop errors from the new aiohttp
- git tests now use a local git repo tarball, instead of running tests on the scriptworker repo
- removed the check for max number of decision tasks per graph
get_artifact_urlnow works withtaskcluster==1.0.2, while keeping 0.3.x compatibility- more verbose upload status
intermittent-taskstatusscriptworker.utils.calculate_sleep_time- added
retry_async_kwargskwarg toretry_request - added
sleeptime_kwargskwarg toretry_async
- renamed
releaseandnightlybranch aliases toall-release-branchesandall-nightly-branches - updated pushapk restricted scopes
- reduced
aiohttp_max_connectionsto 15 aiohttpexceptions now result in anintermittent-taskstatus, rather thanresource-unavailable
scriptworker.artifactsis a new submodule that defines artifact behavior- we now support
pushapkscriptworker instance types incot.verify
freeze_valuesis nowget_frozen_copy, and now returns a frozen copy instead of modifying the object in place.unfreeze_valuesis nowget_unfrozen_copycheck_confignow callsget_frozen_copyon theconfigbefore comparing againstDEFAULT_CONFIGcreate_configcallsget_unfrozen_copy, resulting in a recursively frozen configDEFAULT_CONFIGnow usesfrozendicts andtuples in nested config items..ascfiles are now forced totext/plain- all
text/plainartifacts are now gzipped, including .log, .asc, .json, .html, .xml - we no longer have
task_output.logandtask_error.log. Instead, we havelive_backing.log, for more treeherder-friendliness
- stop testing for task environment variables. This is fragile and provides little benefit; let’s push on bug 1328719 instead.
unfreeze_values, to unfreeze afreeze_valuesfrozendict.
freeze_valuesnow recurses.
- delete azure queue entries on status code 409 (already claimed or cancelled). This allows us to clean up cancelled tasks from the queue, speeding up future polling.
- more retries and catches in
find_task, making it more robust.
- balrog tasks are now verifiable in chain of trust.
verify_signed_tag, which verifies the tag’s signature and makes sure we’re updated to it.
rebuild_gpg_homedirsnow uses git tags instead of checking for signed commits.get_git_revisionnow takes arefkwarg; it finds the revision for that ref (e.g., tag, branch).update_signed_git_reporevisionkwarg is now namedref. It also verifies and updates to the signed git tag instead ofref.update_signed_git_reponow returns a tuple (revision, tag)build_gpg_homedirs_from_reponow usesverify_signed_taginstead ofverify_signed_git_commit, and takes a newtagarg.
- the curl command in
Dockerfile.gnupgnow retries on failure.
verify_signed_git_commit_outputverify_signed_git_commit
- beetmover and balrog scriptworker support in chain of trust verification
cot_restricted_treesconfig, which maps branch-nick to branches
- Changed
cot_restricted_scopesto be a scope to branch-nick dict, indexed bycot_product
- nuke then move the tmp gpg homedir, rather than trying to [wrongly]
use
overwrite_gpg_homeon a parent dir
- Dockerfiles: one for general testing and one for gpg homedir testing, with readme updates
flake8_docstringsin tox.ini- log chain of trust verification more verbosely, since we no longer have real artifacts uploaded alongside
- download cot artifacts into
work_dir/cotinstead ofartifact_dir/public/cot, to avoid massive storage dups download_artifactsnow returns a list of full paths instead of relative paths. SinceupstreamArtifactscontains the relative paths, this should be more helpful.contextual_log_handlernow takes alogging.Formatterkwarg rather than a log format string.
- check for a new gpg homedir before
run_loop, because puppet will now userebuild_gpg_homedirs
- updated all docstrings to pass
flake8_docstrings - switched to a three-phase lockfile for gpg homedir creation to avoid race conditions (locked, ready, unlocked)
- catch
aiohttp.errors.DisconnectedErrorandaiohttp.errors.ClientErrorinrun_loopduringupload_artifacts - compare the built docker-image tarball hash against
imageArtifactHash
- the
create_initial_gpg_homedirsentry point has been removed in favor ofrebuild_gpg_homedirs.
scriptworker.cot.verify.raise_on_errorsnow takes a kwarg oflevel, which defaults tologging.CRITICAL. This is to support fuzzy task matching, where not matching a task is non-critical.scriptworker.cot.verify.verify_link_in_task_graphnow supports fuzzy task matching. If the Link’stask_idisn’t in the task graph, try to match the task definition against the task graph definitions, and throwCoTErroron failure. This is to support Taskcluster retriggers.verify_cotis now an entry point, rather than a helper script inscriptworker/test/data/.
- allowed for
USE_SCCACHEas a build env var
scriptworker.cot.verifynow verifies the chain of trust for the graph.scriptworker.exceptions.CoTErrornow marks chain of trust validation errors.scriptworker.task.get_task_id,scriptworker.task.get_run_id,scriptworker.task.get_decision_task_id,scriptworker.task.get_worker_typescriptworker.log.contextual_log_handlerfor short-term logs- added framework for new docs
- config files are now yaml, to enable comments.
config_example.jsonandcot_config_example.jsonhave been consolidated intoscriptworker.yaml.tmpl.context.cot_configitems now live incontext.config. validate_artifact_urlnow takes a list of dictionaries as rules, leading to more configurable url checking.scriptworker.cotis nowscriptworker.cot.generate. Theget_environmentfunction has been renamed toget_cot_environment.scriptworker.gpg.get_bodynow takes averify_sigkwarg.download_artifactsnow takesvalid_artifact_task_idsas a kwarg.max_connectionsis nowaiohttp_max_connections- scriptworker task definitions now expect an
upstreamArtifactslist of dictionaries
- docstring single backticks are now double backticks
- catch aiohttp exceptions on upload
- removed all references to
cot_config - removed the credential update, since puppet restarts scriptworker on config change.
gpg_lockfileandlast_good_git_revision_filein configget_last_good_git_revisionandwrite_last_good_git_revisionnow return the last good git revision, and write it tolast_good_git_revision_file, respectively.get_tmp_base_gpg_home_diris a helper function to avoid duplication in logic.rebuild_gpg_homedirsis a new entry point script that allows us to recreate the gpg homedirs in a tmpdir, in a separate processis_lockfile_present,create_lockfile, andrm_lockfileas helper functions for the two gpg homedir entry points.
sign_key,rebuild_gpg_home_flat,rebuild_gpg_home_signed,build_gpg_homedirs_from_repoare no longer async.overwrite_gpg_homeonly keeps one backup.update_signed_git_reponow returns the latest git revision, instead of a boolean marking whether the revision is new or not. This will help avoid the scenario where we update, fail to generate the gpg homedirs, and then stay on an old revision until the next push.update_logging_confignow takes afile_namekwarg, which allows us to create new log files for therebuild_gpg_homedirsandcreate_initial_gpg_homedirsentry points.
build_gpg_homedirs_from_reponow waits to verify the contents of the updated git repo before nuking the previous base gpg homedir.create_initial_gpg_homedirsnow creates a logfile
rebuild_gpg_homedirs_loopis no longer needed, and is removed.
- logged the stacktrace if the
mainloop hits an exception. No longer catch and ignoreRuntimeError, since it wasn’t clear why that was put in. - updated
check_configto make sure taskcluster-related configs match taskcluster requirements
- changed the way the polling loop works:
async_mainis now a single pass, whichmaincalls in awhile Trueloop. This should fix the situation where polling was dying silently while the git update loop continued running every 5 minutes.
- explicitly pass
taskIdandrunIdtoclaim_task. There’s a newhintIdproperty that appears inmessage_info['task_info']that broke things.
- added
git_key_repo_dir,base_gpg_home_dir,my_email, andgpg_pathtoconfig_example.json - added
cot_config_example.json,cot_config_schema.json, andscriptworker.config.get_cot_configfor ChainOfTrust config - added
update_signed_git_repo,verify_signed_git_commit,build_gpg_homedirs_from_repo,rebuild_gpg_homedirs_loop, andcreate_initial_gpg_homedirsfor gpg homedir creation and updates in the background. - added a background call to update the gpg homedirs in
scriptworker.worker.async_main - added another entry point,
create_initial_gpg_homedirs, for puppet to create the first gpg homedirs
- default config filename is now
scriptworker.jsoninstead ofconfig.json - moved
scriptworker.config.get_context_from_cmdlnout ofscriptworker.worker.main; now using argparse - changed default
sign_chain_of_trustto True scriptworker.gpg.sign_key,scriptworker.gpg.rebuild_gpg_home_flat, andscriptworker.gpg.rebuild_gpg_home_signedare now async, so they can happen in parallel in the background- renamed
scriptworker.gpg.latest_signed_git_committoscriptworker.gpg.verify_signed_git_commit_output - combined
scriptworker.log.log_errorsandscriptworker.log.read_stdoutintoscriptworker.log.pipe_to_log - added
taskGroupIdto the list of default validtaskIds to download from. This logic will need to change in version 0.9.0 due to the new chain of trust dependency traversal logic
- added missing docstrings to the
download_artifactsanddownload_filefunctions - fixed coverage version in
tox.ini py35-coveralls sign_keynow supports signing keys with multiple subkeys
- added
DownloadErrorexception fordownload_file - added
scriptworker.task.download_artifacts - added
scriptworker.util.download_file
DEFAULT_CONFIG,STATUSES, andREVERSED_STATUSEShave moved toscriptworker.constants.list_to_tuplehas been renamedfreeze_values, and also converts dict values to frozendicts.
- significant gpg support
- ability to create new gpg homedirs
- scriptworker now requires
pexpectfor gpg key signing - docstrings!
- helper scripts to generate 1000 pubkeys and time importing them.
- added
scriptworker.utils.rmas anrm -rffunction
utils.makedirsnow throwsScriptWorkerExceptionif the path exists and is not a directory or a softlink pointing to a directory.- gpg functions now take a
gpg_homekwarg to specify a different homedir - moved
scriptworker.client.integration_create_task_payloadintoscriptworker.test - renamed
scriptworker.util.get-_hashkwarghash_typetohash_alg - renamed
firefox_cot_schema.jsontocot_v1_schema.json; also, the schema has changed. - the chain of trust schema has changed to version 1.
- pass a
tasktoscriptworker.task.reclaimTaskand exit the loop if it doesn’t matchcontext.task - we now verify that
context.taskis the same task we scheduledreclaim_taskfor.
- Removed
get_temp_creds_from_file, since we’re not writingtemp_credsto disk anymore - Removed
scriptworker.task.get_temp_queue, since we already havecontext.temp_queue - Removed
pytest-asynciodependency. It doesn’t play well withpytest-xdist. - Removed
scriptworker.task.get_temp_queue; we can usecontext.temp_queue - Removed
pytest-asynciousage to try to usepytest-xdist, then turned that back off when it conflicted with the event loop
- added
firefox_cot_schema.jsonfor firefox chain of trust - added gpg signature creation + verification
- added chain of trust generation
- added
scriptworker.task.worst_levelfunction for determining overall result of task
unsignedArtifactsurl paths are now unquoted, so%2Fbecomes/validate_task_schemarenamed tovalidate_json_schema- write task log files directly to the
task_log_dir; this should be a subdir ofartifact_dirif we want them uploaded. ScriptWorkerExceptionnow has anexit_codeof 5 (internal-error);ScriptWorkerRetryExceptionnow has anexit_codeof 4 (resource-unavailable)- moved
testsdirectory toscriptworker/test
- Functions in
test_confignow ignore existingTASKCLUSTER_env vars for a clean testing environment raise_future_exceptionsno longer throws an exception for an empty list of tasks- Updated
CONTRIBUTING.rstto reflect reality
- add
scriptworker.utils.filepaths_in_dir - added setup.cfg for wheels
- added
scriptworker.client.validate_artifact_url. - added python-gnupg dependency
- test files no longer use a test class.
upload_artifactsnow uploads files in subdirectories ofartifact_dir, preserving the relative paths.
- Removed unneeded creds file generation.
- Added
requirements-*.txtfiles. The-prodfiles have pinned versions+hashes, viareqhash. - Added
raise_future_exceptionsfunction from signingscript
- Upload artifacts to public/env/
filename. - Enabled coverage branches in testing.
- Enabled environment variable configuration for credentials+workerid
- Moved source repo to mozilla-releng/scriptworker
- No longer prepend stderr log lines with ERROR
- Reduced debug logging
- Tweaked the config defaults to be a bit more sane.
- Fixed an exception where automated processes without HOME set would fail to launch scriptworker
- Removed
scheduler_idfrom config; it’s only used to schedule integration tests.
upload_artifactsnow specifies acontent_typeoftext/plainfor the task logfiles, to fix linux uploading.
- Context now has a
claim_taskproperty that stores the output fromclaimTask.Context.taskis now the task definition itself. scriptworker.utils.requestnow takes additional kwargs to be a more versatile function.
- bundled version.json
- CHANGELOG.md
- Pinned
pytest-asyncioto 0.3.0 because 0.4.1 hits closed event loop errors.