Source code
Revision control
Copy as Markdown
Other Tools
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
Support for running jobs via mozharness. Ideally, most stuff gets run this
way, and certainly anything using mozharness should use this approach.
"""
import re
from textwrap import dedent
from typing import Literal, Optional, Union
from mozpack import path as mozpath
from taskgraph.util import json
from taskgraph.util.schema import Schema
from gecko_taskgraph.transforms.job import configure_taskdesc_for_run, run_job_using
from gecko_taskgraph.transforms.job.common import (
docker_worker_add_artifacts,
generic_worker_add_artifacts,
get_expiration,
setup_secrets,
)
from gecko_taskgraph.util.attributes import is_try
class MozharnessRunSchema(Schema, kw_only=True):
using: Literal["mozharness"]
# the mozharness script used to run this task, relative to the testing/
# directory and using forward slashes even on Windows
script: str
# Additional paths to look for mozharness configs in. These should be
# relative to the base of the source checkout
config_paths: Optional[list[str]] = None
# the config files required for the task, relative to
# testing/mozharness/configs or one of the paths specified in
# `config-paths` and using forward slashes even on Windows
config: list[str]
# any additional actions to pass to the mozharness command
actions: Optional[list[str]] = None
# any additional options (without leading --) to be passed to mozharness
options: Optional[list[str]] = None
# --custom-build-variant-cfg value
custom_build_variant_cfg: Optional[str] = None
# Extra configuration options to pass to mozharness.
extra_config: Optional[dict] = None
# If not false, tooltool downloads will be enabled via relengAPIProxy
# for either just public files, or all files. Not supported on Windows
tooltool_downloads: Union[bool, Literal["public", "internal"]]
# The set of secret names to which the task has access; these are prefixed
# with `project/releng/gecko/{treeherder.kind}/level-{level}/`. Setting
# this will enable any worker features required and set the task's scopes
# appropriately. `true` here means ['*'], all secrets. Not supported on
# Windows
secrets: Union[bool, list[str]]
# If true, taskcluster proxy will be enabled; note that it may also be enabled
# automatically e.g., for secrets support. Not supported on Windows.
taskcluster_proxy: bool
# If false, indicate that builds should skip producing artifacts. Not
# supported on Windows.
keep_artifacts: bool
# If specified, use the in-tree job script specified.
job_script: Optional[str] = None
requires_signed_builds: bool
# Whether or not to use caches.
use_caches: Optional[Union[bool, list[str]]] = None
# If false, don't set MOZ_SIMPLE_PACKAGE_NAME
# Only disableable on windows
use_simple_package: bool
# If false don't pass --branch mozharness script
# Only disableable on windows
use_magic_mh_args: bool
# if true, perform a checkout of a comm-central based branch inside the
# gecko checkout
comm_checkout: bool
# Base work directory used to set up the task.
workdir: Optional[str] = None
run_as_root: Optional[bool] = None
def __post_init__(self):
if self.tooltool_downloads is True:
raise ValueError(
"tooltool-downloads must be False, 'public', or 'internal'"
)
if self.actions:
for action in self.actions:
if not re.match(r"^[a-z0-9-]+$", action):
raise ValueError(
"actions must be `-` separated alphanumeric strings"
)
if self.options:
for option in self.options:
if not re.match(r"^[a-z0-9-]+(=[^ ]+)?$", option):
raise ValueError(
"options must be `-` separated alphanumeric strings"
" (with optional argument)"
)
mozharness_defaults = {
"tooltool-downloads": False,
"secrets": False,
"taskcluster-proxy": False,
"keep-artifacts": True,
"requires-signed-builds": False,
"use-simple-package": True,
"use-magic-mh-args": True,
"comm-checkout": False,
"run-as-root": False,
}
@run_job_using(
"docker-worker",
"mozharness",
schema=MozharnessRunSchema,
defaults=mozharness_defaults,
)
def mozharness_on_docker_worker_setup(config, job, taskdesc):
run = job["run"]
worker = taskdesc["worker"] = job["worker"]
if not run.pop("use-simple-package", None):
raise NotImplementedError(
"Simple packaging cannot be disabled via"
"'use-simple-package' on docker-workers"
)
if not run.pop("use-magic-mh-args", None):
raise NotImplementedError(
"Cannot disabled mh magic arg passing via"
"'use-magic-mh-args' on docker-workers"
)
# Running via mozharness assumes an image that contains build.sh:
# by default, debian13-amd64-build, but it could be another image (like
# android-build).
worker.setdefault("docker-image", {"in-tree": "debian13-amd64-build"})
worker.setdefault("artifacts", []).append({
"name": "public/logs",
"path": "{workdir}/logs/".format(**run),
"type": "directory",
"expires-after": get_expiration(config, "medium"),
})
worker["taskcluster-proxy"] = run.pop("taskcluster-proxy", None)
docker_worker_add_artifacts(config, job, taskdesc)
env = worker.setdefault("env", {})
env.update({
"WORKSPACE": "{workdir}/workspace".format(**run),
"MOZHARNESS_CONFIG": " ".join(run.pop("config")),
"MOZHARNESS_SCRIPT": run.pop("script"),
"MH_BRANCH": config.params["project"],
"PYTHONUNBUFFERED": "1",
})
worker.setdefault("required-volumes", []).append(env["WORKSPACE"])
if "actions" in run:
env["MOZHARNESS_ACTIONS"] = " ".join(run.pop("actions"))
if "options" in run:
env["MOZHARNESS_OPTIONS"] = " ".join(run.pop("options"))
if "config-paths" in run:
env["MOZHARNESS_CONFIG_PATHS"] = " ".join(run.pop("config-paths"))
if "custom-build-variant-cfg" in run:
env["MH_CUSTOM_BUILD_VARIANT_CFG"] = run.pop("custom-build-variant-cfg")
extra_config = run.pop("extra-config", {})
extra_config["objdir"] = "obj-build"
env["EXTRA_MOZHARNESS_CONFIG"] = json.dumps(extra_config, sort_keys=True)
if "job-script" in run:
env["JOB_SCRIPT"] = run["job-script"]
if is_try(config.params):
env["TRY_COMMIT_MSG"] = config.params["message"]
# if we're not keeping artifacts, set some env variables to empty values
# that will cause the build process to skip copying the results to the
# artifacts directory. This will have no effect for operations that are
# not builds.
if not run.pop("keep-artifacts"):
env["DIST_TARGET_UPLOADS"] = ""
env["DIST_UPLOADS"] = ""
# Retry if mozharness returns TBPL_RETRY
worker["retry-exit-status"] = [4]
setup_secrets(config, job, taskdesc)
run["using"] = "run-task"
run["command"] = mozpath.join(
"${GECKO_PATH}",
run.pop("job-script", "taskcluster/scripts/builder/build-linux.sh"),
)
run.pop("secrets")
run.pop("requires-signed-builds")
configure_taskdesc_for_run(config, job, taskdesc, worker["implementation"])
@run_job_using(
"generic-worker",
"mozharness",
schema=MozharnessRunSchema,
defaults=mozharness_defaults,
)
def mozharness_on_generic_worker(config, job, taskdesc):
assert job["worker"]["os"] in (
"windows",
"macosx",
), "only supports windows and macOS right now: {}".format(job["label"])
run = job["run"]
# fail if invalid run options are included
invalid = []
if not run.pop("keep-artifacts", True):
invalid.append("keep-artifacts")
if invalid:
raise Exception(
"Jobs run using mozharness on Windows do not support properties "
+ ", ".join(invalid)
)
worker = taskdesc["worker"] = job["worker"]
worker["taskcluster-proxy"] = run.pop("taskcluster-proxy", None)
setup_secrets(config, job, taskdesc)
taskdesc["worker"].setdefault("artifacts", []).append({
"name": "public/logs",
"path": "logs",
"type": "directory",
"expires-after": get_expiration(config, "medium"),
})
if not worker.get("skip-artifacts", False):
generic_worker_add_artifacts(config, job, taskdesc)
env = worker.setdefault("env", {})
env.update({
"MH_BRANCH": config.params["project"],
})
if run.pop("use-simple-package"):
env.update({"MOZ_SIMPLE_PACKAGE_NAME": "target"})
extra_config = run.pop("extra-config", {})
extra_config["objdir"] = "obj-build"
env["EXTRA_MOZHARNESS_CONFIG"] = json.dumps(extra_config, sort_keys=True)
# The windows generic worker uses batch files to pass environment variables
# to commands. Setting a variable to empty in a batch file unsets, so if
# there is no `TRY_COMMIT_MESSAGE`, pass a space instead, so that
# mozharness doesn't try to find the commit message on its own.
if is_try(config.params):
env["TRY_COMMIT_MSG"] = config.params["message"] or "no commit message"
if not job["attributes"]["build_platform"].startswith(("win", "macosx")):
raise Exception(
"Task generation for mozharness build jobs currently only supported on "
"Windows and macOS"
)
mh_command = []
if job["worker"]["os"] == "windows":
system_python_dir = "c:/mozilla-build/python3/"
gecko_path = "%GECKO_PATH%"
else:
system_python_dir = ""
gecko_path = "$GECKO_PATH"
if run.get("use-python", "system") == "system":
python_bindir = system_python_dir
else:
# $MOZ_PYTHON_HOME is going to be substituted in run-task, when we
# know the actual MOZ_PYTHON_HOME value.
is_windows = job["worker"]["os"] == "windows"
if is_windows:
python_bindir = "%MOZ_PYTHON_HOME%/"
else:
python_bindir = "${MOZ_PYTHON_HOME}/bin/"
mh_command = [f"{python_bindir}python3"]
mh_command += [
f"{gecko_path}/mach",
"python",
"{}/testing/{}".format(gecko_path, run.pop("script")),
]
for path in run.pop("config-paths", []):
mh_command.append(f"--extra-config-path {gecko_path}/{path}")
for cfg in run.pop("config"):
mh_command.extend(("--config", cfg))
if run.pop("use-magic-mh-args"):
mh_command.extend(("--branch", config.params["project"]))
if job["worker"]["os"] == "windows":
mh_command.extend(("--work-dir", r"%cd:Z:=z:%\workspace"))
for action in run.pop("actions", []):
mh_command.append("--" + action)
for option in run.pop("options", []):
mh_command.append("--" + option)
if run.get("custom-build-variant-cfg"):
mh_command.append("--custom-build-variant")
mh_command.append(run.pop("custom-build-variant-cfg"))
if job["worker"]["os"] == "macosx":
# Ideally, we'd use mozshellutil.quote, but that would single-quote
# $GECKO_PATH, which would defeat having the variable in the command
# in the first place, as it wouldn't be expanded.
# In practice, arguments are expected not to contain characters that
# would require quoting.
mh_command = " ".join(mh_command)
run["using"] = "run-task"
run["command"] = mh_command
run.pop("secrets")
run.pop("requires-signed-builds")
run.pop("job-script", None)
configure_taskdesc_for_run(config, job, taskdesc, worker["implementation"])
# Everything past this point is Windows-specific.
if job["worker"]["os"] == "macosx":
return
if taskdesc.get("use-sccache"):
worker["command"] = [
# Make the comment part of the first command, as it will help users to
# understand what is going on, and why these steps are implemented.
dedent(
"""\
:: sccache currently uses the full compiler commandline as input to the
:: cache hash key, so create a symlink to the task dir and build from
:: the symlink dir to get consistent paths.
if exist z:\\build rmdir z:\\build"""
),
r"mklink /d z:\build %cd%",
# Grant delete permission on the link to everyone.
r"icacls z:\build /grant *S-1-1-0:D /L",
r"cd /d z:\build",
] + worker["command"]