Dep signing #8
Dep signing #8
Conversation
|
@tomprince This is based on #5 . Not sure if we want to get that reviewed and landed first, or if it's easier to review all of it at once here. |
| # githubCloneSecret: project/xpi/xpi-github-clone-ssh | ||
| githubCloneSecret: "" | ||
| # XXX use "privileged" or "system" to enable signing | ||
| xpiSigningType: "" |
There was a problem hiding this comment.
I wonder if this is something that could be put in package.json metadata; pulling metadata from there might also address the issue that I saw mentioned about having packages that are not extensions, if we have metadata indicating that a package is an xpi that should be processed.
There was a problem hiding this comment.
Possibly. I also want to add the expected extension name(s) in there as a string or list of strings. I've avoided modifying package.json to date, since the xpi-manifest is the source of truth for release builds, and the CI provided here is a best effort attempt at making new source repositories super simple to drop in.
There was a problem hiding this comment.
taskcluster/xpi_taskgraph/signing.py
Outdated
| continue | ||
| dep = task["primary-dependency"] | ||
| task["dependencies"] = {"build": dep.label} | ||
| artifact_prefix = dep.task["payload"]["env"]["ARTIFACT_PREFIX"] |
There was a problem hiding this comment.
We should put this value in an attribute and consume it from there.
|
|
mozilla-releng/staging-xpi-public#7 has green dep-signing. Phew. |
|
Thanks! Going to address the XXX .tc.yml and tc/ci/config.yml changes before merging. |
Based on #5.
Used in mozilla-releng/staging-xpi-public#7 .
Once these land, land mozilla-releng/staging-xpi-manifest#10 .