Bug2015223: Adds Thunderbird Release AppID

pushflatpakscript/docker.d/init_worker.sh

@@ -25,6 +25,22 @@ case $ENV in
     export REPO_TOKEN_STABLE_PATH=$CONFIG_DIR/stable_token.txt
     echo $REPO_TOKEN_BETA | base64 -d > $REPO_TOKEN_BETA_PATH
     echo $REPO_TOKEN_STABLE | base64 -d > $REPO_TOKEN_STABLE_PATH
+
+
+    if [ "$COT_PRODUCT" = thunderbird ]; then
+      # test_var_set 'REPO_TOKEN_RELEASE'
+      # must either have REPO_TOKEN_RELEASE or REPO_TOKEN_ESR defined
+      if [[ -z "$REPO_TOKEN_RELEASE" ]] && [[ -z "$REPO_TOKEN_ESR" ]]; then
+        echo "error: must have token defined for release or esr channel"
+        exit 1
+      fi
+
+      export REPO_TOKEN_RELEASE_PATH=$CONFIG_DIR/release_token.txt
+      echo $REPO_TOKEN_RELEASE | base64 -d > $REPO_TOKEN_RELEASE_PATH
+
+      export REPO_TOKEN_ESR_PATH=$CONFIG_DIR/esr_token.txt
+      echo $REPO_TOKEN_ESR | base64 -d > $REPO_TOKEN_ESR_PATH
+    fi
     ;;
   *)
     exit 1
@@ -38,6 +54,8 @@ case $COT_PRODUCT in
     ;;
   thunderbird)
     export APP_ID="org.mozilla.Thunderbird"
+    export APP_ID_RELEASE="org.mozilla.ThunderbirdRelease"
+    export APP_ID_ESR="org.mozilla.ThunderbirdESR"
     export TASKCLUSTER_SCOPE_PREFIX="project:comm:thunderbird:releng:flathub:"
     ;;
   *)

pushflatpakscript/docker.d/worker.yml

@@ -1,7 +1,17 @@
 work_dir: { "$eval": "WORK_DIR" }
 artifact_dir: { "$eval": "ARTIFACTS_DIR" }
 verbose: { "$eval": "VERBOSE == 'true'" }
-app_id: { "$eval": "APP_ID" }
+app_ids:
+  beta: {"$eval": "APP_ID" }
+  stable: {"$eval": "APP_ID"}
+  release:
+    $if: defined("APP_ID_RELEASE")
+    then: {"$eval": "APP_ID_RELEASE"}
+    else: ''
+  esr:
+    $if: defined("APP_ID_ESR")
+    then: {"$eval": "APP_ID_ESR"}
+    else: ''
 taskcluster_scope_prefix: { "$eval": "TASKCLUSTER_SCOPE_PREFIX" }
 push_to_flathub: { "$eval": "ENV == 'prod'" }
 flathub_url: { "$eval": "FLATHUB_URL" }
@@ -12,4 +22,13 @@ token_locations:
   then:
     beta: { "$eval": "REPO_TOKEN_BETA_PATH" }
     stable: { "$eval": "REPO_TOKEN_STABLE_PATH" }
+    release:
+      $if: defined("REPO_TOKEN_RELEASE_PATH")
+      then: {"$eval": "REPO_TOKEN_RELEASE_PATH"}
+      else: ''
+    esr:
+      $if: defined("REPO_TOKEN_ESR_PATH")
+      then: {"$eval": "REPO_TOKEN_ESR_PATH"}
+      else: ''
+
   else: {}

pushflatpakscript/examples/config.example.json

@@ -1,7 +1,10 @@
 {
   "work_dir": "/some/work/dir",
   "verbose": true,
-  "app_id": "org.mozilla.firefox",
+  "app_ids": {
+    "stable": "org.mozilla.firefox",
+    "beta": "org.mozilla.firefox"
+  },
   "taskcluster_scope_prefix": "project:releng:flathub:firefox:",
   "push_to_flathub": true,
   "flathub_url": "flathub URL location",

pushflatpakscript/src/pushflatpakscript/data/config_schema.json

@@ -2,7 +2,7 @@
     "title": "pushflatpakscript config schema",
     "type": "object",
     "required": [
-        "app_id",
+        "app_ids",
         "taskcluster_scope_prefix",
         "push_to_flathub",
         "token_locations",
@@ -11,8 +11,11 @@
         "taskcluster_root_url"
     ],
     "properties": {
-        "app_id": {
-            "type": "string"
+        "app_ids": {
+            "type": "object",
+            "additionalProperties": {
+                "type": "string"
+            }
         },
         "taskcluster_scope_prefix": {
             "type": "string"

pushflatpakscript/src/pushflatpakscript/flathub.py

@@ -142,23 +142,32 @@ def files(tar, path):
     return os.path.join(flatpak_tar_basedir, flatpak_deflated_dir)
 
 
-def check_app_id_matches_flatpak(context, flatpak_path):
+def check_app_id_matches_flatpak(context, flatpak_path, channel):
     # Extract all ostree refs from the supplied Flatpak repo
     flatpak_refs = subprocess.check_output(["ostree", "refs"], cwd=flatpak_path).decode().splitlines()
 
     # Consolidate ostree refs into list of Flatpak IDs available in repo
     flatpak_refs = [ref.split("/")[1] for ref in flatpak_refs if ref.startswith("app/")]
 
     # Create a list, if any, of all unexpected Flatpak IDs present in repo
-    invalid_refs = set(flatpak_refs) - {context.config["app_id"]}
+    invalid_refs = set(flatpak_refs) - set(context.config["app_ids"].values())
 
-    if context.config["app_id"] not in flatpak_refs:
-        raise TaskVerificationError(f"Supplied app ID ({context.config['app_id']}) is not present in Flatpak!")
+    if context.config["app_ids"][channel] not in flatpak_refs:
+        raise TaskVerificationError(f"Supplied app ID ({context.config['app_ids'][channel]}) is not present in Flatpak!")
 
     if len(invalid_refs) > 0:
         raise TaskVerificationError("One or more invalid app IDs are present in Flatpak!")
 
 
+def check_config_for_channel(config, channel):
+    """Verify AppID and token location defined for supplied channel"""
+    if channel not in config["app_ids"]:
+        raise TaskVerificationError(f"Supplied channel ({channel}) does not have a configured appID")
+
+    if channel not in config["token_locations"]:
+        raise TaskVerificationError(f"Supplied channel ({channel}) does not have a configured token")
+
+
 def sanitize_buildid(bytes_input):
     """Flathub API returns bytes to we're decoding that to unicode string"""
     return bytes_input.decode().strip()
@@ -174,10 +183,13 @@ def push(context, flatpak_file_path, channel):
         # We don't raise an error because we still want green tasks on dev instances
         return
 
+    check_config_for_channel(context.config, channel)
+
     token_args = ["--token-file", context.config["token_locations"][channel]]
     log.info("Grab a flatpak buildid from Flathub ...")
+    publish_channel = "beta" if channel == "beta" else "stable"
     publish_build_output = run_flat_manager_client_process(
-        context, token_args + ["create", context.config["flathub_url"], channel, "--build-log-url", build_log]
+        context, token_args + ["create", context.config["flathub_url"], publish_channel, "--build-log-url", build_log]
     )
 
     log.info("Sanitize the buildid received from Flathub ...")
@@ -191,7 +203,7 @@ def push(context, flatpak_file_path, channel):
     deflated_dir = check_and_extract_tar_archive(context, flatpak_file_path)
 
     log.info("Verifying supplied app ID matches flatpak app ID...")
-    check_app_id_matches_flatpak(context, deflated_dir)
+    check_app_id_matches_flatpak(context, deflated_dir, channel)
 
     log.info(f"Pushing the flatpak to the associated {publish_build_output}")
     run_flat_manager_client_process(context, token_args + ["push", publish_build_output, deflated_dir])

pushflatpakscript/src/pushflatpakscript/task.py

@@ -1,6 +1,6 @@
 from scriptworker.exceptions import TaskVerificationError
 
-_CHANNELS_AUTHORIZED_TO_REACH_FLATHUB = ("beta", "stable")
+_CHANNELS_AUTHORIZED_TO_REACH_FLATHUB = ("beta", "stable", "release", "esr")
 ALLOWED_CHANNELS = ("mock", *_CHANNELS_AUTHORIZED_TO_REACH_FLATHUB)
 
 

pushflatpakscript/tests/test_config.py

@@ -10,6 +10,9 @@
     "ARTIFACTS_DIR": "",
     "VERBOSE": "true",
     "APP_ID": "",
+    "APP_ID_RELEASE": "",
+    "APP_ID_ESR": "",
+    "COT_PRODUCT": "firefox",
     "TASKCLUSTER_SCOPE_PREFIX": "",
     "FLATHUB_URL": "https://flat.example",
     "FLAT_MANAGER_CLIENT": "/app/bin/flat-manager-client",

pushflatpakscript/tests/test_task.py

@@ -14,7 +14,7 @@ def test_get_flatpak_channel_without_payload_raises():
 @pytest.mark.parametrize("raises, channel", ((False, "stable"), (False, "beta"), (False, "mock"), (False, "beta"), (False, "beta"), (True, "bogus")))
 def test_get_flatpak_channel_dep(raises, channel):
     task = {"scopes": [], "payload": {"channel": channel}}
-    config = {"app_id": "org.mozilla.firefox", "taskcluster_scope_prefix": "project:releng:flathub:firefox:", "push_to_flathub": False}
+    config = {"app_ids": {"stable": "org.mozilla.firefox", "beta": "org.mozilla.firefox"}, "taskcluster_scope_prefix": "project:releng:flathub:firefox:", "push_to_flathub": False}
     if raises:
         with pytest.raises(TaskVerificationError):
             get_flatpak_channel(config, task)
@@ -35,7 +35,10 @@ def test_get_flatpak_channel_dep(raises, channel):
 )
 def test_get_flatpak_channel_prod(raises, scopes, channel):
     task = {"scopes": scopes, "payload": {"channel": channel}}
-    config = {"app_id": "org.mozilla.firefox", "taskcluster_scope_prefix": "project:releng:flathub:firefox:", "push_to_flathub": True}
+    config = {"app_ids": {"stable": "org.mozilla.firefox", "beta": "org.mozilla.firefox"},
+              "token_locations": {"stable": "stable.txt", "beta": "beta.txt"},
+              "taskcluster_scope_prefix": "project:releng:flathub:firefox:",
+              "push_to_flathub": True}
     if raises:
         with pytest.raises(TaskVerificationError):
             get_flatpak_channel(config, task)
@@ -55,5 +58,5 @@ def test_get_flatpak_channel_prod(raises, scopes, channel):
     ),
 )
 def test_is_allowed_to_push_to_flathub(channel, push_to_flathub, expected):
-    config = {"app_id": "org.mozilla.firefox", "taskcluster_scope_prefix": "project:releng:flathub:firefox:", "push_to_flathub": push_to_flathub}
+    config = {"app_ids": {"stable": "org.mozilla.firefox", "beta": "org.mozilla.firefox"}, "taskcluster_scope_prefix": "project:releng:flathub:firefox:", "push_to_flathub": push_to_flathub}
     assert is_allowed_to_push_to_flathub(config, channel) == expected

tests/test_init.py

@@ -78,6 +78,8 @@
         "FLATHUB_URL": "https://flathub.example.com",
         "REPO_TOKEN_BETA": "Zm9vYmFyCg==",
         "REPO_TOKEN_STABLE": "Zm9vYmFyCg==",
+        "REPO_TOKEN_RELEASE": "Zm9vYmFyCg==",
+        "REPO_TOKEN_ESR": "Zm9vYmFyCg==",
     },
     re.compile(r"pushmsix:.*"): {
         "TENANT_ID": "Zm9vYmFyCg==",