.taskcluster.yml

version: 1
policy:
  pullRequests: collaborators
tasks:
  $let:
    user: ${event.sender.login}

    fetch_rev:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.head.sha}
      else:
        $if: 'tasks_for == "github-push"'
        then: ${event.after}
        else: ${event.release.tag_name}

    fetch_ref:
      $if: 'tasks_for == "github-pull-request"'
      then: "pull/${event.number}/head"
      else:
        $if: 'tasks_for == "github-push"'
        then: ${event.ref}
        else: "refs/tags/${event.release.tag_name}:refs/tags/${event.release.tag_name}"

    http_repo:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.base.repo.clone_url}
      else: ${event.repository.clone_url}

    codecov_secret_url:
      http://taskcluster/secrets/v1/secret/project/fuzzing/codecov-fuzzmanager

    pypi_secret_url:
      http://taskcluster/secrets/v1/secret/project/fuzzing/pypi-fuzzmanager

  in:
    $if: 'tasks_for in ["github-pull-request", "github-push", "github-release"]'
    then:
      $flatten:
        - $map:
          - {image: ci-py-27, toxenv: 'py27', name: 'tests python 2.7 django 1.x'}
          - {image: ci-py-35, toxenv: 'py35', name: 'tests python 3.5 django 2.x'}
          - {image: ci-py-36, toxenv: 'py36', name: 'tests python 3.6 django 2.x'}
          - {image: ci-py-37, toxenv: 'py37', name: 'tests python 3.7 django 2.x'}
          - {image: ci-py-38, toxenv: 'py38', name: 'tests python 3.8 django 2.x'}
          each(build):
            taskId: {$eval: as_slugid(build.toxenv)}
            provisionerId: proj-fuzzing
            workerType: ci
            created: {$fromNow: ''}
            deadline: {$fromNow: '1 hour'}
            scopes:
              - secrets:get:project/fuzzing/codecov-fuzzmanager
            payload:
              maxRunTime: 3600
              image: mozillasecurity/${build.image}:latest
              features:
                taskclusterProxy: true
              command:
                - /bin/bash
                - '--login'
                - '-x'
                - '-c'
                - >-
                  retry () { for _ in {1..9}; do "$@" && return || sleep 30; done; "$@"; }  &&
                  git init repo &&
                  cd repo &&
                  git remote add origin ${http_repo} &&
                  retry git fetch -q --depth=1 origin "${fetch_ref}" &&
                  git -c advice.detachedHead=false checkout ${fetch_rev} &&
                  set +x &&
                  export CODECOV_TOKEN="$(curl -sSL ${codecov_secret_url} | jshon -e secret -e token -u)" &&
                  set -x &&
                  tox -e ${build.toxenv} &&
                  retry tox -e codecov
            metadata:
              name: FuzzManager ${build.name}
              description: FuzzManager ${build.name}
              owner: '${user}@users.noreply.github.com'
              source: ${http_repo}/raw/${fetch_rev}/.taskcluster.yml
        - $if: 'tasks_for in ["github-release"]'
          then:
            - provisionerId: proj-fuzzing
              workerType: ci
              dependencies:
                - {$eval: as_slugid("py27")}
                - {$eval: as_slugid("py35")}
                - {$eval: as_slugid("py36")}
                - {$eval: as_slugid("py37")}
                - {$eval: as_slugid("py38")}
              created: {$fromNow: ''}
              deadline: {$fromNow: '1 hour'}
              scopes:
                - secrets:get:project/fuzzing/pypi-fuzzmanager
              payload:
                maxRunTime: 3600
                image: mozillasecurity/ci-py-38:latest
                features:
                  taskclusterProxy: true
                command:
                  - /bin/bash
                  - '--login'
                  - '-x'
                  - '-c'
                  - >-
                    retry () { for _ in {1..9}; do "$@" && return || sleep 30; done; "$@"; }  &&
                    git init repo &&
                    cd repo &&
                    git remote add origin ${http_repo} &&
                    retry git fetch -q --depth=1 origin "${fetch_ref}" &&
                    git -c advice.detachedHead=false checkout ${fetch_rev} &&
                    set +x &&
                    export TWINE_USERNAME="$(curl -sSL ${pypi_secret_url} | jshon -e secret -e username -u)" &&
                    export TWINE_PASSWORD="$(curl -sSL ${pypi_secret_url} | jshon -e secret -e password -u)" &&
                    set -x &&
                    retry tox -e pypi
              metadata:
                name: FuzzManager PyPI upload
                description: FuzzManager PyPI upload
                owner: '${user}@users.noreply.github.com'
                source: ${http_repo}/raw/${fetch_rev}/.taskcluster.yml