forked from mozilla-releng/scriptworker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
scriptworker.yaml.tmpl
98 lines (83 loc) · 4.03 KB
/
scriptworker.yaml.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#-----------------------------------------------------------------------------------------------
# Taskcluster worker settings.
# For development, keep the test-dummy-* and dummy-worker-* convention.
# In production, follow the production conventions.
#-----------------------------------------------------------------------------------------------
provisioner_id: test-dummy-provisioner
worker_group: test-dummy-workers
worker_type: dummy-worker-myname
# worker_id will default to env['SCRIPTWORKER_WORKER_ID'] if not set, for CloudOps deployment.
# We may be able to remove that default if we don't use CloudOps deployment for scriptworker
# instances.
worker_id: dummy-worker-myname1
#-----------------------------------------------------------------------------------------------
# Taskcluster credentials.
# Uncomment and edit to specify the taskcluster credentials here.
# Taskcluster credentials can also be set in secrets.json, $HOME/.scriptworker,
# /etc/.scriptworker, or the environment variables TASKCLUSTER_ACCESS_TOKEN,
# TASKCLUSTER_CLIENT_ID, and TASKCLUSTER_CERITIFICATE.
#-----------------------------------------------------------------------------------------------
# credentials:
# clientId: ...
# accessToken: ...
# certificate: ...
#-----------------------------------------------------------------------------------------------
# Task configs
#-----------------------------------------------------------------------------------------------
# The timeouts are in seconds.
artifact_upload_timeout: 1200
task_max_timeout: 1200
# This is the command line to execute the task.
task_script: ["bash", "-c", "echo foo && sleep 19 && exit 1"]
# debug logging?
verbose: true
# In tier 1 production, these should all be true.
sign_chain_of_trust: false
verify_chain_of_trust: false
verify_cot_signature: false
# Chain of Trust job type, e.g. signing
cot_job_type: scriptworker
cot_product: firefox
# Calls to Github API are limited to 60 an hour. Using an API token allows to raise the limit to
# 5000 per hour. https://developer.github.com/v3/#rate-limiting
github_oauth_token: somegithubtoken
#-----------------------------------------------------------------------------------------------
# Scriptworker paths.
#-----------------------------------------------------------------------------------------------
# Scriptworker logs go here; this is a long-lived directory.
log_dir: "/tmp/log"
# work_dir and artifact_dir will be nuked before every task run.
work_dir: "/tmp/work"
artifact_dir: "/tmp/artifact"
# task_log_dir should be a subdirectory of artifact_dir; its relative path will be the same
# as the log artifacts in taskcluster (i.e., public/logs).
# Set this to private/... if the logs shouldn't be publicly visible.
task_log_dir: "/tmp/artifact/public/logs"
#-----------------------------------------------------------------------------------------------
# ed25519 settings.
#-----------------------------------------------------------------------------------------------
ed25519_private_key_path: /tmp/ed25519_privkey
# Override this if we need to add/remove keys without requiring a new scriptworker release.
# ed25519_public_keys:
# docker-worker:
# - BASE64_ED25519_KEY_STRING
# generic-worker:
# - BASE64_ED25519_KEY_STRING
# scriptworker:
# - BASE64_ED25519_KEY_STRING
#-----------------------------------------------------------------------------------------------
# Valid artifact rules.
# This is a list of dictionaries. Each dictionary specifies schemes, netlocs, and path_regexes.
# All valid artifact downloads should match these. `filepath` must be specified in the
# path_regexes.
#
# If `taskId` is specified in the path_regex, it must be in task.dependencies, the decision task,
# or an upstream chain of trust task.
#-----------------------------------------------------------------------------------------------
# valid_artifact_rules:
# netlocs:
# - queue.taskcluster.net
# path_regexes:
# - "^/v1/task/(?P<taskId>[^/]+)(/runs/\\d+)?/artifacts/(?P<filepath>.*)$"
# schemes:
# - https