-
Notifications
You must be signed in to change notification settings - Fork 29
Testing iscript
These instructions assume you have ssh access to the mac signers, and the mac is already puppetized.
-
Choose a a mac signer from the machines list. Update the wiki's notes to say you're you're testing on that mac, with today's date.
-
Quarantine both the mac signer and the mac poller. (Those links are for the production Firefox mac signing pools.)
- make sure any task currently running finishes, or cancel it if you need to get to the mac sooner. (Or choose an idle mac.)
-
SSH into the mac.
-
Disable the periodic puppet daemon:
sudo launchctl unload /Library/LaunchDaemons/com.mozilla.periodic.plist
-
Disable the workers: (note the file names may be different)
sudo launchctl unload /Library/LaunchDaemons/org.mozilla.notarization_poller.poller.plist sudo launchctl unload /Library/LaunchDaemons/org.mozilla.scriptworker.cltbld.plist # Check running mozilla services sudo launchctl list | grep mozilla
Oftentimes, we want to see if the master
branch will puppetize properly. You can do this by:
-
Edit /usr/local/bin/run-puppet.sh to replace the branch
production-mac-signing
withmaster
-
Run puppet:
sudo /usr/local/bin/run-puppet.sh
-
Make sure that exited successfully.
Let's make sure that we can still sign + notarize Firefox.
# Run these steps as cltbld
sudo -u cltbld -i
cd /builds/scriptworker
. virtualenv/bin/activate
# Clean out the old installation of iscript
pip uninstall iscript
# Substitute <user> and <branch> to point at the code you want to test
pip install git+https://github.com/<user>/scriptworker-scripts.git@<branch>#subdirectory=iscript
Find a green notarization-part-1 task. Copy its taskId (click, lower left).
# Same cltbld shell as above
TASK_ID=<populate with the above taskId>
# create ./work/ with task.json and upstreamArtifacts
create_test_workdir --overwrite -- $TASK_ID
# edit work/task.json to replace the behavior mac_notarize_part_1 with mac_notarize
vi work/task.json
# then test:
iscript script_config.yaml
# The iscript command should finish successfully. If not, there may be something broken with the mac configuration.
We're now fairly confident that pushing the revision of master
that you just tested to production-mac-signing
won't brick the mac signing pool; we can do that when ready.
- Don't forget to clean up!
# Still cltbld in /builds/scriptworker
# leaving `work` dirty will break the next task that runs on this mac
# until we fix https://github.com/mozilla-releng/scriptworker/issues/487
rm -rf work artifacts
# Re-create the virtualenv if you modified it
rm -rf virtualenv
sudo /usr/local/bin/run-puppet.sh
# Reenable periodic puppet
sudo launchctl load /Library/LaunchDaemons/com.mozilla.periodic.plist
# Exit cltbld
exit
- un-quarantine the mac signer + poller
- update the machines wiki to remove the note reserving that mac for you.