Skip to content

Testing iscript

Aki Sasaki edited this page Oct 5, 2021 · 31 revisions

Testing iscript on a mac signer

These instructions assume you have ssh access to the mac signers, and the mac is already puppetized.

initial setup

  • Choose a a mac signer from the machines list. Update the wiki's notes to say you're you're testing on that mac, with today's date.

  • Quarantine both the mac signer and the mac poller. (Those links are for the production Firefox mac signing pools.)

    • make sure any task currently running finishes, or cancel it if you need to get to the mac sooner. (Or choose an idle mac.)
  • SSH into the mac.

  • Disable the periodic puppet daemon:

    sudo launchctl unload /Library/LaunchDaemons/com.mozilla.periodic.plist

Puppetize

Oftentimes, we want to see if the master branch will puppetize properly. You can do this by:

  • Edit /usr/local/bin/run-puppet.sh to replace the branch production-mac-signing with master

  • Run puppet:

    sudo /usr/local/bin/run-puppet.sh

  • Make sure that exited successfully.

Test iscript

Let's make sure that we can still sign + notarize Firefox.

Activate the virtualenv

# Run these steps as cltbld
sudo -u cltbld -i
cd /builds/scriptworker
. virtualenv/bin/activate

Populate the work dir, test

Find a green notarization-part-1 task. Copy its taskId (click, lower left).

# Same cltbld shell as above
TASK_ID=<populate with the above taskId>
rmdir work
# create ./work/ with task.json and upstreamArtifacts
create_test_workdir -- $TASK_ID
# edit work/task.json to replace the behavior mac_notarize_part_1 with mac_notarize
vi work/task.json
# then test:
iscript script_config.yaml
# The iscript command should finish successfully. If not, there may be something broken with the mac configuration.

Finish up

We're now fairly confident that pushing the revision of master that you just tested to production-mac-signing won't brick the mac signing pool; we can do that when ready.

  • Don't forget to clean up!
# Still cltbld in /builds/scriptworker
# leaving `work` dirty will break the next task that runs on this mac
#     until we fix https://github.com/mozilla-releng/scriptworker/issues/487
rm -rf work artifacts
# Exit cltbld
exit
# Reenable periodic puppet
sudo launchctl load /Library/LaunchDaemons/com.mozilla.periodic.plist
  • un-quarantine the mac signer + poller
  • update the machines wiki to remove the note reserving that mac for you.
Clone this wiki locally