Scriptworker

--------------------

.. _added-49:

Added
~~~~~

- Allow projects/birch to use
project:releng:signing:cert:release-signing

.. _section-86:

--------------------

.. _added-50:

Added
~~~~~

- ``scriptworker.cot.verify.download_cot`` now supports optional
upstream artifacts
- ``scriptworker.artifacts.get_optional_artifacts_per_task_id``,
``scriptworker.cot.verify.(is_task_required_by_any_mandatory_artifact, is_artifact_optional)``,
and
``scriptworker.utils.(get_results_and_future_exceptions, add_enumerable_item_to_dict)``
are defined and publicly exposed.

.. _changed-43:

Changed
~~~~~~~

- ``scriptworker.artifacts.get_upstream_artifacts_full_paths_per_task_id``
returns 2 dictionaries instead of 1.
- ``scriptworker.cot.verify.(verify_docker_image_sha, download_cot_artifact)``
don’t error out if cot isn’t defined (missing cot are detected
earlier)

.. _section-87:

--------------------

.. _fixed-39:

Fixed
~~~~~

- Made the exit status more explicit on exit code -11.
- Fixed ``verify_sig`` to return the message body if ``gpg.decrypt``
returns an empty body.

.. _section-88:

--------------------

.. _added-51:

Added
~~~~~

- Added integration tests that run ``verify_chain_of_trust`` against
production tasks, to make sure ``cot.verify`` changes are backwards
compatible.

.. _fixed-40:

Fixed
~~~~~

- stopped verifying docker-worker cot on the chain object, which may
not have a cot artifact to verify.
- updated the ``retry_exceptions`` for ``retry_request`` to include
``asyncio.TimeoutError``.

.. _removed-19:

Removed
~~~~~~~

- Removed the ``await asyncio.sleep(1)`` after running a task.

.. _section-89:

--------------------

.. _added-52:

Added
~~~~~

- scriptworker will now retry (``intermittent-task`` status) on a
script exit code of -11, which corresponds to a python segfault.

.. _section-90:

--------------------

.. _added-53:

Added
~~~~~

- ``scriptworker.task.get_parent_task_id`` to support the new
``task.extra.parent`` breadcrumb.
- ``scriptworker.cot.verify.ACTION_MACH_COMMANDS`` and
``cot.verify.PARENT_TASK_TYPES`` to separate action task verification
from decision task verification.
- ``scriptworker.cot.verify.ChainOfTrust.parent_task_id`` to find the
``parent_task_id`` later.
- ``scriptworker.cot.verify.LinkOfTrust.parent_task_id`` to find the
``parent_task_id`` later.
- added a new ``action`` task type. This uses the same sha allowlist as
the ``decision`` task type.
- ``scriptworker.cot.verify.is_action``, since differentiating between
a decision task and an action task requires some task definition
introspection.
- ``verify_firefox_decision_command`` now takes a ``mach_commands``
kwarg; for action tasks, we set this to ``ACTION_MACH_COMMANDS``
- ``verify_action_task`` verifies the action task command.
- ``verify_parent_task`` runs the checks previously in
``verify_decision_task``; we run this for both action and decision
tasks.

.. _changed-44:

Changed
~~~~~~~

- ``find_sorted_task_dependencies`` now uses the ``parent_task_id``
rather than the ``decision_task_id`` for its ``parent_tuple``.
- ``download_firefox_cot_artifacts`` now downloads ``task-graph.json``
from action tasks as well as decision tasks
- ``verify_decision_task`` now only checks the command. The other
checks have been moved to ``verify_parent_task``.
- decision tasks now run ``verify_parent_task``.

.. _fixed-41:

Fixed
~~~~~

- Updated ``README.md`` to specify ``tox`` rather than
``python setup.py test``

.. _section-91: