Taskcluster

GENERAL

▶ [patch] [5653](https://github.com/taskcluster/taskcluster/issues/5653)
Fix a bug with github status checks not being updated.

In 44.19.1 release github service started tracking additional task
state changes, and this resulted in a race condition between "taskDefined"
and "status" handlers where both of them would create new check run at
the same time. Wrong check run would later get all status updates, while
Github UI will be showing a different check run which didn't receive all
the updates.

▶ [patch]
Upgrade node to the latest LTS release, v16.17.0

DEPLOYERS

▶ [patch] [5041](https://github.com/taskcluster/taskcluster/issues/5041)
Add support for private docker registry by adding `imagePullSecrets` config value.

DEVELOPERS

▶ [minor] [5295](https://github.com/taskcluster/taskcluster/issues/5295)
When hovering over a task in a group task, the background color changes for the whole row, now. As opposed to a portion of the row.

▶ [patch]
Building and publishing generic worker docker image

▶ [patch] [5217](https://github.com/taskcluster/taskcluster/issues/5217)
This patch gets a tail of the last 250 lines of the `live.log` file and provides it in the GitHub checks view without having to visit the Taskcluster UI.

---

GENERAL

▶ [minor] [5085](https://github.com/taskcluster/taskcluster/issues/5085)
Github integration handles task reruns, triggered from the Taskcluster side.
Check run status updates will include in_progress and queued sates for such tasks.

▶ [patch]
Fixes error logging for "re-run" github event.
Improves '[ci skip]' logic to also include pull_request events.
Adds documentation on how to debug github integration locally.

▶ [patch]
Remove duplicate ingres paths as redundant

DEPLOYERS

▶ [minor] [4913](https://github.com/taskcluster/taskcluster/issues/4913)
Adds support for nginx ingress for routes definitions.
Adds support for certbot annotations.

ADMINS

▶ [minor] [5616](https://github.com/taskcluster/taskcluster/issues/5616)
For projects with `policy.pullRequests` set to `public_restricted`, Taskcluster Github will now assume the role `repo:github.com/${ payload.organization }/${ payload.repository }:pull-request-untrusted`. Administrators will need to create this role for all `public_restricted` projects.

USERS

▶ [minor] [5311](https://github.com/taskcluster/taskcluster/issues/5311)
Github integration can skip creation of tasks for single commits that include "[ci skip]" or "[skip ci]" message.

▶ [patch] [5046](https://github.com/taskcluster/taskcluster/issues/5046)
UI automatically goes to the latest run on rerun action.
Task page listens to updates on task status and updates the page.

▶ [patch]
UI: Pulse Messages autocompletes known exchanges

DEVELOPERS

▶ [minor] [5611](https://github.com/taskcluster/taskcluster/issues/5611)
Added paddingLeft to the root MUISelect in the overrides in theme.js.

Choosing a worker type out of the dropdown menu from the Create Task page now displays the chosen type with appropriate padding from the left. The chosen worker type no longer appears glued to the left border.

▶ [patch]
Docker compose: static worker not started by default.

▶ [patch]
Switch to devel image for docker-compose.dev.yml.
Installing nodemon only in devel image.

▶ [patch]
Use tc-admin to setup local env.

▶ [patch]
This patch makes it so that a `yarn smoketest` on our dev environment is run after a successful deploy.

GENERAL

▶ [patch] [5577](https://github.com/taskcluster/taskcluster/issues/5577)
Adds linting functionality in the Create Task page.

Validates create task and its payload based on the selected worker type.

▶ [patch]
Update go version from 1.18.4 to 1.18.5 for building generic-worker, livelog, taskcluster-proxy, start-worker, and the taskcluster cli.
Update golangci-lint from 1.46.2 to 1.47.3 for linting go code.

USERS

▶ [patch] [5555](https://github.com/taskcluster/taskcluster/issues/5555)
This patch fixes an issue with filtering workers based on quarantined status. The issue only occurs with static workers that are quarantined. When the filter was active, those static, quarantined workers would not be displayed in the list. This issue was first brought up in v44.17.0.

DEVELOPERS

▶ [minor]
Docker compose changes and improvements:
* `generic-worker` runs with local `docker compose` and is able to execute tasks
* (breaking change) default ingress service was renamed to `taskcluster` and now binds to port `80` instead of `8080`
* manual entry of '127.0.0.1 taskcluster' to `/etc/hosts` is necessary in order to make HAWK authentication work properly across whole UI

New tutorial page is added `docs/tutorial/local-dev` describing how to launch Taskcluster locally and run a simple task.

▶ [patch]
Auto-reload services in docker-compose.dev.yml when source changes.
This will allow to develop services without restarting manually docker compose.

▶ [patch] [5602](https://github.com/taskcluster/taskcluster/issues/5602)
Introduced docker compose profiles to allow running background tasks and cron jobs.

▶ [patch]
Added scripts to `package.json` to more easily use the `docker compose` commands.

New `yarn` commands: `start`, `stop`, `dev:start`, `dev:stop`, `prod:start`, and `prod:stop`.

GENERAL

▶ [patch]
Go update from 1.18.3 to 1.18.4. Also updates the git version for generic worker decision tasks from `git2.24.0.2` to `git2.37.1`.

DEPLOYERS

▶ [patch] [bug 1633440](http://bugzil.la/1633440)
Spread cron task times that started at 00:00 to minimize CPU spikes and DB loads.

USERS

▶ [patch]
Set the `key` field on the login window to a password field instead of a text one

DEVELOPERS

▶ [patch]
Fix docker compose sometimes not starting the ingress container

▶ [patch] [5553](https://github.com/taskcluster/taskcluster/issues/5553)
This change adds continuous deployment support to the `cloudbuild.yaml` file so that each change to `main` results in a new deployment to [`https://dev.alpha.taskcluster-dev.net/`](https://dev.alpha.taskcluster-dev.net/).

▶ [patch] [5554](https://github.com/taskcluster/taskcluster/issues/5554)
This patch splits the docker compose file into separate dev and prod configuration files. For prod-like deployments, where you want to use the latest `taskcluster/taskcluster` docker image, use the command `docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d`. For development deployments, where local source code mounts as volumes for testing/debugging purposes, use the command `docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d`.

This change also switches `docker-compose` (v1) references over to `docker compose` (v2). See [here](https://docs.docker.com/compose/#compose-v2-and-the-new-docker-compose-command) for more details.

GENERAL

▶ [patch]
Remove unused config value auditLog

▶ [patch]
This patch addresses the following vuln in `passport` https://security.snyk.io/vuln/SNYK-JS-PASSPORT-2840631. This also upgrades `express` to the latest stable release.

▶ [patch] [5557](https://github.com/taskcluster/taskcluster/issues/5557)
This patch upgrades to Debian 10 docker images, as Debian 9 hit EOL.

▶ [patch]
Upgrade node to the latest LTS release, v16.16.0.
This is a security release. More info can be found [here](https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#update-07-july-2022-security-releases-available).

DEVELOPERS

▶ [patch]
Remove node-fetch dependency from ui/ as it was only used in abandoned queryServer.js script to cache possible graphql types.

▶ [patch] [5391](https://github.com/taskcluster/taskcluster/issues/5391)
Skip github checks if github build is unkown.
This happens in periodic and manual hooks that are doing some periodic operations on github repo.
Those operations are not initiated by github, so there is no new build/check suite created for those events.