Taskcluster

DEPLOYERS

▶ [MAJOR] [3216](https://github.com/taskcluster/taskcluster/issues/3216)
The auth, github, hooks, index, and notify services no longer take Helm config `<service>.azure_account_id`, and auth no longer takes Helm config `auth.azure_account_key`, as these services no longer talk to Azure.

▶ [minor] [3216](https://github.com/taskcluster/taskcluster/issues/3216)
The queue service no longer accepts the optional, and probably-unused, `queue.azure_report_chance` and `queue.azure_report_threshold` Helm configurations.

WORKER-DEPLOYERS

▶ [minor] [3168](https://github.com/taskcluster/taskcluster/issues/3168)
The worker-manager now supports a `scalingRatio` that determines how much worker capacity to spawn per pending task.
The `scalingRatio` is a ratio of worker capacity to pending tasks - a ratio of 1.0 means that 1 capacity will be added for each pending task.

▶ [minor] [3033](https://github.com/taskcluster/taskcluster/issues/3033)
The worker-manager updates the `expires` timestamp for AWS workers that are set to expire in less than a day.
Updating the `expires` timestamp is now handled in the worker-scanner scan() loop for all providers.

▶ [patch] [bug 1637302](http://bugzil.la/1637302)
Docker-worker now allows configuring which artifacts it should compress on upload.

USERS

▶ [minor] [bug 1623749](http://bugzil.la/1623749)
Docker-worker now allows features to be disabled in the worker config.

▶ [minor] [bug 1623749](http://bugzil.la/1623749)
Docker-worker now allows scopes for devices and privileged containers to be per-pool, rather than global.

▶ [minor] [2973](https://github.com/taskcluster/taskcluster/issues/2973)
Support docker images from tasks with only a docker v1.2 manifest.

▶ [minor] [1986](https://github.com/taskcluster/taskcluster/issues/1986)
The maximum length of the `hookGroupId` and `hookId` identifiers is now 1000.

▶ [patch] [3366](https://github.com/taskcluster/taskcluster/issues/3366)
A serious bug in dependency handling, introduced in v35.0.0, has been fixed. The issue occurred when a task on which more than 100 other tasks depend was resolved. In this case, some, but not all, of the dependent tasks would be marked pending.

▶ [patch] [bug 1637302](http://bugzil.la/1637302)
Don't compress dmg files by default in docker worker.

▶ [patch] [bug 1637302](http://bugzil.la/1637302)
Don't compress dmg or zst files by default in generic worker.

▶ [patch] [2992](https://github.com/taskcluster/taskcluster/issues/2992)
Private artifacts are now accessable via the UI.

▶ [patch] [3398](https://github.com/taskcluster/taskcluster/issues/3398)
This version upgrades JSON-e to 4.1.0, and in particular the `$switch` operator can now be used in hook task templates and in `.taskcluster.yml` files and everywhere else Taskcluster uses JSON-e.

DEVELOPERS

▶ [patch] [3328](https://github.com/taskcluster/taskcluster/issues/3328)
Database function compatbiility guarantees are now included in `db/fns.md` for reference by engineers writing database versions.
Takcluster-lib-entities has been removed from the codebase, as no entities-style tables remain.

OTHER

▶ Additional changes not described here: [3178](https://github.com/taskcluster/taskcluster/issues/3178), [#3334](https://github.com/taskcluster/taskcluster/issues/3334), [#3337](https://github.com/taskcluster/taskcluster/issues/3337), [#3342](https://github.com/taskcluster/taskcluster/issues/3342), [#3344](https://github.com/taskcluster/taskcluster/issues/3344), [#2910](https://github.com/taskcluster/taskcluster/issues/2910).

DEPLOYERS

▶ [MAJOR] [2937](https://github.com/taskcluster/taskcluster/issues/2937)
Github checks are now stored in a table called `github_checks`, and github integrations are now stored in a table called `github_integrations`. Both are accessed directly, rather than via taskcluster-lib-entities. This migration takes about 10 seconds for a million-row table.

▶ [MAJOR] [3216](https://github.com/taskcluster/taskcluster/issues/3216)
The auth, github, hooks, index, and notify services no longer take Helm config `<service>.azure_account_id`, and auth no longer takes Helm config `auth.azure_account_key`, as these services no longer talk to Azure.

▶ [MAJOR] [3148](https://github.com/taskcluster/taskcluster/issues/3148)
The tables in web-server are now all relational. The migration drops all data in these tables, which will have the effect of signing out all users and requiring them to sign in again. But it is a very quick upgrade.

Sign-ins will not work until the web-server service has been upgraded to this version (that is, sign-ins will not work during the time between the database upgrade and the services upgrade, nor if services are downgraded back to v35.0.0).

The web server service continues to honor `web_server.azure_crypto_key`, but now optionally takes an additional Helm variable `web_server.db_crypto_keys` as described in the [deployment documentation](https://docs.taskcluster.net/docs/manual/deploying/database#supporting-encrypted-columns)

▶ [minor] [2933](https://github.com/taskcluster/taskcluster/issues/2933)
The Queue service's workers, worker_types, and provisioners are now stored in a normal database table and access directly, rather than via taskcluster-lib-entities. If the `queue_workers_entities` table has many rows, this migration could take some time. Consider dropping all, or some, rows from the table before beginning the migration.

▶ [minor] [3083](https://github.com/taskcluster/taskcluster/issues/3083)
The auth service's clients are now stored in the `clients` table and the service accesses that information directly, rather than via taskcluster-lib-entities. As the number of clients is small, this migration should be very fast.

▶ [minor] [2936](https://github.com/taskcluster/taskcluster/issues/2936)
The hooks service now stores hooks and ancillary information about Pulse queues and hook history in normal database tables, without the use of taskcluster-lib-entities. This migration is quick.

The hooks service continues to honor `hooks.azure_crypto_key`, but now optionally takes an additional Helm variable `hooks.db_crypto_keys` as described in the [deployment documentation](https://docs.taskcluster.net/docs/manual/deploying/database#supporting-encrypted-columns)

▶ [minor] [3216](https://github.com/taskcluster/taskcluster/issues/3216)
The queue service no longer accepts the optional, and probably-unused, `queue.azure_report_chance` and `queue.azure_report_threshold` Helm configurations.

▶ [minor] [2931](https://github.com/taskcluster/taskcluster/issues/2931)
The secrets service now stores its secrets in a normal table, without the use of taskcluster-lib-entities. The migration should be quick, as secrets are typically few in number (hundreds).

The secrets service continues to honor `secrets.azure_crypto_key`, but now optionally takes an additional Helm variable `secrets.db_crypto_keys` as described in the [deployment documentation](https://docs.taskcluster.net/docs/manual/deploying/database#supporting-encrypted-columns)

▶ [patch] [3245](https://github.com/taskcluster/taskcluster/issues/3245)
The `taskcluster/websocktunnel` and `taskcluster/livelog` docker images now include a leading `v` in their tags, e.g., `taskcluster/websocktunnel:v36.0.0`.

WORKER-DEPLOYERS

▶ [patch]
A worker pool with no launch configs will no longer cause errors (although it will also not create any workers!)

▶ [patch] [3169](https://github.com/taskcluster/taskcluster/issues/3169)
If `workerTypeMetadata` is given in a generic-worker worker pool definition, its contents will now be merged with the metadata from the provider and passed to generic-worker.

USERS

▶ [patch] [bug 1654086](http://bugzil.la/1654086)
This version fixes a bug which would cause the hooks service to crash when sending error reports to denylisted addresses.

▶ [patch] [bug 1645032](http://bugzil.la/1645032)
User IDs as received from Auth0 in the Mozilla-Auth0 login strategy are no longer suffixed with github usernames or firefox-accounts emails. In practice, such user IDs are unused.

DEVELOPERS

▶ [patch] [3272](https://github.com/taskcluster/taskcluster/issues/3272)
A mapping between DB and TC versions is now maintained automatically in [`db/versions/README.md`](https://github.com/taskcluster/taskcluster/tree/main/db/versions).

▶ [patch] [3289](https://github.com/taskcluster/taskcluster/issues/3289)
The DB schema is now documented in `db/schema.md`.

▶ [patch] [3276](https://github.com/taskcluster/taskcluster/issues/3276)
The main branch of development on the Taskcluster repository is now named `main`.

▶ [patch] [2928](https://github.com/taskcluster/taskcluster/issues/2928)
taskcluster-lib-postgres now allows calling stored functions with named
arguments.

OTHER

▶ Additional changes not described here: [3170](https://github.com/taskcluster/taskcluster/issues/3170), [#3176](https://github.com/taskcluster/taskcluster/issues/3176), [#3184](https://github.com/taskcluster/taskcluster/issues/3184), [#3185](https://github.com/taskcluster/taskcluster/issues/3185), [#3224](https://github.com/taskcluster/taskcluster/issues/3224), [#3285](https://github.com/taskcluster/taskcluster/issues/3285), [#3290](https://github.com/taskcluster/taskcluster/issues/3290), [#3301](https://github.com/taskcluster/taskcluster/issues/3301).

GENERAL

▶ [patch] [2887](https://github.com/taskcluster/taskcluster/issues/2887)
Generic-worker now supports reporting runtime errors to worker-manager via worker-runner.

DEPLOYERS

▶ [MAJOR] [3148](https://github.com/taskcluster/taskcluster/issues/3148)
The web-server service now stores Github access tokens in a dedicated table and accesses them directly, rather than via taskcluster-lib-entities. This upgrade drops existing tokens, meaning that users will need to sign in again after the upgrade is applied. This migration is very fast.

▶ [MAJOR]
With this version, the auth, hooks, and secrets services no longer verify signatures on rows read from database tables. This is in preparation for a future version where these tables will no longer contain signatures.

▶ [minor] [2937](https://github.com/taskcluster/taskcluster/issues/2937)
Github builds are now stored in a table called `github_builds`, and accessed directly rather than via taskcluster-lib-entities. This migration can process at least 40,000 rows in no more than a few seconds. For a table larger than that, deleting the table contents before running the migration is an option. This table backs the "status" and "badge" endpoints, so missing data is of minor consequence.

▶ [minor] [2938](https://github.com/taskcluster/taskcluster/issues/2938)
The auth service's roles are now stored in a normal database table and accessed directly. This is a quick migration.

▶ [minor] [2935](https://github.com/taskcluster/taskcluster/issues/2935)
The index service now uses its tables directly, rather than via taskcluster-lib-entities. This is step 2, a continuation of https://github.com/taskcluster/taskcluster/pull/3141. Step 2 involved creating new DB functions and refactoring the service itself to use the new functions. The db upgrade should be very fast.

▶ [minor] [3112](https://github.com/taskcluster/taskcluster/issues/3112)
The queue service now uses its artifact-related database tables directly, rather than via taskcluster-lib-entities.

▶ [minor] [2932](https://github.com/taskcluster/taskcluster/issues/2932)
The queue service now uses its task- and task-group-related database tables directly, rather than via taskcluster-lib-entities.

▶ [minor] [3030](https://github.com/taskcluster/taskcluster/issues/3030)
The worker manager's worker pool errors are now stored in a normal database table. This should be a small migration.

▶ [minor] [3240](https://github.com/taskcluster/taskcluster/issues/3240)
Worker pool errors are now properly listable by workerPoolId.

▶ [patch] [3222](https://github.com/taskcluster/taskcluster/issues/3222)
The persistent errors about missing function `digest(text, unknown)` logged by the database are now fixed.

USERS

▶ [patch] [3191](https://github.com/taskcluster/taskcluster/issues/3191)
The `task.extra.github.customCheckRun.annotationsArtifactName` property is now correctly consulted for the name of the annotations artifact, as documented.

DEVELOPERS

▶ [patch]
The taskcluster-lib-postgres library now allows any Postgres collation that sorts ASCII characters correctly.

OTHER

▶ Additional changes not described here: [3160](https://github.com/taskcluster/taskcluster/issues/3160), [#3238](https://github.com/taskcluster/taskcluster/issues/3238).

DEPLOYERS

▶ [MAJOR] [3112](https://github.com/taskcluster/taskcluster/issues/3112)
Queue's artifacts table is upgraded to a normalized format. For deployments with
many (millions) of artifacts, this migration will take too long to perform
online, and should be performed in a scheduled downtime. Note that the ["service migration"](https://github.com/taskcluster/taskcluster/blob/main/dev-docs/postgres-phase-2-guidelines.md#service-migration) portion of the process is not included here, and the queue artifact code still uses entities-related functions to acces its data.

WORKER-DEPLOYERS

▶ [patch] [bug 1637302](http://bugzil.la/1637302)
Docker-worker now correctly calculates artifacts hashes for chain-of-trust before compressing them.

DEPLOYERS

▶ [MAJOR] [2935](https://github.com/taskcluster/taskcluster/issues/2935)
The `namespaces_entities` and `indexed_tasks_entities` tables have now been
migrated to use relational tables. For deployments with many (millions) of
tasks, this migration will take too long to perform online, and should be performed in a scheduled downtime. Note that the ["service migration"](https://github.com/taskcluster/taskcluster/blob/main/dev-docs/postgres-phase-2-guidelines.md#service-migration) portion of the process is not included here, and the index code still uses entities-related functions to acces its data.

▶ [patch]
The `db:upgrade` and `dev:db:upgrade` commands can now take an optional database version to upgrade to, defaulting to the most recent version.

OTHER

▶ Additional changes not described here: [3092](https://github.com/taskcluster/taskcluster/issues/3092), [#3131](https://github.com/taskcluster/taskcluster/issues/3131).