Taskcluster

GENERAL

▶ [minor]
Upgrades to Node.js LTS v20.

DEVELOPERS

▶ [MAJOR]
Upgrades client-node library to ESModules and upgrades `got` library

▶ [patch]

WORKER-DEPLOYERS

▶ [MAJOR] [6832](https://github.com/taskcluster/taskcluster/issues/6832)
The Generic Worker `simple` engine has been renamed to the `insecure` engine.

All future release binaries for this engine will also be renamed (e.g. `generic-worker-simple-darwin-arm64` --> `generic-worker-insecure-darwin-arm64`), so please update any scripts that reference the `simple` engine binary.

This change was made to help make it extremely apparent that it should not be used in production environments and is only recommened for testing and development.

GENERAL

▶ [patch]
Generic Worker now utilizes `filepath.WalkDir` instead of `filepath.Walk`.

`filepath.WalkDir` was introduced in go1.16 and is more performant and efficient over `filepath.Walk`.

This _may_ help with race conditions during artifact uploads, where a file was initially seen, but then became unavailable at upload time.

▶ [patch]
Upgrades to go1.22.1 which is a [security release](https://go.dev/doc/devel/release#go1.22.1).

USERS

▶ [MAJOR] [6881](https://github.com/taskcluster/taskcluster/issues/6881)
Google cloud workers spawned by Worker Manager now have `workerGroup` set to
the Google Cloud _Zone_ (e.g. `us-east1-d`) rather than the Google Cloud
_Region_ (e.g. `us-east1`). This makes it easier to issue api requests against
an instance, e.g. `gcloud compute instances delete <workerId>
--zone=<workerGroup>`.

▶ [patch] [6890](https://github.com/taskcluster/taskcluster/issues/6890)
D2G now always passes `--privileged` to the generated `podman run` command.
Without this option, some tasks that ran successfully under Docker Worker,
including tasks without Docker Worker capabilities, would not run correctly
under Generic Worker. Please note, this only elevates the privileges inside the
podman container, which runs as the task user on the host. The privileges
inside the container are still limited to the host privileges of the task user.

▶ [patch]
Generic Worker now correctly reports the Worker Pool ID when an interactive task is attempted on a worker pool with the interactive feature disabled. Previously the task log would report the Worker Pool ID in the `exception/malformed-payload` task run as `<workerGroup>/<workerType>`; now it correctly reports it as `<provisionerId>/<workerType>`. The Interactive feature is considered disabled when Generic Worker config setting `enableInteractive` is either absent or explicitly set to `false` in the Generic Worker config.

DEVELOPERS

▶ [patch]
Upgrades internal references library to use async fs operations to make upcoming node20 upgrade easier.

Automated Package Updates

<details>
<summary>7 Dependabot updates</summary>

* build(deps): bump jose from 2.0.6 to 2.0.7 (f2bd071dc)
* build(deps): bump the deps group in /ui with 6 updates (ac2bb66ba)
* build(deps-dev): bump the deps group in /clients/client with 2 updates (36fac2a12)
* build(deps): bump taskcluster-client-web from 44.21.0 to 60.4.2 in /ui (7b79a3eb1)
* build(deps): bump the deps group with 6 updates (ee709aab4)
* build(deps): bump the deps group in /taskcluster with 2 updates (c02ca5469)
* build(deps): bump the deps group with 25 updates (0cd5033f5)

</details>

USERS

▶ [patch]
Fixes graphql validation rules for hooks groups query.

▶ [patch] [6864](https://github.com/taskcluster/taskcluster/issues/6864)
D2G now passes `--privileged` flag to the generated `podman run` command when
Docker Worker payload enables device capability `hostSharedMemory`. Without
this option, the podman container could not successfully access the shared
memory, despite the inclusion of argument `--device=/dev/shm`. With both
arguments present (`--privileged` and `--device=/dev/shm`), shared memory now
appears to be available inside the podman container.

Automated Package Updates

<details>
<summary>3 Dependabot updates</summary>

* build(deps): bump mitt from 2.1.0 to 3.0.1 in /ui (280678fc9)
* build(deps): bump ip from 2.0.0 to 2.0.1 in /clients/client-web (be7836a3c)
* build(deps): bump markdown-it-link-attributes from 3.0.0 to 4.0.1 in /ui (008b3fe0a)

</details>

USERS

▶ [patch]
Fix docker worker interactive shell UI rows/cols settings.

▶ [patch] [6836](https://github.com/taskcluster/taskcluster/issues/6836)
Upgrades graphql server and client libraries to graphql 16.8

▶ [patch] [6836](https://github.com/taskcluster/taskcluster/issues/6836)
Upgrades graphql to 16.8.1 in ui

Automated Package Updates

<details>
<summary>1 Dependabot updates</summary>

* build(deps): bump es5-ext from 0.10.62 to 0.10.64 (485a491c2)

</details>

USERS

▶ [minor] [6845](https://github.com/taskcluster/taskcluster/issues/6845)
D2G now provides support for the (discontinued) disableSeccomp capability which was removed from Docker Worker, but was still used by the bugmon fuzzing project in the Community taskcluster environment. This was added to ease the migration path of this project from Docker Worker to Generic Worker.

▶ [patch] [6848](https://github.com/taskcluster/taskcluster/issues/6848)
Fix an issue where an interactive session would close up when the shell would output invalid UTF-8.

▶ [patch] [6850](https://github.com/taskcluster/taskcluster/issues/6850)
Add a proper TERM environment variable to interative sessions. This helps with some ncurses apps and tmux for example.

OTHER

▶ Additional change not described here: [6852](https://github.com/taskcluster/taskcluster/issues/6852).

Automated Package Updates

<details>
<summary>4 Dependabot updates</summary>

* build(deps): bump ip from 2.0.0 to 2.0.1 (34cb19df2)
* build(deps): bump ip from 1.1.5 to 1.1.9 in /ui (98d1c2c37)
* build(deps): bump ip from 2.0.0 to 2.0.1 in /clients/client-test (360fdb2af)
* build(deps): bump ip from 2.0.0 to 2.0.1 in /clients/client (19094b0d6)

</details>