Taskcluster

GENERAL

▶ [minor] [3640](https://github.com/taskcluster/taskcluster/issues/3640)
Notify routes can now include `on-defined`, `on-pending` and `on-running`.

`on-any` is now deprecated and there are two new alternatives:
- `on-transition` for any state transition.
- `on-resolved` for terminal states (completed, failed and exception).

▶ [patch]
taskcluster-web-server is now equipped with the anonymous role. This will allow
it to assign the anonymous role to users who successfuly login.

USERS

▶ [minor] [3521](https://github.com/taskcluster/taskcluster/issues/3521)
Taskcluster-proxy now adds a `Content-Type` header to proxied requests lacking one. While this behavior is not desirable, it matches the behavior of older versions and real tasks depend on it. A future version of Taskcluster will drop this behavior.

When this occurs, the worker will log a message containing the string "Adding missing Content-Type header". Use this logging to find tasks that fail to include the `Content-Type` header and adjust accordingly.

OTHER

▶ Additional change not described here: [3679](https://github.com/taskcluster/taskcluster/issues/3679).

GENERAL

▶ [patch] [3659](https://github.com/taskcluster/taskcluster/issues/3659)
Slack and Email notifications' Task Group URLs are now correct (containing `/tasks`).

▶ [patch] [3639](https://github.com/taskcluster/taskcluster/issues/3639)
`taskDefined` messages will now always have an unscheduled status.

USERS

▶ [patch] [3631](https://github.com/taskcluster/taskcluster/issues/3631)
Calling a JS Client constructor with no arguments works again -- assuming that any necessary configuration was passed to `taskcluster.config(..)`.

DEVELOPERS

▶ [minor] [3538](https://github.com/taskcluster/taskcluster/issues/3538)
DB function `get_workers` is now deprecated.

▶ [patch] [3619](https://github.com/taskcluster/taskcluster/issues/3619)
The `tools/workerproto` Go package is now available for external use, and its API is considered stable (in other words, breaking changes will result in a major version bump).

OTHER

▶ Additional change not described here: [3591](https://github.com/taskcluster/taskcluster/issues/3591).

DEPLOYERS

▶ [minor]
A new queue deployment configuration variable `sign_public_artifact_urls` has been added which enables AWS URL signing for all S3 artifacts when true.

▶ [minor] [3606](https://github.com/taskcluster/taskcluster/issues/3606)
Slack support has been added to the notifications service. You can now
send notifications to Slack channels by using a
`notify.slack.C123456.on-any` style route, or by using the new /slack
API endpoint.

▶ [patch] [3588](https://github.com/taskcluster/taskcluster/issues/3588)
Database URLs can now be specified in the configuration with `ssl=authorized`, in which case Taskcluster will validate the Postgres server's SSL/TLS certificate against trusted root CAs. It is unusual for databases to be deployed with such certificates. See [the documentation](https://docs.taskcluster.net/docs/manual/deploying/database#configuration) for details.

▶ [patch]
The tutorial in the documentation has been updated and modified to offer better guidance for different deployments of Taskcluster. The `ui.site_specific` configuration has a new, optional `tutorial_worker_pool_id` property (documented [here](http://docs.taskcluster.net/docs/manual/deploying/ui)) defining a worker pool for use by readers of the tutorial.

WORKER-DEPLOYERS

▶ [patch] [3561](https://github.com/taskcluster/taskcluster/issues/3561)
Bug fix: calls to workermanager.updateWorker for the static provider have been fixed.

USERS

▶ [patch] [3358](https://github.com/taskcluster/taskcluster/issues/3358)
The "badge" SVGs provided by the GitHub service now render correctly instead of as black shapes.

▶ [patch] [3495](https://github.com/taskcluster/taskcluster/issues/3495)
The web-based schema viewer now shows descriptions of each field.

DEVELOPERS

▶ [minor] [3579](https://github.com/taskcluster/taskcluster/issues/3579)
The purge-cache, built-in, and worker-manager services now use taskQueueId internally, instead of provisionerId/workerType.

▶ [patch] [3473](https://github.com/taskcluster/taskcluster/issues/3473)
Docker-worker has been ugpraded to use a newer version of dockerode, and no longer directly uses dockerode-promise.

OTHER

▶ Additional changes not described here: [bug 1668111](http://bugzil.la/1668111), [#3035](https://github.com/taskcluster/taskcluster/issues/3035), [#3210](https://github.com/taskcluster/taskcluster/issues/3210), [#3287](https://github.com/taskcluster/taskcluster/issues/3287), [#3543](https://github.com/taskcluster/taskcluster/issues/3543), [#3544](https://github.com/taskcluster/taskcluster/issues/3544), [#3599](https://github.com/taskcluster/taskcluster/issues/3599), [#3525](https://github.com/taskcluster/taskcluster/issues/3525).

DEPLOYERS

▶ [patch] [3513](https://github.com/taskcluster/taskcluster/issues/3513)
Node has been upgraded to 12.18.4 to address CVE-2020-8201.

▶ [patch] [3501](https://github.com/taskcluster/taskcluster/issues/3501)
The worker-manager `expire-errors` job now correctly runs the error expiration process.

WORKER-DEPLOYERS

▶ [minor] [3347](https://github.com/taskcluster/taskcluster/issues/3347)
The Azure provider now accepts an `ignoreFailedProvisioningStates` property in its launch configs which will cause it to ignore `ProvisioningState/failed/<code>` states on VMs. This is specifically useful for ignoring OSProvisioningTimedOut when the Azure VM agent is not running.

▶ [patch] [3346](https://github.com/taskcluster/taskcluster/issues/3346)
The Azure provider now looks only for well-understood failure-related states in the Azure API to determine when a worker has failed. In cases where these measures miss an event, (re)registrationTimeouts will terminate the worker.

▶ [patch] [3058](https://github.com/taskcluster/taskcluster/issues/3058)
The worker-manager's Azure provider now more accurately tracks the state of workers, and will not mark a worker RUNNING until it has called `registerWorker`.

OTHER

▶ Additional changes not described here: [3036](https://github.com/taskcluster/taskcluster/issues/3036), [#3502](https://github.com/taskcluster/taskcluster/issues/3502), [#3503](https://github.com/taskcluster/taskcluster/issues/3503).

DEPLOYERS

▶ [patch] [3175](https://github.com/taskcluster/taskcluster/issues/3175)
Taskcluster's Github integration has been updated to the new standard for webhooks detailed in [this post](https://developer.github.com/changes/2020-04-15-replacing-the-installation-and-installation-repositories-events/)

▶ [patch]
The taskcluster-hooks-scheduler will no longer crash while trying to report errors firing hooks.

WORKER-DEPLOYERS

▶ [minor] [3189](https://github.com/taskcluster/taskcluster/issues/3189)
The `workerManager.removeWorker` API method now works correctly for the static provisioner, and a new `updateWorker` API method supports modifying workers after they have been created.

▶ [patch] [3483](https://github.com/taskcluster/taskcluster/issues/3483)
Faced with an error reclaiming a task, docker-worker will now correctly call `reportException` with reason `internal-error`.

▶ [patch] [3456](https://github.com/taskcluster/taskcluster/issues/3456)
The `workerManager.createWorker` API method now correctly limits the `workerGroup` and `workerId` properties as described in the worker schema (38 characters, no dots).

USERS

▶ [minor] [bug 1563191](http://bugzil.la/1563191)
generic-worker now logs the full task payload json schema if a task's payload fails json schema validation.

▶ [patch] [3355](https://github.com/taskcluster/taskcluster/issues/3355)
The Taskcluster-GitHub service no longer throws errors on unknown pull-request actions in GitHub webhooks.

▶ [patch] [3464](https://github.com/taskcluster/taskcluster/issues/3464)
Timestamps in the task status `runs` array are now formatted like all other timestamps in the Taskcluster API, without a trailing `+00:00`.

DEVELOPERS

▶ [patch] [3354](https://github.com/taskcluster/taskcluster/issues/3354)
This release handles error from malformed github check artifacts.

OTHER

▶ Additional changes not described here: [3309](https://github.com/taskcluster/taskcluster/issues/3309), [#3458](https://github.com/taskcluster/taskcluster/issues/3458).

DEPLOYERS

▶ [MAJOR] [3216](https://github.com/taskcluster/taskcluster/issues/3216)
The auth, github, hooks, index, and notify services no longer take Helm config `<service>.azure_account_id`, and auth no longer takes Helm config `auth.azure_account_key`, as these services no longer talk to Azure.

▶ [minor] [3216](https://github.com/taskcluster/taskcluster/issues/3216)
The queue service no longer accepts the optional, and probably-unused, `queue.azure_report_chance` and `queue.azure_report_threshold` Helm configurations.

WORKER-DEPLOYERS

▶ [minor] [3168](https://github.com/taskcluster/taskcluster/issues/3168)
The worker-manager now supports a `scalingRatio` that determines how much worker capacity to spawn per pending task.
The `scalingRatio` is a ratio of worker capacity to pending tasks - a ratio of 1.0 means that 1 capacity will be added for each pending task.

▶ [minor] [3033](https://github.com/taskcluster/taskcluster/issues/3033)
The worker-manager updates the `expires` timestamp for AWS workers that are set to expire in less than a day.
Updating the `expires` timestamp is now handled in the worker-scanner scan() loop for all providers.

▶ [patch] [bug 1637302](http://bugzil.la/1637302)
Docker-worker now allows configuring which artifacts it should compress on upload.

USERS

▶ [minor] [bug 1623749](http://bugzil.la/1623749)
Docker-worker now allows features to be disabled in the worker config.

▶ [minor] [bug 1623749](http://bugzil.la/1623749)
Docker-worker now allows scopes for devices and privileged containers to be per-pool, rather than global.

▶ [minor] [2973](https://github.com/taskcluster/taskcluster/issues/2973)
Support docker images from tasks with only a docker v1.2 manifest.

▶ [minor] [1986](https://github.com/taskcluster/taskcluster/issues/1986)
The maximum length of the `hookGroupId` and `hookId` identifiers is now 1000.

▶ [patch] [3366](https://github.com/taskcluster/taskcluster/issues/3366)
A serious bug in dependency handling, introduced in v35.0.0, has been fixed. The issue occurred when a task on which more than 100 other tasks depend was resolved. In this case, some, but not all, of the dependent tasks would be marked pending.

▶ [patch] [bug 1637302](http://bugzil.la/1637302)
Don't compress dmg files by default in docker worker.

▶ [patch] [bug 1637302](http://bugzil.la/1637302)
Don't compress dmg or zst files by default in generic worker.

▶ [patch] [2992](https://github.com/taskcluster/taskcluster/issues/2992)
Private artifacts are now accessable via the UI.

▶ [patch] [3398](https://github.com/taskcluster/taskcluster/issues/3398)
This version upgrades JSON-e to 4.1.0, and in particular the `$switch` operator can now be used in hook task templates and in `.taskcluster.yml` files and everywhere else Taskcluster uses JSON-e.

DEVELOPERS

▶ [patch] [3328](https://github.com/taskcluster/taskcluster/issues/3328)
Database function compatbiility guarantees are now included in `db/fns.md` for reference by engineers writing database versions.
Takcluster-lib-entities has been removed from the codebase, as no entities-style tables remain.

OTHER

▶ Additional changes not described here: [3178](https://github.com/taskcluster/taskcluster/issues/3178), [#3334](https://github.com/taskcluster/taskcluster/issues/3334), [#3337](https://github.com/taskcluster/taskcluster/issues/3337), [#3342](https://github.com/taskcluster/taskcluster/issues/3342), [#3344](https://github.com/taskcluster/taskcluster/issues/3344), [#2910](https://github.com/taskcluster/taskcluster/issues/2910).