For bug 1594621
mozilla-releng / adhoc-signing Goto Github PK
View Code? Open in Web Editor NEWLicense: Mozilla Public License 2.0
License: Mozilla Public License 2.0
For bug 1594621
Let's get a repo-level review + branch protections set before we use this repo for real.
We added dep-signing as a PR task in 45117e2 . We didn't make it a cached task, which means that every PR runs a dep-signing task for every signing manifest, and that seems to pull in the fetch tasks as a non-soft-dependency.
Let's make the dep-signing kind cached, with the same resources as their upstream fetch task.
I think these work, but ideally we'd have some sort of warning that if we're running macapp
, we need to define some of these. And if we're not running macapp
signing, none of these are valid. We could do this in a number of ways:
if
statements under an if format_ == "macapp":
block, or similarWe don't necessarily need to block on this but we may want to track the issue at least.
Originally posted by @escapewindow in #23 (comment)
Let's:
Ideally we should have shipit integration, and signoffs, for adhoc relpro.
Braindumping an idea I had before I forget.
The current adhoc-signing mechanism is a bit clunky. CI generates dep signing tasks for every manifest in the signing-manifests
directory. Then you need to manually trigger the signing request and fill in the manifest you desire. In my experience, we almost always want to do only a single signing request at a time.
I propose we:
templates
dir and a <name>.tmpl.yml
file for each use case we want to support.generate-signing-manifest
script which takes a template name and some other metadata (description, file size, etc) as input, and creates a valid manifest file at the repo root. Notably there will be only a single file, and re-running this script will clobber whatever was previously there.Promote an Adhoc Signature
action. This does move access control away from scopes and towards Github roles. Maybe this is a sticking point, but in practice only Releng has permission to the adhoc-signing
repo anyway.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.