1#!/bin/bash 2 3set -xe 4 5# Things to be set by task definition. 6# --pinset --hsts --hpkp 7# -b branch 8# --use-mozilla-central 9# -p firefox 10# Artifact directory 11# Artifact names. 12 13 14test "${BRANCH}" 15test "${PRODUCT}" 16 17PARAMS="" 18 19if [ -n "${USE_MOZILLA_CENTRAL}" ] 20then 21 PARAMS="${PARAMS} --use-mozilla-central" 22fi 23 24# TODO change these, so that they're run if the artifact location is specified? 25if [ -n "${DO_HSTS}" ] 26then 27 PARAMS="${PARAMS} --hsts" 28fi 29 30if [ -n "${DO_HPKP}" ] 31then 32 PARAMS="${PARAMS} --hpkp" 33fi 34 35if [ -n "${DO_REMOTE_SETTINGS}" ] 36then 37 PARAMS="${PARAMS} --remote-settings" 38fi 39 40if [ -n "${DO_SUFFIX_LIST}" ] 41then 42 PARAMS="${PARAMS} --suffix-list" 43fi 44 45if [ -n "${DONTBUILD}" ] 46then 47 PARAMS="${PARAMS} -d" 48fi 49 50 51export ARTIFACTS_DIR="/home/worker/artifacts" 52mkdir -p "$ARTIFACTS_DIR" 53 54# duplicate the functionality of taskcluster-lib-urls, but in bash.. 55queue_base="$TASKCLUSTER_ROOT_URL/api/queue/v1" 56 57# Get Arcanist API token 58 59if [ -n "${TASK_ID}" ] 60then 61 curl --location --retry 10 --retry-delay 10 -o /home/worker/task.json "$queue_base/task/$TASK_ID" 62 ARC_SECRET=$(jq -r '.scopes[] | select(contains ("arc-phabricator-token"))' /home/worker/task.json | awk -F: '{print $3}') 63fi 64if [ -n "${ARC_SECRET}" ] && getent hosts taskcluster 65then 66 set +x # Don't echo these 67 secrets_url="${TASKCLUSTER_PROXY_URL}/api/secrets/v1/secret/${ARC_SECRET}" 68 SECRET=$(curl "${secrets_url}") 69 TOKEN=$(echo "${SECRET}" | jq -r '.secret.token') 70elif [ -n "${ARC_TOKEN}" ] # Allow for local testing. 71then 72 TOKEN="${ARC_TOKEN}" 73fi 74 75if [ -n "${TOKEN}" ] 76then 77 cat >"${HOME}/.arcrc" <<END 78{ 79 "hosts": { 80 "https://phabricator.services.mozilla.com/api/": { 81 "token": "${TOKEN}" 82 } 83 } 84} 85END 86 set -x 87 chmod 600 "${HOME}/.arcrc" 88fi 89 90export HGPLAIN=1 91 92# shellcheck disable=SC2086 93/home/worker/scripts/periodic_file_updates.sh -p "${PRODUCT}" -b "${BRANCH}" -a ${PARAMS} 94