Closed
Bug 1296148
Opened 8 years ago
Closed 7 years ago
Stop connecting to github.com in tier-1 automation
Categories
(Firefox Build System :: Task Configuration, task)
Firefox Build System
Task Configuration
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gps, Unassigned, Mentored)
References
Details
Dependencies on 3rd party services in Tier-1 Firefox release automation is a big no-no because it increases the surface area of services we rely on to ship Firefox. Plus it introduces non-determinism/reproducibility concerns and MitM attack vectors.
GitHub outages and GitHub dropping our traffic (because our traffic patterns resemble DDoS and can take up a lot of bandwidth) have bitten us before. We don't want our Tier-1 release automation hitting github.com. We don't want connectivity issues to github.com preventing us from performing a Firefox chemspill release.
It appears our automation still connects to github.com in places. Here are some locations fetching tooltool (which is now vendored in mozilla-central):
$ ag build-tooltool
taskcluster/ci/legacy/tasks/l10n.yml
49: TOOLTOOL_REPO: 'https://github.com/mozilla/build-tooltool'
taskcluster/ci/legacy/tasks/build.yml
31: TOOLTOOL_REPO: 'https://github.com/mozilla/build-tooltool'
taskcluster/ci/legacy/tasks/harness_test.yml
56: TOOLTOOL_REPO: 'https://github.com/mozilla/build-tooltool'
taskcluster/scripts/builder/build-haz-linux.sh
38:: ${TOOLTOOL_REPO:=https://github.com/mozilla/build-tooltool}
taskcluster/scripts/builder/sm-tooltool-config.sh
6:: ${TOOLTOOL_REPO:=https://github.com/mozilla/build-tooltool}
taskcluster/scripts/misc/build-cctools.sh
41:wget -O tooltool.py https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py
taskcluster/scripts/misc/build-clang-linux.sh
12:wget -O tooltool.py https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py
tools/lint/eslint/update
55:wget https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py
testing/mozharness/mozharness/mozilla/tooltool.py
15: "https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py"
testing/docker/desktop-build/Dockerfile
33:RUN wget -O /builds/tooltool.py https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py
testing/docker/android-gradle-build/Dockerfile
27:RUN wget -O /builds/tooltool.py https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py
75:ADD https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py /build/tooltool.py
testing/docker/centos6-build/system-setup.sh
283:curl https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py > tooltool.py
testing/docker/rust-build/Dockerfile
14:ADD https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py /build/tooltool.py
testing/mozbase/mozrunner/mozrunner/devices/android_device.py
27:TOOLTOOL_URL = 'https://raw.githubusercontent.com/mozilla/build-tooltool/master/tooltool.py'
Updated•8 years ago
|
Mentor: dustin
Comment 2•7 years ago
|
||
I believe we just made a check as part of upcoming TLS changes at github, and determined that we do not pull from github anymore.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Product: TaskCluster → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•