Per https://bugzilla.mozilla.org/show_bug.cgi?id=1597996#c2, we need new level 3 GCP builder images setup with trusted CoT keys before we can cut-over nightly/release builds to GCP.

These new images should live in the GCP level-3 project, and should only be shared with that project.

I've created an image docker-worker-gcp-l3-googlecompute-2020-01-08t20-30-16z in the fxci-production-level3-workers project that has trusted CoT keys embedded. What's the normal testing procedure for these images?

(In reply to Miles Crabill [:miles] [also mcrabill@mozilla.com] from comment #1)

I've created an image docker-worker-gcp-l3-googlecompute-2020-01-08t20-30-16z in the fxci-production-level3-workers project that has trusted CoT keys embedded. What's the normal testing procedure for these images?

Wander: you probably have the most experience here - how did we test new level 3 images before redeployability?

I don't think we'll necessarily want the same solution now, but we can use it to guide our testing on a dev cluster/staging.

(In reply to Chris Cooper [:coop] pronoun: he from comment #2)

(In reply to Miles Crabill [:miles] [also mcrabill@mozilla.com] from comment #1)

I've created an image docker-worker-gcp-l3-googlecompute-2020-01-08t20-30-16z in the fxci-production-level3-workers project that has trusted CoT keys embedded. What's the normal testing procedure for these images?

Wander: you probably have the most experience here - how did we test new level 3 images before redeployability?

I don't think we'll necessarily want the same solution now, but we can use it to guide our testing on a dev cluster/staging.

I used to create a testing worker-pool and schedule Linux builds/tests to it by hijacking in tree config. Now that we don't have power to edit worker-pools anymore, this is something I need to figure out yet.