Skip to content

Testing iscript

Jump to bottom
Heitor Neiva edited this page Jul 7, 2022 · 31 revisions

Testing iscript on a mac signer

These instructions assume you have ssh access to the mac signers, and the mac is already puppetized.

initial setup

  • Choose a a mac signer from the machines list. Update the wiki's notes to say you're you're testing on that mac, with today's date.

  • Quarantine both the mac signer and the mac poller. (Those links are for the production Firefox mac signing pools.)

    • make sure any task currently running finishes, or cancel it if you need to get to the mac sooner. (Or choose an idle mac.)

  • SSH into the mac.

  • Disable the periodic puppet daemon:

    sudo launchctl unload /Library/LaunchDaemons/com.mozilla.periodic.plist

  • Disable the workers: (note the file names may be different)

    sudo launchctl unload /Library/LaunchDaemons/org.mozilla.notarization_poller.poller.plist
sudo launchctl unload /Library/LaunchDaemons/org.mozilla.scriptworker.cltbld.plist

# Check running mozilla services
sudo launchctl list | grep mozilla

Puppetize

Oftentimes, we want to see if the master branch will puppetize properly. You can do this by:

  • Edit /usr/local/bin/run-puppet.sh to replace the branch production-mac-signing with master

  • Run puppet:

    sudo /usr/local/bin/run-puppet.sh

  • Make sure that exited successfully.

Test iscript

Let's make sure that we can still sign + notarize Firefox.

Activate the virtualenv

# Run these steps as cltbld
sudo -u cltbld -i
cd /builds/scriptworker
. virtualenv/bin/activate

Install your changes

# Clean out the old installation of iscript
pip uninstall iscript
# Substitute <user> and <branch> to point at the code you want to test
pip install git+https://github.com/<user>/scriptworker-scripts.git@<branch>#subdirectory=iscript

Populate the work dir, test

Find a green notarization-part-1 task. Copy its taskId (click, lower left).

# Same cltbld shell as above
TASK_ID=<populate with the above taskId>
# create ./work/ with task.json and upstreamArtifacts
create_test_workdir --overwrite -- $TASK_ID
# edit work/task.json to replace the behavior mac_notarize_part_1 with mac_notarize
vi work/task.json
# then test:
iscript script_config.yaml
# The iscript command should finish successfully. If not, there may be something broken with the mac configuration.

Finish up

We're now fairly confident that pushing the revision of master that you just tested to production-mac-signing won't brick the mac signing pool; we can do that when ready.

  • Don't forget to clean up!
# Still cltbld in /builds/scriptworker
# leaving `work` dirty will break the next task that runs on this mac
#     until we fix https://github.com/mozilla-releng/scriptworker/issues/487
rm -rf work artifacts

# Re-create the virtualenv if you modified it
rm -rf virtualenv
sudo /usr/local/bin/run-puppet.sh

# Reenable periodic puppet
sudo launchctl load /Library/LaunchDaemons/com.mozilla.periodic.plist

# Exit cltbld
exit
  • un-quarantine the mac signer + poller
  • update the machines wiki to remove the note reserving that mac for you.
Clone this wiki locally