Scriptworker

---------------------

.. _added-18:

Added
~~~~~

- ``event.repository.full_name`` and
``event.pull_request.base.repo.full_name`` on ``cot_verify`` (for
GitHub repos)

.. _section-37:

---------------------

.. _fixed-14:

Fixed
~~~~~

- Allow snapcraft beta scope on mozilla-release

.. _section-38:

---------------------

.. _added-19:

Added
~~~~~

- ed25519 cot signature generation and verification support.
- ``scripts/gen_ed25519_key.py`` - a standalone script to generate an
ed25519 keypair
- ``ed25519_private_key_path`` and ``ed25519_public_keys`` config items
- ``scriptworker.ed25519`` module
- ``verify_link_gpg_cot_signature`` is a new function, but is
deprecated and will be removed in a future release.
- ``verify_link_ed25519_cot_signature`` is a new function.
- added ``write_to_file`` and ``read_from_file`` utils

.. _changed-16:

Changed
~~~~~~~

- gpg support in chain of trust is now deprecated, and will be removed
in a future release.
- ``generate_cot``\ ’s ``path`` kwarg is now ``parent_path``.
- ``generate_cot`` now generates up to 3 files:
``chainOfTrust.json.asc``, ``chain-of-trust.json``, and
``chain-of-trust.json.sig``.
- ``download_cot`` now also downloads ``chain-of-trust.json`` as an
optional artifact, and adds ``chain-of-trust.json.sig`` as an
optional artifact if signature verification is enabled. These will
become mandatory artifacts in a future release.
- ``chainOfTrust.json.asc`` is now a mandatory artifact in cot
verification, but is deprecated. We will remove this artifact in a
future release.
- ``verify_cot_signatures`` verifies ed25519, and falls back to gpg. We
will make ed25519 signature verification mandatory in a future
release, and remove gpg verification.
- we now require ``cryptography>=2.6.1`` for ed25519 support.

.. _removed-6:

Removed
~~~~~~~

- ``is_task_required_by_any_mandatory_artifact`` is removed

.. _section-39:

---------------------

.. _changed-17:

Changed
~~~~~~~

- ``is_try_or_pull_request()`` is now an async (instead of a sync
property). So is ``is_pull_request()``.
- ``extract_github_repo_owner_and_name()``,
``extract_github_repo_and_revision_from_source_url()`` have been
moved to the ``github`` module.

.. _added-20:

Added
~~~~~

- In the ``github`` module:

- ``is_github_url()``,\ ``get_tag_hash()``,
``has_commit_landed_on_repository()``,
``is_github_repo_owner_the_official_one()``

- ``utils.get_parts_of_url_path()``

.. _section-40:

---------------------

.. _changed-18:

Changed
~~~~~~~

- update ``ci-admin`` and ``ci-configuration`` to reflect their new
homes

.. _section-41:

---------------------

.. _added-21:

Added
~~~~~

- mobile can create in-tree docker images
- Chain of Trust is now able to validate the following ``tasks_for``:

- github-pull-request (even though pull requests seem risky at
first, this enables smoother staging releases - à la gecko’s try)
- github-push

- github.py is a new module to deal with the GitHub API URLs.

.. _changed-19:

Changed
~~~~~~~

- Config must know provide a GitHub OAuth token to request the GitHub
API more than 60 times an hour
- load_json_or_yaml() load file handles as if they were always encoded
in utf-8. The GitHub API includes emojis in its reponses.
- The mobile decision tasks must define “MOBILE_PUSH_DATE_TIME”.
github-release is the only ``tasks_for`` to not use this variable
(because the piece of data is exposed by the GitHub API)
- ``is_try`` in ``scriptworker.cot.verify`` was changed by
``is_try_or_pull_request``
- ``tasks_for`` are now allowed per cot-product in constants.py

.. _removed-7:

Removed
~~~~~~~

- ``scriptworker.task.KNOWN_TASKS_FOR`` in favor of
``context.config['valid_tasks_for']`` which depends on the
``cot_product``

.. _section-42: