commit b057c62fcf6f932416cd62c69e8adcfdb7ac0048
author Adrià Vilanova Martínez <me@avm99963.com> Fri Jun 03 22:48:39 2022 +0200
committer Adrià Vilanova Martínez <me@avm99963.com> Fri Jun 03 22:53:34 2022 +0200
tree 0b30bbd6963d5a628d587a05d103c30a65c69248
parent de7fecdb29278ff3cc67722f3c7023d429163ccc

Update nightly build job

- (Reland) Update CWS credentials: the OAuth OOB flow will be deprecated
  on October 3, 2022, so this CL adds regenerated credentials which use
  another flow to avoid the deprecation.
- (Reland) It also adds a suffix to the name of the secret to avoid name
  collision, since Zuul requires credential names to be unique
  throughout each tenant.
- The chrome-webstore-upload-cli package is bumped from 2.0.1 to 2.1.0.
- The job now uses the cws-upload and fetch-cws-upload-log roles in the
  common zuul/jobs repo (which have moved from this project to there so
  they can be used by other projects as well).

Change-Id: I93101f453999262a43f1a5d0f39e41548b0feb9c

.zuul.yaml

diff --git a/.zuul.yaml b/.zuul.yaml
index 1526247..1e2d39f 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -34,7 +34,6 @@
         refreshToken: "testRefreshToken"
     files:
       - "roles/cws-publish/*"
-      - "roles/fetch-cws-log/*"
       - "playbooks/nightly-build/*"
 
 - job:
@@ -47,7 +46,7 @@
       - zuul: zuul/jobs
     secrets:
       - name: credentials
-        secret: credentials
+        secret: credentials_twpt
 
 - project:
     check:
@@ -59,7 +58,7 @@
         - infinitegforums-nightly-build
 
 - secret:
-    name: credentials
+    name: credentials_twpt
     data:
       clientId: !encrypted/pkcs1-oaep
         - BtqF9JhXwLcyBhV5HV3MUllsAnZIrURsinAtYOADVGZ/YvYUZZsIPz3+2fFjdXCf7N1my
@@ -72,14 +71,25 @@
           Oop5IiUPiiHSntbrGTh6gdsNXEkx7+QVh8FBo6958JSzb1DwexGMitfDarRcKLg2OKuAf
           zgS1V6Nv63JsPY070p5rYhG1zl9Fh83a7nfhLB36aQhKi0DxOtOYRjKIzLsv1nWs7we1A
           GQT8VFNW/KZrSM8XsvqCO6IwVP5mOIT/4PWYdCXUsUUU4Sa+Fo/pmyvITuI0E8=
+      clientSecret: !encrypted/pkcs1-oaep
+        - aPpesCDB64NuY4DSECdZLmytEOEsN4RFaWB9O/ClZt/+NXvMSAJceeamCgDdpIf/S0tAK
+          oiEtVN5v4XVlRjuH2aPdr3/pg6ZCo7zYyNXZzz1zUv9QBQk5C9vTZAixHpXel+kU45swA
+          GQV0oTrVGHBvdqDD4Y8Bajd7kNwdwOaLyCoUg/SG/mOQS3gXq2gwugOL8rFhB34t/X9S4
+          hOv7oNyk8xA7SnJZeIxBShnFvJ6/YC6oP0vcPhgS5LMfgYneROapyY68kelh+U9zfYPal
+          XuWuxAaSZwYb5hs4dJlv4JFZaJRvL/ru4jHth4x7CZO5XaJH50vWCzj+7ir2cxNm819G1
+          LsqCRDn3ilru+BjihMay95L7Zl+RhcCqPc6oJeb0ZmJKyReigwoz4W3yayVo1bBwLwoWc
+          +5GvIi3kAw9KsE7G4UG8EkruqdSWNz5hpl6Qr+OKG4Po0+U17jMRT64DyC4OS/D+h6KDI
+          UMFJD0yzTk7CDPOxNHJDMUsmT1QtFy9+ALktA72C8rga0eFzVe/d6LTnYd1C28r77XeZ7
+          JJbGFETuDc0tyfSRWVMFKmI7XPMBN90jXqCrQnTva7+e4P3OD6XzysgVFQx44EO7Cs+/U
+          lWmUalaK8OCYApALMtwvDd+GRVn0/SQcfnImYj/CPPFS26V/1VzE0ajF6FDhfg=
       refreshToken: !encrypted/pkcs1-oaep
-        - RknxT9FyVpZAdWhmUS7NBdhIljU6KjjbchJvwFHPfJQEgRxakX+q2/KDPnDOc7eZ8kzQD
-          Hmow1OLLBWOeRhODe2ngeQWoVvHEBuSU5AaFP9UWG1hLnsT9JrGF8qc3fFBDwy5NVNvkR
-          h6fgw9hlRgfeVVBtYZ0c+BQNflKepYupXlpE26KrzlJudxgaXhVC7vze73aQ9PMNfDF9J
-          aUrPNyZ4k04DfPHOTq4hzDLko24rgNvWYUMI79wWI3dD/QMgCd2M2V2PxxPtEzY6WnV7N
-          ILbTHv6783MioDy+19/Om5ClhNDe35v/Mlh6JOYGAdE2MuP6bG5oPbc/FBcWna6sOI79n
-          L4UCqN6LDKs5floMJ8vUafAr7dEEOxHWcbe8rcaRf2ESJBUxLDvrUYk6+lIWwhxj3ASeL
-          dmYSPKjw55knzDYiL0AYeSTM2SM3Tsu1N3pE7U2ugmxRpt3tl32BUNuRZrd2FMdRRVCLa
-          K2JV0q7qQgx3w0lNSSqu+m5KVpeCWk6RVwG9NNzNEHFWN5U7x32K1y8bvFC2Uhzx1ZfT1
-          4k2r9cE/Y1aSQCWvpnlqYRqzn9S7s9YLXTlyXovAPfBnw/ff395qF0eappfFcqVNq8gqV
-          4FjvCYgmfIJsBVgeDCkjZQ1brwwK/5isYYvhOPUojS9iqfRvltFgeyRgY9ZSnE=
+        - m4a6xAWD6nrAXcnOChTKO5Z2hewyKmS/h0tWTe6b7Bpe3YGX3sCzdjg4t5noXGiA4cA1e
+          5dRtM8xeki8H1QEOFkkTV567GKog+v2JH9phH9qn/I0IT627T8KC9bTdwhUPgOne4Qnwt
+          c6RgleHH23uyxgKbhmCjb1BJgQvd8zl3MEFybBAz91S/+Q8YGY/XEkoYN/YuPHQA0Qm8w
+          1S+fv2Rr9d8J1KZW9lSKgbGDHMK1/K/tSqGVFUW42jtrhTpdAvo3I6BYAa1IDaQcUDnBm
+          cqZSFGTwK6nvhuh48L0/RHeOcOhkkp/+l9iXIBXkPCkfBbjKNiebP+My3isnaNr88dYbD
+          ydRIqs9JfcnNtXhqos+4Oe3zTLE78dlJhY5mpHPYYZRZsgh2tF0f80830Gcg4dSGpf7ma
+          dB5jPl1Ou16PHyRvf/+XfhykoazvUPLa8K29Nyz+1J01zrdIV55b5NVVy10WkUSdxlgq7
+          kUYBmSS9vn9U1Y7BHcLBsj0uXma7HZsajs7iy3cCCtPSDluO8bllajxD21ZZBZ7a7n+Rj
+          qzn0S9+j5c4YG+QasOUjyq+2/+TGFE/IGfaB70FGNrpiJ/HJRsFt145dCJzH9RPNfNEhu
+          7NpNCNwJvTmpXS2pcEofs73Z7l1u4h1/VpZog/cVsMOYfm7DSho0hSX/WAQR7o=

playbooks/nightly-build/post.yaml

diff --git a/playbooks/nightly-build/post.yaml b/playbooks/nightly-build/post.yaml
index 5cb8988..ae09c36 100644
--- a/playbooks/nightly-build/post.yaml
+++ b/playbooks/nightly-build/post.yaml
@@ -1,4 +1,6 @@
 - name: Get CWS upload/publish log
   hosts: all
   roles:
-    - fetch-cws-log
+    - fetch-cws-upload-log
+  vars:
+    workingDirectory: "{{ zuul.project.src_dir }}/out"

playbooks/nightly-build/pre.yaml

diff --git a/playbooks/nightly-build/pre.yaml b/playbooks/nightly-build/pre.yaml
index c4463a2..45db95f 100644
--- a/playbooks/nightly-build/pre.yaml
+++ b/playbooks/nightly-build/pre.yaml
@@ -2,4 +2,4 @@
   roles:
     - role: ensure-genmanifest
     - role: ensure-cws-upload
-      version: "2.0.1"
+      version: "2.1.0"

playbooks/nightly-build/run.yaml

diff --git a/playbooks/nightly-build/run.yaml b/playbooks/nightly-build/run.yaml
index a10991c..0d714cd 100644
--- a/playbooks/nightly-build/run.yaml
+++ b/playbooks/nightly-build/run.yaml
@@ -2,5 +2,5 @@
   roles:
     - role: cws-publish
       vars:
-        extension_id: "phefpbdhiknkamngjffpnebaemanmihf"
-        dry_run: false
+        canaryTwptExtensionId: "phefpbdhiknkamngjffpnebaemanmihf"
+        dryRun: false

playbooks/nightly-build/test.yaml

diff --git a/playbooks/nightly-build/test.yaml b/playbooks/nightly-build/test.yaml
index 73777c0..53d21ec 100644
--- a/playbooks/nightly-build/test.yaml
+++ b/playbooks/nightly-build/test.yaml
@@ -2,5 +2,5 @@
   roles:
     - role: cws-publish
       vars:
-        extension_id: "phefpbdhiknkamngjffpnebaemanmihf"
-        dry_run: true
+        canaryTwptExtensionId: "phefpbdhiknkamngjffpnebaemanmihf"
+        dryRun: true

roles/cws-publish/defaults/main.yaml

diff --git a/roles/cws-publish/defaults/main.yaml b/roles/cws-publish/defaults/main.yaml
index 4055a80..654e277 100644
--- a/roles/cws-publish/defaults/main.yaml
+++ b/roles/cws-publish/defaults/main.yaml
@@ -1 +1 @@
-dryrun: false
+dryRun: false

roles/cws-publish/tasks/main.yaml

diff --git a/roles/cws-publish/tasks/main.yaml b/roles/cws-publish/tasks/main.yaml
index 7968ad4..b93f1cb 100644
--- a/roles/cws-publish/tasks/main.yaml
+++ b/roles/cws-publish/tasks/main.yaml
@@ -1,10 +1,3 @@
-- name: Check extension_id, credentials.clientId, credentials.refreshToken are set
-  when: >
-    extension_id is not defined or credentials.clientId is not defined or
-    credentials.refreshToken is not defined
-  fail:
-    msg: "extension_id, credentials.clientId and credentials.refreshToken must be set"
-
 - name: Build extension
   include_role:
     name: build-extension
@@ -27,31 +20,15 @@
   debug:
     msg: "zip_file.stdout is \"{{ zip_file.stdout }}\""
 
-- name: Upload and publish the ZIP file to the Chrome Web Store
-  when: not (dry_run|bool)
-  ansible.builtin.shell:
-    cmd: |
-      set -o pipefail
-      chrome-webstore-upload upload --auto-publish --extension-id {{ extension_id }} \
-          --trusted-testers --source {{ zip_file.stdout|quote }} \
-          --client-id {{ credentials.clientId|quote }} \
-          --refresh-token {{ credentials.refreshToken|quote }} \
-          2>&1 | tee cws-log.txt
-    chdir: "{{ zuul.project.src_dir }}/out"
-    executable: /bin/bash
-  no_log: True
-  register: uploadcmd
-  failed_when: false
-
-- name: Read upload log
-  when: not (dry_run|bool)
-  ansible.builtin.shell:
-    cmd: cat cws-log.txt
-    chdir: "{{ zuul.project.src_dir }}/out"
-    executable: /bin/bash
-  register: uploadlog
-
-- name: Check whether the upload was successful
-  when: "not (dry_run|bool) and not (uploadcmd.rc == 0 or ('ITEM_NOT_UPDATABLE' in uploadlog.stdout) or ('PKG_INVALID_VERSION_NUMBER') in uploadlog.stdout)"
-  fail:
-    msg: "{{ uploadlog.stdout }}"
+- when: not (dryRun|bool)
+  include_role:
+    name: cws-upload
+  vars:
+    extensionId: "{{ canaryTwptExtensionId }}"
+    clientId: "{{ credentials.clientId }}"
+    clientSecret: "{{ credentials.clientSecret }}"
+    refreshToken: "{{ credentials.refreshToken }}"
+    workingDirectory: "{{ zuul.project.src_dir }}/out"
+    zipFile: "{{ zip_file.stdout|quote }}"
+    autopublish: true
+    trustedTesters: true

roles/fetch-cws-log/tasks/main.yaml

diff --git a/roles/fetch-cws-log/tasks/main.yaml b/roles/fetch-cws-log/tasks/main.yaml
deleted file mode 100644
index 3a9d75e..0000000
--- a/roles/fetch-cws-log/tasks/main.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-- name: Is there a cws-log.txt
-  register: stat_log
-  stat:
-    path: "{{ zuul.project.src_dir }}/out/cws-log.txt"
-
-- name: Store on executor
-  when: stat_log.stat.exists
-  synchronize:
-    mode: pull
-    src: "{{ zuul.project.src_dir }}/out/cws-log.txt"
-    dest: "{{ zuul.executor.log_root }}/cws-log.txt"
-    verify_host: true
-    owner: no
-    group: no