.taskcluster.yml

version: 1
policy:
  pullRequests: collaborators
tasks:
  $let:
    user: ${event.sender.login}

    fetch_rev:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.head.sha}
      else:
        $if: 'tasks_for == "github-push"'
        then: ${event.after}
        else: ${event.release.tag_name}

    fetch_ref:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.head.sha}
      else:
        $if: 'tasks_for == "github-push"'
        then: ${event.after}
        else: "refs/tags/${event.release.tag_name}:refs/tags/${event.release.tag_name}"

    http_repo:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.base.repo.clone_url}
      else: ${event.repository.clone_url}

    codecov_secret:
      codecov-site-scout

    pypi_secret:
      pypi-site-scout

    project_name:
      site-scout

    matrix:
      language: python
      secrets:
        - type: env
          secret: project/fuzzing/codecov-site-scout
          name: CODECOV_TOKEN
          key: token
      script:
        - bash
        - '-xec'
        - tox; tox -e codecov
      jobs:
        include:
          - name: tests python 3.9
            version: "3.9"
            env:
              TOXENV: py39,lint
          - name: tests python 3.10
            version: "3.10"
            env:
              TOXENV: py310,lint
          - name: test python 3.10 (windows)
            version: "3.10"
            platform: windows
            env:
              TOXENV: py310
          - name: tests python 3.11
            version: "3.11"
            env:
              TOXENV: py311,lint
          - name: tests python 3.12
            version: "3.12"
            env:
              TOXENV: py312,lint
          - name: PyPI upload
            version: "3.9"
            env:
              TOXENV: pypi
            script:
              - tox
            when:
              release: true
              all_passed: true
            secrets:
              - type: env
                secret: project/fuzzing/pypi-site-scout
                name: TWINE_USERNAME
                key: username
              - type: env
                secret: project/fuzzing/pypi-site-scout
                name: TWINE_PASSWORD
                key: password

  in:
    $if: >
      (tasks_for == "github-push")
      || (tasks_for == "github-pull-request" && event["action"] in ["opened", "reopened", "synchronize"])
      || (tasks_for == "github-release" && event["action"] in ["published"])
    then:
      - created: {$fromNow: ''}
        deadline: {$fromNow: '1 hour'}
        provisionerId: proj-fuzzing
        workerType: ci
        payload:
          features:
            taskclusterProxy: true
          maxRunTime: 3600
          image:
            type: indexed-image
            path: public/orion-decision.tar.zst
            namespace: project.fuzzing.orion.orion-decision.master
          env:
            PROJECT_NAME: ${project_name}
            CI_MATRIX: {$json: {$eval: matrix}}
            GITHUB_EVENT: {$json: {$eval: event}}
            GITHUB_ACTION: ${tasks_for}
            TASKCLUSTER_NOW: ${now}
          command:
            - ci-decision
            - -v
        scopes:
          - queue:create-task:highest:proj-fuzzing/ci
          - queue:create-task:highest:proj-fuzzing/ci-*
          - queue:scheduler-id:taskcluster-github
          - secrets:get:project/fuzzing/codecov-site-scout
          - secrets:get:project/fuzzing/deploy-site-scout
          - secrets:get:project/fuzzing/pypi-site-scout
        metadata:
          name: ${project_name} CI decision
          description: Schedule CI tasks for ${project_name}
          owner: twsmith@mozilla.com
          source: https://github.com/MozillaSecurity/site-scout