.taskcluster.yml

version: 1
policy:
  pullRequests: collaborators
tasks:
  $if: >
    (tasks_for == "github-push")
    || (tasks_for == "github-pull-request" && event["action"] in ["opened", "reopened", "synchronize"])
    || (tasks_for == "github-release" && event["action"] in ["published"])
  then:
    - created: {$fromNow: ''}
      deadline: {$fromNow: '1 hour'}
      provisionerId: proj-fuzzing
      workerType: decision
      payload:
        features:
          taskclusterProxy: true
        maxRunTime: 3600
        env:
          DOCKER_HUB_SECRET: project/fuzzing/docker-hub
          GITHUB_EVENT: {$json: {$eval: event}}
          GITHUB_ACTION: ${tasks_for}
          TASKCLUSTER_NOW: ${now}
        command:
          - - bash
            - "-exc"
            - "-o"
            - "pipefail"
            - >
              retry () { for _ in {1..9}; do if "$@"; then return; else sleep 30; fi; done; "$@"; };
              retry podman pull mozillasecurity/orion-decision:latest;
              podman run --rm -e TASK_ID -e RUN_ID -e TASKCLUSTER_ROOT_URL --add-host=taskcluster:127.0.0.1 --net=host
              -e TASKCLUSTER_PROXY_URL=http://localhost:80 -e DOCKER_HUB_SECRET -e GITHUB_EVENT -e GITHUB_ACTION -e TASKCLUSTER_NOW
              mozillasecurity/orion-decision:latest decision -v
      scopes:
        - docker-worker:capability:privileged
        - index:insert-task:project.fuzzing.orion.*
        - queue:create-task:highest:proj-fuzzing/ci
        - queue:create-task:highest:proj-fuzzing/ci-*
        - queue:route:index.project.fuzzing.orion.*
        - queue:scheduler-id:taskcluster-github
        - secrets:get:project/fuzzing/docker-hub
      metadata:
        name: Orion decision task
        description: Schedule Orion build tasks
        owner: truber@mozilla.com
        source: https://github.com/MozillaSecurity/orion
  else: []