tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

mach_commands.py (3130B)

      1 # This Source Code Form is subject to the terms of the Mozilla Public
      2 # License, v. 2.0. If a copy of the MPL was not distributed with this
      3 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
      4 
      5 import logging
      6 import os
      7 import subprocess
      8 
      9 import yaml
     10 from mach.decorators import Command, CommandArgument
     11 from mach.util import UserError
     12 
     13 
     14 def get_blocking_bug():
     15    securitydir = os.path.dirname(__file__)
     16    with open(os.path.join(securitydir, "nss", "moz.yaml")) as f:
     17        manifest = yaml.load(f, Loader=yaml.BaseLoader)
     18    if "updatebot" not in manifest:
     19        raise UserError("moz.yaml must have an updatebot section")
     20    updatebot = manifest["updatebot"]
     21    if "tasks" not in manifest["updatebot"]:
     22        raise UserError("updatebot section of moz.yaml must have tasks")
     23    tasks = updatebot["tasks"]
     24    vendoring_task = [
     25        task for task in tasks if "type" in task and task["type"] == "vendoring"
     26    ]
     27    if len(vendoring_task) != 1:
     28        raise UserError(
     29            "updatebot section of moz.yaml must have exactly one vendoring task"
     30        )
     31    vendoring_task = vendoring_task[0]
     32    if "blocking" not in vendoring_task:
     33        raise UserError(
     34            "vendoring task of updatebot section of moz.yaml must have a blocking bug"
     35        )
     36    return vendoring_task["blocking"]
     37 
     38 
     39 @Command(
     40    "nss-uplift",
     41    category="devenv",
     42    description="Upgrade to a tagged release of NSS",
     43 )
     44 @CommandArgument(
     45    "tag",
     46    nargs=1,
     47    help="The tagged release or commit to upgrade to.",
     48 )
     49 def nss_uplift(command_context, tag):
     50    tag = tag[0]
     51 
     52    result = subprocess.run(
     53        ["git", "status", "--porcelain"], capture_output=True, text=True, check=True
     54    )
     55    if result.stdout.strip():
     56        raise UserError(
     57            "Working tree is not clean. Please commit or stash your changes."
     58        )
     59 
     60    result = subprocess.run(
     61        ["./mach", "vendor", "security/nss/moz.yaml", "--revision", tag], check=True
     62    )
     63 
     64    if tag.startswith("NSS_"):
     65        with open("security/nss/TAG-INFO", "w") as f:
     66            f.write(tag)
     67 
     68    result = subprocess.run(
     69        ["git", "status", "--porcelain"], capture_output=True, text=True, check=True
     70    )
     71    assert result.returncode == 0
     72    if ".def" in result.stdout:
     73        command_context.log(
     74            logging.WARNING,
     75            "nss_uplift",
     76            {},
     77            "Changes in .def. We might have to change security/nss.symbols then manually",
     78        )
     79 
     80    blocking_bug = get_blocking_bug()
     81 
     82    result = subprocess.run(
     83        [
     84            "git",
     85            "commit",
     86            "-a",
     87            "-m"
     88            f"Bug {blocking_bug} - upgrade NSS to {tag}. r=#nss-reviewers UPGRADE_NSS_RELEASE",
     89        ],
     90        capture_output=True,
     91        text=True,
     92        check=True,
     93    )
     94    assert result.returncode == 0
     95 
     96    if "_RTM" in tag:
     97        command_context.log(
     98            logging.WARNING,
     99            "nss_uplift",
    100            {},
    101            "Create a bug for the next release, update the blocking bug for updatebot in security/nss/moz.yaml, and run `git commit --amend`",
    102        )
    103 
    104    return 0