Bump taskcluster from 30.1.1 to 31.0.0

[dependabot-preview]

Bumps taskcluster from 30.1.1 to 31.0.0.

Release notes

Sourced from taskcluster's releases.

v31.0.0

GENERAL

▶ [patch] bug 1637302 Docker-worker now automatically gzips artifacts before uploading them. It sets content-encoding in the S3 headers so that most consumers should be able to transparently handle decompression.

DEPLOYERS

▶ [MAJOR] #3012 An encrypted column "secret" has been added to the workers table. The worker-manager service now requires an additional environment variable DB_CRYPTO_KEY to be set which is a JSON array where each element is an object of the form.

{
  "id": "a unique identifier",
  "algo": "aes-256",
  "key": "32 bytes of base64 string"
}

Note that for this upgrade it will only be an array of a single object.

▶ [patch] bug 1638921 Kubernetes cron tasks are now configured with concurrencyPolicy: Forbid, to prevent multiple pods of the same job from running concurrently.

WORKER-DEPLOYERS

▶ [patch] #3080 Docker-worker is now more careful to shut down only when it is idle and has not begun to claim a task, avoiding race conditions that could lead to claim-expired tasks.

▶ [patch] #3012 Worker runner can now re-register a worker with worker-manager, refreshing its credentials. This allows workers to run for an unlimited time, so long as they continue to check in with the worker manager periodically. Both docker-worker and generic-worker, as of this version, support this functionality. Older worker versions will simply terminate when their credentials expire.

USERS

▶ [patch] Docker-worker now includes an error message in the task log when uploading an artifact fails

▶ [patch] #2883 Endpoints that return worker pools now contain an existingCapacity field that contains the total amount of capacity for the worker pool between all workers that are not stopped.

▶ [patch] #3004 Generic-worker now uses the task's credentials to fetch artifacts specified in the mounts property of the task's payload. This will allow use of private artifacts in mounts.

▶ [patch] #2882 Workerpools lists and views in the ui now show the amount of currently existing capacity

Changelog

Sourced from taskcluster's changelog.

v31.0.0

GENERAL

▶ [patch] bug 1637302 Docker-worker now automatically gzips artifacts before uploading them. It sets content-encoding in the S3 headers so that most consumers should be able to transparently handle decompression.

DEPLOYERS

▶ [MAJOR] #3012 An encrypted column "secret" has been added to the workers table. The worker-manager service now requires an additional environment variable DB_CRYPTO_KEY to be set which is a JSON array where each element is an object of the form.

{
  "id": "a unique identifier",
  "algo": "aes-256",
  "key": "32 bytes of base64 string"
}

Note that for this upgrade it will only be an array of a single object.

▶ [patch] bug 1638921 Kubernetes cron tasks are now configured with concurrencyPolicy: Forbid, to prevent multiple pods of the same job from running concurrently.

WORKER-DEPLOYERS

▶ [patch] #3080 Docker-worker is now more careful to shut down only when it is idle and has not begun to claim a task, avoiding race conditions that could lead to claim-expired tasks.

▶ [patch] #3012 Worker runner can now re-register a worker with worker-manager, refreshing its credentials. This allows workers to run for an unlimited time, so long as they continue to check in with the worker manager periodically. Both docker-worker and generic-worker, as of this version, support this functionality. Older worker versions will simply terminate when their credentials expire.

USERS

▶ [patch] Docker-worker now includes an error message in the task log when uploading an artifact fails

▶ [patch] #2883 Endpoints that return worker pools now contain an existingCapacity field that contains the total amount of capacity for the worker pool between all workers that are not stopped.

▶ [patch] #3004 Generic-worker now uses the task's credentials to fetch artifacts specified in the mounts property of the task's payload. This will allow use of private artifacts in mounts.

▶ [patch] #2882

Commits

• 2769107 v31.0.0
• 7a1faf8 Merge pull request #3088 from taskcluster/issue-3079
• 1e945b3 Add docs note about terminateAfter
• f8c89d8 Merge pull request #3081 from djmitche/issue3067
• 4155a9b Merge pull request #3091 from djmitche/improve-d-w-graceful
• f1910c6 Support graceful shutdown in docker-worker
• 8e9d786 Merge pull request #3085 from djmitche/issue3080
• be2e4e7 Merge pull request #3090 from djmitche/registrationmanager-test-race
• 8b08787 Only shut down between claimWork calls.
• 89682f0 use a sync.Cond to wait for creds to expire in tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Dependabot tried to add @La0 as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/mozilla/task-boot/pulls/170/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the mozilla/task-boot repository. // See: https://developer.github.com/v3/pulls/review_requests/#create-a-review-request