Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
293 lines (292 sloc) 10.8 KB
{
"$schema": "http://json-schema.org/draft-06/schema#",
"definitions": {
"artifact": {
"type": "object",
"properties": {
"type": {
"title": "Artifact upload type.",
"type": "string",
"enum": [
"file",
"directory"
]
},
"path": {
"title": "Location of artifact in container.",
"type": "string"
},
"expires": {
"title": "Date when artifact should expire must be in the future.",
"type": "string",
"format": "date-time"
}
},
"required": [
"type",
"path"
]
}
},
"title": "Docker worker payload",
"description": "`.payload` field of the queue.",
"type": "object",
"required": [
"image",
"maxRunTime"
],
"properties": {
"log": {
"title": "Custom log location",
"description": "Specifies a custom location for the livelog artifact",
"type": "string"
},
"image": {
"title": "Docker image.",
"description": "Image to use for the task. Images can be specified as an image tag as used by a docker registry, or as an object declaring type and name/namespace",
"oneOf": [
{
"title": "Docker image name",
"type": "string"
},
{
"type": "object",
"title": "Named docker image",
"properties": {
"type": {
"type": "string",
"enum": [
"docker-image"
]
},
"name": {
"type": "string"
}
},
"required": [
"type",
"name"
]
},
{
"type": "object",
"title": "Indexed docker image",
"properties": {
"type": {
"type": "string",
"enum": [
"indexed-image"
]
},
"namespace": {
"type": "string"
},
"path": {
"type": "string"
}
},
"required": [
"type",
"namespace",
"path"
]
},
{
"type": "object",
"title": "Docker image artifact",
"properties": {
"type": {
"type": "string",
"enum": [
"task-image"
]
},
"taskId": {
"type": "string"
},
"path": {
"type": "string"
}
},
"required": [
"type",
"taskId",
"path"
]
}
]
},
"cache": {
"title": "Caches to mount point mapping.",
"description": "Caches are mounted within the docker container at the mount point specified. Example: ```{ \"CACHE NAME\": \"/mount/path/in/container\" }```",
"type": "object"
},
"capabilities": {
"title": "Capabilities that must be available/enabled for the task container.",
"description": "Set of capabilities that must be enabled or made available to the task container Example: ```{ \"capabilities\": { \"privileged\": true }```",
"type": "object",
"properties": {
"privileged": {
"title": "Privileged container",
"description": "Allows a task to run in a privileged container, similar to running docker with `--privileged`. This only works for worker-types configured to enable it.",
"type": "boolean",
"default": false
},
"devices": {
"title": "Devices to be attached to task containers",
"description": "Allows devices from the host system to be attached to a task container similar to using `--device` in docker. ",
"type": "object",
"properties": {
"loopbackVideo": {
"title": "Loopback Video device",
"description": "Video loopback device created using v4l2loopback.",
"type": "boolean"
},
"loopbackAudio": {
"title": "Loopback Audio device",
"description": "Audio loopback device created using snd-aloop",
"type": "boolean"
}
}
}
}
},
"command": {
"title": "Docker command to run (see docker api).",
"type": "array",
"items": {
"type": "string"
},
"default": [],
"description": "Example: `['/bin/bash', '-c', 'ls']`."
},
"encryptedEnv": {
"title": "List of encrypted environment variable mappings.",
"description": "List of base64 encoded asymmetric encrypted environment variables. See /docs/reference/workers/docker-worker/environment#encrypted-environment-variables",
"type": "array",
"items": {
"title": "Base64 encoded encrypted environment variable object.",
"type": "string"
}
},
"env": {
"title": "Environment variable mappings.",
"description": "Example: ```\n{\n \"PATH\": '/borked/path' \n \"ENV_NAME\": \"VALUE\" \n}\n```",
"type": "object"
},
"maxRunTime": {
"type": "number",
"title": "Maximum run time in seconds",
"description": "Maximum time the task container can run in seconds",
"multipleOf": 1,
"minimum": 1,
"maximum": 86400
},
"onExitStatus": {
"title": "Exit status handling",
"description": "By default docker-worker will fail a task with a non-zero exit status without retrying. This payload property allows a task owner to define certain exit statuses that will be marked as a retriable exception.",
"type": "object",
"properties": {
"retry": {
"title": "Retriable exit statuses",
"description": "If the task exists with a retriable exit status, the task will be marked as an exception and a new run created.",
"type": "array",
"items": {
"title": "Exit statuses",
"type": "number"
}
},
"purgeCaches": {
"title": "Purge caches exit status",
"description": "If the task exists with a purge caches exit status, all caches associated with the task will be purged.",
"type": "array",
"items": {
"title": "Exit statuses",
"type": "number"
}
}
}
},
"artifacts": {
"type": "object",
"title": "Artifacts",
"description": "Artifact upload map example: ```{\"public/build.tar.gz\": {\"path\": \"/home/worker/build.tar.gz\", \"expires\": \"2016-05-28T16:12:56.693817Z\", \"type\": \"file\"}}```",
"additionalProperties": {
"$ref": "#/definitions/artifact"
}
},
"supersederUrl": {
"title": "URL of the a service that can indicate tasks superseding this one; the current taskId will be appended as a query argument `taskId`. The service should return an object with a `supersedes` key containing a list of taskIds, including the supplied taskId. The tasks should be ordered such that each task supersedes all tasks appearing earlier in the list. See [superseding](/docs/reference/platform/taskcluster-queue/docs/superseding) for more detail.",
"type": "string",
"format": "uri",
"pattern": "^https?://[\\x20-\\x7e]*$"
},
"features": {
"title": "Feature flags",
"description": "Used to enable additional functionality.",
"type": "object",
"properties": {
"localLiveLog": {
"type": "boolean",
"title": "Enable live logging (worker local)",
"description": "Logs are stored on the worker during the duration of tasks and available via http chunked streaming then uploaded to s3"
},
"bulkLog": {
"type": "boolean",
"title": "Bulk upload the task log into a single artifact",
"description": "Useful if live logging is not interesting but the overalllog is later on"
},
"taskclusterProxy": {
"type": "boolean",
"title": "Task cluster auth proxy service",
"description": "The auth proxy allows making requests to taskcluster/queue and taskcluster/scheduler directly from your task with the same scopes as set in the task. This can be used to make api calls via the [client](https://github.com/taskcluster/taskcluster-client) CURL, etc... Without embedding credentials in the task."
},
"balrogVPNProxy": {
"type": "boolean",
"title": "Balrog proxy service",
"description": "The Balrog proxy feature allows tasks to make requests to http://balrog which is a proxied connection through a vpn tunnel to production balrog update server."
},
"balrogStageVPNProxy": {
"type": "boolean",
"title": "Balrog stage proxy service",
"description": "The Balrog stage proxy feature allows tasks to make requests to http://balrog which is a proxied connection through a vpn tunnel to the stage balrog update server."
},
"artifacts": {
"type": "boolean",
"title": "Artifact uploads",
"description": ""
},
"dind": {
"type": "boolean",
"title": "Docker in Docker",
"description": "Runs docker-in-docker and binds `/var/run/docker.sock` into the container. Doesn't allow privileged mode, capabilities or host volume mounts."
},
"relengAPIProxy": {
"type": "boolean",
"title": "Releng API proxy service",
"description": "The Releng API proxy service allows tasks to talk to releng api using an authorization token based on the task's scopes"
},
"dockerSave": {
"type": "boolean",
"title": "Docker save",
"description": "Uploads docker images as artifacts"
},
"interactive": {
"type": "boolean",
"title": "Docker Exec Interactive",
"description": "This allows you to interactively run commands inside the container and attaches you to the stdin/stdout/stderr over a websocket. Can be used for SSH-like access to docker containers."
},
"allowPtrace": {
"type": "boolean",
"title": "Allow ptrace within the container",
"description": "This allows you to use the Linux ptrace functionality inside the container; it is otherwise disallowed by Docker's security policy. "
},
"chainOfTrust": {
"type": "boolean",
"title": "Enable generation of ed25519-signed Chain of Trust artifacts",
"description": "Artifacts named chain-of-trust.json and chain-of-trust.json.sig should be generated which will include information for downstream tasks to build a level of trust for the artifacts produced by the task and the environment it ran in."
}
}
}
}
}
You can’t perform that action at this time.