Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
471 lines (423 sloc) 15.1 KB
---
"$schema": http://json-schema.org/draft-04/schema#
title: Generic worker payload
description: |-
This schema defines the structure of the `payload` property referred to in a
Taskcluster Task definition.
type: object
required:
- command
- maxRunTime
additionalProperties: false
properties:
command:
title: Commands to run
type: array
minItems: 1
items:
type: string
description: |-
One entry per command (consider each entry to be interpreted as a full line of
a Windows™ .bat file). For example:
```
[
"set",
"echo hello world > hello_world.txt",
"set GOPATH=C:\\Go"
]
```
Since: generic-worker 0.0.1
env:
title: Env vars
description: |-
Env vars must be string to __string__ mappings (not number or boolean). For example:
```
{
"PATH": "C:\\Windows\\system32;C:\\Windows",
"GOOS": "windows",
"FOO_ENABLE": "true",
"BAR_TOTAL": "3"
}
```
Since: generic-worker 0.0.1
type: object
additionalProperties:
type: string
maxRunTime:
type: integer
title: Maximum run time in seconds
description: |-
Maximum time the task container can run in seconds.
Since: generic-worker 0.0.1
multipleOf: 1
minimum: 1
maximum: 86400
artifacts:
type: array
title: Artifacts to be published
description: |-
Artifacts to be published.
Since: generic-worker 1.0.0
items:
type: object
title: Artifact
additionalProperties: false
properties:
type:
title: Artifact upload type.
type: string
enum:
- file
- directory
description: |-
Artifacts can be either an individual `file` or a `directory` containing
potentially multiple files with recursively included subdirectories.
Since: generic-worker 1.0.0
path:
title: Artifact location
type: string
description: |-
Relative path of the file/directory from the task directory. Note this is not an absolute
path as is typically used in docker-worker, since the absolute task directory name is not
known when the task is submitted. Example: `dist\regedit.exe`. It doesn't matter if
forward slashes or backslashes are used.
Since: generic-worker 1.0.0
name:
title: Name of the artifact
type: string
description: |-
Name of the artifact, as it will be published. If not set, `path` will be used.
Conventionally (although not enforced) path elements are forward slash separated. Example:
`public/build/a/house`. Note, no scopes are required to read artifacts beginning `public/`.
Artifact names not beginning `public/` are scope-protected (caller requires scopes to
download the artifact). See the Queue documentation for more information.
Since: generic-worker 8.1.0
expires:
title: Expiry date and time
type: string
format: date-time
description: |-
Date when artifact should expire must be in the future, no earlier than task deadline, but
no later than task expiry. If not set, defaults to task expiry.
Since: generic-worker 1.0.0
contentType:
title: Content-Type header when serving artifact over HTTP
type: string
description: |-
Explicitly set the value of the HTTP `Content-Type` response header when the artifact(s)
is/are served over HTTP(S). If not provided (this property is optional) the worker will
guess the content type of artifacts based on the filename extension of the file storing
the artifact content. It does this by looking at the system filename-to-mimetype mappings
defined in the Windows registry. Note, setting `contentType` on a directory artifact will
apply the same contentType to all files contained in the directory.
See [mime.TypeByExtension](https://godoc.org/mime#TypeByExtension).
Since: generic-worker 10.4.0
required:
- type
- path
features:
title: Feature flags
description: |-
Feature flags enable additional functionality.
Since: generic-worker 5.3.0
type: object
additionalProperties: false
properties:
chainOfTrust:
type: boolean
title: Enable generation of signed Chain of Trust artifacts
description: |-
Artifacts named `public/chain-of-trust.json` and
`public/chain-of-trust.json.sig` should be generated which will
include information for downstream tasks to build a level of trust
for the artifacts produced by the task and the environment it ran in.
Since: generic-worker 5.3.0
taskclusterProxy:
type: boolean
title: Run [taskcluster-proxy](https://github.com/taskcluster/taskcluster-proxy) to allow tasks to dynamically proxy requests to taskcluster services
description: |-
The taskcluster proxy provides an easy and safe way to make authenticated
taskcluster requests within the scope(s) of a particular task. See
[the github project](https://github.com/taskcluster/taskcluster-proxy) for more information.
Since: generic-worker 10.6.0
runAsAdministrator:
type: boolean
title: Run commands with UAC process elevation
description: |-
Runs commands with UAC elevation. Only set to true when UAC is
enabled on the worker and Administrative privileges are required by
task commands. When UAC is disabled on the worker, task commands will
already run with full user privileges, and therefore a value of true
will result in a malformed-payload task exception.
A value of true does not add the task user to the `Administrators`
group - see the `osGroups` property for that. Typically
`task.payload.osGroups` should include an Administrative group, such
as `Administrators`, when setting to true.
For security, `runAsAdministrator` feature cannot be used in
conjunction with `chainOfTrust` feature.
Requires scope
`generic-worker:run-as-administrator:<provisionerId>/<workerType>`.
Since: generic-worker 10.11.0
mounts:
type: array
description: |-
Directories and/or files to be mounted.
Since: generic-worker 5.4.0
items:
title: Mount
"$ref": "#/definitions/mount"
osGroups:
type: array
title: OS Groups
description: |-
A list of OS Groups that the task user should be a member of. Requires scope
`generic-worker:os-group:<provisionerId>/<workerType>/<os-group>` for each
group listed.
Since: generic-worker 6.0.0
items:
type: string
supersederUrl:
type: string
title: Superseder URL
description: |-
URL of a service that can indicate tasks superseding this one; the current `taskId`
will be appended as a query argument `taskId`. The service should return an object with
a `supersedes` key containing a list of `taskId`s, including the supplied `taskId`. The
tasks should be ordered such that each task supersedes all tasks appearing later in the
list.
See [superseding](https://docs.taskcluster.net/reference/platform/taskcluster-queue/docs/superseding) for more detail.
Since: generic-worker 10.2.2
format: uri
onExitStatus:
title: Exit code handling
description: |-
By default tasks will be resolved with `state/reasonResolved`: `completed/completed`
if all task commands have a zero exit code, or `failed/failed` if any command has a
non-zero exit code. This payload property allows customsation of the task resolution
based on exit code of task commands.
type: object
additionalProperties: false
properties:
retry:
title: Intermittent task exit codes
description: |-
Exit codes for any command in the task payload to cause this task to
be resolved as `exception/intermittent-task`. Typically the Queue
will then schedule a new run of the existing `taskId` (rerun) if not
all task runs have been exhausted.
See [itermittent tasks](https://docs.taskcluster.net/docs/reference/platform/taskcluster-queue/docs/worker-interaction#intermittent-tasks) for more detail.
Since: generic-worker 10.10.0
type: array
items:
title: Exit codes
type: integer
minimum: 1
rdpInfo:
type: string
title: RDP Info
description: |-
Specifies an artifact name for publishing RDP connection information.
Since this is potentially sensitive data, care should be taken to publish
to a suitably locked down path, such as
`login-identity/<login-identity>/rdpinfo.json` which is only readable for
the given login identity (for example
`login-identity/mozilla-ldap/pmoore@mozilla.com/rdpinfo.json`). See the
[artifact namespace guide](https://docs.taskcluster.net/manual/design/namespaces#artifacts) for more information.
Use of this feature requires scope
`generic-worker:allow-rdp:<provisionerId>/<workerType>` which must be
declared as a task scope.
The RDP connection data is published during task startup so that a user
may interact with the running task.
The task environment will be retained for 12 hours after the task
completes, to enable an interactive user to perform investigative tasks.
After these 12 hours, the worker will delete the task's Windows user
account, and then continue with other tasks.
No guarantees are given about the resolution status of the interactive
task, since the task is inherently non-reproducible and no automation
should rely on this value.
Since: generic-worker 10.5.0
definitions:
mount:
title: Mount
oneOf:
- "$ref": "#/definitions/fileMount"
- "$ref": "#/definitions/writableDirectoryCache"
- "$ref": "#/definitions/readOnlyDirectory"
fileMount:
type: object
title: File Mount
properties:
file:
title: File
type: string
description: |-
The filesystem location to mount the file.
Since: generic-worker 5.4.0
content:
description: |-
Content of the file to be mounted.
Since: generic-worker 5.4.0
"$ref": "#/definitions/content"
additionalProperties: false
required:
- file
- content
writableDirectoryCache:
type: object
title: Writable Directory Cache
properties:
directory:
title: Directory Volume
type: string
description: |-
The filesystem location to mount the directory volume.
Since: generic-worker 5.4.0
cacheName:
title: Cache Name
type: string
description: |-
Implies a read/write cache directory volume. A unique name for the
cache volume. Requires scope `generic-worker:cache:<cache-name>`.
Note if this cache is loaded from an artifact, you will also require
scope `queue:get-artifact:<artifact-name>` to use this cache.
Since: generic-worker 5.4.0
content:
title: Content
description: |-
Optional content to be preloaded when initially creating the cache
(if set, `format` must also be provided).
Since: generic-worker 5.4.0
"$ref": "#/definitions/content"
format:
title: Format
type: string
description: |-
Archive format of the preloaded content (if `content` provided).
Since: generic-worker 5.4.0
enum:
- rar
- tar.bz2
- tar.gz
- zip
additionalProperties: false
required:
- directory
- cacheName
dependencies:
content:
- format
format:
- content
readOnlyDirectory:
type: object
title: Read Only Directory
properties:
directory:
title: Directory
type: string
description: |-
The filesystem location to mount the directory volume.
Since: generic-worker 5.4.0
content:
title: Content
description: |-
Contents of read only directory.
Since: generic-worker 5.4.0
"$ref": "#/definitions/content"
format:
title: Format
type: string
description: |-
Archive format of content for read only directory.
Since: generic-worker 5.4.0
enum:
- rar
- tar.bz2
- tar.gz
- zip
additionalProperties: false
required:
- directory
- content
- format
content:
oneOf:
- title: Artifact Content
description: |-
Requires scope `queue:get-artifact:<artifact-name>`.
Since: generic-worker 5.4.0
type: object
properties:
taskId:
type: string
pattern: "^[A-Za-z0-9_-]{8}[Q-T][A-Za-z0-9_-][CGKOSWaeimquy26-][A-Za-z0-9_-]{10}[AQgw]$"
artifact:
type: string
maxLength: 1024
sha256:
type: string
title: SHA 256
description: |-
The required SHA 256 of the content body.
Since: generic-worker 10.8.0
pattern: '^[a-f0-9]{64}$'
additionalProperties: false
required:
- taskId
- artifact
- title: URL Content
description: |-
URL to download content from.
Since: generic-worker 5.4.0
type: object
properties:
url:
type: string
title: URL
description: |-
URL to download content from.
Since: generic-worker 5.4.0
format: uri
sha256:
type: string
title: SHA 256
description: |-
The required SHA 256 of the content body.
Since: generic-worker 10.8.0
pattern: '^[a-f0-9]{64}$'
additionalProperties: false
required:
- url
- title: Raw Content
description: |-
Byte-for-byte literal inline content of file/archive, up to 64KB in size.
Since: generic-worker 11.1.0
type: object
properties:
raw:
type: string
maxLength: 65536
title: Raw
description: |-
Byte-for-byte literal inline content of file/archive, up to 64KB in size.
Since: generic-worker 11.1.0
additionalProperties: false
required:
- raw
- title: Base64 Content
description: |-
Base64 encoded content of file/archive, up to 64KB (encoded) in size.
Since: generic-worker 11.1.0
type: object
properties:
base64:
type: string
maxLength: 65536
title: Base64
description: |-
Base64 encoded content of file/archive, up to 64KB (encoded) in size.
Since: generic-worker 11.1.0
pattern: '^[A-Za-z0-9/+]+[=]{0,2}$'
additionalProperties: false
required:
- base64
You can’t perform that action at this time.