.taskcluster.yml

version: 1
policy:
  pullRequests: collaborators
tasks:
  $let:
    user: ${event.sender.login}

    project_name:
      Fuzzfetch

    fetch_rev:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.head.sha}
      else:
        $if: 'tasks_for == "github-push"'
        then: ${event.after}
        else: ${event.release.tag_name}

    http_repo:
      $if: 'tasks_for == "github-pull-request"'
      then: ${event.pull_request.base.repo.clone_url}
      else: ${event.repository.clone_url}

    matrix:
      language: python
      secrets:
        - type: env
          secret: project/fuzzing/codecov-fuzzfetch
          name: CODECOV_TOKEN
          key: token
      script:
        - bash
        - '-xec'
        - tox; tox -e codecov
      jobs:
        include:
          - name: tests python 3.9
            version: "3.9"
            env:
              TOXENV: py39,lint
          - name: tests python 3.10
            version: "3.10"
            env:
              TOXENV: py310,lint
          - name: tests python 3.11
            version: "3.11"
            env:
              TOXENV: py311,lint
          - name: tests python 3.12
            version: "3.12"
            env:
              TOXENV: py312,lint
          - name: PyPI upload
            version: "3.11"
            env:
              TOXENV: pypi
            script:
              - tox
            when:
              release: true
              all_passed: true
            secrets:
              - type: env
                secret: project/fuzzing/pypi-fuzzfetch
                name: TWINE_USERNAME
                key: username
              - type: env
                secret: project/fuzzing/pypi-fuzzfetch
                name: TWINE_PASSWORD
                key: password

    # Filter github event to only necessary fields.
    #   Since we use a large list of test fixtures, broad changes can exceed
    #   Docker environment variable size limits.
    gh_event:
      sender: {$eval: event.sender}
      repository: {$eval: event.repository}
      before: {$eval: "event['before']"}
      after: {$eval: "event['after']"}
      number: {$eval: "event['number']"}
      release: {$eval: "event['release']"}
      ref: {$eval: "event['ref']"}
      pull_request:
        $if: 'tasks_for == "github-pull-request"'
        then:
          head: {$eval: event.pull_request.head}
          base: {$eval: event.pull_request.base}

  in:
    $if: >
      (tasks_for == "github-push")
      || (tasks_for == "github-pull-request" && event["action"] in ["opened", "reopened", "synchronize"])
      || (tasks_for == "github-release" && event["action"] in ["published"])
    then:
      - created: {$fromNow: ''}
        deadline: {$fromNow: '1 hour'}
        provisionerId: proj-fuzzing
        workerType: decision
        payload:
          features:
            taskclusterProxy: true
          maxRunTime: 3600
          image:
            type: indexed-image
            path: public/orion-decision.tar.zst
            namespace: project.fuzzing.orion.orion-decision.master
          env:
            PROJECT_NAME: ${project_name}
            CI_MATRIX: {$json: {$eval: matrix}}
            GITHUB_EVENT: {$json: {$eval: gh_event}}
            GITHUB_ACTION: ${tasks_for}
            TASKCLUSTER_NOW: ${now}
          command:
            - ci-decision
            - -v
        scopes:
          - queue:create-task:highest:proj-fuzzing/ci
          - queue:create-task:highest:proj-fuzzing/ci-*
          - queue:scheduler-id:taskcluster-github
          - secrets:get:project/fuzzing/codecov-fuzzfetch
          - secrets:get:project/fuzzing/pypi-fuzzfetch
        metadata:
          name: ${project_name} CI decision
          description: Schedule CI tasks for ${project_name}
          owner: '${user}@users.noreply.github.com'
          source: ${http_repo}/raw/${fetch_rev}/.taskcluster.yml
    else: []