v24.0.2

▶ [patch] bug 1602642
The typo in configuration for aws s3 bucket credentialing is fixed.

It was set as allowdBuckets and is now allowedBuckets

v24.0.1

▶ [patch] bug 1601149
The github.github_private_pem Helm configuration now correctly accepts a configuration containing raw (unescaped) newlines. A change to how configuration values are escaped in the Helm templates caused this support to regress in 24.0.0.

▶ [patch] #2096
Workers in the UI are now displayed in a table instead of cards.

v24.0.0

▶ [MAJOR] bug 1598758
Credentials for the auth.awsS3Credentials method are no longer specified in Helm properties auth.aws_access_key_id, auth.aws_secret_access_key, and auth.aws_region. Instead this information is now configured in auth.aws_credentials_allowed_buckets as described in the deployment docs. The region is no longer required, but the configuration must now include a list of supported buckets. For a quick update, set auth.aws_credentials_allowed_buckets to [{"accessKeyId": "<access_key_id>", "secretAccessKey": "<secret_access_key>", "buckets": ["<bucket_name>"]}].

▶ [MAJOR]
Services that previously used hard-coded values despite advertising Helm parameters now honor those optional Helm parameters:

• notify.irc_port
• github.provisioner_id
• github.worker_type

The last two parameters name a worker pool (<provisioner_id>/<worker_type>) that is used as a default for older (v0) .taskcluster.yml files.
Rather than set these parameters, users should be encouraged to set the values explicitly in .taskcluster.yml.

The notify service no longer accepts Helm configuration property notify.irc_pulse_queue_name. No known deployment has this value set.

▶ [MAJOR] bug 1577785
The Helm configuration properties queue.public_blob_artifact_bucket, queue.private_blob_artifact_bucket, and queue.blob_artifact_region are no longer allowed, as the artifact types these configured are no longer supported.

▶ [MAJOR] bug 1598329
The long-deprecated queue.pollTaskUrls API method has been removed.

▶ [minor] bug 1585157
All current worker-manager's API endpoints, queue's artifact-related endpoints, working and non-checks-related github's endpoints, and the listLastFires endpoint are being graduated from experimental status to stable.

▶ [minor] bug 1596615
Switch to Node 12.13.0

▶ [minor] #895
Taskcluster UI now uses the v4 version of material-ui. It was previously running on v3.

▶ [minor] #450
Taskcluster docs now supports quick search.

▶ [minor] bug 1518190
Taskcluster now supports backups, restores, and verification of Azure tables and containers. See the deployment docs for details.

▶ [minor] #2028
The Taskcluster Python client now has helper classes to ease integration into customers' projects.

▶ [patch] bug 1599291
Added logging around worker provisioning logic to keep better track of workers.

• worker-requested, worker-running, worker-stopped are all three new log messages
  that allow you to track the lifecycle of workers
• scan-seen reports on the state of the world that the worker-scanner
  has observed on each run
• simple-estimator messages now have an error status if runningCapacity is greater
  than maxCapacity. This state occurs due to a bug in worker-manager and should be
  reported to the taskcluster team if it occurs
• This state will also report an error to a configured error reporter if you have one.

▶ [patch]
Fix URL construction for signing in with multiple scopes.

▶ [patch] bug 1597331
Instances created by the AWS provider now have an explicit WorkerPoolId tag. The Google provider now supplies created-by and owner tags.

▶ [patch] #1398
Taskcluster UI "Compare Scopesets" and "Expand Scopesets" views now deeply linked. In other words, you can share the URL and still preserve state.

▶ [patch] bug 1600125
Taskcluster UI Secret view no longer requires the save button to be under the code editor to save a secret.

▶ [patch] bug 1600127
Taskcluster UI Secret view now allows making modifications to the secret multiple times without having to reload the page.

▶ [patch] #2073
Taskcluster UI Task view now properly links to the Worker view when clicking on the Worker ID.

▶ [patch] #2078
Taskcluster UI Workers view now include quarantined workers by default without having to toggle the filter dropdown.

▶ [patch] #1909
Taskcluster UI log viewer now displays the log name in the app bar.

▶ [patch] #1558
Taskcluster UI no longer requires two clicks to return back to the list of resources after editing a resource (e.g., a secret).

▶ [patch] #1913
Taskcluster UI no longer uses the same status color for pending and unscheduled labels.

▶ [patch] #2005
Taskcluster UI now adds more accuracy when displaying the distance between given dates in words.

▶ [patch] #1685
Taskcluster UI now allows editing a worker pool that is scheduled for deletion.

▶ [patch] bug 1597276
Taskcluster UI now doesn't open artifacts in the log viewer by default when the file is not plain text.

▶ [patch] #1874
Taskcluster UI now properly aligns menu items in action menu (speed dial).

▶ [patch] #2076
Taskcluster UI speed dial component no longer toggles on hover.

▶ [patch]
Taskcluster login no longer throws a TypeError when a profile from the PersonAPI has no identities when logging in via auth0.

▶ [patch] bug 1597922
Taskcluster now has the necessary CSP headers to avoid clickjacking.

▶ [patch] bug 1596098
The Queue and Hooks services now return a 400 error when an entity is too large for the storage backend, instead of a 500.

▶ [patch] #1949
The Task view in Taskcluster UI now allows users to have the artifacts panel expanded on page load if the url has the artifacts hash (i.e., #artifacts)

▶ [patch] #1900
The Taskcluster UI Task view now shows "Reason Resolved" above the fold. You previously had to click "See More" to find this field.

▶ [patch] #1997
The log view in Taskcluster UI now properly scrolls horizontally. Some users were experiencing text truncation for long lines as well as scrolling issues on mobile.

▶ [patch] bug 1599564
The purge-cache service now recovers better from Azure errors, where previously a single Azure error would cause subsequent API calls to also fail until the service was restarted.

▶ [patch] #1455
The schema viewer in Taskcluster UI now properly shows a tooltip when pattern is cut off.

▶ [patch] bug 1491551
When an API request times out, the JS client now correctly retuns an error describing a timeout with err.code === 'ECONNABORTED', instead of err.code === 'ABORTED'.

▶ [patch] #1715
Worker Manager UI now provides a more recent version of workerPool configs for initial values.

▶ [patch] bug 1599122
Worker-manager's AWS provider now more precisely aligns its worker-spawning counts to the desired capacity. Due to rounding, it may previously have spawned up to one additional instance per launchConfig.

▶ [patch] bug 1586839
getInstallations endpoint was renamed to listInstallations in octokit. This patch fixes our call to the API

▶ Additional changes not described here: bug 1511676, bug 1579496, bug 1588096, bug 1596171, bug 1598643, bug 1598788, bug 1599299, #1244, #1412, #1421, #1658, #1747, #1751, #1774, #1822, #1908, #1953, #2019, #677, #1911, #1968, #1754, #1934, bug 1596417, #1773.

v23.0.0

▶ [MAJOR]
Support for several deprecated services has been removed.

• The login service has been removed from the codebase and from all client libraries. It was retired on November 9, 2019 when the external services that depended on it migrated to third-party login support. It was never part of the Helm deployment.
• Support for the deprecated ec2-manager and aws-provisioner services has been removed from all client libraries. These services are no longer running, so this should have minimal impact.
• Support for the long-removed events service and the never-released gce-provisioner service has been removed from the Go client.

▶ [MAJOR]
The Taskcluster Go client no longer uses the deprecated concept of BaseURL, instead requiring a RootURL. Users of the New and NewFromEnv functions do not need to change anything. However, any code that has manually constructed a client object, or set such an object's BaseURL property, must be updated to use RootURL instead.

▶ [MAJOR]
The auth.statsumToken method has been removed. The service for which this returns a token has not run for over a year, so the impact is minimal.

▶ [MAJOR] bug 1577785
The artifact types blob and azure are no longer supported. Neither of these types has seen real use, and both are broken in all known deployments of Taskcluster.

The Object Service will implement much of the same functionality, but likely with subtle differences. Removing these unused artifact types now will simplify migration to the Object Service once it is developed.

▶ [MAJOR]
The auth service no longer accepts Helm configuration properties auth.client_table_name or auth.role_container_name. These values are now assumed to be Clients and auth-production-roles, respectively. No known deployments of Taskcluster use any other value.

The auth service now honors sentry_organization, sentry_host, sentry_team, and sentry_key_prefix. Previously, the values of these properties were ignored.

▶ [minor] #1923
The web-server service now uses its own azure session table to keep track of sessions. This solves the following issues:

• Restarting the web-server service clears all user sessions
• Spinning up multiple werb-server services for load balancing is not possible since we stored sessions in memory and the latter belong to a single instance

▶ [patch] bug 1595221
Adds an LRU cache to getTask method, so that we don't have to make too many calls to Azure (tasks are immutable anyways)
The default value for the cache size is 10. The name of the optional prop in the dev-config.yml is queue.task_cache_max_size

▶ [patch] bug 1595838
Errors completing a blob artifact upload are no longer returned with statusCode 500.

▶ [patch] #1962
Taskcluster UI error panels are now scrollable.

▶ [patch] bug 1574854
Taskcluster UI now does not show a "404" text when a page could not be found in the UI so as not to pretend an HTTP response code that didn't occur.

▶ [patch] bug 1595734
Taskcluster UI now properly creates interactive tasks from the task creator.

▶ [patch] #1881
Taskcluster UI now properly renders the task title in the app bar.

▶ [patch] bug 1595418
Taskcluster UI now properly shows task dependencies of tasks that don't have a decision task.
A task with no decision task is a common thing to have outside the firefox-ci cluster.

▶ [patch] #1951
Taskcluster UI now properly shows the Quarantine Until date.

▶ [patch] #1972
Taskcluster UI now shows up to 1000 workers and worker-types in the paginated table. We previously only showed ~15 rows per page.

▶ [patch] bug 1595667
Taskcluster third-party login UI now instructs users to sign in to provide credentials to a third party registered client instead of showing them the home page.

▶ [patch] bug 1596523
Taskcluster web-server process will stop crashing when something goes wrong when logging in.

▶ [patch] #1988
The built-in retrigger action no longer removes fields like taskId from within the task definition.

▶ [patch] bug 1593762
The google provider now accepts workerpools with underscores in the name

▶ [patch] bug 1595238
The queue service now polls Azure queues for deadline, dependency, and task claims less frequently when those queues are empty. This should reduce the rate of GetMessageRead and GetMessagesRead Azure API calls.

▶ [patch] bug 1579065
This release upgrades Hawk, the underlying authentication mechanism for REST API access, to @hapi/hawk since the older hawk dependency is depreciated.

▶ Additional changes not described here: bug 1596531, bug 1585141, #1946, #1995.

v22.1.1

▶ [patch]
Third-Party Logins now correctly intersect the requested scopes with the user's expanded scopes.
Previous versions would result in a client with an empty set of scopes, when the required scopes were associated with a role given to the user.

v22.1.0

▶ [minor] #1875
Taskcluster UI now adds the ability to cancel a task from the Task view

▶ [minor] #1919
Taskcluster UI now exposes an additional env var BANNER_MESSAGE to inform users with important messages (e.g., "Taskcluster will be down for maintenance on November 11") in the UI.

▶ [patch] bug 1588083
Deployment smoketests can now be run from a taskcluster/taskcluster-devel:v<version> Docker image. See the deployment documentation for details.

▶ [patch] #1857
Errors regarding authorizedScopes are now formatted in Markdown, and thus more readable in error messages in the Taskcluster UI.

▶ [patch] #1895
Taskcluster UI CLI login now uses the intersection of scopes (?scope=...) with the user's scopes to generate the set of scopes added to the client.

▶ [patch] #1892
Taskcluster UI now adds the ability to retrigger a task from the Task view.

▶ [patch] #1879
Taskcluster UI now allows users to copy artifact links from index browser through the normal right-click-copy-link.

▶ [patch] bug 1593809
The taskcluster-github service now correctly uses the github.bot_username configuration to look up the latest status for a branch.

Deployments of Taskcluster should double-check that this value is set correctly; see the deployment docs for details.

▶ [patch]
The taskcluster-index service now responds with a 404 and "Indexed task not found" when a task is not found, instead of the misleading "Indexed task has expired".

▶ [patch] bug 1593754
The web-server service now uses the correct Pulse namespace to listen for pulse messages. This fixes one more bug preventing task and task-group UI from dynamically updating.

v22.0.0

▶ [MAJOR] bug 1591591
The deployment Helm variable ui.application_name has been renamed to a top-level applicationName. This value is now used as context in the GitHub status and check posts to PRs and commits.

▶ [MAJOR] bug 1590175
Worker pools now support instance capacity in configuration such that larger instances can handle more tasks if desired. The configuration option, instanceCapacity was already accepted but previously had no effect. As long as this value is set to 1 for all aws and google worker pools, this change will have no effect.

▶ [minor] #1758
Taskcluster shell client 'signin' command can now interact with the new UI.

▶ [patch] #1842
API documentation display is fixed.

▶ [patch] bug 1593142
AWS Providers in Worker Manager now handle RequestLimitExceeded errors from AWS gracefully with exponential backoff

▶ [patch] #1771
Taskcluster now properly allows a client to be saved when the "Delete on expiration" switch is changed when updating an existent client.

This release includes additional changes that were not considered important enough to mention here; see https://github.com/taskcluster/taskcluster/tree/v23.0.0%5E/changelog for details.

v21.3.0

▶ [minor] bug 1588834
AWS Provider worker pools now allow specifying additional userdata beyond that generated by the provider itself.

▶ [minor] #1529
When a third party site tries to login to the deployment, Taskcluster now attempts to auto login when there is only one login strategy configured. Previously, a user had to click on "Sign In" then click on the login strategy.

▶ [patch] #1839
Sign-In buttons now work properly with Firefox Nightly, instead of failing with a blank tab.

▶ [patch] #1835
Taskcluster now properly read the expires query parameter for whitelisted third-party login clients.
It was previously creating third-party login clients using the maxExpires value.
This issue was only seen with clients that are whitelisted.

▶ [patch] #1840
The Taskcluster UI can now fire actions with type 'task' without causing a schema validation error.

▶ [patch] #1838
The task-group and task views now update dynamically as tasks change status.

This release includes additional changes that were not considered important enough to mention here; see https://github.com/taskcluster/taskcluster/tree/v21.4.0%5E/changelog for details.

v21.2.0

(version 21.1.0 encountered issues during the release process and was skipped)

▶ [minor] bug 1589449

• Implements remove worker functionality in Worker Manager AWS provider.
• Corrects a typo in the route of remove worker api endpoint of Worker Manager

▶ [minor] #1713
Taskcluster now supports command-line logins via the UI. Query parameters
are client_id and callback_url.

▶ [minor] bug 1590848
The JSON-e context used to render .taskcluster.yml in GitHub repositories now contains taskcluster_root_url giving the root URL.
This can be used for conditionals in the file, or to generate URLs.

▶ [patch] bug 1545939
All long-runnning processes are now restarted once every 24 hours by kubernetes. This
is partially to replicate how Heroku ran the services and partially just because it
is a good idea.

This release includes additional changes that were not considered important enough to mention here; see https://github.com/taskcluster/taskcluster/tree/v21.3.0%5E/changelog for details.

v21.0.0

[MAJOR] (bug 1578900)

• Worker Manager AWS Provider now requires the ec2:DescribeRegions permission in addition to the previous permissions. The full permissions set is documented in the deploying workers section of the manual.
• Worker Manager AWS Provider now uses all the configs from the array of launchConfigs worker pools use, rather than a single, randomly selected config. This allows per-region and per-zone resources to be specified. MinCapacity and MaxCapacity are now specified for the whole worker pool as opposed to for every individual config.

some/worker:
  config:
    minCapacity: 25
    maxCapacity: 50
-   regions: [us-central1, ...]
-   capacityPerInstance: 1
-   ...
+   launchConfigs:
+     - region: us-central1
+       capacityPerInstance: 1
+       ...

[minor] (#1576) AWS Provisioner support has been removed from the UI and it is no longer a navigation menu item. This service has not been a part of the Taskcluster deployment for some time.

(bug 1589403) Fix a regression in Github logins. A header was not being set.

(#1573) The UI now properly listens to pulse messages. It was previously hard-coded to a value that would only work on https://taskcluster-ui.herokuapp.com/. We now read the pulse namespace from PULSE_USERNAME.

(#1665) The web-server service now properly configures CORS for its third party login endpoints /login/oauth/token and /login/oauth/credentials.

(bug 1589368) Taskcluster-GitHub now correctly reports InsufficientScopes errors, instead of "Cannot read property 'unsatisfied' of undefined".