mach_commands.py - mozsearch

Enable keyboard shortcuts

# This Source Code Form is subject to the terms of the Mozilla Public

# License, v. 2.0. If a copy of the MPL was not distributed with this

# file, You can obtain one at http://mozilla.org/MPL/2.0/.

import logging

import os

import subprocess

import yaml

from mach.decorators import Command, CommandArgument

from mach.util import UserError

def get_blocking_bug():

    securitydir = os.path.dirname(__file__)

    with open(os.path.join(securitydir, "nss", "moz.yaml")) as f:

        manifest = yaml.load(f, Loader=yaml.BaseLoader)

    if "updatebot" not in manifest:

        raise UserError("moz.yaml must have an updatebot section")

    updatebot = manifest["updatebot"]

    if "tasks" not in manifest["updatebot"]:

        raise UserError("updatebot section of moz.yaml must have tasks")

    tasks = updatebot["tasks"]

    vendoring_task = [

        task for task in tasks if "type" in task and task["type"] == "vendoring"

    if len(vendoring_task) != 1:

        raise UserError(

            "updatebot section of moz.yaml must have exactly one vendoring task"

    vendoring_task = vendoring_task[0]

    if "blocking" not in vendoring_task:

        raise UserError(

            "vendoring task of updatebot section of moz.yaml must have a blocking bug"

    return vendoring_task["blocking"]

@Command(

    "nss-uplift",

    category="devenv",

    description="Upgrade to a tagged release of NSS",

@CommandArgument(

    "tag",

    nargs=1,

    help="The tagged release to upgrade to.",

def nss_uplift(command_context, tag):

    tag = tag[0]

    if not tag.startswith("NSS_"):

        raise UserError("Tag must start with 'NSS_'")

    result = subprocess.run(

        ["git", "status", "--porcelain"], capture_output=True, text=True, check=True

    if result.stdout.strip():

        raise UserError(

            "Working tree is not clean. Please commit or stash your changes."

    result = subprocess.run(

        ["./mach", "vendor", "security/nss/moz.yaml", "--revision", tag], check=True

    with open("security/nss/TAG-INFO", "w") as f:

        f.write(tag)

    result = subprocess.run(

        ["git", "status", "--porcelain"], capture_output=True, text=True, check=True

    assert result.returncode == 0

    if ".def" in result.stdout:

        command_context.log(

            logging.WARNING,

            "nss_uplift",

{},

            "Changes in .def. We might have to change security/nss.symbols then manually",

    blocking_bug = get_blocking_bug()

    result = subprocess.run(

            "git",

            "commit",

            "-a",

            "-m"

            f"Bug {blocking_bug} - upgrade NSS to {tag}. r=#nss-reviewers UPGRADE_NSS_RELEASE",

],

        capture_output=True,

        text=True,

        check=True,

    assert result.returncode == 0

    if "_RTM" in tag:

        command_context.log(

            logging.WARNING,

            "nss_uplift",

{},

            "Create a bug for the next release, update the blocking bug for updatebot in security/nss/moz.yaml, and run `git commit --amend`",

    return 0