mozilla-releng · ahal · Jan 30, 2026 · Jan 30, 2026 · Eijebong · Feb 2, 2026
@@ -719,17 +719,21 @@ async def download_cot_artifact(chain, task_id, path):
     link = chain.get_link(task_id)
     log.debug("Verifying {} is in {} cot artifacts...".format(path, task_id))
     if not link.cot:
-        log.warning('Chain of Trust for "{}" in {} does not exist. See above log for more details. \
-Skipping download of this artifact'.format(path, task_id))
+        log.warning(
+            'Chain of Trust for "{}" in {} does not exist. See above log for more details. \
+Skipping download of this artifact'.format(
+                path, task_id
+            )
+        )
         return
 
     if path not in link.cot["artifacts"]:
+        cot_url = get_artifact_url(chain.context, link.task_id, "public/chain-of-trust.json")
         raise CoTError(
-            "path {path} not in {link_name} {task_id} chain of trust artifacts! This is likely "
-            "a bug in {task_id}: docker-worker does not fail if a declared artifact was never "
-            "generated by the task. Please download and make sure the artifact {path} is the "
-            "one you expect. If it is, then please reach out to the Release Engineering "
-            "team. For more information: https://github.com/taskcluster/taskgraph/issues/47".format(path=path, link_name=link.name, task_id=link.task_id)
+            "path {path} not in {link_name} {task_id} chain of trust artifacts! Verify {path} "
+            "is correct, was produced by task {task_id}, and is listed in {cot_url}".format(
-            "path {path} not in {link_name} {task_id} chain of trust artifacts! Verify {path} "
-            "is correct, was produced by task {task_id}, and is listed in {cot_url}".format(
+            "path {path} not in {link_name} {task_id} chain of trust artifacts! "
+            "This is likely a bug in {task_id}. Verify that {path} was produced by "
+            "the task and is listed in {cot_url}".format(
-            "path {path} not in {link_name} {task_id} chain of trust artifacts! Verify {path} "
-            "is correct, was produced by task {task_id}, and is listed in {cot_url}".format(
+            "path {path} not in {link_name} {task_id} chain of trust artifacts! "
+            "This is likely a bug in {task_id}. Verify that {path} was produced by "
+            "the task and is listed in {cot_url}".format(
+                path=path, link_name=link.name, task_id=link.task_id, cot_url=cot_url
+            )
         )
     url = get_artifact_url(chain.context, task_id, path)
     loggable_url = get_loggable_url(url)
@@ -2101,7 +2105,8 @@ def verify_cot_cmdln(args=None, event_loop=None):
 
     """
     args = args or sys.argv[1:]
-    parser = argparse.ArgumentParser(description="""Verify a given task's chain of trust.
+    parser = argparse.ArgumentParser(
+        description="""Verify a given task's chain of trust.
 
 Given a task's `task_id`, get its task definition, then trace its chain of
 trust back to the tree.  This doesn't verify chain of trust artifact signatures,
@@ -2113,7 +2118,8 @@ def verify_cot_cmdln(args=None, event_loop=None):
 or in the CREDS_FILES http://bit.ly/2fVMu0A
 
 If you are verifying against a private github repo, please also set in environment
-SCRIPTWORKER_GITHUB_OAUTH_TOKEN to an OAUTH token with read permissions to the repo""")
+SCRIPTWORKER_GITHUB_OAUTH_TOKEN to an OAUTH token with read permissions to the repo"""
+    )
     parser.add_argument("task_id", help="the task id to test")
     parser.add_argument("--task-type", help="the task type to test", choices=sorted(get_valid_task_types().keys()), required=True)
     parser.add_argument("--cleanup", help="clean up the temp dir afterwards", dest="cleanup", action="store_true", default=False)
@@ -2180,13 +2186,15 @@ def create_test_workdir(args=None, event_loop=None):
 
     """
     args = args or sys.argv[1:]
-    parser = argparse.ArgumentParser(description="""Populate a test `work_dir`.
+    parser = argparse.ArgumentParser(
+        description="""Populate a test `work_dir`.
 
 Given a scriptworker task's `task_id`, get its task definition, write it to
 `./work/task.json`, then download its `upstreamArtifacts` and put them in
 `./work/cot/TASK_ID/PATH`.
 
-This is helpful in manually testing a *script run.""")
+This is helpful in manually testing a *script run."""
+    )
     parser.add_argument("--path", help="relative path to the work_dir", default="work")
     parser.add_argument("--overwrite", help="overwrite an existing work_dir", action="store_true")
     parser.add_argument("task_id", help="the task id to test")

@@ -141,11 +141,13 @@ def verify_ed25519_signature_cmdln(args=None, exception=SystemExit):
 
     """
     args = args or sys.argv[1:]
-    parser = argparse.ArgumentParser(description="""Verify an ed25519 signature from the command line.
+    parser = argparse.ArgumentParser(
+        description="""Verify an ed25519 signature from the command line.
 
 Given a file and its detached signature, verify that it has been signed with
 a valid key. This key can be specified on the command line; otherwise we'll
-default to ``config['ed25519_public_keys']``.""")
+default to ``config['ed25519_public_keys']``."""
+    )
     parser.add_argument("--pubkey", help="path to a base64-encoded ed25519 pubkey, optional")
     parser.add_argument("file_path")
     parser.add_argument("sig_path")