fetch_macaroons.sh

# How to create the secret
# 1. Generate macaroon:
#   1.1 use https://gist.github.com/rail/cd052897ae16ebd4c90078920cb131cd
#   1.2 python3  generate_macaroon.py | base64 -w 0
#   1.2.1 Use the credentials from the private repo. The generated macaroon will be valid for a year
#   1.3 copy the output to taskcluste secret {"content": "output goes here"}
#   1.4 I used project/releng/snapcraft/firefox/edge to store the secrets
# 2. Modify the snap task to:
#   2.1 add scopes to read the secret:
#    secrets:get:project/releng/snapcraft/firefox/edge
#   2.2 Add payload.features.taskclusterProxy, set to true
# 3. call this scipt passing the url of the secret:
#    bash $0 http://taskcluster/secrets/v1/secret/project/releng/snapcraft/firefox/edge
# 4. Modfify the runme.sh script to call `snapcraft upload firefox.snap`,
#    probably with some extra arguments to upload to the "edge" channel only.
#    We can add a check and run this command only if the config file exists.



url=$1
config=~/.snapcraft/snapcraft.cfg

mkdir -p ~/.snapcraft
curl -s $url | \
    python -c 'import json, sys; a = json.load(sys.stdin); print a["secret"]["content"]' | \
    base64 -d > \
    $config
chmod 600 $config

Fix at line 4:
You shouldn't base64 the whole command. Otherwise, the whole stdout gets in base64'd data. This includes:

Enter your Ubuntu One e-mail address and password.
If you do not have an Ubuntu One account, you can create one at https://dashboard.snapcraft.io/openid/login
Email: 

Login successful.

Therefore, the best way to base64 is to copy and paste the output yourself.