mirror of
https://github.com/fumiama/terasu-cloudflared.git
synced 2026-06-05 00:50:24 +08:00
9551f2a381
* TUN-9776: Support signing Debian packages with two keys for rollover Debian Trixie doesn't support the SHA-1 algo for GPG keys. This commit leverages the ability of providing two keys in the reprepro configuration in order to have two signatures in InRelease and Release.gpg files. This allows users that have the old key to continue fetching the binaries with the old key while allowing us to provide a new key that can be used in Trixie. Unfortunately current versions of RPM (since 2002) don't support double signing, so we can't apply the same logic for RPM Closes TUN-9776
244 lines
6.6 KiB
YAML
244 lines
6.6 KiB
YAML
pinned_go: &pinned_go go-boring=1.24.4-1
|
|
|
|
build_dir: &build_dir /cfsetup_build
|
|
default-flavor: bookworm
|
|
|
|
bookworm: &bookworm
|
|
build-linux:
|
|
build_dir: *build_dir
|
|
builddeps: &build_deps
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
- rpm
|
|
- libffi-dev
|
|
- golangci-lint=1.64.8-2
|
|
pre-cache: &build_pre_cache
|
|
- export GOCACHE=/cfsetup_build/.cache/go-build
|
|
- go install golang.org/x/tools/cmd/goimports@v0.30.0
|
|
post-cache:
|
|
# Linting
|
|
- make lint
|
|
- make fmt-check
|
|
# Build binary for component test
|
|
- GOOS=linux GOARCH=amd64 make cloudflared
|
|
build-linux-fips:
|
|
build_dir: *build_dir
|
|
builddeps: *build_deps
|
|
pre-cache: *build_pre_cache
|
|
post-cache:
|
|
- export FIPS=true
|
|
# Build binary for component test
|
|
- GOOS=linux GOARCH=amd64 make cloudflared
|
|
cover:
|
|
build_dir: *build_dir
|
|
builddeps: *build_deps
|
|
pre-cache: *build_pre_cache
|
|
post-cache:
|
|
- make cover
|
|
# except FIPS and macos
|
|
build-linux-release:
|
|
build_dir: *build_dir
|
|
builddeps: &build_deps_release
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
- rpm
|
|
- libffi-dev
|
|
- python3-dev
|
|
- python3-pip
|
|
- python3-setuptools
|
|
- wget
|
|
- python3-venv
|
|
post-cache:
|
|
- python3 -m venv env
|
|
- . /cfsetup_build/env/bin/activate
|
|
- pip install pynacl==1.4.0 pygithub==1.55 boto3==1.22.9 python-gnupg==0.4.9
|
|
# build all packages (except macos and FIPS) and move them to /cfsetup/built_artifacts
|
|
- ./build-packages.sh
|
|
# handle FIPS separately so that we built with gofips compiler
|
|
build-linux-fips-release:
|
|
build_dir: *build_dir
|
|
builddeps: *build_deps_release
|
|
post-cache:
|
|
# same logic as above, but for FIPS packages only
|
|
- ./build-packages-fips.sh
|
|
generate-versions-file:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
post-cache:
|
|
- make generate-docker-version
|
|
build-deb:
|
|
build_dir: *build_dir
|
|
builddeps: &build_deb_deps
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- make cloudflared-deb
|
|
build-fips-internal-deb:
|
|
build_dir: *build_dir
|
|
builddeps: &build_fips_deb_deps
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export FIPS=true
|
|
- export ORIGINAL_NAME=true
|
|
- make cloudflared-deb
|
|
build-internal-deb-nightly-amd64:
|
|
build_dir: *build_dir
|
|
builddeps: *build_fips_deb_deps
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export NIGHTLY=true
|
|
- export FIPS=true
|
|
- export ORIGINAL_NAME=true
|
|
- make cloudflared-deb
|
|
build-internal-deb-nightly-arm64:
|
|
build_dir: *build_dir
|
|
builddeps: *build_fips_deb_deps
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=arm64
|
|
- export NIGHTLY=true
|
|
# - export FIPS=true # TUN-7595
|
|
- export ORIGINAL_NAME=true
|
|
- make cloudflared-deb
|
|
build-deb-arm64:
|
|
build_dir: *build_dir
|
|
builddeps: *build_deb_deps
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=arm64
|
|
- make cloudflared-deb
|
|
test:
|
|
build_dir: *build_dir
|
|
builddeps: &build_deps_tests
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
- rpm
|
|
- libffi-dev
|
|
- gotest-to-teamcity
|
|
pre-cache: *build_pre_cache
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export PATH="$HOME/go/bin:$PATH"
|
|
- make test | gotest-to-teamcity
|
|
test-fips:
|
|
build_dir: *build_dir
|
|
builddeps: *build_deps_tests
|
|
pre-cache: *build_pre_cache
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export FIPS=true
|
|
- export PATH="$HOME/go/bin:$PATH"
|
|
- make test | gotest-to-teamcity
|
|
component-test:
|
|
build_dir: *build_dir
|
|
builddeps: &build_deps_component_test
|
|
- *pinned_go
|
|
- python3
|
|
- python3-pip
|
|
- python3-setuptools
|
|
# procps installs the ps command which is needed in test_sysv_service
|
|
# because the init script uses ps pid to determine if the agent is
|
|
# running
|
|
- procps
|
|
- python3-venv
|
|
pre-cache-copy-paths:
|
|
- component-tests/requirements.txt
|
|
post-cache: &component_test_post_cache
|
|
- python3 -m venv env
|
|
- . env/bin/activate
|
|
- pip install --upgrade -r component-tests/requirements.txt
|
|
# Creates and routes a Named Tunnel for this build. Also constructs
|
|
# config file from env vars.
|
|
- python3 component-tests/setup.py --type create
|
|
- pytest component-tests -o log_cli=true --log-cli-level=INFO
|
|
# The Named Tunnel is deleted and its route unprovisioned here.
|
|
- python3 component-tests/setup.py --type cleanup
|
|
component-test-fips:
|
|
build_dir: *build_dir
|
|
builddeps: *build_deps_component_test
|
|
pre-cache-copy-paths:
|
|
- component-tests/requirements.txt
|
|
post-cache: *component_test_post_cache
|
|
github-release-dryrun:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- python3-dev
|
|
- libffi-dev
|
|
- python3-setuptools
|
|
- python3-pip
|
|
- python3-venv
|
|
post-cache:
|
|
- python3 -m venv env
|
|
- . env/bin/activate
|
|
- pip install pynacl==1.4.0 pygithub==1.55
|
|
- make github-release-dryrun
|
|
github-release:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- python3-dev
|
|
- libffi-dev
|
|
- python3-setuptools
|
|
- python3-pip
|
|
- python3-venv
|
|
post-cache:
|
|
- python3 -m venv env
|
|
- . env/bin/activate
|
|
- pip install pynacl==1.4.0 pygithub==1.55
|
|
- make github-release
|
|
r2-linux-release:
|
|
build_dir: *build_dir
|
|
builddeps: &r2-linux-release-deps
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
- rpm
|
|
- wget
|
|
- python3-dev
|
|
- libffi-dev
|
|
- python3-setuptools
|
|
- python3-pip
|
|
- reprepro
|
|
- createrepo-c
|
|
- python3-venv
|
|
post-cache:
|
|
- python3 -m venv env
|
|
- . env/bin/activate
|
|
- pip install pynacl==1.4.0 pygithub==1.55 boto3==1.22.9 python-gnupg==0.4.9
|
|
- make r2-linux-release
|
|
|
|
r2-next-linux-release:
|
|
build_dir: *build_dir
|
|
builddeps: *r2-linux-release-deps
|
|
post-cache:
|
|
- python3 -m venv env
|
|
- . env/bin/activate
|
|
- pip install pynacl==1.4.0 pygithub==1.55 boto3==1.22.9 python-gnupg==0.4.9
|
|
- make r2-next-linux-release
|
|
|
|
trixie: *bookworm
|