Add build only build

2025-04-23 19:00:36 +01:00 · 2025-04-23 19:00:36 +01:00 · 2b373ebe9c
parent 7833eddedb
commit 2b373ebe9c
4 changed files with 59 additions and 31 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -25,6 +25,33 @@ check_tag:

 build_cloudflared_macos: &build
  stage: build
+  rules:
+    - when: never
+  tags:
+    - "macstadium-${RUNNER_ARCH}"
+  parallel:
+    matrix:
+      - RUNNER_ARCH: [arm, intel]
+  artifacts:
+    paths:
+      - artifacts/*
+  script:
+    - '[ "${RUNNER_ARCH}" = "arm" ] && export TARGET_ARCH=arm64'
+    - '[ "${RUNNER_ARCH}" = "intel" ] && export TARGET_ARCH=amd64'
+    - ARCH=$(uname -m)
+    - echo ARCH=$ARCH - TARGET_ARCH=$TARGET_ARCH
+    - ./.teamcity/mac/install-cloudflare-go.sh
+    - export PATH="/tmp/go/bin:$PATH"
+    - BUILD_SCRIPT=.teamcity/mac/build.sh
+    - if [[ ! -x ${BUILD_SCRIPT} ]] ; then exit ; fi
+    - set -euo pipefail
+    - echo "Executing ${BUILD_SCRIPT}"
+    - exec ${BUILD_SCRIPT}
+
+build_and_sign_cloudflared_macos:
+  <<: *build
+  rules:
+    - when: always
  secrets:
    APPLE_DEV_CA_CERT:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/apple_dev_ca_cert/data@kv
@ -47,32 +74,13 @@ build_cloudflared_macos: &build
    CFD_INSTALLER_PASS:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_installer_pass/data@kv
      file: false
-  tags:
-    - "macstadium-${RUNNER_ARCH}"
-  parallel:
-    matrix:
-      - RUNNER_ARCH: [arm, intel]
-  artifacts:
-    paths:
-      - artifacts/*
-  script:
-    - '[ "${RUNNER_ARCH}" = "arm" ] && export TARGET_ARCH=arm64'
-    - '[ "${RUNNER_ARCH}" = "intel" ] && export TARGET_ARCH=amd64'
-    - ARCH=$(uname -m)
-    - echo ARCH=$ARCH - TARGET_ARCH=$TARGET_ARCH
-    - ./.teamcity/mac/install-cloudflare-go.sh
-    - export PATH="/tmp/go/bin:$PATH"
-    - BUILD_SCRIPT=.teamcity/mac/build.sh
-    - if [[ ! -x ${BUILD_SCRIPT} ]] ; then exit ; fi
-    - set -euo pipefail
-    - echo "Executing ${BUILD_SCRIPT}"
-    - exec ${BUILD_SCRIPT}

-build_cloudflared_macos_tagged_release:
-  stage: build
-  image: docker-registry.cfdata.org/stash/cf/debian-images/bookworm/main:302-326550a62d5c@sha256:c8257b4e523f34b4ae6c6816d7685a39eabe0bd8c8bccb2c5befbacaed47f911
+release_cloudflared_macos_to_github:
+  stage: release
+  image: docker-registry.cfdata.org/stash/tun/docker-images/cloudflared-ci/main:5-0e9d27aca53f@sha256:dc41355345c593357fd0a2a70a8ff3d62ddadafe4be03dbfae4b883bfd477be1
  dependencies:
    - check_tag
+    - build_and_sign_cloudflared_macos
  cache:
    paths:
      - .cache/pip
@ -88,16 +96,13 @@ build_cloudflared_macos_tagged_release:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_github_api_key/data@kv
      file: false
  before_script:
-    - apt-get update && apt-get install -y go-boring=1.22.10-1 build-essential python3-dev libffi-dev python3-setuptools python3-pip python3-venv
    - python3 --version ; pip --version  # For debugging
-    - pip install virtualenv
-    - /home/gitlab-runner/.local/bin/virtualenv venv
+    - python3 -m venv venv
    - source venv/bin/activate
    - pip install pynacl==1.4.0 pygithub==1.55
  script:
-    - ls -lrth
    - echo $VERSION
    - echo $TAG_EXISTS
    - echo "Running release because tag exists."
-    - python3 github_release.py --path artifacts/ --release-version $VERSION --draft --dry-run
-
+    - python3 github_release.py --path artifacts/ --release-version $VERSION --draft
+    - echo "Running release_cloudflared_macos_to_github"
--- a/.teamcity/mac/build.sh
+++ b/.teamcity/mac/build.sh
@ -72,8 +72,12 @@ create_cloudflared_build_keychain() {
  # Reusing the private key password as the keychain key
  local PRIVATE_KEY_PASS=$1

-  # Create temp keychain
-  security create-keychain -p "$PRIVATE_KEY_PASS" cloudflared_build_keychain
+  # Create keychain only if it doesn't already exist
+  if [ ! -f "$HOME/Library/Keychains/cloudflared_build_keychain.keychain-db" ]; then
+    security create-keychain -p "$PRIVATE_KEY_PASS" cloudflared_build_keychain
+  else
+    echo "Keychain already exists: cloudflared_build_keychain"
+  fi

  # Append temp keychain to the user domain
  security list-keychains -d user -s cloudflared_build_keychain $(security list-keychains -d user | sed s/\"//g)
--- a/4
+++ b/4
@ -237,6 +237,10 @@ github-release:
 	python3 github_release.py --path $(PWD)/built_artifacts --release-version $(VERSION)
 	python3 github_message.py --release-version $(VERSION)

+.PHONY: macos-release
+macos-release:
+	- python3 github_release.py --path $(PWD)/artifacts/ --release-version $(VERSION) --draft --dry-run
+
 .PHONY: r2-linux-release
 r2-linux-release:
 	python3 ./release_pkgs.py
--- a/cfsetup.yaml
+++ b/cfsetup.yaml
@ -231,6 +231,21 @@ bullseye: &bullseye
      - . env/bin/activate
      - pip install pynacl==1.4.0 pygithub==1.55
      - make github-release
+  macos-release:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - build-essential
+      - python3-dev
+      - libffi-dev
+      - python3-setuptools
+      - python3-pip
+      - python3-venv
+    post-cache:
+      - python3 -m venv env
+      - . env/bin/activate
+      - pip install pynacl==1.4.0 pygithub==1.55
+      - make macos-release
  r2-linux-release:
    build_dir: *build_dir
    builddeps: