From 31f45fb5056bef48efae27fdc5b74bbd26fdf8a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20=22Pisco=22=20Fernandes?= Date: Fri, 7 Nov 2025 18:38:31 +0000 Subject: [PATCH] TUN-9800: Migrate apt internal builds to Gitlab --- .ci/apt-internal.gitlab-ci.yml | 151 +++++++++++++++++++++++++++++++++ .ci/commons.gitlab-ci.yml | 22 ++--- .ci/image/Dockerfile | 5 +- .ci/release.gitlab-ci.yml | 12 ++- .gitlab-ci.yml | 7 +- cfsetup.yaml | 54 +----------- 6 files changed, 178 insertions(+), 73 deletions(-) create mode 100644 .ci/apt-internal.gitlab-ci.yml diff --git a/.ci/apt-internal.gitlab-ci.yml b/.ci/apt-internal.gitlab-ci.yml new file mode 100644 index 00000000..a1df8e27 --- /dev/null +++ b/.ci/apt-internal.gitlab-ci.yml @@ -0,0 +1,151 @@ +.register_inputs: ®ister_inputs + stage: release-internal + runOnBranches: "^master$" + COMPONENT: "common" + +.register_inputs_stable_bookworm: ®ister_inputs_stable_bookworm + <<: *register_inputs + runOnChangesTo: ['RELEASE_NOTES'] + FLAVOR: "bookworm" + SERIES: "stable" + +.register_inputs_stable_trixie: ®ister_inputs_stable_trixie + <<: *register_inputs + runOnChangesTo: ['RELEASE_NOTES'] + FLAVOR: "trixie" + SERIES: "stable" + +.register_inputs_next_bookworm: ®ister_inputs_next_bookworm + <<: *register_inputs + FLAVOR: "bookworm" + SERIES: next + +.register_inputs_next_trixie: ®ister_inputs_next_trixie + <<: *register_inputs + FLAVOR: "trixie" + SERIES: next + +################################################ +### Generate Debian Package for Internal APT ### +################################################ +.cloudflared-apt-build: &cloudflared_apt_build + stage: package + needs: + - ci-image-get-image-ref + - linux-packaging # For consistency, we only run this job after we knew we could build the packages for external delivery + image: $BUILD_IMAGE + cache: {} + script: + - make cloudflared-deb + artifacts: + paths: + - cloudflared*.deb + +############## +### Stable ### +############## +cloudflared-amd64-stable: + <<: *cloudflared_apt_build + rules: + - !reference [.default-rules, run-on-release] + variables: &amd64-stable-vars + GOOS: linux + GOARCH: amd64 + FIPS: true + ORIGINAL_NAME: true + CGO_ENABLED: 1 + +cloudflared-arm64-stable: + <<: *cloudflared_apt_build + rules: + - !reference [.default-rules, run-on-release] + variables: &arm64-stable-vars + GOOS: linux + GOARCH: arm64 + FIPS: false # TUN-7595 + ORIGINAL_NAME: true + CGO_ENABLED: 1 + +############ +### Next ### +############ +cloudflared-amd64-next: + <<: *cloudflared_apt_build + rules: + - !reference [.default-rules, run-on-master] + variables: + <<: *amd64-stable-vars + NIGHTLY: true + +cloudflared-arm64-next: + <<: *cloudflared_apt_build + rules: + - !reference [.default-rules, run-on-master] + variables: + <<: *arm64-stable-vars + NIGHTLY: true + +include: + - local: .ci/commons.gitlab-ci.yml + + ########################################## + ### Publish Packages to Internal Repos ### + ########################################## + # Bookworm AMD64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_stable_bookworm + jobPrefix: cloudflared-bookworm-amd64 + needs: &amd64-stable ["cloudflared-amd64-stable"] + + # Bookworm ARM64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_stable_bookworm + jobPrefix: cloudflared-bookworm-arm64 + needs: &arm64-stable ["cloudflared-arm64-stable"] + + # Trixie AMD64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_stable_trixie + jobPrefix: cloudflared-trixie-amd64 + needs: *amd64-stable + + # Trixie ARM64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_stable_trixie + jobPrefix: cloudflared-trixie-arm64 + needs: *arm64-stable + + ################################################## + ### Publish Nightly Packages to Internal Repos ### + ################################################## + # Bookworm AMD64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_next_bookworm + jobPrefix: cloudflared-nightly-bookworm-amd64 + needs: &amd64-next ['cloudflared-amd64-next'] + + # Bookworm ARM64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_next_bookworm + jobPrefix: cloudflared-nightly-bookworm-arm64 + needs: &arm64-next ['cloudflared-arm64-next'] + + # Trixie AMD64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_next_trixie + jobPrefix: cloudflared-nightly-trixie-amd64 + needs: *amd64-next + + # Trixie ARM64 + - component: $CI_SERVER_FQDN/cloudflare/ci/apt-register/register@~latest + inputs: + <<: *register_inputs_next_trixie + jobPrefix: cloudflared-nightly-trixie-arm64 + needs: *arm64-next diff --git a/.ci/commons.gitlab-ci.yml b/.ci/commons.gitlab-ci.yml index 43b43f22..28a839af 100644 --- a/.ci/commons.gitlab-ci.yml +++ b/.ci/commons.gitlab-ci.yml @@ -20,21 +20,13 @@ - if: $CI_COMMIT_BRANCH != null && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH when: on_success - when: never - -# This before_script is injected into every job that runs on master meaning that if there is no tag the step -# will succeed but only write "No tag present - Skipping" to the console. -.check-tag: - before_script: - - | - # Check if there is a Git tag pointing to HEAD - echo "Tag found: $(git tag --points-at HEAD | grep .)" - if git tag --points-at HEAD | grep .; then - echo "Tag found: $(git tag --points-at HEAD | grep .)" - export "VERSION=$(git tag --points-at HEAD | grep .)" - else - echo "No tag present — skipping." - exit 0 - fi + # Rules to run the job only when a release happens + run-on-release: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + changes: + - 'RELEASE_NOTES' + when: on_success + - when: never .component-tests: image: $BUILD_IMAGE diff --git a/.ci/image/Dockerfile b/.ci/image/Dockerfile index 9d700fff..05536bfb 100644 --- a/.ci/image/Dockerfile +++ b/.ci/image/Dockerfile @@ -22,7 +22,10 @@ RUN apt-get update && \ rpm \ # create deb and rpm repository files reprepro \ - createrepo-c && \ + createrepo-c \ + # gcc for cross architecture compilation in arm + gcc-aarch64-linux-gnu \ + libc6-dev-arm64-cross && \ rm -rf /var/lib/apt/lists/* && \ # Install wixl curl -o /usr/local/bin/wixl -L https://pkg.cloudflare.com/binaries/wixl && \ diff --git a/.ci/release.gitlab-ci.yml b/.ci/release.gitlab-ci.yml index 644e20a2..89d68743 100644 --- a/.ci/release.gitlab-ci.yml +++ b/.ci/release.gitlab-ci.yml @@ -28,8 +28,6 @@ include: .default-release-job: &release-job-defaults stage: release image: $BUILD_IMAGE - rules: - - !reference [.default-rules, run-on-master] cache: paths: - .cache/pip @@ -76,7 +74,8 @@ include: ########################################### release-cloudflared-to-github: <<: *release-job-defaults - extends: .check-tag + rules: + - !reference [.default-rules, run-on-release] needs: - ci-image-get-image-ref - linux-packaging @@ -91,7 +90,8 @@ release-cloudflared-to-github: ######################################### release-cloudflared-to-r2: <<: *release-job-defaults - extends: .check-tag + rules: + - !reference [.default-rules, run-on-release] needs: - ci-image-get-image-ref - linux-packaging # We only release non-FIPS binaries to R2 @@ -104,6 +104,8 @@ release-cloudflared-to-r2: ################################################# release-cloudflared-nightly-to-r2: <<: *release-job-defaults + rules: + - !reference [.default-rules, run-on-master] variables: <<: *release-job-variables R2_BUCKET: cloudflared-pkgs-next @@ -120,6 +122,8 @@ release-cloudflared-nightly-to-r2: ############################# generate-version-file: <<: *release-job-defaults + rules: + - !reference [.default-rules, run-on-release] needs: - ci-image-get-image-ref script: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 02db7216..bfc88f37 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ default: VAULT_ID_TOKEN: aud: https://vault.cfdata.org -stages: [sync, pre-build, build, validate, test, package, release, review] +stages: [sync, pre-build, build, validate, test, package, release, release-internal, review] include: ##################################################### @@ -45,6 +45,11 @@ include: ##################################################### - local: .ci/release.gitlab-ci.yml + ##################################################### + ########## Release Packages Internally ############## + ##################################################### + - local: .ci/apt-internal.gitlab-ci.yml + ##################################################### ############## Manual Claude Review ################# ##################################################### diff --git a/cfsetup.yaml b/cfsetup.yaml index a9be5d11..05b05c3a 100644 --- a/cfsetup.yaml +++ b/cfsetup.yaml @@ -1,52 +1,2 @@ -pinned_go: &pinned_go go-boring=1.24.9-1 - -build_dir: &build_dir /cfsetup_build -default-flavor: bookworm - -bookworm: &bookworm - build-fips-internal-deb: - build_dir: *build_dir - builddeps: &build_fips_deb_deps - - *pinned_go - - build-essential - - fakeroot - - rubygem-fpm - post-cache: - - export GOOS=linux - - export GOARCH=amd64 - - export FIPS=true - - export ORIGINAL_NAME=true - - make cloudflared-deb - build-internal-deb-nightly-amd64: - build_dir: *build_dir - builddeps: *build_fips_deb_deps - post-cache: - - export GOOS=linux - - export GOARCH=amd64 - - export NIGHTLY=true - - export FIPS=true - - export ORIGINAL_NAME=true - - make cloudflared-deb - build-internal-deb-nightly-arm64: - build_dir: *build_dir - builddeps: *build_fips_deb_deps - post-cache: - - export GOOS=linux - - export GOARCH=arm64 - - export NIGHTLY=true - # - export FIPS=true # TUN-7595 - - export ORIGINAL_NAME=true - - make cloudflared-deb - build-deb-arm64: - build_dir: *build_dir - builddeps: - - *pinned_go - - build-essential - - fakeroot - - rubygem-fpm - post-cache: - - export GOOS=linux - - export GOARCH=arm64 - - make cloudflared-deb - -trixie: *bookworm +# A valid cfsetup.yaml is required but we dont have any real config to specify +dummy_key: true