include: - local: .ci/commons.gitlab-ci.yml ###################################### ### Build and Push DockerHub Image ### ###################################### - component: $CI_SERVER_FQDN/cloudflare/ci/docker-image/build-push-image@~latest inputs: stage: release jobPrefix: docker-hub runOnMR: false runOnBranches: '^master$' runOnChangesTo: ['RELEASE_NOTES'] needs: - generate-version-file - release-cloudflared-to-r2 commentImageRefs: false runner: vm-linux-x86-4cpu-8gb DOCKER_USER_BRANCH: svcgithubdockerhubcloudflar045 DOCKER_PASSWORD_BRANCH: gitlab/cloudflare/tun/cloudflared/_dev/dockerhub/svc_password/data EXTRA_DIB_ARGS: --overwrite .default-release-job: &release-job-defaults stage: release image: $BUILD_IMAGE rules: - !reference [.default-rules, run-on-master] cache: paths: - .cache/pip variables: PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" # KV Vars KV_NAMESPACE: 380e19aa04314648949b6ad841417ebe KV_ACCOUNT: &cf-account 5ab4e9dfbd435d24068829fda0077963 # R2 Vars R2_BUCKET: cloudflared-pkgs R2_ACCOUNT_ID: *cf-account # APT and RPM Repository Vars GPG_PUBLIC_KEY_URL: "https://pkg.cloudflare.com/cloudflare-ascii-pubkey.gpg" PKG_URL: "https://pkg.cloudflare.com/cloudflared" BINARY_NAME: cloudflared secrets: KV_API_TOKEN: vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_kv_api_token/data@kv file: false API_KEY: vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_github_api_key/data@kv file: false R2_CLIENT_ID: vault: gitlab/cloudflare/tun/cloudflared/_dev/_terraform_atlantis/r2_api_token/client_id@kv file: false R2_CLIENT_SECRET: vault: gitlab/cloudflare/tun/cloudflared/_dev/_terraform_atlantis/r2_api_token/client_secret@kv file: false LINUX_SIGNING_PUBLIC_KEY: vault: gitlab/cloudflare/tun/cloudflared/_dev/gpg_v1/public_key@kv file: false LINUX_SIGNING_PRIVATE_KEY: vault: gitlab/cloudflare/tun/cloudflared/_dev/gpg_v1/private_key@kv file: false LINUX_SIGNING_PUBLIC_KEY_2: vault: gitlab/cloudflare/tun/cloudflared/_dev/gpg_v2/public_key@kv file: false LINUX_SIGNING_PRIVATE_KEY_2: vault: gitlab/cloudflare/tun/cloudflared/_dev/gpg_v2/private_key@kv file: false ########################################### ### Push Cloudflared Binaries to Github ### ########################################### release-cloudflared-to-github: <<: *release-job-defaults extends: .check-tag needs: - build-and-sign-cloudflared-macos - ci-image-get-image-ref - linux-packaging - linux-packaging-fips - package-windows script: - ./.ci/scripts/release-target.sh github-release ######################################### ### Upload Cloudflared Binaries to R2 ### ######################################### release-cloudflared-to-r2: <<: *release-job-defaults extends: .check-tag needs: - ci-image-get-image-ref - linux-packaging # We only release non-FIPS binaries to R2 - release-cloudflared-to-github script: - ./.ci/scripts/release-target.sh r2-linux-release ################################################# ### Upload Cloudflared Nightly Binaries to R2 ### ################################################# release-cloudflared-nightly-to-r2: <<: *release-job-defaults variables: R2_BUCKET: cloudflared-pkgs-next GPG_PUBLIC_KEY_URL: "https://next.pkg.cloudflare.com/cloudflare-ascii-pubkey.gpg" PKG_URL: "https://next.pkg.cloudflare.com/cloudflared" needs: - ci-image-get-image-ref - linux-packaging # We only release non-FIPS binaries to R2 script: - ./.ci/scripts/release-target.sh r2-linux-release ############################# ### Generate Version File ### ############################# generate-version-file: <<: *release-job-defaults needs: - ci-image-get-image-ref script: - make generate-docker-version artifacts: paths: - versions