cloudflared-mirror/.gitlab-ci.yml

stages: [check, build, release]

default:
  id_tokens:
    VAULT_ID_TOKEN:
      aud: https://vault.cfdata.org

# -----------------------------------------------
# Stage 1: Check for a Git tag on the current commit
# -----------------------------------------------
check_tag:
  stage: check
  script:
    - |
      # Check if there is a Git tag pointing to HEAD
      if git tag --points-at HEAD | grep .; then
        echo "TAG_EXISTS=true" >> tag_check.env
      else
        echo "TAG_EXISTS=false" >> tag_check.env
      fi      
  artifacts:
    reports:
      dotenv: tag_check.env  # Pass the TAG_EXISTS variable to the next stage

build_cloudflared_macos: &build
  stage: build
  secrets:
    APPLE_DEV_CA_CERT:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/apple_dev_ca_cert/data@kv
      file: false
    CFD_CODE_SIGN_CERT:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_codesign_cert/data@kv
      file: false
    CFD_CODE_SIGN_KEY:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_codesign_key/data@kv
      file: false
    CFD_CODE_SIGN_PASS:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_codesign_pass/data@kv
      file: false
    CFD_INSTALLER_CERT:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_installer_cert/data@kv
      file: false
    CFD_INSTALLER_KEY:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_installer_key/data@kv
      file: false
    CFD_INSTALLER_PASS:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_installer_pass/data@kv
      file: false
  tags:
    - "macstadium-${RUNNER_ARCH}"
  parallel:
    matrix:
      - RUNNER_ARCH: [arm, intel]
  artifacts:
    paths:
      - artifacts/*
  script:
    - '[ "${RUNNER_ARCH}" = "arm" ] && export TARGET_ARCH=arm64'
    - '[ "${RUNNER_ARCH}" = "intel" ] && export TARGET_ARCH=amd64'
    - ARCH=$(uname -m)
    - echo ARCH=$ARCH - TARGET_ARCH=$TARGET_ARCH
    - ./.teamcity/mac/install-cloudflare-go.sh
    - export PATH="/tmp/go/bin:$PATH"
    - BUILD_SCRIPT=.teamcity/mac/build.sh
    - if [[ ! -x ${BUILD_SCRIPT} ]] ; then exit ; fi
    - set -euo pipefail
    - echo "Executing ${BUILD_SCRIPT}"
    - exec ${BUILD_SCRIPT}

build_cloudflared_macos_tagged_release:
  stage: build
  image: docker-registry.cfdata.org/stash/devtools/ci-builders/python3.11/master:2917-0943e356eb01@sha256:a2780322e1926273ade752ae0c936876b9bef388d43b866347d6b2acd982d7e8
  cache:
    paths:
      - .cache/pip
  variables:
    PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
    KV_NAMESPACE: 380e19aa04314648949b6ad841417ebe
    KV_ACCOUNT: 5ab4e9dfbd435d24068829fda0077963
  secrets:
    KV_API_TOKEN:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_kv_api_token/data@kv
      file: false
    API_KEY:
      vault: gitlab/cloudflare/tun/cloudflared/_dev/cfd_github_api_key/data@kv
      file: false
  before_script:
    - python3 --version ; pip --version  # For debugging
    - pip install virtualenv
    - /home/gitlab-runner/.local/bin/virtualenv venv
    - source venv/bin/activate
  script:
    - echo "Running release because tag exists."
    - python3 github_release.py --path $(PWD)/artifacts --release-version $(VERSION) --draft --dry-run