mirror of
https://github.com/cloudflare/cloudflared.git
synced 2025-05-28 19:56:34 +00:00

This changes existing Makefile targets to make it obvious that they are used to publish debian packages for internal Cloudflare usage. Those are now FIPS compliant, with no alternative provided. This only affects amd64 builds (and we only publish internally for Linux). This new Makefile target is used by all internal builds (including nightly that is used for e2e tests). Note that this Makefile target renames the artifact to be just `cloudflared` so that this is used "as is" internally, without expecting people to opt-in to the new `cloudflared-fips` package (as we are giving them no alternative).
265 lines
7.3 KiB
YAML
265 lines
7.3 KiB
YAML
pinned_go: &pinned_go go=1.17-1
|
|
pinned_go_fips: &pinned_go_fips go-boring=1.16.6-7
|
|
|
|
build_dir: &build_dir /cfsetup_build
|
|
default-flavor: buster
|
|
stretch: &stretch
|
|
build:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- make cloudflared
|
|
build-fips:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go_fips
|
|
- build-essential
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export FIPS=true
|
|
- make cloudflared
|
|
# except FIPS (handled in github-fips-release-pkgs) and macos (handled in github-release-macos-amd64)
|
|
github-release-pkgs:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
- rpm
|
|
- wget
|
|
# libmsi and libgcab are libraries the wixl binary depends on.
|
|
- libmsi-dev
|
|
- libgcab-dev
|
|
- python3-dev
|
|
- libffi-dev
|
|
- python3-setuptools
|
|
- python3-pip
|
|
pre-cache: &github_release_pkgs_pre_cache
|
|
- wget https://github.com/sudarshan-reddy/msitools/releases/download/v0.101b/wixl -P /usr/local/bin
|
|
- chmod a+x /usr/local/bin/wixl
|
|
- pip3 install pygithub
|
|
post-cache:
|
|
# build all packages (except macos and FIPS) and move them to /cfsetup/built_artifacts
|
|
- ./build-packages.sh
|
|
# release the packages built and moved to /cfsetup/built_artifacts
|
|
- make github-release-built-pkgs
|
|
# handle FIPS separately so that we built with gofips compiler
|
|
github-fips-release-pkgs:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go_fips
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
- rpm
|
|
- wget
|
|
# libmsi and libgcab are libraries the wixl binary depends on.
|
|
- libmsi-dev
|
|
- libgcab-dev
|
|
- python3-dev
|
|
- libffi-dev
|
|
- python3-setuptools
|
|
- python3-pip
|
|
pre-cache: *github_release_pkgs_pre_cache
|
|
post-cache:
|
|
# same logic as above, but for FIPS packages only
|
|
- ./build-packages-fips.sh
|
|
- make github-release-built-pkgs
|
|
build-deb:
|
|
build_dir: *build_dir
|
|
builddeps: &build_deb_deps
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- make cloudflared-deb
|
|
build-fips-internal-deb:
|
|
build_dir: *build_dir
|
|
builddeps: &build_fips_deb_deps
|
|
- *pinned_go_fips
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export FIPS=true
|
|
- make cloudflared-internal-deb
|
|
build-fips-internal-deb-nightly:
|
|
build_dir: *build_dir
|
|
builddeps: *build_fips_deb_deps
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export NIGHTLY=true
|
|
- export FIPS=true
|
|
- make cloudflared-internal-deb
|
|
build-deb-arm64:
|
|
build_dir: *build_dir
|
|
builddeps: *build_deb_deps
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=arm64
|
|
- make cloudflared-deb
|
|
publish-deb:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- fakeroot
|
|
- rubygem-fpm
|
|
- openssh-client
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- make publish-deb
|
|
github-release-macos-amd64:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- python3-dev
|
|
- libffi-dev
|
|
- python3-setuptools
|
|
- python3-pip
|
|
pre-cache: &install_pygithub
|
|
- pip3 install pygithub
|
|
post-cache:
|
|
- make github-mac-upload
|
|
test:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- gotest-to-teamcity
|
|
pre-cache: &test_pre_cache
|
|
- go get golang.org/x/tools/cmd/goimports
|
|
- go get github.com/sudarshan-reddy/go-sumtype@v0.0.0-20210827105221-82eca7e5abb1
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export PATH="$HOME/go/bin:$PATH"
|
|
- ./fmt-check.sh
|
|
- make test | gotest-to-teamcity
|
|
test-fips:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go_fips
|
|
- build-essential
|
|
- gotest-to-teamcity
|
|
pre-cache: *test_pre_cache
|
|
post-cache:
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- export FIPS=true
|
|
- export PATH="$HOME/go/bin:$PATH"
|
|
- ./fmt-check.sh
|
|
- make test | gotest-to-teamcity
|
|
component-test:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go_fips
|
|
- python3.7
|
|
- python3-pip
|
|
- python3-setuptools
|
|
# procps installs the ps command which is needed in test_sysv_service because the init script
|
|
# uses ps pid to determine if the agent is running
|
|
- procps
|
|
pre-cache-copy-paths:
|
|
- component-tests/requirements.txt
|
|
pre-cache:
|
|
- sudo pip3 install --upgrade -r component-tests/requirements.txt
|
|
post-cache:
|
|
# Creates and routes a Named Tunnel for this build. Also constructs config file from env vars.
|
|
- python3 component-tests/setup.py --type create
|
|
- pytest component-tests -o log_cli=true --log-cli-level=INFO
|
|
# The Named Tunnel is deleted and its route unprovisioned here.
|
|
- python3 component-tests/setup.py --type cleanup
|
|
update-homebrew:
|
|
builddeps:
|
|
- openssh-client
|
|
- s3cmd
|
|
post-cache:
|
|
- .teamcity/update-homebrew.sh
|
|
github-message-release:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- python3-dev
|
|
- libffi-dev
|
|
- python3-setuptools
|
|
- python3-pip
|
|
pre-cache: *install_pygithub
|
|
post-cache:
|
|
- make github-message
|
|
build-junos:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- python3
|
|
- genisoimage
|
|
- jetez
|
|
pre-cache:
|
|
- ln -s /usr/bin/genisoimage /usr/bin/mkisofs
|
|
post-cache:
|
|
- export GOOS=freebsd
|
|
- export GOARCH=amd64
|
|
- make cloudflared-junos
|
|
publish-junos:
|
|
build_dir: *build_dir
|
|
builddeps:
|
|
- *pinned_go
|
|
- build-essential
|
|
- python3
|
|
- genisoimage
|
|
- jetez
|
|
- s4cmd
|
|
pre-cache:
|
|
- ln -s /usr/bin/genisoimage /usr/bin/mkisofs
|
|
post-cache:
|
|
- export GOOS=freebsd
|
|
- export GOARCH=amd64
|
|
- make publish-cloudflared-junos
|
|
|
|
buster: *stretch
|
|
bullseye: *stretch
|
|
centos-7:
|
|
publish-rpm:
|
|
build_dir: *build_dir
|
|
builddeps: &el7_builddeps
|
|
- https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
|
pre-cache:
|
|
- yum install -y fakeroot
|
|
- yum upgrade -y binutils-2.27-44.base.el7.x86_64
|
|
- wget https://golang.org/dl/go1.16.3.linux-amd64.tar.gz -P /tmp/
|
|
- tar -C /usr/local -xzf /tmp/go1.16.3.linux-amd64.tar.gz
|
|
post-cache:
|
|
- export PATH=$PATH:/usr/local/go/bin
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- make publish-rpm
|
|
build-rpm:
|
|
build_dir: *build_dir
|
|
builddeps: *el7_builddeps
|
|
pre-cache:
|
|
- yum install -y fakeroot
|
|
- yum upgrade -y binutils-2.27-44.base.el7.x86_64
|
|
- wget https://golang.org/dl/go1.16.3.linux-amd64.tar.gz -P /tmp/
|
|
- tar -C /usr/local -xzf /tmp/go1.16.3.linux-amd64.tar.gz
|
|
post-cache:
|
|
- export PATH=$PATH:/usr/local/go/bin
|
|
- export GOOS=linux
|
|
- export GOARCH=amd64
|
|
- make cloudflared-rpm
|