-
Notifications
You must be signed in to change notification settings - Fork 410
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into 20404-edit-software-fe
- Loading branch information
Showing
27 changed files
with
874 additions
and
403 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
# This workflow tests packaging of fleetd with the | ||
# `fleetctl package` command using locally built fleetdm/wix and fleetdm/bomutils images. | ||
# | ||
# It fetches the targets: orbit, osquery and fleet-desktop from the default | ||
# (Fleet's) TUF server, https://tuf.fleetctl.com. | ||
name: Test packaging with local fleetdm/wix and fleetdm/bomutils | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- patch-* | ||
- prepare-* | ||
paths: | ||
- "tools/bomutils-docker/**" | ||
- "tools/wix-docker/**" | ||
- ".github/workflows/test-packaging-build-docker-deps.yml" | ||
pull_request: | ||
paths: | ||
- "tools/bomutils-docker/**" | ||
- "tools/wix-docker/**" | ||
- ".github/workflows/test-packaging-build-docker-deps.yml" | ||
workflow_dispatch: # Manual | ||
|
||
# This allows a subsequently queued workflow run to interrupt previous runs | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | ||
cancel-in-progress: true | ||
|
||
defaults: | ||
run: | ||
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | ||
shell: bash | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
test-packaging: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
os: [ubuntu-latest] | ||
runs-on: ${{ matrix.os }} | ||
|
||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
|
||
- name: Checkout Code | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
|
||
- name: Install Go | ||
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version-file: "go.mod" | ||
|
||
- name: Install Go Dependencies | ||
run: make deps-go | ||
|
||
- name: Build fleetctl | ||
run: make fleetctl | ||
|
||
- name: Build fleetdm/wix | ||
run: make wix-docker | ||
|
||
- name: Build fleetdm/bomutils | ||
run: make bomutils-docker | ||
|
||
- name: Build DEB | ||
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build DEB with Fleet Desktop | ||
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build RPM | ||
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build RPM with Fleet Desktop | ||
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build MSI | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build MSI with Fleet Desktop | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build PKG | ||
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build PKG with Fleet Desktop | ||
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,8 @@ | ||
# This workflow tests packaging of Fleet-osquery with the | ||
# `fleetctl package` command. It fetches the targets: orbit, | ||
# osquery and fleet-desktop from the default (Fleet's) TUF server, | ||
# https://tuf.fleetctl.com. | ||
# This workflow tests packaging of fleetd with the | ||
# `fleetctl package` command. | ||
# | ||
# It fetches the targets: orbit, osquery and fleet-desktop from the default | ||
# (Fleet's) TUF server, https://tuf.fleetctl.com. | ||
name: Test packaging | ||
|
||
on: | ||
|
@@ -50,87 +51,86 @@ jobs: | |
runs-on: ${{ matrix.os }} | ||
|
||
steps: | ||
|
||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
|
||
- name: Pull fleetdm/wix | ||
# Run in background while other steps complete to speed up the workflow | ||
run: docker pull fleetdm/wix:latest & | ||
|
||
- name: Pull fleetdm/bomutils | ||
# Run in background while other steps complete to speed up the workflow | ||
run: docker pull fleetdm/bomutils:latest & | ||
|
||
- name: Run Colima | ||
if: startsWith(matrix.os, 'macos') | ||
timeout-minutes: 15 | ||
# notes: | ||
# - docker to install the docker CLI and interact with the Colima | ||
# container runtime | ||
# - colima is pre-installed in macos-12 runners, but not in macos-13 or | ||
# macos-14 runners | ||
run: | | ||
brew install docker | ||
# The runners come with an old version of [email protected] that fails to upgrade | ||
# when python gets pulled in as a dep through the chain | ||
# colima -> lima -> qemu -> glibc -> [email protected] | ||
# Force upgrade it for now, remove once the problem is fixed | ||
brew install --overwrite [email protected] | ||
brew install colima | ||
colima start --mount $TMPDIR:w | ||
- name: Checkout Code | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
|
||
- name: Install Go | ||
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version-file: 'go.mod' | ||
|
||
- name: Install wine and wix | ||
if: startsWith(matrix.os, 'macos') | ||
run: | | ||
./scripts/macos-install-wine.sh -n | ||
wget https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -nv -O wix.zip | ||
mkdir wix | ||
unzip wix.zip -d wix | ||
rm -f wix.zip | ||
echo wix installed at $(pwd)/wix | ||
# It seems faster not to cache Go dependencies | ||
- name: Install Go Dependencies | ||
run: make deps-go | ||
|
||
- name: Build fleetctl | ||
run: make fleetctl | ||
|
||
- name: Build DEB | ||
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build DEB with Fleet Desktop | ||
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build RPM | ||
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build RPM with Fleet Desktop | ||
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build MSI | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build MSI with Fleet Desktop | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build PKG | ||
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build PKG with Fleet Desktop | ||
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build MSI (using local Wix) | ||
if: startsWith(matrix.os, 'macos') | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop --local-wix-dir ./wix | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
with: | ||
egress-policy: audit | ||
|
||
- name: Run Colima | ||
if: startsWith(matrix.os, 'macos') | ||
timeout-minutes: 15 | ||
# notes: | ||
# - docker to install the docker CLI and interact with the Colima | ||
# container runtime | ||
# - colima is pre-installed in macos-12 runners, but not in macos-13 or | ||
# macos-14 runners | ||
run: | | ||
brew install docker | ||
# The runners come with an old version of [email protected] that fails to upgrade | ||
# when python gets pulled in as a dep through the chain | ||
# colima -> lima -> qemu -> glibc -> [email protected] | ||
# Force upgrade it for now, remove once the problem is fixed | ||
brew install --overwrite [email protected] | ||
brew install colima | ||
colima start --mount $TMPDIR:w | ||
- name: Pull fleetdm/wix | ||
# Run in background while other steps complete to speed up the workflow | ||
run: docker pull fleetdm/wix:latest | ||
|
||
- name: Pull fleetdm/bomutils | ||
# Run in background while other steps complete to speed up the workflow | ||
run: docker pull fleetdm/bomutils:latest | ||
|
||
- name: Checkout Code | ||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
|
||
- name: Install Go | ||
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version-file: "go.mod" | ||
|
||
- name: Install wine and wix | ||
if: startsWith(matrix.os, 'macos') | ||
run: | | ||
./scripts/macos-install-wine.sh -n | ||
wget https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -nv -O wix.zip | ||
mkdir wix | ||
unzip wix.zip -d wix | ||
rm -f wix.zip | ||
echo wix installed at $(pwd)/wix | ||
# It seems faster not to cache Go dependencies | ||
- name: Install Go Dependencies | ||
run: make deps-go | ||
|
||
- name: Build fleetctl | ||
run: make fleetctl | ||
|
||
- name: Build DEB | ||
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build DEB with Fleet Desktop | ||
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build RPM | ||
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build RPM with Fleet Desktop | ||
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build MSI | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build MSI with Fleet Desktop | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build PKG | ||
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 | ||
|
||
- name: Build PKG with Fleet Desktop | ||
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | ||
|
||
- name: Build MSI (using local Wix) | ||
if: startsWith(matrix.os, 'macos') | ||
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop --local-wix-dir ./wix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
- Addressing Ubuntu python package false positive vulnerabilities by removing duplicate entries for ubuntu python packages installed by dpkg and renaming remaining pip installed packages to match OVAL definitions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
* Enable 'No teams' funcitonality for the policies page and associated workflows. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.