-
Notifications
You must be signed in to change notification settings - Fork 432
136 lines (113 loc) · 4.86 KB
/
test-packaging.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# This workflow tests packaging of fleetd with the
# `fleetctl package` command.
#
# It fetches the targets: orbit, osquery and fleet-desktop from the default
# (Fleet's) TUF server, https://tuf.fleetctl.com.
name: Test packaging
on:
push:
branches:
- main
- patch-*
- prepare-*
pull_request:
paths:
- 'cmd/fleetctl/**.go'
- 'pkg/**.go'
- 'server/service/**.go'
- 'server/context/**.go'
- 'orbit/**.go'
- 'ee/fleetctl/**.go'
- 'tools/fleetctl-docker/**'
- 'tools/wix-docker/**'
- 'tools/bomutils-docker/**'
- '.github/workflows/test-packaging.yml'
workflow_dispatch: # Manual
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
cancel-in-progress: true
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
jobs:
test-packaging:
strategy:
fail-fast: false
matrix:
# note: in order to test both the wix and the docker flow for msi
# packages, this worker needs to run on an x86_64 architecture.
# `macos-latest` uses arm64 by default now, so please be careful when
# updating this version.
os: [ubuntu-latest, macos-13]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Run Colima
if: startsWith(matrix.os, 'macos')
timeout-minutes: 15
# notes:
# - docker to install the docker CLI and interact with the Colima
# container runtime
# - colima is pre-installed in macos-12 runners, but not in macos-13 or
# macos-14 runners
run: |
brew install docker
# The runners come with an old version of python@3.12 that fails to upgrade
# when python gets pulled in as a dep through the chain
# colima -> lima -> qemu -> glibc -> python@3.12
# Force upgrade it for now, remove once the problem is fixed
brew install --overwrite python@3.12
brew install colima
colima start --mount $TMPDIR:w
- name: Pull fleetdm/wix
# Run in background while other steps complete to speed up the workflow
run: docker pull fleetdm/wix:latest
- name: Pull fleetdm/bomutils
# Run in background while other steps complete to speed up the workflow
run: docker pull fleetdm/bomutils:latest
- name: Checkout Code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: "go.mod"
- name: Install wine and wix
if: startsWith(matrix.os, 'macos')
run: |
./scripts/macos-install-wine.sh -n
wget https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -nv -O wix.zip
mkdir wix
unzip wix.zip -d wix
rm -f wix.zip
echo wix installed at $(pwd)/wix
# It seems faster not to cache Go dependencies
- name: Install Go Dependencies
run: make deps-go
- name: Build fleetctl
run: make fleetctl
- name: Build DEB
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080
- name: Build DEB with Fleet Desktop
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
- name: Build RPM
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080
- name: Build RPM with Fleet Desktop
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
- name: Build MSI
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080
- name: Build MSI with Fleet Desktop
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
- name: Build PKG
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080
- name: Build PKG with Fleet Desktop
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
- name: Build MSI (using local Wix)
if: startsWith(matrix.os, 'macos')
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop --local-wix-dir ./wix