Skip to content

Commit

Permalink
Tokens and merge in main
Browse files Browse the repository at this point in the history
  • Loading branch information
noahtalerman committed Sep 9, 2024
2 parents 03bfdb1 + 8c27e36 commit 3b896b9
Show file tree
Hide file tree
Showing 1,157 changed files with 111,503 additions and 10,949 deletions.
9 changes: 9 additions & 0 deletions .github/ISSUE_TEMPLATE/release-qa.md
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,15 @@ Smoke tests are limited to core functionality and serve as a pre-release final r
7. Verify scripts display correctly in Activity feed.
</td><td>pass/fail</td></tr>

<tr><td>Software</td><td>Verify software library and install / download</td><td>

1. Verify software library upload/download/delete.
2. From Host details (Windows and macOS) run an install that should PASS, verify.
3. From My Device (Windows and macOS) software tab should have self-service items available, verify.
4. Verify UI loading state and statuses for installing software.
6. Verify software installs display correctly in Activity feed.
</td><td>pass/fail</td></tr>

<tr><td>OS settings</td><td>Verify OS settings functionality</td><td>

1. Verify able to configure Disk encryption.
Expand Down
3 changes: 2 additions & 1 deletion .github/ISSUE_TEMPLATE/story.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,8 @@ What else should contributors [keep in mind](https://fleetdm.com/handbook/compan
### Product
- [ ] Reference documentation changes: TODO <!-- Specify references documentation changes at fleetdm.com/docs -->
- [ ] UI changes: TODO <!-- Insert the link to the relevant Figma cover page. Remove this checkbox if there are no changes to the user interface. -->
- [ ] CLI usage changes: TODO <!-- Insert the link to the relevant Figma cover page. Remove this checkbox if there are no changes to the CLI. -->
- [ ] CLI (fleetctl) usage changes: TODO <!-- Insert the link to the relevant Figma cover page. Remove this checkbox if there are no changes to the CLI. -->
- [ ] YAML changes: TODO <!-- Specify changes as a draft PR to the YAML files doc page and request the API DRI for review (codeowner reviews are not automatically requested for drafts). Remove this checkbox if there are no changes necessary. -->
- [ ] REST API changes: TODO <!-- Specify changes as a draft PR to the REST API doc page and request the API DRI for review (codeowner reviews are not automatically requested for drafts). Remove this checkbox if there are no changes necessary. Move this item to the engineering list below if engineering will design the API changes. -->
- [ ] Fleet's agent (fleetd) changes: TODO <!-- Specify changes to fleetd. If the change requires a new Fleet (server) version, consider specifying to only enable this change in new Fleet versions. Remove this checkbox if there are no changes necessary. -->
- [ ] Permissions changes: TODO <!-- Specify changes as a draft PR to the Manage access doc page. If doc changes aren't necessary, explicitly mention no changes to the doc page. Remove this checkbox if there are no permissions changes. -->
Expand Down
1 change: 1 addition & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ If some of the following don't apply, delete the relevant line.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes
- [ ] If database migrations are included, checked table schema to confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
name: Build and push fleetdm/fleetctl Docker image
name: Build fleetctl docker dependencies and check vulnerabilities

# Manually trigger this workflow for now
on:
workflow_dispatch:
inputs:
image_tag:
description: 'Docker image tag'
description: "Docker image tag"
required: true
type: string
schedule:
- cron: "0 6 * * *"

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
Expand All @@ -23,7 +24,7 @@ permissions:
contents: read

jobs:
docker-push:
build-and-check:
runs-on: ubuntu-latest
environment: Docker Hub
permissions:
Expand All @@ -46,25 +47,46 @@ jobs:
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ vars.GO_VERSION }}
go-version-file: 'go.mod'

- name: Install Go Dependencies
run: make deps-go

- name: Build fleetdm/wix
run: make wix-docker

- name: Build fleetdm/bomutils
run: make bomutils-docker

- name: Build fleetdm/fleetctl
run: make fleetctl-docker

- name: Push to Docker
run: |
docker tag fleetdm/fleetctl fleetdm/fleetctl:${{ inputs.image_tag }}
docker push fleetdm/fleetctl:${{ inputs.image_tag }}
- name: Run Trivy vulnerability scanner on fleetdm/wix
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
with:
image-ref: "fleetdm/wix"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL"

- name: Run Trivy vulnerability scanner on fleetdm/bomutils
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
with:
image-ref: "fleetdm/bomutils"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL"

- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
- name: Run Trivy vulnerability scanner on fleetdm/fleetctl
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
with:
image: fleetdm/fleetctl
tags: ${{ inputs.image_tag }}
registry: quay.io/
username: fleetdm+fleetreleaser
password: ${{ secrets.QUAY_REGISTRY_PASSWORD }}
image-ref: "fleetdm/fleetctl"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL"
8 changes: 4 additions & 4 deletions .github/workflows/build-binaries.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,20 +29,20 @@ jobs:
with:
egress-policy: audit

- name: Checkout Code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ vars.GO_VERSION }}
go-version-file: 'go.mod'

# Set the Node.js version
- name: Set up Node.js ${{ vars.NODE_VERSION }}
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version: ${{ vars.NODE_VERSION }}

- name: Checkout Code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

- name: JS Dependency Cache
id: js-cache
uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v2
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-orbit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ vars.GO_VERSION }}
go-version-file: 'go.mod'

- name: Build, codesign and notarize orbit
run: go run ./orbit/tools/build/build.go
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/check-automated-doc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,16 @@ jobs:
with:
egress-policy: audit

- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ vars.GO_VERSION }}
- name: Checkout Code
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
with:
fetch-depth: 0

- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'

- name: Verify golang generated documentation is up-to-date
run: |
make generate-doc
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ vars.GO_VERSION }}
go-version-file: 'go.mod'

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
89 changes: 89 additions & 0 deletions .github/workflows/deploy-bulk-operations-dashboard.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
name: Deploy app to bulk operations dashboard pipeline on Heroku.

on:
push:
branches: [ main ]
paths:
- 'ee/bulk-operations-dashboard/**'

permissions:
contents: read

jobs:
build:
permissions:
contents: write # for Git to git push
if: ${{ github.repository == 'fleetdm/fleet' }}

runs-on: ubuntu-latest

strategy:
matrix:
node-version: [14.x]

steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

# Configure our access credentials for the Heroku CLI
- uses: akhileshns/heroku-deploy@79ef2ae4ff9b897010907016b268fd0f88561820 # v3.6.8
with:
heroku_api_key: ${{secrets.HEROKU_API_TOKEN_FOR_BOT_USER}}
heroku_app_name: "" # this has to be blank or it doesn't work
heroku_email: ${{secrets.HEROKU_EMAIL_FOR_BOT_USER}}
justlogin: true
- run: heroku auth:whoami

# Set the Node.js version
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with:
node-version: ${{ matrix.node-version }}

# Now start building!
# > …but first, get a little crazy for a sec and delete the top-level package.json file
# > i.e. the one used by the Fleet server. This is because require() in node will go
# > hunting in ancestral directories for missing dependencies, and since some of the
# > bundled transpiler tasks sniff for package availability using require(), this trips
# > up when it encounters another Node universe in the parent directory.
- run: rm -rf package.json package-lock.json node_modules/
# > Turns out there's a similar issue with how eslint plugins are looked up, so we
# > delete the top level .eslintrc file too.
- run: rm -f .eslintrc.js
# > And, as a change to the top-level fleetdm/fleet .gitignore on May 2, 2022 revealed,
# > we also need to delete the top level .gitignore file too, so that its rules don't
# > interfere with the committing and force-pushing we're doing as part of our deploy
# > script here. For more info, see: https://github.com/fleetdm/fleet/pull/5549
- run: rm -f .gitignore

# Get dependencies (including dev deps)
- run: cd ee/bulk-operations-dashboard/ && npm install

# Run sanity checks
- run: cd ee/bulk-operations-dashboard/ && npm test

# Compile assets
- run: cd ee/bulk-operations-dashboard/ && npm run build-for-prod

# Commit newly-built assets locally so we can push them to Heroku below.
# (This commit will never be pushed to GitHub- only to Heroku.)
# > The local config flags make this work in GitHub's environment.
- run: git add ee/bulk-operations-dashboard/.www
- run: git -c "user.name=GitHub" -c "user.email=github@example.com" commit -am 'AUTOMATED COMMIT - Deployed the latest, including modified HTML layouts and .sailsrc file that reference minified assets.'

# Configure the Heroku app we'll be deploying to
- run: heroku git:remote -a bulk-operations-dashboard
- run: git remote -v

# Deploy to Heroku (by pushing)
# > Since a shallow clone was grabbed, we have to "unshallow" it before forcepushing.
- run: echo "Unshallowing local repository…"
- run: git fetch --prune --unshallow
- run: echo "Deploying branch '${GITHUB_REF##*/}' to Heroku…"
- run: git push heroku +${GITHUB_REF##*/}:master
- name: 🌐 The dashboard has been deployed
run: echo '' && echo '--' && echo 'OK, done. It should be live momentarily.' && echo '(if you get impatient, check the Heroku dashboard for status)'
2 changes: 1 addition & 1 deletion .github/workflows/deploy-fleet-website.yml
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ vars.GO_VERSION }}
go-version-file: 'go.mod'

# Download top-level dependencies and build Storybook in the website's assets/ folder
- run: npm install --legacy-peer-deps && npm run build-storybook -- -o ./website/assets/storybook --loglevel verbose
Expand Down
25 changes: 24 additions & 1 deletion .github/workflows/dogfood-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,17 @@ jobs:
- id: fail-on-main
run: "false"
if: ${{ github.ref == 'main' }}

- uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
with:
role-to-assume: ${{env.AWS_IAM_ROLE}}
aws-region: ${{ env.AWS_REGION }}

- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ vars.GO_VERSION }}
go-version-file: 'go.mod'

- uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
with:
terraform_version: 1.6.3
Expand All @@ -77,6 +80,26 @@ jobs:
id: plan
run: terraform plan -no-color
continue-on-error: true
- name: Slack Notification
if: success()
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
with:
payload: |
{
"text": "${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head.html_url }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "🚀 🛠️ Dogfood deploy in progress\nhttps://github.com/fleetdm/fleet/actions/runs/${{ github.run_id }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_G_HELP_ENGINEERING_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
# first we'll scale everything down and create the new task definitions
- name: Terraform Apply
id: apply
Expand Down
Loading

0 comments on commit 3b896b9

Please sign in to comment.