fleetdm · jahzielv · Sep 23, 2024 · Sep 23, 2024 · Sep 23, 2024 · Sep 23, 2024
@@ -15,6 +15,7 @@ name: Release and upload fleetd base to https://download.fleetdm.com
 # Finally, it verifies the uploaded installers and their checksums.
 
 on:
+  pull_request:
   workflow_dispatch: # Manual
   schedule:
     - cron: '0 3 * * *' # Nightly 3AM UTC
@@ -34,10 +35,10 @@ permissions:
 
 env:
   R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }}
-  R2_ACCESS_KEY_ID: ${{ secrets.R2_DOWNLOAD_ACCESS_KEY_ID }} # Production: ${{ secrets.R2_DOWNLOAD_ACCESS_KEY_ID }} | Testing: ${{ secrets.R2_DOWNLOAD_TESTING_ACCESS_KEY_ID }}
-  R2_ACCESS_KEY_SECRET: ${{ secrets.R2_DOWNLOAD_ACCESS_KEY_SECRET }} # Production: ${{ secrets.R2_DOWNLOAD_ACCESS_KEY_SECRET }} | Testing: ${{ secrets.R2_DOWNLOAD_TESTING_ACCESS_KEY_SECRET }}
-  R2_BUCKET: download # Production: download | Testing: download-testing
-  BASE_URL: https://download.fleetdm.com # Production: https://download.fleetdm.com | Testing: https://download-testing.fleetdm.com
+  R2_ACCESS_KEY_ID: ${{ secrets.R2_DOWNLOAD_TESTING_ACCESS_KEY_ID }} # Production: ${{ secrets.R2_DOWNLOAD_ACCESS_KEY_ID }} | Testing: ${{ secrets.R2_DOWNLOAD_TESTING_ACCESS_KEY_ID }}
+  R2_ACCESS_KEY_SECRET: ${{ secrets.R2_DOWNLOAD_TESTING_ACCESS_KEY_SECRET }} # Production: ${{ secrets.R2_DOWNLOAD_ACCESS_KEY_SECRET }} | Testing: ${{ secrets.R2_DOWNLOAD_TESTING_ACCESS_KEY_SECRET }}
+  R2_BUCKET: download-testing # Production: download | Testing: download-testing
+  BASE_URL: https://download-testing.fleetdm.com # Production: https://download.fleetdm.com | Testing: https://download-testing.fleetdm.com
 
 jobs:
   check-for-fleetd-component-updates:
@@ -68,13 +69,8 @@ jobs:
           : # Check that latest-tuf-meta.json is valid
           jq -e . >/dev/null 2>&1 <<< $(cat latest-tuf-meta.json)
           : # Download the current TUF meta file in order to compare it with the latest
-          curl -O $BASE_URL/stable/tuf-meta.json
-          if diff latest-tuf-meta.json tuf-meta.json >/dev/null 2>&1
-          then
-            echo "update_needed=false" >> $GITHUB_OUTPUT
-          else
-            echo "update_needed=true" >> $GITHUB_OUTPUT
-          fi
+          curl -O $BASE_URL/stable/tuf-meta.json 
+          echo "update_needed=true" >> $GITHUB_OUTPUT
           echo "date_dir=$(date -u +%Y-%m-%d_%H-%M-%S)" >> $GITHUB_OUTPUT
 
       - name: Upload latest TUF meta artifact
@@ -131,7 +127,7 @@ jobs:
           AC_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           PACKAGE_SIGNING_IDENTITY_SHA1: D52080FD1F0941DE31346F06DA0F08AED6FACBBF
         run: |
-          fleetctl package --type pkg --fleet-desktop --use-system-configuration --sign-identity $PACKAGE_SIGNING_IDENTITY_SHA1 --notarize
+          fleetctl package --type pkg --fleet-desktop --use-system-configuration --sign-identity $PACKAGE_SIGNING_IDENTITY_SHA1 --notarize --update-roots='{"signed":{"_type":"root","spec_version":"1.0","version":1,"expires":"2034-09-21T10:15:42-04:00","keys":{"12d797bd81d8a13d586b9eee0b230a2106d92ac4b78f80c1930e74869b37f442":{"keytype":"ed25519","scheme":"ed25519","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"f07715647d065f8c938b465134b16fb1524817c4ab3536c88b5210b2101af55c"}},"21155f3fd917bb48ab6d1e34646196cde398ce76f4e515c254e7ae6328353cd5":{"keytype":"ed25519","scheme":"ed25519","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"85349354a7958c843dc3afd97d08d5484a9e9e4454df00b7decd5f69e237b6bb"}},"522fbc30ded293b2dbb92c4d649d34950714fb1d0ba23f3f15b81d47608fe9bb":{"keytype":"ed25519","scheme":"ed25519","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"05fdc5ef5bc7301c8f4465b0c048b8ef7f9c1083a0c5b5717f603652e1c5c6ca"}},"a1312aa69ec097c463db3f142aa0dacef2a38e73874a37f5dd4921c8e23a8956":{"keytype":"ed25519","scheme":"ed25519","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"2e713e869728c940234be69fa7b55e98b5504dbd17acc1b434b6525f4213d810"}}},"roles":{"root":{"keyids":["a1312aa69ec097c463db3f142aa0dacef2a38e73874a37f5dd4921c8e23a8956"],"threshold":1},"snapshot":{"keyids":["21155f3fd917bb48ab6d1e34646196cde398ce76f4e515c254e7ae6328353cd5"],"threshold":1},"targets":{"keyids":["12d797bd81d8a13d586b9eee0b230a2106d92ac4b78f80c1930e74869b37f442"],"threshold":1},"timestamp":{"keyids":["522fbc30ded293b2dbb92c4d649d34950714fb1d0ba23f3f15b81d47608fe9bb"],"threshold":1}},"consistent_snapshot":false},"signatures":[{"keyid":"a1312aa69ec097c463db3f142aa0dacef2a38e73874a37f5dd4921c8e23a8956","sig":"1756739aa03b294ed3007af0449aa072e0f74865ffe0b8d7cb9449119af9abf08008abf426fa6f8b60805214460627032504c12593eee1938d6b48fa7ba07a07"}]}' --update-url=https://jve-images-snicket.ngrok.app
           mv fleet-osquery*.pkg fleetd-base.pkg
           : # Calculate the SHA256 checksum of the package
           echo "fleetd_base_pkg_sha256=$(shasum -a 256 fleetd-base.pkg | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT
@@ -310,4 +306,4 @@ jobs:
     needs: update-meta-files
     uses: ./.github/workflows/verify-fleetd-base.yml
     with:
-      base-url: "https://download.fleetdm.com" # Production: "https://download.fleetdm.com" | Testing: "https://download-testing.fleetdm.com"
+      base-url: "https://download-testing.fleetdm.com" # Production: "https://download.fleetdm.com" | Testing: "https://download-testing.fleetdm.com"
@@ -36,10 +36,11 @@ func (s *SwiftDialogDownloader) Run(cfg *fleet.OrbitConfig) error {
 
 	// TODO: we probably want to ensure that swiftDialog is always installed if we're going to be
 	// using it offline.
-	if !cfg.Notifications.NeedsMDMMigration && !cfg.Notifications.RenewEnrollmentProfile {
-		log.Debug().Msg("got false needs migration and false renew enrollment")
-		return nil
-	}
+	log.Info().Msg("JVE_LOG: attempting to install swiftDialog 1")
+	// if !cfg.Notifications.NeedsMDMMigration && !cfg.Notifications.RenewEnrollmentProfile {
+	// 	log.Debug().Msg("got false needs migration and false renew enrollment")
+	// 	return nil
+	// }
 
 	updaterHasTarget := s.UpdateRunner.HasRunnerOptTarget("swiftDialog")
 	runnerHasLocalHash := s.UpdateRunner.HasLocalHash("swiftDialog")