Automate osqueryd release to edge (#17425)

Automation and documentation for releasing osqueryd to `edge` --------- Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2026-05-23 08:58:41 +00:00 · 2024-03-06 17:31:49 -03:00 · 2024-03-06 17:31:49 -03:00 · 1fceb19ad0
commit 1fceb19ad0
parent c808bba438
2 changed files with 82 additions and 3 deletions
--- a/orbit/docs/TUF-Update-Guide.md
+++ b/orbit/docs/TUF-Update-Guide.md
@ -40,6 +40,8 @@ aws s3 sync s3://fleet-tuf-repo ./repository --exact-timestamps

 ## Building the components for releasing to `edge`

+### fleetd
+
 > Assuming we are releasing version 1.21.0 of fleetd.

 1. Create the fleetd changelog for the new release:
@ -86,6 +88,32 @@ $HOME/release-friday
        └── orbit.exe
 ```
 7. With the executables on your workstation, proceed to [Pushing updates](#pushing-updates) (`edge`).
+8. Manually run (`Run workflow`) this action that will update the released versions on our doc: https://github.com/fleetdm/fleet/actions/workflows/fleetd-tuf.yml.
+
+### osqueryd
+
+> Assuming we are releasing version 5.12.0 of osqueryd.
+
+1. Bump osquery version in https://github.com/fleetdm/fleet/blob/30a36b0b3a1fd50e48d98a4c3c955595022f5277/.github/workflows/generate-osqueryd-targets.yml#L27.
+2. Commit the changes, push the branch (assuming branch name is `bump-osqueryd-5.12.0`) and create a PR.
+3. Once the Github action completes run the following (the [GitHub API token](https://github.com/settings/tokens?type=beta) does not need any special permissions -- public repository access is sufficient):
+```sh
+go run ./tools/tuf/download-artifacts osqueryd \
+    --git-branch bump-osqueryd-5.12.0 \
+    --output-directory $HOME/release-friday/osqueryd \
+    --github-username $GITHUB_USERNAME \
+    --github-api-token $GITHUB_TOKEN
+tree $HOME/release-friday/osqueryd
+$HOME/release-friday/osqueryd
+├── linux
+│   └── osqueryd
+├── macos
+│   └── osqueryd.app.tar.gz
+└── windows
+    └── osqueryd.exe
+```
+4. With the executables on your workstation, proceed to [Pushing updates](#pushing-updates) (`edge`).
+5. Manually run (`Run workflow`) this action that will update the released versions on our docs: https://github.com/fleetdm/fleet/actions/workflows/fleetd-tuf.yml.

 ## Pushing updates

@ -188,11 +216,11 @@ Such action is triggered by submitting a PR with the [following version string](

 ```sh
 # macOS
-fleetctl updates add --target /path/to/downloaded/macos/osqueryd.app.tar.gz --platform macos-app --name osqueryd --version 5.9.1 -t edge
+fleetctl updates add --target $HOME/release-friday/osqueryd/macos/osqueryd.app.tar.gz --platform macos-app --name osqueryd --version 5.9.1 -t edge
 # Linux
-fleetctl updates add --target /path/to/downloaded/linux/osqueryd --platform linux --name osqueryd --version 5.9.1 -t edge
+fleetctl updates add --target $HOME/release-friday/osqueryd/linux/osqueryd --platform linux --name osqueryd --version 5.9.1 -t edge
 # Windows
-fleetctl updates add --target /path/to/downloaded/windows/osqueryd.exe --platform windows --name osqueryd --version 5.9.1 -t edge
+fleetctl updates add --target $HOME/release-friday/osqueryd/windows/osqueryd.exe --platform windows --name osqueryd --version 5.9.1 -t edge
 ```

 #### Push updates
--- a/tools/tuf/download-artifacts/download-artifacts.go
+++ b/tools/tuf/download-artifacts/download-artifacts.go
@ -23,6 +23,7 @@ func main() {
 	app.Commands = []*cli.Command{
 		orbitCommand(),
 		desktopCommand(),
+		osquerydCommand(),
 	}
 	if err := app.Run(os.Args); err != nil {
 		fmt.Fprintf(os.Stdout, "Error: %+v\n", err)
@ -287,3 +288,53 @@ func downloadComponents(workflowName string, headBranch string, artifactNames ma
 	}
 	return nil
 }
+
+func osquerydCommand() *cli.Command {
+	var (
+		gitBranch       string
+		outputDirectory string
+		githubUsername  string
+		githubAPIToken  string
+	)
+	return &cli.Command{
+		Name:  "osqueryd",
+		Usage: "Fetch osqueryd executables from the generate-osqueryd-targets.yml action",
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:        "git-branch",
+				EnvVars:     []string{"DOWNLOAD_ARTIFACTS_GIT_BRANCH"},
+				Required:    true,
+				Destination: &gitBranch,
+				Usage:       "branch name used to bump the osqueryd version",
+			},
+			&cli.StringFlag{
+				Name:        "output-directory",
+				EnvVars:     []string{"DOWNLOAD_ARTIFACTS_OUTPUT_DIRECTORY"},
+				Required:    true,
+				Destination: &outputDirectory,
+				Usage:       "name of the output directory to create and download the osqueryd executables",
+			},
+			&cli.StringFlag{
+				Name:        "github-username",
+				EnvVars:     []string{"DOWNLOAD_ARTIFACTS_GITHUB_USERNAME"},
+				Required:    true,
+				Destination: &githubUsername,
+				Usage:       "Github username",
+			},
+			&cli.StringFlag{
+				Name:        "github-api-token",
+				EnvVars:     []string{"DOWNLOAD_ARTIFACTS_GITHUB_API_TOKEN"},
+				Required:    true,
+				Destination: &githubAPIToken,
+				Usage:       "Github API token (https://github.com/settings/tokens)",
+			},
+		},
+		Action: func(c *cli.Context) error {
+			return downloadComponents("generate-osqueryd-targets.yml", gitBranch, map[string]string{
+				"macos":   "osqueryd.app.tar.gz",
+				"linux":   "osqueryd",
+				"windows": "osqueryd.exe",
+			}, outputDirectory, githubUsername, githubAPIToken)
+		},
+	}
+}