Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

Set permission level in FMA workflows (#36930)

Browse source
This commit is contained in:
Luke Heath 2025-12-08 22:31:46 -08:00 committed by GitHub
parent 30dd5f8ecc
commit 67cafd951c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 32 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/test-fma-darwin-pr-only.yml vendored
View file

@ -23,6 +23,9 @@ on:
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions:
contents: read
jobs:
test-fma-pr-only:
env:

25
.github/workflows/test-fma-darwin.yml vendored
View file

@ -1,24 +1,27 @@
name: Test Fleet Maintained Apps - Darwin
on:
on:
# Note: PR triggers removed - use test-fma-darwin-pr-only.yml for PRs
# This workflow is kept for manual testing of all FMAs via workflow_dispatch
workflow_dispatch: # Manual trigger
inputs:
log_level:
description: 'Log level (debug, info, warn, error)'
description: "Log level (debug, info, warn, error)"
required: false
default: 'info'
default: "info"
type: choice
options:
- debug
- info
- warn
- error
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions:
contents: read
jobs:
test-fma:
env:
@ -27,17 +30,17 @@ jobs:
steps:
- name: Checkout Fleet
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: fleetdm/fleet
fetch-depth: 1
ref: ${{ github.ref }}
path: fleet
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: 'fleet/go.mod'
go-version-file: "fleet/go.mod"
- name: Install osquery mac
run: |
@ -48,8 +51,8 @@ jobs:
sudo cp -r private /
sudo ln -sf /opt/osquery/lib/osquery.app/Contents/MacOS/osqueryd /usr/local/bin/osqueryi
sudo ln -sf /opt/osquery/lib/osquery.app/Contents/Resources/osqueryctl /usr/local/bin/osqueryctl
- name : Remove pre-installed google chrome mac
- name: Remove pre-installed google chrome mac
run: |
ls /Applications | grep -i "Chrome"
find /Applications -name "*Chrome*.app" -type d | while read app;
@ -57,7 +60,7 @@ jobs:
echo "Removing $app..."
sudo rm -rf "$app"
done
- name: Verify Fleet Maintained Apps mac
run: |
ls /Applications

3
.github/workflows/test-fma-windows-pr-only.yml vendored
View file

@ -23,6 +23,9 @@ on:
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions:
contents: read
jobs:
test-fma-pr-only:
env:

21
.github/workflows/test-fma-windows.yml vendored
View file

@ -1,24 +1,27 @@
name: Test Fleet Maintained Apps - Windows
on:
on:
# Note: PR triggers removed - use test-fma-windows-pr-only.yml for PRs
# This workflow is kept for manual testing of all FMAs via workflow_dispatch
workflow_dispatch: # Manual trigger
inputs:
log_level:
description: 'Log level (debug, info, warn, error)'
description: "Log level (debug, info, warn, error)"
required: false
default: 'info'
default: "info"
type: choice
options:
- debug
- info
- warn
- error
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions:
contents: read
jobs:
test-fma:
env:
@ -27,17 +30,17 @@ jobs:
steps:
- name: Checkout Fleet
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: fleetdm/fleet
fetch-depth: 1
ref: ${{ github.ref }}
path: fleet
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version-file: 'fleet/go.mod'
go-version-file: "fleet/go.mod"
- name: Install osquery windows
run: |
@ -49,7 +52,7 @@ jobs:
echo "Adding to PATH: $osqueryPath"
echo $osqueryPath | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
shell: pwsh
- name: Remove pre-installed google chrome
run: |
Write-Host "Listing all installed packages containing 'Chrome':"