[On-call improve docs] Versions of currently released fleetd components on Fleet's TUF (#16698)

Should tackle #14026. This will run a daily Github action and create a PR if there's a new update in our TUF on `edge` or `stable`. E.g. somebody releases 1.22.0 fleetd to `stable` on our TUF and the next day this automation runs and will create a PR that updates the versions in `orbit/TUF.md` (or they can run the workflow manually). Am happy to amend the shape of `orbit/TUF.md` (or we can iterate later).
2026-04-21 13:37:30 +00:00 · 2024-02-15 15:30:29 -03:00 · 2024-02-15 15:30:29 -03:00 · 763c137b67
commit 763c137b67
parent edb70c955d
4 changed files with 144 additions and 6 deletions
--- a/.github/workflows/fleetd-tuf.yml
+++ b/.github/workflows/fleetd-tuf.yml
@ -0,0 +1,55 @@
+name: Update documentation of current versions of TUF fleetd components
+
+on:
+  workflow_dispatch: # Manual
+  schedule:
+  - cron: '0 3 * * *' # Nightly 3AM UTC
+
+# This allows a subsequently queued workflow run to interrupt previous runs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
+    shell: bash
+
+permissions:
+  contents: read
+
+jobs:
+  update-fleetd-tuf:
+    permissions:
+      contents: write  # for peter-evans/create-pull-request to create branch
+      pull-requests: write  # for peter-evans/create-pull-request to create a PR
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+      with:
+        go-version: ${{ vars.GO_VERSION }}
+
+    - name: Checkout Code
+      uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
+      with:
+        fetch-depth: 0
+
+    - name: Update orbit/TUF.md
+      run: |
+        make fleetd-tuf
+    
+    - name: PR changes
+      uses: peter-evans/create-pull-request@f22a7da129c901513876a2380e2dae9f8e145330 # v3.12.1
+      with:
+        base: main
+        branch: update-versions-of-fleetd-components-tuf
+        delete-branch: true
+        title: Update versions of fleetd components in Fleet's TUF [automated]
+        commit-message: |
+          Update versions of fleetd components in Fleet's TUF [automated]
+
+          Generated automatically with tools/tuf/status.
+        body: Automated change from [GitHub action](https://github.com/fleetdm/fleet/actions/workflows/fleetd-tuf.yml).
+
+
--- a/8
+++ b/8
@ -322,6 +322,14 @@ changelog-orbit:
 	sh -c "cat new-CHANGELOG.md orbit/CHANGELOG.md > tmp-CHANGELOG.md && rm new-CHANGELOG.md && mv tmp-CHANGELOG.md orbit/CHANGELOG.md"
 	sh -c "git rm orbit/changes/*"

+# Updates the documentation for the currently released versions of fleetd components in Fleet's TUF.
+fleetd-tuf:
+	sh -c 'echo "<!-- DO NOT EDIT. This document is automatically generated by running \`make fleetd-tuf\`. -->\n# tuf.fleetctl.com\n\nFollowing are the currently deployed versions of fleetd components on the \`stable\` and \`edge\` channel.\n" > orbit/TUF.md'
+	sh -c 'echo "## \`stable\`\n" >> orbit/TUF.md'
+	sh -c 'go run tools/tuf/status/tuf-status.go channel-version -channel stable -format markdown >> orbit/TUF.md'
+	sh -c 'echo "\n## \`edge\`\n" >> orbit/TUF.md'
+	sh -c 'go run tools/tuf/status/tuf-status.go channel-version -channel edge -format markdown >> orbit/TUF.md'
+
 ###
 # Development DB commands
 ###
--- a/orbit/TUF.md
+++ b/orbit/TUF.md
@ -0,0 +1,24 @@
+<!-- DO NOT EDIT. This document is automatically generated by running `make fleetd-tuf`. -->
+# tuf.fleetctl.com
+
+Following are the currently deployed versions of fleetd components on the `stable` and `edge` channel.
+
+## `stable`
+
+| Component\OS |    macOS     | Linux  | Windows |
+|--------------|--------------|--------|---------|
+| orbit        | 1.21.0       | 1.21.0 | 1.21.0  |
+| desktop      | 1.21.0       | 1.21.0 | 1.21.0  |
+| osqueryd     | 5.11.0       | 5.11.0 | 5.11.0  |
+| nudge        | 1.1.10.81462 | -      | -       |
+| swiftDialog  | 2.1.0        | -      | -       |
+
+## `edge`
+
+| Component\OS | macOS  | Linux  | Windows |
+|--------------|--------|--------|---------|
+| orbit        | 1.21.0 | 1.21.0 | 1.21.0  |
+| desktop      | 1.21.0 | 1.21.0 | 1.21.0  |
+| osqueryd     | 5.11.0 | 5.11.0 | 5.11.0  |
+| nudge        | -      | -      | -       |
+| swiftDialog  | -      | -      | -       |
--- a/tools/tuf/status/tuf-status.go
+++ b/tools/tuf/status/tuf-status.go
@ -3,6 +3,7 @@ package main
 import (
 	"encoding/json"
 	"encoding/xml"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@ -187,6 +188,7 @@ func channelVersionCommand() *cli.Command {
 		channel    string
 		tufURL     string
 		components cli.StringSlice
+		format     string
 	)
 	return &cli.Command{
 		Name:  "channel-version",
@ -195,20 +197,31 @@ func channelVersionCommand() *cli.Command {
 			urlFlag(&tufURL),
 			&cli.StringFlag{
 				Name:        "channel",
-				EnvVars:     []string{"CHANNEL"},
+				EnvVars:     []string{"TUF_STATUS_CHANNEL"},
 				Value:       "stable",
 				Destination: &channel,
 				Usage:       "Channel name",
 			},
 			&cli.StringSliceFlag{
 				Name:        "components",
-				EnvVars:     []string{"COMPONENTS"},
+				EnvVars:     []string{"TUF_STATUS_COMPONENTS"},
 				Value:       cli.NewStringSlice("orbit", "desktop", "osqueryd", "nudge", "swiftDialog"),
 				Destination: &components,
 				Usage:       "List of components",
 			},
+			&cli.StringFlag{
+				Name:        "format",
+				EnvVars:     []string{"TUF_STATUS_FORMAT"},
+				Value:       "json",
+				Destination: &format,
+				Usage:       "Output format (json, markdown)",
+			},
 		},
 		Action: func(c *cli.Context) error {
+			if format != "json" && format != "markdown" {
+				return errors.New("supported formats are: json, markdown")
+			}
+
 			res, err := http.Get(tufURL) //nolint
 			if err != nil {
 				return err
@ -284,11 +297,49 @@ func channelVersionCommand() *cli.Command {
 				}
 			}

-			b, err := json.MarshalIndent(outputMap, "", "  ")
-			if err != nil {
-				return err
+			if format == "json" {
+				b, err := json.MarshalIndent(outputMap, "", "  ")
+				if err != nil {
+					return err
+				}
+				fmt.Printf("%s\n", b)
+			} else if format == "markdown" {
+				table := tablewriter.NewWriter(os.Stdout)
+				table.SetHeader([]string{"Component\\OS", "macOS", "Linux", "Windows"})
+				table.SetAutoFormatHeaders(false)
+				table.SetCenterSeparator("|")
+				table.SetHeaderLine(true)
+				table.SetRowLine(false)
+				table.SetTablePadding("\t")
+				table.SetColumnSeparator("|")
+				table.SetNoWhiteSpace(false)
+				table.SetAutoWrapText(true)
+				table.SetBorders(tablewriter.Border{
+					Left:   true,
+					Top:    false,
+					Bottom: false,
+					Right:  true,
+				})
+				var rows [][]string
+				componentsInOrder := []string{"orbit", "desktop", "osqueryd", "nudge", "swiftDialog"}
+				setIfEmpty := func(m map[string]string, k string) string {
+					v := m[k]
+					if v == "" {
+						v = "-"
+					}
+					return v
+				}
+				for _, component := range componentsInOrder {
+					oss := outputMap[component]
+					row := []string{component}
+					for _, os := range []string{"macos", "linux", "windows"} {
+						row = append(row, setIfEmpty(oss, os))
+					}
+					rows = append(rows, row)
+				}
+				table.AppendBulk(rows)
+				table.Render()
 			}
-			fmt.Printf("%s\n", b)

 			return nil
 		},