From fcdef439ab66a3af124e8409356516cce42d1c7c Mon Sep 17 00:00:00 2001
From: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Date: Sun, 14 Sep 2025 20:37:59 -0500
Subject: [PATCH] Create testing-and-qa.yml (#32954)

- https://github.com/fleetdm/fleet/issues/32633
---
 .github/workflows/dogfood-gitops.yml     |  1 +
 it-and-security/teams/testing-and-qa.yml | 61 ++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 it-and-security/teams/testing-and-qa.yml

diff --git a/.github/workflows/dogfood-gitops.yml b/.github/workflows/dogfood-gitops.yml
index 51e9d1cd96..2699ee9884 100644
--- a/.github/workflows/dogfood-gitops.yml
+++ b/.github/workflows/dogfood-gitops.yml
@@ -81,6 +81,7 @@ jobs:
           DOGFOOD_CALENDAR_WEBHOOK_URL: ${{ secrets.DOGFOOD_CALENDAR_WEBHOOK_URL }}
           DOGFOOD_HOST_STATUS_WEBHOOK_URL: ${{ secrets.DOGFOOD_HOST_STATUS_WEBHOOK_URL }}
           DOGFOOD_END_USER_SSO_METADATA: ${{ secrets.DOGFOOD_END_USER_SSO_METADATA }}
+          DOGFOOD_TESTING_AND_QA_ENROLL_SECRET: ${{ secrets.DOGFOOD_TESTING_AND_QA_ENROLL_SECRET }}
 
       - name: Notify on Gitops failure
         if: failure() && github.ref_name == 'main'
diff --git a/it-and-security/teams/testing-and-qa.yml b/it-and-security/teams/testing-and-qa.yml
new file mode 100644
index 0000000000..136bb01a62
--- /dev/null
+++ b/it-and-security/teams/testing-and-qa.yml
@@ -0,0 +1,61 @@
+name: 🧪 Testing & QA
+team_settings:
+  features:
+    enable_host_users: true
+    enable_software_inventory: true
+  host_expiry_settings:
+    host_expiry_enabled: false
+    host_expiry_window: 0
+  secrets:
+    - secret: $DOGFOOD_TESTING_AND_QA_ENROLL_SECRET
+agent_options:
+  config:
+    decorators:
+      load:
+        - SELECT uuid AS host_uuid FROM system_info;
+        - SELECT hostname AS hostname FROM system_info;
+    options:
+      disable_distributed: false
+      distributed_interval: 10
+      distributed_plugin: tls
+      distributed_tls_max_attempts: 3
+      logger_tls_endpoint: /api/osquery/log
+      logger_tls_period: 10
+      pack_delimiter: /
+  update_channels:
+    osqueryd: edge
+    orbit: edge
+    desktop: edge
+controls:
+  enable_disk_encryption: true
+  scripts:
+    # macOS scripts
+    - path: ../lib/macos/scripts/uninstall-fleetd-macos.sh
+    # Windows scripts
+    - path: ../lib/windows/scripts/uninstall-fleetd-windows.ps1
+    # Linux scripts
+    - path: ../lib/linux/scripts/uninstall-fleetd-linux.sh
+    - path: ../lib/linux/scripts/install-fleet-desktop-required-extension.sh
+policies:
+  # macOS policies
+  - path: ../lib/macos/policies/enrollment-profile-up-to-date.yml
+  # Linux policies
+  - path: ../lib/linux/policies/check-fleet-desktop-extension-enabled.yml
+queries:
+software:
+  packages:
+    # Linux apps
+    - path: ../lib/linux/software/zoom-deb.yml # Zoom for Ubuntu
+    - path: ../lib/linux/software/zoom-rpm.yml # Zoom for RHEL
+    - path: ../lib/linux/software/slack-deb.yml # Zoom for Ubuntu
+    - path: ../lib/linux/software/slack-rpm.yml # Zoom for RHEL
+  fleet_maintained_apps:
+    # macOS apps
+    - slug: santa/darwin # Santa for macOS
+      self_service: true
+    - slug: vnc-viewer/darwin # VNC Viewer for macOS
+      self_service: true
+    - slug: beyond-compare/darwin # Beyond Compare for macOS
+      self_service: true
+    - slug: iterm2/darwin # iTerm2 for macOS
+      self_service: true