487 commits

Author	SHA1	Message	Date
Lucas Manuel Rodriguez	2875a9dbb8	Fixes to fleetctl debug connection and TLS certs documentation (#20166) ... #6085 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Added/updated tests - [x] Manual QA for all new/changed functionality	2024-07-09 14:04:23 -03:00
Victor Lyuboslavsky	4a09cd1ce8	Validate base-fleetd daily (#20196) ... #19126 Validate base-fleetd daily Workflow run: https://github.com/fleetdm/fleet/actions/runs/9781375393	2024-07-09 09:54:01 -05:00
Roberto Dip	01030cbde6	test approach for running integration suite in parallel (#20085) ... for #18297 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Manual QA for all new/changed functionality	2024-07-01 11:37:12 -03:00
Victor Lyuboslavsky	6015717838	Releasing new fleetd-base flow (#20093) ... #19182 Releasing new fleetd-base flow - The flow has been QA'd - The flow puts the generated files into new directories (`stable` and `archive`), so risk is low	2024-06-28 12:57:14 -05:00
Dante Catalfamo	188b52c979	Generate a summary on any go-test failure, add context after panic (#20066) ... Stops developers from having to manually grep through the logs to find the failing test	2024-06-27 15:39:23 -04:00
Lucas Manuel Rodriguez	3c02ac1278	Add github action to check the auto-generated documentation is up-to-date (#20025) ... Oncall project to keep auto-generated documentation up-to-date. - Auto-generated documentation from Golang source code. - Auto-generated table JSON schema from yaml files in `schema/tables/` (we currently remind the developer to run the sails.js commands in the PR or ask Eric to do it). Sample of the failure if the developer forgot to run `make generate-doc` (similar to `make test-db-schema`): 	2024-06-27 06:35:09 -03:00
Lucas Manuel Rodriguez	3a64c83145	Release fleetd 1.27.0 (#19933) ... - **Release fleetd 1.27.0** --------- Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>	2024-06-21 16:00:13 -03:00
Lucas Manuel Rodriguez	addb665c8b	Dogfood iPhones team GitOps (#19897) ... Changes to dogfood GitOps for #18866.	2024-06-20 17:13:24 -03:00
Luke Heath	0002b178ff	Schedule nightly gitops run in dogfood (#19816)	2024-06-17 14:12:17 -07:00
Victor Lyuboslavsky	d3b9bade74	Keep all fleetd-base and fleetd-chrome artifacts. (#19749) ... #19182 and #19111 - Upload and keep all fleetd-base and fleetd-chrome artifacts - Code sign fleetd-base.msi - Verify checksums and try installing fleetd-base packages These changes will apply the fleet-base workflow to download-testing.fleetdm.com, and another PR will change to the production endpoint (download.fleetdm.com) after QA. ## fleetd-base Successful fleetd-base workflow run: https://github.com/fleetdm/fleet/actions/runs/9522282299 New meta files will be in the `stable` directory: - https://download-testing.fleetdm.com/stable/meta.json - https://download-testing.fleetdm.com/stable/tuf-meta.json The files in the root directory will no longer be updated for backward compatibility. ## fleetd-chrome Successful fleetd-chrome beta run: https://github.com/fleetdm/fleet/actions/runs/9552391075/job/26328861033	2024-06-17 15:49:06 -05:00
Robert Fairburn	dcd551f671	initial osquery docker sidecar and osquery local builds (#19641)	2024-06-12 13:25:07 -05:00
Lucas Manuel Rodriguez	606635b131	Release fleetd 1.26.0 (#19673) ... - **Release fleetd 1.26.0** --------- Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>	2024-06-11 19:51:57 -03:00
Roberto Dip	a24e665c13	Lock goreleaser version in CI to ~> 1 (#19529) ... A few days ago, a new major version of goreleaser was published, which is currently breaking our workflows: ``` ⨯ command failed error=unknown flag: --rm-dist ``` This locks the version to a max satisfying semver under 1 until we have time to update to the new major.	2024-06-05 13:35:28 -03:00
Victor Lyuboslavsky	f761827850	Move CalculateAggregatedPerfStatsPercentiles reads to the replica (#19206) ... Move CalculateAggregatedPerfStatsPercentiles reads to the replica #18838 I manually tested the aggregated query stats change by using a read replica. https://github.com/fleetdm/fleet/blob/main/tools/mysql-replica-testing/README.md - But set `master_delay=0` due to issue https://github.com/fleetdm/fleet/issues/19272 - Run a saved query as a live query, and see that its stats in `aggregated_stats` table are updated. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality	2024-05-31 07:08:31 -05:00
JD	94be5c0a9c	Adds VM team to gitops (#19316) ... Adds Virtual machines team to gitops. fleetdm/confidential#6762 --------- Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>	2024-05-29 11:19:24 -07:00
Lucas Manuel Rodriguez	a10befe657	Release fleetd 1.25.0 (#19203)	2024-05-22 14:38:24 -03:00
Victor Lyuboslavsky	d1b1c181f1	Refactoring fleetd-chrome workflows to use R2 upload action (#19157) ... Refactoring fleetd-chrome workflows to use the reusable R2 upload action.	2024-05-21 09:23:03 -05:00
Victor Lyuboslavsky	550f08d62d	Generate plist for fleetd-base pkg. (#19112) ... #19111 Generate plist for fleetd-base pkg. Currently configured for TESTING. Uploaded file: https://download-testing.fleetdm.com/fleetd-base-manifest.plist	2024-05-17 13:48:53 -05:00
Victor Lyuboslavsky	4d671e63d4	fleetd-chrome v1.3.1 release (#19087) ... #18811 * Fixed bug where fleetd-chrome sent multiple read requests to Fleet server at the same time. * Improved console log output messages when Fleet server is down.	2024-05-16 16:39:36 -05:00
Lucas Manuel Rodriguez	fd323a3909	Catch FAIL and panic: runtime error in CI (#19009) ... This is just a CI change to catch these other type of errors and display them on the Slack message: Instead of showing just `unknown, please check build URL`: 	2024-05-15 10:01:26 -03:00
Lucas Manuel Rodriguez	b9d38c4b66	Bump osqueryd version to 5.12.2 (#18893)	2024-05-09 19:00:27 -03:00
Victor Lyuboslavsky	ed792e078f	Updated release-fleetd-base workflow to use production values. (#18887) ... #16347 Updated release-fleetd-base workflow to use production values.	2024-05-09 14:56:04 -05:00
Victor Lyuboslavsky	c2df15dfd1	In GitOps workflow, do dry run on pull request. (#18854)	2024-05-08 14:58:56 -05:00
Dante Catalfamo	2c6e7c71a8	Zsh script support (#18411) ... #17321	2024-04-30 14:38:56 -04:00
Tim Lee	0a27843b83	bump golangci-lint to 1.55.2 (#18604)	2024-04-30 08:59:14 -06:00
Victor Lyuboslavsky	bf0f6ec55a	Added release-fleetd-base workflow. (#18194) ... #16347 New GitHub workflow. - Uses `tools/tuf/status/tuf-status.go` to check the latest osquery/orbit/fleet-desktop versions - Uploads https://download-testing.fleetdm.com/meta.json to keep track of versions - macOS: https://download-testing.fleetdm.com/fleetd-base.pkg - Windows: https://download-testing.fleetdm.com/fleetd-base.msi This version creates and uploads macOS and fleetd base packages to https://download-testing.fleetdm.com QA instructions updated in the issue. After QA, we will update the workflow to upload to https://download.fleetdm.com	2024-04-29 11:51:40 -05:00
Victor Lyuboslavsky	9ff682e0ff	Windows orbit.exe and fleet-desktop.exe are now signed. (#18201) ... #17187 Windows orbit.exe and fleet-desktop.exe are now signed. Signed fleet-desktop.exe artifact at: https://github.com/fleetdm/fleet/actions/runs/8834788809 Signed orbit.exe artifact at: https://github.com/fleetdm/fleet/actions/runs/8834817940 For signing fleetctl.exe, opened a new issue: https://github.com/fleetdm/fleet/issues/18540	2024-04-26 12:46:23 -05:00
Roberto Dip	7edd756237	increase timeout for the installation of Colima (#18533) ... saw many jobs timeout and fail. Optionally, should we use `macos-12` that comes with Colima pre-installed? can make that change as well, just lmk	2024-04-25 13:10:14 -03:00
Roberto Dip	e4ebe31971	use Colima for CI runners (#18495) ... The `macos-latest` runner is using `macos-14` + ARM now, which was causing the Docker install to fail. I switched to `macos-13` since seems to be a cheap x86_64 alternative and figured what was the problem with Colima so we don't have to deal with Docker anymore.	2024-04-24 08:38:07 -03:00
Roberto Dip	d677546e04	sign fleetctl for macOS during releases (#16670) ... possible approach to solve #16664 --------- Co-authored-by: Luke Heath <luke@fleetdm.com>	2024-04-19 14:36:30 -03:00
Lucas Manuel Rodriguez	83342c4042	Add reviewers to automated PRs (#18390) ... I was thinking on adding `team-reviewers: go`, but there's the following note on the github's action repository, so let's start simple: 	2024-04-18 10:51:07 -03:00
Lucas Manuel Rodriguez	78fc11dd4e	Release fleetd 1.24.0 (#18378) ... - **Release fleetd 1.24.0**	2024-04-17 18:37:53 -03:00
Victor Lyuboslavsky	ba6315f27a	Setting DOGFOOD_WORKSTATIONS_CANARY_CALENDAR_WEBHOOK_URL (#18298) ... To fix failing gitops flow. Related to https://github.com/fleetdm/confidential/issues/6015 Needs DOGFOOD_WORKSTATIONS_CANARY_CALENDAR_WEBHOOK_URL GitHub secret if not set already.	2024-04-16 10:19:58 -05:00
Rachael Shaw	160448f7d3	Add spaces after emojis in team names (#18249) ... Kind of a silly PR 😅 The team names used to have spaces after the emojis and I thought it looked a little more polished 💅	2024-04-15 17:52:15 -05:00
Joanne Stableford	419634d368	Configure google calendar integration in dogfood with API key (#18220) ... Related: https://github.com/fleetdm/confidential/issues/6015 --------- Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>	2024-04-12 16:54:41 -04:00
Lucas Manuel Rodriguez	01f9963856	Add summary to test-go.yml Slack message when it fails (#18188) ... This is to clearly see what is failing. (Looking through the thousands of log lines via the URL is tedious.) 	2024-04-10 18:04:26 -03:00
Lucas Manuel Rodriguez	1b35ffd0ef	Release fleetd 1.23.0 (#18133)	2024-04-09 15:15:06 -03:00
Brock Walters	8d0d309a1f	Update macos-install-wine.sh with codesign warning (#17982) ... The Wine developer does have an Apple Develeoper certificate but the "Wine Stable" app bundle is not code-signed or notarized post-install & disables Gatekeeper for the install. This adds a warning to the script user about the app not being signed. post-install --------- Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>	2024-04-05 16:14:57 -04:00
Lucas Manuel Rodriguez	3d260fa9ab	Bump osqueryd version to 5.12.1 (#18028) ... Bumping version of osqueryd for releasing 5.12.1 to the `edge` channel.	2024-04-03 10:57:28 -03:00
Roberto Dip	8dac783c50	increase TUF expiration warning by one day ... hopefully this will get obsolete before we have time to use it, but just in case this increments the warning time to give us more leeway.	2024-04-02 11:21:17 -03:00
Martin Angers	8253e77264	Enable release device: copy global settings to new teams created via puppet (#17842)	2024-03-26 08:15:57 -04:00
StepSecurity Bot	80335d88d1	[StepSecurity] Apply security best practices (#17811)	2024-03-22 16:19:11 -05:00
Luke Heath	6ebc308eb4	[StepSecurity] ci: Harden GitHub Actions (#17780)	2024-03-22 15:32:23 -05:00
Luke Heath	38ea8db7cd	Set GitHub workflow DRIs (#17777)	2024-03-21 16:04:53 -05:00
StepSecurity Bot	8ae24ac4a9	[StepSecurity] ci: Harden GitHub Actions (#17767) ... ## Summary This pull request is created by [StepSecurity](https://app.stepsecurity.io/securerepo) at the request of @lukeheath. Please merge the Pull Request to incorporate the requested changes. Please tag @lukeheath on your message if you have any questions related to the PR. ## Security Fixes ### Least Privileged GitHub Actions Token Permissions The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) ### Pinned Dependencies GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>	2024-03-21 15:56:42 -05:00
Eric	36dafbd969	Update vulnerability dashboard deploy action & update github maintainers in custom.js (#17602) ... Changes: - Updated the deploy-vulnerability-dashboard workflow to use the correct variables for the Heroku steps. - Added GitHub maintainers to `website/config/custom.js` for the GitHub workflows related to the vulnerability dashboard.	2024-03-21 11:58:45 -05:00
Victor Lyuboslavsky	9ae36d9a1d	Emojis back on Dogfood team names. Need to rename in UI before merging. (#17605) ... Emojis are back on Dogfood team names. Need to rename the teams in UI before merging. Otherwise, GitOps will simply create new teams. Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>	2024-03-19 16:18:10 -05:00
Eric	b1945b2128	Add fleet-vulnerability-dashboard repo to ee/ folder (#17428) ... Closes: https://github.com/fleetdm/confidential/issues/4057 Changes: - Added the contents of the fleet-vulnerability-dashboard repo to ee/vulnerability-dashboard - Added a github workflow to deploy the vulnerability dashboard on Heroku - Added a github workflow to test changes to the vulnerability-dashboard - Updated the website's custom configuration to enable auto-approvals/review requests to files in the ee/vulnerability-dashboard folder	2024-03-13 13:06:11 -05:00
Gabriel Hernandez	55c7f1e886	require a specific node and yarn version (#17205) ... Adds a minimum supported node and yarn version to the project. Currently if you are on an unsupported version of node or yarn, there is no messaging telling you that is the issue. The build just fails, and you are left to figure out it's because of your node version. With this change, it will be much clearer why any of the node required commands (e.g. make deps, make generate-dev, make lint-js, make test-js) are not working, and it will tell you exactly which minimum version of node or yarn you need. **After the console error is clear about using an unsupported node version**  - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Manual QA for all new/changed functionality	2024-03-13 12:45:28 +00:00
Zach Wasserman	549c66cb32	Generate osqueryd targets for 5.12.0 (#17403)	2024-03-06 10:46:27 -08:00