Related to: #31753
Changes:
- Updated the "Deploy Fleet website" workflow to remove the
`website/assets` folder from the website's build slug when the website
deploys.
Related to: [#31753](https://github.com/fleetdm/fleet/issues/31753)
Changes:
- Updated the "Deploy Fleet website" workflow to push to the Heroku git
repo from a parentless commit that does not contain the full git
history.
Related to: https://github.com/fleetdm/fleet/issues/31720
Changes:
- Commented out the step that builds Storybook in the "Test Fleet
website" and "Deploy Fleet website" workflows. There is an error caused
by an incompatible version of a Storybook dependency that is preventing
these workflows from running.
Closes: #22931
Changes:
- Updated the deploy workflows for the Fleet website and the
vulnerability dashboard to run on Ubuntu 22.04 to prevent issues we've
been seeing with the Heroku deploy action and the latest version of
Ubuntu.
Done as part of oncall improvements.
`vars.GO_VERSION` can only be changed by admins and it's not public
(Fleet devs don't know the current value of the variable), this approach
uses the version specified in our `go.mod` file.
Closes: #14246
Changes:
- Added a new key to the rituals YAML configuration: `autoIssue.repo`.
This value should be a string that is the name of the GH repo that
issues for the ritual should be created in.
- Updated ritual validation in `build-static-content`.
- Added support for the "monthly" ritual frequency for rituals with an
`autoIssue` value.
- Updated the `create-issues-for-todays-rituals` script to create GitHub
issues for rituals.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
for https://github.com/fleetdm/fleet/issues/15584
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
Clsoes: https://github.com/fleetdm/fleet/issues/14162
Changes:
- Added two steps to the `deploy-fleet-website` workflow to prevent
errors when pushing to the Heroku git repo:
1. The first step runs a command to install the `heroku-repo` plugin in
the Heroku CLI.
2. The second step runs a command to reset the Heroku git repo for the
Fleet website. (This has no impact on the live Heroku app)
For #13715, this:
- Upgrades the Go version to `1.21.1`, infrastructure changes are
addressed separately at https://github.com/fleetdm/fleet/pull/13878
- Upgrades the linter version, as the current version doesn't work well
after the Go upgrade
- Fixes new linting errors (we now get errors for memory aliasing in
loops! 🎉 )
After this is merged people will need to:
1. Update their Go version. I use `gvm` and I did it like:
```
$ gvm install go1.21.1
$ gvm use go1.21.1 --default
```
2. Update the local version of `golangci-lint`:
```
$ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
```
3. (optional) depending on your setup, you might need to re-install some
packages, for example:
```
# goimports to automatically import libraries
$ go install golang.org/x/tools/cmd/goimports@latest
# gopls for the language server
$ go install golang.org/x/tools/gopls@latest
# etc...
```
Context: The "Deploy Fleet website" workflow is currently failing
because the `build-storybook` step requires Node v16.
<img width="1013" alt="image"
src="https://github.com/fleetdm/fleet/assets/7445991/7681e11e-a94f-4a0b-8cd8-baa1ef5a37d8">
Changes:
- Changed the `deploy-fleet-website` and `test-website` workflows to use
Node 16.
- Updated the version of `actions/setup-node` to v3 to use node 16.
- added the `--legacy-peer-deps` flag to the `npm install` in the
build-storybook step
- Added a step to build the storybook to the `test-website` workflow.
- Updated the `test-website` workflow to run when the workflow file is
changed.
At the moment, in Github Actions, when a job has `uses:
actions/setup-go` it uses a specific commit from that repo.
In that commit, it used `set-output` somewhere, which is now deprecated
and will be disabled within the next month or so.
See here for more information:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
This PR changes every instance where `actions/setup-go@...` was used and
replaces it with release `v2.1.3`. [From the release
notes](https://github.com/actions/setup-go/releases/tag/v2.1.3):
> Updated communication with runner to use environment files rather then
workflow commands
Which is what the above Github blog recommends doing.
---
Addationally, the latest version of this Github Action is
[`v4.0.0`](https://github.com/actions/setup-go/releases/tag/v4.0.0),
which you may want to update to in the future.
This pull request relies on the `mdm-gen-cert` command from
https://github.com/fleetdm/fleet/pull/8884.
Closes: https://github.com/fleetdm/fleet/issues/8223
Changes:
- Updated the deploy Fleet website workflow to:
- Add Go as a dependency
- Build the mdm-gen-cert binary in `/website/.tools/`
- add the `/.tools/` folder to the Heroku app
- Added `deliver-apple-csr.js` - an API that:
- can be called by making a `POST` request to
`/api/v1/deliver-apple-csr`
- accepts `csr` as an input
- runs the `mdm-gen-cert` command with the `csr` set as an environment
variable
- returns an `invalidEmailDomain` response if the user's email domain is
in the array of banned email domains.
- saves the users organization and email address to the website's
database
- Sends an email to the requesting user's email address with the signed
CSR attached as a text file named `apple-apns-request.txt`
- Posts a message to a channel in the Fleet Slack.
- Added a new model: `CertificateSigningRequests` that contains two
required attributes: `emailAddress` and `organization`
- Added a new email template `email-signed-csr-for-apns`
- Updated routes, policies, eslintrc, and rebuilt cloud-sdk
Before this can be merged, we will need to:
- [x] Add new config variables in Heroku
- [x] `sails.config.custom.mdmVendorCertPem`
- [x] `sails.config.custom.mdmVendorKeyPem`
- [x] `sails.config.custom.mdmVendorKeyPassphrase`
- [x] `sails.config.custom.slackWebhookUrlForMDMSignups`
- [x] Add the `CertificateSigningRequests` model to the website's
database
Changes:
- Updated the `build-static-content` script to use a GitHub API token
for requests if one is provided e.g., `sails run build-static-content
--githubAccessToken="foo"`
- Updated the `build-for-prod` npm script to run the
`build-static-content` script with a variable named `BUILD_SCRIPT_ARGS`.
- Updated the "Deploy Fleet website" and "Test Fleet website" workflows
to run the `build-for-prod` script with a GitHub API token
. .
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
* Adding permissions to docs.yml and integration.yml
* Update codeql-analysis.yml
Adding top level read permissions to codeql workflow
* Update codeql-analysis.yml
Adding manual dispatch to codeql - to be able to test it easier
* Update deploy-fleet-website.yml
Adding top level read permission + write in the job so it can push the website
* Update test-website.yml
test-website should only need read permissions on content.
* Update fleet-and-orbit.yml
Testing Fleet and Orbit should be fine with top level read access
* Update fleetctl-preview.yml
fleetctl-preview should be fine with just read access at top level
* Update push-osquery-perf-to-ecr.yml
ECR is out of github so read permissions should be enough
* Update semgrep-analysis.yml
semgrep should only need read
* Update test-packaging.yml
Should only need read permission - setting on top
* Update test.yml
Should not need any write access - setting to READ on top.
* Update deploy-fleet-website.yml
Removing git write permission - since this pushes to Heroku not GitHub
* Tweaked as per Zach's comments
Removed some useless restrictions (contents none on a public repo for example)
* Removed meaningless permissions
contents: none - this does not have any security advantage on a public repo
* Upgrade to get rid of REPL schmutz
* rename workflow to lessen ambiguity vs. markdown compilation of docs
* ensure lockfile makes it to fleetdm.com prod
* skip force git add of package-lock to avoid confusion for now. (reverts 4e7e23990c)
* rename build script (because now it won't always be markdown source files)
* update metadata to match prev commit
* change key name in generated sailsrc for consistency
* stub query library page
* used named params so others can tell what's up with the forcing
* expand comments
* expand comments
* intermediate commit- playing with inlining the guts from doctemplater
* stub basic docpage shell and a little page to preview that on
* Compile YAML and set up query library page
* clean sailsrc
* optimize build by running everything in parallel
* Add note about the fact that we don't even need to clone anything since we've consolidated it all into one repo now. facepalm
* un-parallelize one bit that fails in CI if it's parallelized (it'll go away soon anyway)
* Brought in the mostly-unchanged stuff from Sails website- changed just enough to get it working
* inline beforeConvert and afterConvert, for readability
because it's better when you tell a story with the parts of the story in order
* trivial (change arg name for clarity)
* trivial (apply more up-to-date err callback convention)
* modernize some of the bits relying on reassigning arguments
* convert the rest of the way to async/await
* trivial
* just aesthetics
* remove reliance on app-level config
* mostly i'm doing this to remember how it works
* normalize better so this can be more flexible
* this makes it work (albeit needs a bit more fluffing)
* strip out more sails-specific stuff
* clean up menu files between runs, scrape off a bit more technical debt
* scrape out some more dead code
* use devDependencies for markdown compilation stuff since it won't be compiling at runtime
* stub script for compiling markdown content
* Fill in implementation of script, rename helper.
* add note about the non-markdown file problem
* tweak output paths for clarity
* Improve generated menu content and set up groundwork for being able to easily access it via config
* Use .sailsrc to hold onto menu content, so it's injected into config for easier access (rather than reading JSON files whenever needed)
* more explicit tmp filename, in case we forget how this works later
* fix typo in build script (missing .js extension)
* Stub query detail page and a dev route for developing it
http://localhost:2024/sandbox/example-query
* fix helper friendlyName
* Run compilation in series to avoid race condition in doc-templater when cloning from the same repo. Add todos about sitemap and further menu data cleanup.
* make sandbox actually useful
* Help prevent accidental checking in of compiled HTML files.
* rename script and generated folder in partials/
* fix/expand script metadata
Fourth attempt to limit the "Deploy Fleet Website" workflow to only the fleetdm/fleet repository.
Add the $ character to the $GITHUB_REPOSITORY env variable.
* rename dir
* no need to install website or docs from npm
At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code
* Bring in fleetdm.com website
From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21
* add procfile for heroku
Using https://github.com/timanovsky/subdir-heroku-buildpack
* avoid getting anybody's hopes up
* Create deploy-fleet-website.yml (#82)
* Create deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* update pjs with SPDX-like license expressions. also fix repo URL
and remove package lock
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* remove dummy uri
* Dissect deploy script
* Update deploy-fleet-website.yml
* workaround for eslintrc nesting issue
* lint fixes
* forgot the .js
* add per-commit git config
* Update deploy-fleet-website.yml
* might as well remove that
* cleanup
* connect w/ heroku app and have it actually push
* fix bug I introduced in 578a1a01ff
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* the beauty, the glory, of javascript
* GH actions don't like "\n"
* Update deploy-fleet-website.yml
* restore \n chars from 0d45e568f6
hoping I was wrong in 0d45e568f6 but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* Update deploy-fleet-website.yml
* rename script to prevent duplicate building
* Configure the real website
* clean up
* a test of the deploy workflow
* add handbook to npmignore
* I guess you could call this fixing a typo
* point workflow at master branch
* now clearly bogus: this completely unused version string
