Changes:
- Added a landing page that has links to upcoming citops workshops, and
a link to a form where users can request a GitOps workshop.
- Updated the contact page to display a GitOps workshop request form for
users who are linked to it from the GitOps workshop landing page.
- Added `deliver-gitops-workshop-request`, an action that sends details
of GitOps workshop request submissions to Salesforce.
- Added a new helper that creates campaign member objects in Salesforce.
- Added two new config variables used to get event details from the
Eventbrite API.
Removed 'sampfluger88' from '.github/workflows' code owners and added
code owner assignments for various issue templates, specifying
responsible users for each template.
Moved several handbook path ownerships from CODEOWNERS to custom.js and
added corresponding entries in custom.js. Updated reviewer lists for
CODEOWNERS and custom.js files to include 'ireedy'. Adjusted ownership
for specific handbook sections to reflect current maintainers.
For https://github.com/fleetdm/fleet/issues/37261
Changes:
- Added a new database model: `FleetInstanceUsingVpp`
- Added `/api/vpp/v1/register`: An API endpoint that validates provided
Fleet license keys, creates a database record for the proxy
registration, and returns a generated secret used to authenticate
requests to the other VPP proxy endpoint
- Added `/api/vpp/v1/metadata/:storeRegion`: An API endpoint that
forwards requests to the
`https://api.ent.apple.com/v1/catalog/${storeRegion}/stoken-authenticated-apps`
Apple API with a token generated using Fleet's Apple developer
credentials.
---------
Co-authored-by: Ian Littman <[email protected]>
Closes: https://github.com/fleetdm/fleet/issues/36620
Changes:
- Updated the website to use the osquery 5.20.0 schema when generating
osquery table documentation pages and osquery_fleet_schema.json
- Regenerated osquery_fleet_schema.json
- Simplify steps. Why? Fewer handoffs / approvals
- #g-software EM reviews all PRs within 3 business days
- Commit to automated tests. No need to do manual testing because the CI
already installs the app and checks, via osquery, if the
install/uninstalls worked
- Remove issue template
Why now?
- https://github.com/fleetdm/confidential/issues/12844
---------
Co-authored-by: Martin Angers <[email protected]>
Co-authored-by: George Karr <[email protected]>
Related to: https://github.com/fleetdm/confidential/issues/10999
Changes:
- added domains to the list of personal email domains that cannot be
used to submit forms on the Fleet website, and sorted the list
alphabetically.
Closes: #33798Closes: #35223
Related to: https://github.com/fleetdm/fleet/issues/34618
Related to: https://github.com/fleetdm/fleet/issues/34611
Changes:
- Updated the `manage-fleet-premium-trial-instances` script to:
- Send a request to the Github API to trigger a workflow to create a DNS
and SES configuration for new Render trial instances, and send a request
to trigger a workflow to delete the DNS and SES configuration when trial
instances expire
- Use a new prompt to generate unique slugs for new Render trial
instances
- Configure SES on new Fleet Premium trial instances
- Prefix licenses generated for Fleet Premium trial instances with
'Render-trial-`
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33848
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added support for the Security & Compliance project within the GitHub
integration, enabling tracking and visibility alongside existing
projects.
- Refactor
- Streamlined project mapping logic to improve consistency when
processing updates from GitHub; behavior for existing projects remains
unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Closes: #33548
Changes:
- Added a new configuration variable
`sails.config.custom.bannedEmailDomainsForContactFormSubmissions` that
contains a list of domains (currently a single domain) that cannot be
used to submit the contact form
- Updated the `bannedEmailDomainsForWebsiteSubmissions` list to include
`example.com`
- Updated the deliver-contact-form-message action to return an
`invalidEmailDomain` exit if the contact form is submitted with an email
domain in the `bannedEmailDomainsForContactFormSubmissions` list
Fixes#30483
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new webhook endpoint to track GitHub Projects v2 item status
changes and record engineering metrics.
* Integrated with Google BigQuery for storing and analyzing issue status
transition data.
* **Chores**
* Introduced a new POST API route for receiving GitHub Projects v2 item
events.
* Added configuration options for GitHub webhook secrets and Google
Cloud service account keys (commented out for future use).
* Added a new dependency for Google BigQuery integration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Eric <[email protected]>
<ins>*🌐 IT and Enablement:*</ins>
- Rename "🌐 Digital Experience" to "🌐 IT and Enablement" dept
- Rename "digital-experience.rituals.yml" to
"it-and-enablement.rituals.yml"
<ins>*🧑🚀 People*</ins>
- Create 🧑🚀 People dept
- Create "people.rituals.yml"
<ins>*🔭 CEO*</ins> (<= WHY? To maintain the [structure of the
handbook](https://fleetdm.com/handbook/company/leadership#outline-of-departmental-page-structure).)
- Create 🔭 CEO page and link to leadership
- Create ceo.rituals.yml
<ins>*💸 Finance*</ins>
- Renamed label "#g-finance" to ":help-finance" to match the rest of the
departmental labels.
---------
Co-authored-by: Eric <[email protected]>
Updating FMA process for adding new apps by internal and external
contributors. Goals:
- A fast-track experience for contributors if the app does not have
complications (don't need to wait for issue prioritization)
- As few handoffs as possible
---------
Co-authored-by: Ian Littman <[email protected]>
Co-authored-by: Marko Lisica <[email protected]>
Related to: https://github.com/fleetdm/fleet/issues/26270
Changes:
- Added a new database model: `AndroidEnterprise`
- Added one new website dependency: `[email protected]`
- Added `android-proxy/create-android-signup-url`: an endpoint that
returns a signup url used to grant access to Fleet's Android MDM
integration.
- Added `android-proxy/create-android-enterprise`: An endpoint that
creates an Android enterprise for a Fleet server
- Added `android-proxy/create-android-enrollment-token`: An endpoint
that returns an enrollment token for an Android enterprise
- Added `android-proxy/modify-android-policies`: An endpoint used to
update policies of an Android enterprise
- Added `android-proxy/delete-one-android-enterprise`: an endpoint that
deletes an Android enterprise
---------
Co-authored-by: Victor Lyuboslavsky <[email protected]>
Changes:
- Created a new database model: `MicrosoftComplianceTenant`. A model
that stores information about complaince tenants
- Added `/policies/is-cloud-customer`: a policy that blocks requests to
microsoft proxy endpoints if a `MS API KEY` header is missing or does
not match a new config variable
(`sails.custom.config.cloudCustomerCompliancePartnerSharedSecret`)
- Added `microsoft-proxy/create-compliance-partner-tenant`: an action
that creates a database record for a new compliance tenant and generates
an API key that is used to authenticate future requests to microsoft
proxy endpoints for an entra tenant.
- Added `microsoft-proxy/get-compliance-partner-settings`: an action
that returns information about Fleet's complaince partner entra
application and the entra tenant's admin consent status (whether or not
a tenant's entra admin has granted permissions to Fleet's compliance
partner application)
- Added `microsoft-proxy/get-tenants-admin-consent-status`: an action
that updates the admin consent status of a compliance tenant record.
- Added `microsoft-proxy/setup-compliance-partner-tenant`: an action
that provisions a compliance tenant, creates a complaince policy for
macOS devices assigns the created policy to the built-in "All users"
user group on the tenants entra instance.
- Added `microsoft-proxy/update-one-devices-compliance-status`: an
action that receives information about a device on a compliance tenant's
Fleet instance, sends that information to their Entra instance, and
returns the messsage ID returned by the asynchronus Entra API.
- Added `microsoft-proxy/get-one-compliance-status-result`: an action
that returns the result of a compliance status update from the Entra
API.
- Added `sails.helpers.microsoft-proxy.get-access-token-and-api-urls` A
helper that gets an access token for a tenant's entra instance and the
URLs of the API endpoints the microsoft proxy actions use for a tenant.
- Added `scripts/send-entra-heartbeat-requests` A script that will run
daily to keep all microsoft compliance integrations provisioned.
-
---------
Co-authored-by: Lucas Rodriguez <[email protected]>