Ian Littman
ab996dc57d
Note that minimum MySQL version is 8.0.36 everywhere (not just 8.0) because that's what we test with ( #22072 )
...
Also mention that we test with 8.4.2 in a few more places.
Note that while I'm editing release articles, this isn't retconning
minimum requirements; we mention in 4.55.0 release notes further down
that we expect 8.0.36.
2024-09-13 10:59:38 -05:00
Roberto Dip
078c0ac3b7
document and use MDM SSO settings via gitops ( #21869 )
...
for #21313
2024-09-09 17:03:20 -03:00
Roberto Dip
70923b8352
add wait until mysql is ready ( #21883 )
2024-09-06 18:17:22 -03:00
Lucas Manuel Rodriguez
6a5c515dc4
Attempt to use go.mod version instead of hidden Github var ( #21768 )
...
Done as part of oncall improvements.
`vars.GO_VERSION` can only be changed by admins and it's not public
(Fleet devs don't know the current value of the variable), this approach
uses the version specified in our `go.mod` file.
2024-09-03 20:49:50 -03:00
Victor Lyuboslavsky
1b06b050d7
Fix issues with coverage uploads ( #21736 )
...
#21707
2024-09-03 09:07:16 -05:00
Lucas Manuel Rodriguez
ea7d08fc88
Release fleetd 1.32.0 ( #21658 )
...
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
2024-08-29 18:51:10 -03:00
Lucas Manuel Rodriguez
8d4b7ad526
Remove unused workflow and dockerfile ( #21551 )
...
- `.github/workflows/push-osquery-perf-to-ecr.yml` has 0 workflow runs
(added but never used)
- `Dockerfile.osquery-perf` is only used by
`.github/workflows/push-osquery-perf-to-ecr.yml`.
2024-08-26 13:28:25 -03:00
Victor Lyuboslavsky
fdfc12982b
Improvements to go tests in CI ( #21545 )
...
#21546
Some improvements to overall go test CI run time.
2024-08-26 08:55:53 -05:00
Eric
debb2d1790
Add app to manage scripts and profiles. ( #21450 )
...
Related to: #20296
Changes:
- Added `ee/bulk-operations-dashboard`, a Sails.js app that lets users
manage configuration profiles and scripts across multiple teams on a
Fleet instance.
- Added a Github workflow to deploy the app to Heroku
- Added a Github workflow to test changes to the bulk operations
dashboard.
2024-08-22 14:59:15 -06:00
Lucas Manuel Rodriguez
ede0897acd
Pin trivy action ( #21425 )
...
Fixing code scanning warnings
https://github.com/fleetdm/fleet/security/code-scanning for the recently
added workflow.
2024-08-20 15:27:41 -03:00
Lucas Manuel Rodriguez
18f010f228
Update fleetdm/fleetctl, fleetdm/wix and fleetdm/bomutils docker images ( #21063 )
...
#20571
## Summary of changes
We have a few moving parts in fleetctl land (`fleetdm/wix` is used to
build `msi`s and `fleetdm/bomutils` is used to build `pkg`s, and
`fleetdm/fleetctl` can be used to build packages using docker, no need
for fleetctl executable):
```mermaid
graph LR
fleetctl_exec[fleetctl<br>executable];
wix_image[fleetdm/wix<br>docker image];
bomutils_image[fleetdm/bomutils<br>docker image];
fleetctl_image[fleetdm/fleetctl<br>docker image];
fleetctl_exec -- uses --> wix_image;
fleetctl_image -- COPY dependencies<br>FROM --> wix_image;
fleetctl_exec -- uses --> bomutils_image;
fleetctl_image -- COPY dependencies<br>FROM --> bomutils_image;
```
So, we'll need to update the three images: `fleetdm/bomutils`,
`fleetdm/wix` & `fleetdm/fleetctl`.
- `tools/bomutils-docker/Dockerfile`, `tools/wix-docker/Dockerfile` and
`tools/fleetctl-docker/Dockerfile`: Updating the base image to fix the
CRITICAL vulnerabilities.
- Modified existing+unused
`.github/workflows/build-and-check-fleetctl-docker-and-deps.yml` to run
every day to check for CRITICAL vulnerabilities in `fleetdm/wix`,
`fleetdm/bomutils` and `fleetdm/fleetctl`.
- `.github/workflows/goreleaser-fleetctl-docker-deps.yaml`:
`fleetdm/bomutils` and `fleetdm/wix` were pushed manually a few years
ago (most likely by Zach), so I've added a new action to release them
when we have changes to release (like now). It will basically release
`fleetctl/bomutils` and `fleetdm/wix` when pushing a tag of the form
`fleetctl-docker-deps-*` (we'll need to protect such tag prefix).
- Changes in `.github/workflows/test-native-tooling-packaging.yml` to
build `fleetdm/bomutils` and `fleetdm/wix` for `fleetdm/fleetctl` to use
them instead of the ones in docker hub.
--
Build before upgrading `debian:stable-slim`:
https://github.com/fleetdm/fleet/actions/runs/10255391418/job/28372231837
Build after upgrading `debian:stable-slim`:
https://github.com/fleetdm/fleet/actions/runs/10255550034
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files )
for more information.
- [x] Manual QA for all new/changed functionality
2024-08-20 14:07:59 -03:00
Roberto Dip
f4820e2af9
Release fleetd 1.31.0 ( #21391 )
...
- **Release fleetd 1.30.0**
- **fix issue with disk encryption banner (#21385 )**
- **Release fleetd 1.31.0**
2024-08-19 16:53:14 -03:00
Roberto Dip
936cc4a6d7
notify #help-engineering when a dogfood deploy is in progress ( #21347 )
...
This ensures `#help-engineering` is notified when a dogfood deploy is in
progress. It helps set people's expectations about what's going on while
the server is temporarily down.
2024-08-19 15:33:00 -03:00
Lucas Manuel Rodriguez
cdfa31ada5
Release osqueryd 5.13.1 ( #21329 )
2024-08-19 13:52:30 -03:00
Victor Lyuboslavsky
4eb72535dc
Support for MySQL 8.4.2 ( #21364 )
...
#21270
The main change for MySQL 8.4.2 is that foreign key constraints are
stricter:
https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_restrict_fk_on_non_standard_key
Also, most replica-related commands have been renamed.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files )
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- [x] Manual QA for all new/changed functionality
2024-08-16 16:32:38 +02:00
Dante Catalfamo
9a5e5372eb
SSVPP Backend and CLI ( #21132 )
...
#19882 and #20532
2024-08-14 10:25:32 -04:00
Luke Heath
34901a9dc7
Update goreleaser runner ( #21226 )
2024-08-09 10:50:43 -07:00
Roberto Dip
4853ecbf4e
Release fleetd 1.30.0 ( #21071 )
2024-08-06 07:32:24 -03:00
Lucas Manuel Rodriguez
ab7df5155d
Use docker compose on CI instead of docker-compose ( #21017 )
...
After this is merged I'll cherry pick to `minor-fleet-4.55.0`.
2024-08-02 18:12:36 -03:00
Lucas Manuel Rodriguez
2f479b3ba9
Release osqueryd 5.13.0 ( #20949 )
2024-08-02 14:57:50 -03:00
Dante Catalfamo
0a15647e10
Host software deleted at remigration ( #20996 )
...
# Recreate out of order migration, replace `docker-compose` with `docker compose` in db test runner
2024-08-02 10:47:40 -04:00
Lucas Manuel Rodriguez
6d87091a89
Release fleetd 1.29.0 ( #20700 )
2024-07-26 15:04:03 -03:00
Dante Catalfamo
5e1a3d03ae
MySQL 8.0 Migration ( #20225 )
...
#17249
2024-07-22 16:27:36 -04:00
Victor Lyuboslavsky
8c1c016b54
Don't stop unit tests if Go integration tests fail ( #20628 )
2024-07-20 19:22:07 +02:00
Lucas Manuel Rodriguez
84a81bafde
Release fleetd 1.28.0 ( #20581 )
...
Co-authored-by: Luke Heath <luke@fleetdm.com>
2024-07-19 12:47:00 -03:00
Dante Catalfamo
ecf2346ace
Add support for Linux ARM64 ( #19931 )
...
#1845
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Roberto Dip <rroperzh@gmail.com>
2024-07-17 16:07:59 -04:00
Luke Heath
d20ccd65d7
Run workflow on push to branches beginning the minor- ( #20549 )
2024-07-17 12:31:12 -07:00
Noah Talerman
02f4bfb794
Dogfood: best practice teams ( #20359 )
2024-07-15 16:22:15 -07:00
Lucas Manuel Rodriguez
2875a9dbb8
Fixes to fleetctl debug connection and TLS certs documentation ( #20166 )
...
#6085
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [X] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-07-09 14:04:23 -03:00
Victor Lyuboslavsky
4a09cd1ce8
Validate base-fleetd daily ( #20196 )
...
#19126
Validate base-fleetd daily
Workflow run: https://github.com/fleetdm/fleet/actions/runs/9781375393
2024-07-09 09:54:01 -05:00
Roberto Dip
01030cbde6
test approach for running integration suite in parallel ( #20085 )
...
for #18297
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Manual QA for all new/changed functionality
2024-07-01 11:37:12 -03:00
Victor Lyuboslavsky
6015717838
Releasing new fleetd-base flow ( #20093 )
...
#19182
Releasing new fleetd-base flow
- The flow has been QA'd
- The flow puts the generated files into new directories (`stable` and
`archive`), so risk is low
2024-06-28 12:57:14 -05:00
Dante Catalfamo
188b52c979
Generate a summary on any go-test failure, add context after panic ( #20066 )
...
Stops developers from having to manually grep through the logs to find
the failing test
2024-06-27 15:39:23 -04:00
Lucas Manuel Rodriguez
3c02ac1278
Add github action to check the auto-generated documentation is up-to-date ( #20025 )
...
Oncall project to keep auto-generated documentation up-to-date.
- Auto-generated documentation from Golang source code.
- Auto-generated table JSON schema from yaml files in `schema/tables/`
(we currently remind the developer to run the sails.js commands in the
PR or ask Eric to do it).
Sample of the failure if the developer forgot to run `make generate-doc`
(similar to `make test-db-schema`):
2024-06-27 06:35:09 -03:00
Lucas Manuel Rodriguez
3a64c83145
Release fleetd 1.27.0 ( #19933 )
...
- **Release fleetd 1.27.0**
---------
Co-authored-by: George Karr <georgekarrv@users.noreply.github.com>
2024-06-21 16:00:13 -03:00
Lucas Manuel Rodriguez
addb665c8b
Dogfood iPhones team GitOps ( #19897 )
...
Changes to dogfood GitOps for #18866 .
2024-06-20 17:13:24 -03:00
Luke Heath
0002b178ff
Schedule nightly gitops run in dogfood ( #19816 )
2024-06-17 14:12:17 -07:00
Victor Lyuboslavsky
d3b9bade74
Keep all fleetd-base and fleetd-chrome artifacts. ( #19749 )
...
#19182 and #19111
- Upload and keep all fleetd-base and fleetd-chrome artifacts
- Code sign fleetd-base.msi
- Verify checksums and try installing fleetd-base packages
These changes will apply the fleet-base workflow to
download-testing.fleetdm.com, and another PR will change to the
production endpoint (download.fleetdm.com) after QA.
## fleetd-base
Successful fleetd-base workflow run:
https://github.com/fleetdm/fleet/actions/runs/9522282299
New meta files will be in the `stable` directory:
- https://download-testing.fleetdm.com/stable/meta.json
- https://download-testing.fleetdm.com/stable/tuf-meta.json
The files in the root directory will no longer be updated for backward
compatibility.
## fleetd-chrome
Successful fleetd-chrome beta run:
https://github.com/fleetdm/fleet/actions/runs/9552391075/job/26328861033
2024-06-17 15:49:06 -05:00
Robert Fairburn
dcd551f671
initial osquery docker sidecar and osquery local builds ( #19641 )
2024-06-12 13:25:07 -05:00
Lucas Manuel Rodriguez
606635b131
Release fleetd 1.26.0 ( #19673 )
...
- **Release fleetd 1.26.0**
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
2024-06-11 19:51:57 -03:00
Roberto Dip
a24e665c13
Lock goreleaser version in CI to ~> 1 ( #19529 )
...
A few days ago, a new major version of goreleaser was published, which
is currently breaking our workflows:
```
⨯ command failed error=unknown flag: --rm-dist
```
This locks the version to a max satisfying semver under 1 until we have
time to update to the new major.
2024-06-05 13:35:28 -03:00
Victor Lyuboslavsky
f761827850
Move CalculateAggregatedPerfStatsPercentiles reads to the replica ( #19206 )
...
Move CalculateAggregatedPerfStatsPercentiles reads to the replica
#18838
I manually tested the aggregated query stats change by using a read
replica.
https://github.com/fleetdm/fleet/blob/main/tools/mysql-replica-testing/README.md
- But set `master_delay=0` due to issue
https://github.com/fleetdm/fleet/issues/19272
- Run a saved query as a live query, and see that its stats in
`aggregated_stats` table are updated.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-05-31 07:08:31 -05:00
JD
94be5c0a9c
Adds VM team to gitops ( #19316 )
...
Adds Virtual machines team to gitops. fleetdm/confidential#6762
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-05-29 11:19:24 -07:00
Lucas Manuel Rodriguez
a10befe657
Release fleetd 1.25.0 ( #19203 )
2024-05-22 14:38:24 -03:00
Victor Lyuboslavsky
d1b1c181f1
Refactoring fleetd-chrome workflows to use R2 upload action ( #19157 )
...
Refactoring fleetd-chrome workflows to use the reusable R2 upload
action.
2024-05-21 09:23:03 -05:00
Victor Lyuboslavsky
550f08d62d
Generate plist for fleetd-base pkg. ( #19112 )
...
#19111
Generate plist for fleetd-base pkg.
Currently configured for TESTING. Uploaded file:
https://download-testing.fleetdm.com/fleetd-base-manifest.plist
2024-05-17 13:48:53 -05:00
Victor Lyuboslavsky
4d671e63d4
fleetd-chrome v1.3.1 release ( #19087 )
...
#18811
* Fixed bug where fleetd-chrome sent multiple read requests to Fleet
server at the same time.
* Improved console log output messages when Fleet server is down.
2024-05-16 16:39:36 -05:00
Lucas Manuel Rodriguez
fd323a3909
Catch FAIL and panic: runtime error in CI ( #19009 )
...
This is just a CI change to catch these other type of errors and display
them on the Slack message:
Instead of showing just `unknown, please check build URL`:
2024-05-15 10:01:26 -03:00
Lucas Manuel Rodriguez
b9d38c4b66
Bump osqueryd version to 5.12.2 ( #18893 )
2024-05-09 19:00:27 -03:00
Victor Lyuboslavsky
ed792e078f
Updated release-fleetd-base workflow to use production values. ( #18887 )
...
#16347
Updated release-fleetd-base workflow to use production values.
2024-05-09 14:56:04 -05:00
Victor Lyuboslavsky
c2df15dfd1
In GitOps workflow, do dry run on pull request. ( #18854 )
2024-05-08 14:58:56 -05:00
Dante Catalfamo
2c6e7c71a8
Zsh script support ( #18411 )
...
#17321
2024-04-30 14:38:56 -04:00
Tim Lee
0a27843b83
bump golangci-lint to 1.55.2 ( #18604 )
2024-04-30 08:59:14 -06:00
Victor Lyuboslavsky
bf0f6ec55a
Added release-fleetd-base workflow. ( #18194 )
...
#16347
New GitHub workflow.
- Uses `tools/tuf/status/tuf-status.go` to check the latest
osquery/orbit/fleet-desktop versions
- Uploads https://download-testing.fleetdm.com/meta.json to keep track
of versions
- macOS: https://download-testing.fleetdm.com/fleetd-base.pkg
- Windows: https://download-testing.fleetdm.com/fleetd-base.msi
This version creates and uploads macOS and fleetd base packages to
https://download-testing.fleetdm.com
QA instructions updated in the issue. After QA, we will update the
workflow to upload to https://download.fleetdm.com
2024-04-29 11:51:40 -05:00
Victor Lyuboslavsky
9ff682e0ff
Windows orbit.exe and fleet-desktop.exe are now signed. ( #18201 )
...
#17187
Windows orbit.exe and fleet-desktop.exe are now signed.
Signed fleet-desktop.exe artifact at:
https://github.com/fleetdm/fleet/actions/runs/8834788809
Signed orbit.exe artifact at:
https://github.com/fleetdm/fleet/actions/runs/8834817940
For signing fleetctl.exe, opened a new issue:
https://github.com/fleetdm/fleet/issues/18540
2024-04-26 12:46:23 -05:00
Roberto Dip
7edd756237
increase timeout for the installation of Colima ( #18533 )
...
saw many jobs timeout and fail. Optionally, should we use `macos-12`
that comes with Colima pre-installed? can make that change as well, just
lmk
2024-04-25 13:10:14 -03:00
Roberto Dip
e4ebe31971
use Colima for CI runners ( #18495 )
...
The `macos-latest` runner is using `macos-14` + ARM now, which was
causing the Docker install to fail.
I switched to `macos-13` since seems to be a cheap x86_64 alternative
and figured what was the problem with Colima so we don't have to deal
with Docker anymore.
2024-04-24 08:38:07 -03:00
Roberto Dip
d677546e04
sign fleetctl for macOS during releases ( #16670 )
...
possible approach to solve #16664
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
2024-04-19 14:36:30 -03:00
Lucas Manuel Rodriguez
83342c4042
Add reviewers to automated PRs ( #18390 )
...
I was thinking on adding `team-reviewers: go`, but there's the following
note on the github's action repository, so let's start simple:
2024-04-18 10:51:07 -03:00
Lucas Manuel Rodriguez
78fc11dd4e
Release fleetd 1.24.0 ( #18378 )
...
- **Release fleetd 1.24.0**
2024-04-17 18:37:53 -03:00
Victor Lyuboslavsky
ba6315f27a
Setting DOGFOOD_WORKSTATIONS_CANARY_CALENDAR_WEBHOOK_URL ( #18298 )
...
To fix failing gitops flow.
Related to https://github.com/fleetdm/confidential/issues/6015
Needs DOGFOOD_WORKSTATIONS_CANARY_CALENDAR_WEBHOOK_URL GitHub secret if
not set already.
2024-04-16 10:19:58 -05:00
Rachael Shaw
160448f7d3
Add spaces after emojis in team names ( #18249 )
...
Kind of a silly PR 😅
The team names used to have spaces after the emojis and I thought it
looked a little more polished 💅
2024-04-15 17:52:15 -05:00
Joanne Stableford
419634d368
Configure google calendar integration in dogfood with API key ( #18220 )
...
Related: https://github.com/fleetdm/confidential/issues/6015
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-04-12 16:54:41 -04:00
Lucas Manuel Rodriguez
01f9963856
Add summary to test-go.yml Slack message when it fails ( #18188 )
...
This is to clearly see what is failing. (Looking through the thousands
of log lines via the URL is tedious.)
2024-04-10 18:04:26 -03:00
Lucas Manuel Rodriguez
1b35ffd0ef
Release fleetd 1.23.0 ( #18133 )
2024-04-09 15:15:06 -03:00
Brock Walters
8d0d309a1f
Update macos-install-wine.sh with codesign warning ( #17982 )
...
The Wine developer does have an Apple Develeoper certificate but the
"Wine Stable" app bundle is not code-signed or notarized post-install &
disables Gatekeeper for the install. This adds a warning to the script
user about the app not being signed. post-install
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
2024-04-05 16:14:57 -04:00
Lucas Manuel Rodriguez
3d260fa9ab
Bump osqueryd version to 5.12.1 ( #18028 )
...
Bumping version of osqueryd for releasing 5.12.1 to the `edge` channel.
2024-04-03 10:57:28 -03:00
Roberto Dip
8dac783c50
increase TUF expiration warning by one day
...
hopefully this will get obsolete before we have time to use it, but just
in case this increments the warning time to give us more leeway.
2024-04-02 11:21:17 -03:00
Martin Angers
8253e77264
Enable release device: copy global settings to new teams created via puppet ( #17842 )
2024-03-26 08:15:57 -04:00
StepSecurity Bot
80335d88d1
[StepSecurity] Apply security best practices ( #17811 )
2024-03-22 16:19:11 -05:00
Luke Heath
6ebc308eb4
[StepSecurity] ci: Harden GitHub Actions ( #17780 )
2024-03-22 15:32:23 -05:00
Luke Heath
38ea8db7cd
Set GitHub workflow DRIs ( #17777 )
2024-03-21 16:04:53 -05:00
StepSecurity Bot
8ae24ac4a9
[StepSecurity] ci: Harden GitHub Actions ( #17767 )
...
## Summary
This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo ) at the request of
@lukeheath. Please merge the Pull Request to incorporate the requested
changes. Please tag @lukeheath on your message if you have any questions
related to the PR.
## Security Fixes
### Least Privileged GitHub Actions Token Permissions
The GITHUB_TOKEN is an automatically generated secret to make
authenticated calls to the GitHub API. GitHub recommends setting minimum
token permissions for the GITHUB_TOKEN.
- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow )
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions )
### Pinned Dependencies
GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.
- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions )
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies )
## Feedback
For bug reports, feature requests, and general feedback; please email
support@stepsecurity.io . To create such PRs, please visit
https://app.stepsecurity.io/securerepo .
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-21 15:56:42 -05:00
Eric
36dafbd969
Update vulnerability dashboard deploy action & update github maintainers in custom.js ( #17602 )
...
Changes:
- Updated the deploy-vulnerability-dashboard workflow to use the correct
variables for the Heroku steps.
- Added GitHub maintainers to `website/config/custom.js` for the GitHub
workflows related to the vulnerability dashboard.
2024-03-21 11:58:45 -05:00
Victor Lyuboslavsky
9ae36d9a1d
Emojis back on Dogfood team names. Need to rename in UI before merging. ( #17605 )
...
Emojis are back on Dogfood team names. Need to rename the teams in UI
before merging. Otherwise, GitOps will simply create new teams.
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-03-19 16:18:10 -05:00
Eric
b1945b2128
Add fleet-vulnerability-dashboard repo to ee/ folder ( #17428 )
...
Closes: https://github.com/fleetdm/confidential/issues/4057
Changes:
- Added the contents of the fleet-vulnerability-dashboard repo to
ee/vulnerability-dashboard
- Added a github workflow to deploy the vulnerability dashboard on
Heroku
- Added a github workflow to test changes to the vulnerability-dashboard
- Updated the website's custom configuration to enable
auto-approvals/review requests to files in the
ee/vulnerability-dashboard folder
2024-03-13 13:06:11 -05:00
Gabriel Hernandez
55c7f1e886
require a specific node and yarn version ( #17205 )
...
Adds a minimum supported node and yarn version to the project.
Currently if you are on an unsupported version of node or yarn, there is
no messaging telling you that is the issue. The build just fails, and
you are left to figure out it's because of your node version. With this
change, it will be much clearer why any of the node required commands
(e.g. make deps, make generate-dev, make lint-js, make test-js) are not
working, and it will tell you exactly which minimum version of node or
yarn you need.
**After the console error is clear about using an unsupported node
version**
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
- [x] Manual QA for all new/changed functionality
2024-03-13 12:45:28 +00:00
Zach Wasserman
549c66cb32
Generate osqueryd targets for 5.12.0 ( #17403 )
2024-03-06 10:46:27 -08:00
Luke Heath
4015a897da
Update trivy scan options ( #17357 )
2024-03-04 16:36:17 -06:00
Luke Heath
960a7a350a
Remove tfsec workflow ( #17354 )
2024-03-04 16:13:41 -06:00
Luke Heath
0fc941fc2d
Update Trivy vulnerability scan workflow ( #17353 )
2024-03-04 15:29:32 -06:00
Victor Lyuboslavsky
7a20da1f2f
Moving mdm_profiles to it-and-security/lib/mdm_profiles ( #17268 )
...
Moving mdm_profiles to it-and-security/lib/mdm_profiles so that they are
together with other gitops config files.
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
2024-03-01 15:18:54 -06:00
Roberto Dip
456bc3c9a9
puppet module: prevent running match call if a preassignment failed ( #17175 )
...
for #16954
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-02-28 19:15:41 -03:00
Victor Lyuboslavsky
f36b7d4d6d
Use gitops with dogfood. ( #17098 )
...
#17043
Set up dogfood to use gitops. I copied the current dogfood
configs/policies/queries into the gitops flow.
Successful workflow run:
https://github.com/fleetdm/fleet/actions/runs/8023101797/job/21918883543?pr=17098
---------
Co-authored-by: Noah Talerman <noahtal@umich.edu>
2024-02-28 10:50:10 -06:00
Lucas Manuel Rodriguez
762cd076d7
Start release of fleetd v1.22.0 ( #17139 )
...
#17053 & #17054
2024-02-26 09:36:53 -03:00
Luke Heath
fb44217467
Update codeql workflow ( #17067 )
2024-02-22 12:27:52 -06:00
Lucas Manuel Rodriguez
4d1467c9b3
Upload only orbit executable to ease future automation and reduce size of artifacts ( #17024 )
...
Reasons:
- Smaller artifacts on
https://github.com/fleetdm/fleet/actions/workflows/goreleaser-orbit.yaml
(used when releasing fleetd).
- Less error prone (human performing the release has to be careful to
not pick the macOS amd64 or arm64 version of orbit, and pick the
universal one)
- Moves a small step forward to #16131
2024-02-21 20:12:18 -03:00
Lucas Manuel Rodriguez
763c137b67
[On-call improve docs] Versions of currently released fleetd components on Fleet's TUF ( #16698 )
...
Should tackle #14026 .
This will run a daily Github action and create a PR if there's a new
update in our TUF on `edge` or `stable`.
E.g. somebody releases 1.22.0 fleetd to `stable` on our TUF and the next
day this automation runs and will create a PR that updates the versions
in `orbit/TUF.md` (or they can run the workflow manually).
Am happy to amend the shape of `orbit/TUF.md` (or we can iterate later).
2024-02-15 15:30:29 -03:00
Roberto Dip
efe68e2c66
fix puppet tests and add CI workers ( #16529 )
...
for #16059
2024-02-05 09:50:18 -03:00
Lucas Manuel Rodriguez
4492ae3b24
Start fleetd 1.21.0 release ( #16464 )
...
#16422
2024-01-30 18:27:35 -03:00
Victor Lyuboslavsky
ed7ab1e428
Fixed macOS MSI package -- using local wine and wix ( #16307 )
...
New flow for `fleetctl --package --type=msi` on macOS using arm64
processor (M1, M2, etc.)
- wine must be installed locally. See
./orbit/tools/build/install-wine-macos.sh and
https://wiki.winehq.org/MacOS for reference.
- --local-wix-dir can be used to point to a local Wix3 installation
(using this switch requires a current Fleet EE subscription)
#15463
PR for docs: https://github.com/fleetdm/fleet/pull/16459
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2024-01-30 11:08:21 -06:00
Lucas Manuel Rodriguez
1afb015f6c
Test DB migrations with Percona XtraDB MySQL server 5.7.25 ( #16320 )
...
#15881
This PR adds a script to test DB migrations with Percona XtraDB 5.7.25.
PS: To run this test before we merge this PR to `main` you will need to
change step 2 (`Make sure to be on latest main`), instead of `main` use
this branch `15881-test-migrations-with-percona`.
2024-01-29 14:21:37 -03:00
Victor Lyuboslavsky
30f3d585f4
Updated fleetd-chrome to use non-beta location. ( #16295 )
2024-01-24 11:10:24 -06:00
Victor Lyuboslavsky
3669089a11
Re-enabling tests in fleetd release flow. ( #16229 )
...
#16165
Fixed test by adding missing dependencies. Added back test to
fleetd-chrome release workflows.
2024-01-22 09:54:16 -06:00
Zach Wasserman
25d36c2c55
Remove test step in fleetd-chrome release ( #16143 )
2024-01-16 12:11:12 -08:00
Zach Wasserman
14dd650920
Fix fleetd-chrome release workflows ( #16142 )
...
Use `npm test` instead of `npm run test`.
2024-01-16 12:04:26 -08:00
Zach Wasserman
8bea7137af
fleetd-chrome release workflows ( #16020 )
...
Add GitHub Actions for releasing fleetd-chrome beta and production. See
the included README updates for details.
This was tested with an `on: pull-request` trigger for the beta workflow
which is now removed for merging into the repo.
2024-01-16 11:56:43 -08:00
Eric
43f21baa86
Website: Update script to create GH issues for rituals in YAML files. ( #15752 )
...
Closes : #14246
Changes:
- Added a new key to the rituals YAML configuration: `autoIssue.repo`.
This value should be a string that is the name of the GH repo that
issues for the ritual should be created in.
- Updated ritual validation in `build-static-content`.
- Added support for the "monthly" ritual frequency for rituals with an
`autoIssue` value.
- Updated the `create-issues-for-todays-rituals` script to create GitHub
issues for rituals.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
2024-01-15 12:53:53 -06:00
Roberto Dip
95b1c0df62
add automation to check timestamp.json and send slack notification ( #16012 )
...
proposal/idea to check once a day if `timestamps.json` is expired and
send a slack notification if it expires on the same day or it already
expired.
2024-01-10 17:06:52 -03:00
Lucas Manuel Rodriguez
6001d02e3b
Update fleetd CHANGELOG for the 1.20.0 release ( #16000 )
2024-01-10 13:55:19 -03:00
Lucas Manuel Rodriguez
4627a92447
Move external dependency osquery-in-a-box to monorepo ( #15871 )
...
#15563
- [X] Manual QA for all new/changed functionality
Tested by running the following:
If the changes haven't been merged to `main`:
```sh
fleetctl preview --preview-config 15563-move-external-dep-osquery-in-a-box-to-monorepo
fleetctl preview stop
fleetctl preview reset
```
If the changes were already merged to `main`:
```sh
fleetctl preview
fleetctl preview stop
fleetctl preview reset
```
2024-01-10 11:45:52 -03:00
Roberto Dip
edaa7acac3
lock in macOS version for Fleet Desktop workers ( #16009 )
...
Implementing a safety measure to prevent issues like #15910 in
production.
Setting the macOS version explicitly avoids unexpected changes in the
builder runtime, ensuring the Fleet Desktop executable remains
compatible.
As of this commit, 'macos-latest' refers to 'macos-12'. We're aligning
the worker to this version, although building on macOS 13.x (presently
in GitHub workers' beta) should also be viable.
2024-01-10 11:33:48 -03:00
Victor Lyuboslavsky
14d5c9094b
fleetd-chrome unit tests ( #15918 )
2024-01-04 21:41:24 -06:00
Zach Wasserman
3244610ed2
Build osquery targets for 5.11.0 ( #15892 )
2024-01-03 15:03:59 -08:00
Lucas Manuel Rodriguez
1bdd6a98a6
Bump Fleet Desktop version to 1.19.0 ( #15819 )
2023-12-22 15:16:02 -03:00
Robert Fairburn
255bcd8002
GeoLite2 addon for Dogfood and Cloud ( #15643 )
2023-12-14 13:22:11 -06:00
Joanne Stableford
654783b715
Update min macOS for fleetctl-workstations to 14.2 ( #15622 )
2023-12-13 13:08:31 -05:00
Roberto Dip
6353849004
update Go to 1.21.5 ( #15592 )
...
for https://github.com/fleetdm/fleet/issues/15584
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [x] Manual QA for all new/changed functionality
2023-12-13 13:57:12 -03:00
Joanne Stableford
fb25b5c564
Update min macOS for workstation canary group to 14.2 ( #15588 )
2023-12-13 11:28:39 -05:00
Martin Angers
fb01e30f27
Require a custom Clone for cacheable items, add tooling and CI check to help catch issues ( #15458 )
2023-12-06 14:34:22 -05:00
Tim Lee
e7132454ee
CI fix - Use bash in Start tunnel step ( #14872 )
2023-11-21 16:15:17 -07:00
Tim Lee
0557f10ac5
14729 smtp settings validation for TLS ( #15029 )
2023-11-21 11:48:21 -07:00
Eric
ed7c51c9c9
Add --coverpkg flag to go test in the Makefile ( #15153 )
...
Related to: #10209
Changes:
- Updated the go test in the Makefile to have the `--codepkg` flag.
- Added a newline to the `test-go` GH workflow to trigger a run for this
PR
> Note: I'm creating this as a draft PR to see the results of the "Test
Go" workflow
2023-11-20 17:01:19 -06:00
Joanne Stableford
c7af163577
Update fleetctl-workstations to min macOS 14.1.1 ( #15209 )
2023-11-20 12:50:52 -05:00
Joanne Stableford
f02fa91576
Update fleetctl-workstations-canary to macOS 14.1.1 ( #15208 )
2023-11-20 12:48:02 -05:00
Joanne Stableford
7945c17a39
Update name for workflow ( #15203 )
...
Update name to "Apply latest configuration profiles and macOS updates"
Because it used to say update MDM (workflow is for more than MDM), and
keeps it in line with workstation group.
2023-11-20 12:37:42 -05:00
Lucas Manuel Rodriguez
809cc5e2d3
Bump Fleet Desktop version to v1.18.3 ( #15123 )
2023-11-14 07:07:55 -03:00
Zach Wasserman
4dff885b16
Generate targets for osquery 5.10.2 ( #14828 )
2023-11-07 14:32:41 -03:00
Lucas Manuel Rodriguez
a8bf79193f
Update Fleet Desktop to 1.18.2 ( #14976 )
2023-11-07 14:32:20 -03:00
Luke Heath
91db043094
Use go variable to set version in workflows ( #14890 )
2023-11-03 09:42:27 -05:00
Sharon Katz
ab7717009e
Add Kolide osquery tables
2023-11-01 20:11:35 -06:00
Robert Fairburn
7b31344988
Dogfood github actions and monitoring module fixes ( #14875 )
...
These items fix the github action for use with the updates to the
monitoring module.
Additionally there were some changes needed to the monitoring module to
make it behave inside the GH action.
Once this is approved/merged, the new tag for them monitoring module
will be created as `tf-mod-addon-monitoring-v1.1.1`
2023-11-01 16:34:13 -05:00
Martin Angers
0d3ba2534b
Fix checking for hosts FK when no migrations files were modified ( #14866 )
2023-11-01 14:41:43 -04:00
Tim Lee
203fdb51ba
Prevent hosts foreign key migrations ( #14290 )
2023-11-01 09:04:46 -06:00
Zach Wasserman
dbd84cc366
Generate targets for osquery 5.10.1 ( #14413 )
2023-10-31 10:20:20 -07:00
Eric
2216132267
Update the deploy-fleet-website workflow ( #14756 )
...
Clsoes: https://github.com/fleetdm/fleet/issues/14162
Changes:
- Added two steps to the `deploy-fleet-website` workflow to prevent
errors when pushing to the Heroku git repo:
1. The first step runs a command to install the `heroku-repo` plugin in
the Heroku CLI.
2. The second step runs a command to reset the Heroku git repo for the
Fleet website. (This has no impact on the live Heroku app)
2023-10-26 17:24:56 -05:00
dependabot[bot]
4aa1301550
Bump ossf/scorecard-action from 2.1.2 to 2.3.1 ( #14723 )
2023-10-24 14:25:02 -05:00
Luke Heath
23d8087401
Publish on push to prepare and patch branches ( #14648 )
2023-10-23 11:41:41 -05:00
Roberto Dip
ad9e30f120
Update Go to v1.21.3 ( #14634 )
...
for #14633
2023-10-19 10:01:05 -03:00
dependabot[bot]
12c46af3b2
Bump fleetdm/fleet-mdm-gitops from 1.0.7 to 1.1.0 ( #14453 )
2023-10-11 13:52:31 -05:00
Roberto Dip
641856c1dc
trigger orbit build on version bump ( #14315 )
...
The
[goreleaser-orbit.yaml](https://github.com/fleetdm/fleet/actions/workflows/goreleaser-orbit.yaml )
workflow tends to timeout up to 9-10 times before successfully building
a macOS binary.
We have been using this workflow as a back-up, but it requires doing the
version bump and manually triggering the workflow, which can be error
prone.
This change follows the `workflows/generate-desktop-targets.yml` to
trigger the workflow when the workflow file itself is modified.
2023-10-05 09:52:10 -03:00
Roberto Dip
5a9c0af652
Bump Fleet Desktop version to 1.17.0 ( #14179 )
2023-09-29 10:02:08 -03:00
Roberto Dip
3bf6f18c16
bump Orbit version to 1.17.0 ( #14183 )
2023-09-29 10:01:46 -03:00
Luke Heath
d809858f4e
Revert docker publish filtering on pull requests ( #14125 )
2023-09-26 12:02:50 -05:00
Luke Heath
1e1e28791f
Document milestone release ritual ( #13932 )
2023-09-25 14:35:36 -05:00
Lucas Manuel Rodriguez
fe7d9f9f8b
Allow manual run of docker publish CI action ( #14051 )
...
I need this change to load test #13926 .
Due to recent changes we are not triggering a build on every
branch/commit pushed.
For load testing we need a way to trigger a build manually.
2023-09-21 15:14:43 -03:00
Luke Heath
72b3a6b7bb
Remove merge gatekeeper workflow ( #13989 )
2023-09-18 16:10:09 -05:00
Luke Heath
043976d250
Use GITHUB_TOKEN in merge gatekeeper ( #13980 )
2023-09-18 13:10:58 -05:00
Luke Heath
9debc2fd2c
Do not skip push commits on docker publish workflow ( #13960 )
...
Co-authored-by: Roberto Dip <me@roperzh.com>
2023-09-15 14:32:13 -05:00
Luke Heath
7815a7f695
Gatekeeper should ignore handbook and website PRs ( #13948 )
2023-09-15 09:57:28 -05:00
Luke Heath
798457d9aa
Do not run docker publish workflow on fork PRs ( #13918 )
2023-09-13 16:34:39 -05:00
Roberto Dip
ea6b59f179
upgrade Go version to 1.21.1 ( #13877 )
...
For #13715 , this:
- Upgrades the Go version to `1.21.1`, infrastructure changes are
addressed separately at https://github.com/fleetdm/fleet/pull/13878
- Upgrades the linter version, as the current version doesn't work well
after the Go upgrade
- Fixes new linting errors (we now get errors for memory aliasing in
loops! 🎉 )
After this is merged people will need to:
1. Update their Go version. I use `gvm` and I did it like:
```
$ gvm install go1.21.1
$ gvm use go1.21.1 --default
```
2. Update the local version of `golangci-lint`:
```
$ go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
```
3. (optional) depending on your setup, you might need to re-install some
packages, for example:
```
# goimports to automatically import libraries
$ go install golang.org/x/tools/cmd/goimports@latest
# gopls for the language server
$ go install golang.org/x/tools/gopls@latest
# etc...
```
2023-09-13 15:59:35 -03:00
Lucas Manuel Rodriguez
811e38c0f2
Add build info to orbit macos build action ( #13796 )
2023-09-07 13:23:38 -03:00
George Karr
899cb38f22
Allow build orbit to run manually ( #13795 )
2023-09-07 11:32:05 -03:00
Luke Heath
6130a7bbd7
Bump Fleet Desktop version to 1.16.0 ( #13753 )
2023-09-06 12:46:47 -05:00
Lucas Manuel Rodriguez
9a3b4cd365
Attempt to stabilize the broken integration.yml workflow ( #13653 )
...
#13547
This is an attempt to stabilize this workflow that has been broken for
4-6 months.
# Issue and proposed solution
Github runner VMs re-use UUIDs, which is not supported by Orbit (this
causes a host to be enrolled as two hosts in Fleet), thus, until that is
fixed in https://github.com/fleetdm/fleet/issues/8021 I propose we
stabilize this workflow by testing all `stable` channels only (which is
better than having the build broken all the time IMO).
Once https://github.com/fleetdm/fleet/issues/8021 is fixed we can re-add
the edge channels.
2023-09-01 12:25:17 -03:00
Roberto Dip
5ad734d617
upgrade go to v1.19.12 ( #13617 )
2023-08-31 13:49:24 -05:00
Luke Heath
204f082fe5
Pin all workflow actions versions by commit ( #13462 )
2023-08-31 12:09:21 -05:00
Luke Heath
0541618aeb
Add merge gatekeeper action ( #13546 )
2023-08-31 11:11:46 -05:00
Lucas Manuel Rodriguez
4654450bc8
Fix expected number of hosts for the Test fleetctl preview workflow ( #13605 )
...
Similar to the other we fixed recently the same way:
https://github.com/fleetdm/fleet/pull/13329
2023-08-30 17:45:41 -03:00
Lucas Manuel Rodriguez
f701dc55ed
CI: Add shell cmd for windows runner and add some debug logs to help troubleshoot ( #13592 )
...
After @rfairburn made the DNS change the clouldflared tunnel started
working again (after months of being broken).
#13547
Run: https://github.com/fleetdm/fleet/actions/runs/6025182774
This PR adds some fixes to the two workflows that make use of
cloudflared.
There are still some issues to fix but these are some changes needed to
continue/help troubleshooting.
2023-08-30 15:49:47 -03:00
KanchiMoe
dece8e179c
Upversion markdown-link-check Github action ( #12026 )
2023-08-22 13:57:45 -07:00
Lucas Manuel Rodriguez
cafbe161a1
Bump fleet desktop version to 1.15.0 to generate artifacts and release ( #13393 )
2023-08-18 15:23:38 -05:00
Zach Wasserman
4ecc7db6d6
Complete removal of Cypress ( #13389 )
...
Remove the last of the dependencies and configuration around Cypress
since we no longer use it for testing.
2023-08-18 11:06:12 -06:00
Lucas Manuel Rodriguez
f9d6cf986b
Fix expected number of hosts in fleetctl-preview-latest workflow ( #13329 )
...
#13182
[This PR](https://github.com/fleetdm/osquery-in-a-box/pull/18 ) in the
osquery-in-a-box repository recently added a new host to the simulated
host list which broke the CI job in the fleetdm/fleet repository.
PR run with this branch:
https://github.com/fleetdm/fleet/actions/runs/5866786432
PS: One of the reasons we had this osquery-in-a-box repository outside
the monorepo was to not break customers using `fleetctl preview`. But
now that we have Fleet Sandbox and we don't encourage users to use
`fleetctl preview`:
1. Does it make sense to have the separate repository?
2. Does it make sense to continue supporting this workflow in CI?
2023-08-15 14:16:07 -03:00
Luke Heath
3dfe4c74bb
Update action version ( #13136 )
2023-08-03 14:27:32 -07:00
Joanne Stableford
79b8dd8e8f
Update fleetctl-workstations to min macOS 13.5 ( #13109 )
2023-08-02 18:38:11 -04:00
Joanne Stableford
ea934424ae
Update fleetctl-workstations-canary min OS to macOS 13.5 ( #13108 )
2023-08-02 18:22:46 -04:00
Roberto Dip
d9de78e9fc
upgrade Go version to 1.19.11 ( #12902 )
2023-07-26 11:09:22 -07:00
Eric
63eca92536
Change Node version used in Github workflows, add build-storybook step to website test ( #12748 )
...
Context: The "Deploy Fleet website" workflow is currently failing
because the `build-storybook` step requires Node v16.
<img width="1013" alt="image"
src="https://github.com/fleetdm/fleet/assets/7445991/7681e11e-a94f-4a0b-8cd8-baa1ef5a37d8 ">
Changes:
- Changed the `deploy-fleet-website` and `test-website` workflows to use
Node 16.
- Updated the version of `actions/setup-node` to v3 to use node 16.
- added the `--legacy-peer-deps` flag to the `npm install` in the
build-storybook step
- Added a step to build the storybook to the `test-website` workflow.
- Updated the `test-website` workflow to run when the workflow file is
changed.
2023-07-13 13:11:20 -05:00
Gabriel Hernandez
f9bbd47381
add back public storybook site build step ( #12746 )
...
this adds back building and publishing of storybook website.
2023-07-13 17:44:41 +01:00
dependabot[bot]
dbf87cbe62
Bump github/codeql-action from 2.2.4 to 2.20.1 ( #12437 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 2.2.4 to 2.20.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.13.4</p>
<ul>
<li>(<a
href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4 ">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4 "><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src ">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib ">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src ">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib ">source</a>)</li>
<li><code>codeql/go-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src ">source</a>)</li>
<li><code>codeql/go-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib ">source</a>)</li>
<li><code>codeql/java-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src ">source</a>)</li>
<li><code>codeql/java-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib ">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src ">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib ">source</a>)</li>
<li><code>codeql/python-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src ">source</a>)</li>
<li><code>codeql/python-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib ">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src ">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib ">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src ">source</a>)</li>
<li><code>codeql/swift-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib/CHANGELOG.md ">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib ">source</a>)</li>
</ul>
<h2>CodeQL Bundle v2.6.0-beta.1</h2>
<p>Bundles CodeQL CLI <a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.0-beta.1 ">v2.6.0-beta.1</a></p>
<h3>⚠️ This is a beta release containing a new CodeQL packaging feature.
It may not be compatible with existing workflows.</h3>
<p>This release contains beta support for <strong>CodeQL packs</strong>.
Please read the documentation below for more information:</p>
<ul>
<li><a
href="https://codeql.github.com/docs/codeql-cli/about-codeql-packs ">Using
CodeQL packs with the CodeQL CLI</a></li>
<li><a
href="https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-codeql-query-packs ">Using
CodeQL packs in Code Scanning on GitHub Actions</a></li>
<li><a
href="https://docs.github.com/en/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#downloading-and-using-codeql-query-packs ">Using
CodeQL packs in Code Scanning on 3rd-party CI systems</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a
href="https://redirect.github.com/github/codeql-action/pull/1721 ">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action
which attempts to infer a configuration for the build environment that
is required to build a given project. Do not use this in production as
it is part of an internal experiment and subject to change at any
time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users
who received a Dependabot upgrade to <a
href="cdcdbb5797https://redirect.github.com/github/codeql-action/pull/1729 ">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a
href="https://redirect.github.com/github/codeql-action/pull/1698 ">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to
<code>artifactLocation.uri</code> properties. This reverses a change
from <a
href="https://redirect.github.com/github/codeql-action/pull/1668 ">#1668</a>
that inadvertently led to stricter validation of some URI values. <a
href="https://redirect.github.com/github/codeql-action/pull/1705 ">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a
href="https://redirect.github.com/github/codeql-action/pull/1694 ">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a
href="123e95847b/Schemata/sarif-schema-2.1.0.jsonhttps://redirect.github.com/github/codeql-action/pull/1668 ">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python
dependency installation for new users of the CodeQL Action. This
improves the speed of analysis while having only a very minor impact on
results. <a
href="https://redirect.github.com/github/codeql-action/pull/1676 ">#1676</a></li>
<li>We are improving the way that <a
href="https://github.com/github/codeql-action/releases ">CodeQL
bundles</a> are tagged to make it possible to easily identify bundles by
their CodeQL semantic version. <a
href="https://redirect.github.com/github/codeql-action/pull/1682 ">#1682</a>
<ul>
<li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using
semantic versions, for example <code>codeql-bundle-v2.13.4</code>,
instead of timestamps, like <code>codeql-bundle-20230615</code>.</li>
<li>This change does not affect the majority of workflows, and we will
not be changing tags for existing bundle releases.</li>
<li>Some workflows with custom logic that depends on the specific format
of the CodeQL bundle tag may need to be updated. For example, if your
workflow matches CodeQL bundle tag names against a
<code>codeql-bundle-yyyymmdd</code> pattern, you should update it to
also recognize <code>codeql-bundle-vx.y.z</code> tags.</li>
</ul>
</li>
<li>Remove the requirement for <code>on.push</code> and
<code>on.pull_request</code> to trigger on the same branches. <a
href="https://redirect.github.com/github/codeql-action/pull/1675 ">#1675</a></li>
</ul>
<h2>2.3.3 - 04 May 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.1. <a
href="https://redirect.github.com/github/codeql-action/pull/1664 ">#1664</a></li>
<li>You can now configure CodeQL within your code scanning workflow by
passing a <code>config</code> input to the <code>init</code> Action. See
<a href="https://aka.ms/code-scanning-docs/config-file ">Using a custom
configuration file</a> for more information about configuring code
scanning. <a
href="https://redirect.github.com/github/codeql-action/pull/1590 ">#1590</a></li>
</ul>
<h2>2.3.2 - 27 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a
href="https://redirect.github.com/github/codeql-action/pull/1649 ">#1649</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f6e388ebf0https://redirect.github.com/github/codeql-action/issues/1736 ">#1736</a>
from github/update-v2.20.1-4385ad556</li>
<li><a
href="28742472284385ad5563https://redirect.github.com/github/codeql-action/issues/1685 ">#1685</a>)</li>
<li><a
href="8ba77ef4d3https://redirect.github.com/github/codeql-action/issues/1734 ">#1734</a>)</li>
<li><a
href="82dbde173chttps://redirect.github.com/github/codeql-action/issues/1735 ">#1735</a>)</li>
<li><a
href="c6dff3470ehttps://redirect.github.com/github/codeql-action/issues/1721 ">#1721</a>
from github/update-bundle/codeql-bundle-v2.13.4</li>
<li><a
href="3e0c87dc38de74ca6211https://redirect.github.com/github/codeql-action/issues/1732 ">#1732</a>
from github/henrymercer/tolerate-unexpected-processi...</li>
<li><a
href="d6201b58de0ac18158d1https://redirect.github.com/github/codeql-action/issues/1684 ">#1684</a>
from github/mbg/add-resolve-environment</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v2.2.4...f6e388ebf0efc915c6c5b165b019ee61a6746a38 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-23 12:40:54 -07:00
dependabot[bot]
0730246723
Bump actions/setup-go from 2.1.3 to 4.0.1 ( #12294 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.1.3
to 4.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases ">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update documentation for <code>v4</code> by <a
href="https://github.com/dsame "><code>@dsame</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/354 ">actions/setup-go#354</a></li>
<li>Fix glob bug in the package.json scripts section by <a
href="https://github.com/IvanZosimov "><code>@IvanZosimov</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/359 ">actions/setup-go#359</a></li>
<li>Bump <code>xml2js</code> dependency by <a
href="https://github.com/dmitry-shibanov "><code>@dmitry-shibanov</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/370 ">actions/setup-go#370</a></li>
<li>Bump <code>@actions/cache</code> dependency to v3.2.1 by <a
href="https://github.com/nikolai-laevskii "><code>@nikolai-laevskii</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/374 ">actions/setup-go#374</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/nikolai-laevskii "><code>@nikolai-laevskii</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/374 ">actions/setup-go#374</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v4...v4.0.1 ">https://github.com/actions/setup-go/compare/v4...v4.0.1 </a></p>
<h2>v4.0.0</h2>
<p>In scope of release we enable cache by default. The action won’t
throw an error if the cache can’t be restored or saved. The action will
throw a warning message but it won’t stop a build process. The cache can
be disabled by specifying <code>cache: false</code>.</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: ‘1.19’
- run: go run hello.go
</code></pre>
<p>Besides, we introduce such changes as</p>
<ul>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/305 ">Allow to
use only GOCACHE for cache</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/315 ">Bump
json5 from 2.2.1 to 2.2.3</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/323 ">Use
proper version for primary key in cache</a></li>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/351 ">Always add
Go bin to the PATH</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/350 ">Add
step warning if go-version input is empty</a></li>
</ul>
<h2>Add support for stable and oldstable aliases</h2>
<p>In scope of this release we introduce aliases for the
<code>go-version</code> input. The <code>stable</code> alias instals the
latest stable version of Go. The <code>oldstable</code> alias installs
previous latest minor release (the stable is 1.19.x -> the oldstable
is 1.18.x).</p>
<h3>Stable</h3>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 'stable'
- run: go run hello.go
</code></pre>
<h3>OldStable</h3>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fac708d667https://redirect.github.com/actions/setup-go/issues/374 ">#374</a>)</li>
<li><a
href="dd84a9531ahttps://redirect.github.com/actions/setup-go/issues/370 ">#370</a>)</li>
<li><a
href="41c2024c46https://redirect.github.com/actions/setup-go/issues/359 ">#359</a>)</li>
<li><a
href="8dbf352f06https://redirect.github.com/actions/setup-go/issues/354 ">#354</a>)</li>
<li><a
href="4d34df0c23https://redirect.github.com/actions/setup-go/issues/348 ">#348</a>)</li>
<li><a
href="fdc0d672a1https://redirect.github.com/actions/setup-go/issues/351 ">#351</a>)</li>
<li><a
href="ebfdf6ac95https://redirect.github.com/actions/setup-go/issues/350 ">#350</a>)</li>
<li><a
href="b27d76912ehttps://redirect.github.com/actions/setup-go/issues/349 ">#349</a>)</li>
<li><a
href="c51a720768https://redirect.github.com/actions/setup-go/issues/332 ">#332</a>)</li>
<li><a
href="6b848af622https://redirect.github.com/actions/setup-go/issues/343 ">#343</a>
from akv-platform/reusable-workflow</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/setup-go/compare/v2.1.3...v4.0.1 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-23 12:38:42 -07:00
dependabot[bot]
ffcfdbc15d
Bump slackapi/slack-github-action from 1.18.0 to 1.24.0 ( #12293 )
...
Bumps
[slackapi/slack-github-action](https://github.com/slackapi/slack-github-action )
from 1.18.0 to 1.24.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/slackapi/slack-github-action/releases ">slackapi/slack-github-action's
releases</a>.</em></p>
<blockquote>
<h2>Slack Send V1.24.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add in testing instructions for maintainer's guide and standardize
bullet point punctuation by <a
href="https://github.com/hello-ashleyintech "><code>@hello-ashleyintech</code></a>
in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/140 ">slackapi/slack-github-action#140</a></li>
<li>Added checks for bot token and webhook url length by <a
href="https://github.com/koki-develop "><code>@koki-develop</code></a>
in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/124 ">slackapi/slack-github-action#124</a></li>
<li>Add channel_id output parameter by <a
href="https://github.com/maso7 "><code>@maso7</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/149 ">slackapi/slack-github-action#149</a></li>
<li><a
href="https://redirect.github.com/slackapi/slack-github-action/issues/171 ">#171</a>
Update Technique 2 to use Actions context instead of values property by
<a href="https://github.com/mwbrooks "><code>@mwbrooks</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/172 ">slackapi/slack-github-action#172</a></li>
<li>Fix interpolation of variables in file-based payloads by <a
href="https://github.com/filmaj "><code>@filmaj</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/200 ">slackapi/slack-github-action#200</a></li>
<li>Update README.md with variable usage and links to example workflows
by <a href="https://github.com/filmaj "><code>@filmaj</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/201 ">slackapi/slack-github-action#201</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/koki-develop "><code>@koki-develop</code></a>
made their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/124 ">slackapi/slack-github-action#124</a></li>
<li><a href="https://github.com/maso7 "><code>@maso7</code></a> made
their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/149 ">slackapi/slack-github-action#149</a></li>
<li><a href="https://github.com/mwbrooks "><code>@mwbrooks</code></a>
made their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/172 ">slackapi/slack-github-action#172</a></li>
<li><a href="https://github.com/hnarimiya "><code>@hnarimiya</code></a>
made their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/200 ">slackapi/slack-github-action#200</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/slackapi/slack-github-action/compare/v1.23.0...v1.24.0 ">https://github.com/slackapi/slack-github-action/compare/v1.23.0...v1.24.0 </a></p>
<h2>Slack Send V1.23.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump node from 12 to 16 by <a
href="https://github.com/quinnjn "><code>@quinnjn</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/128 ">slackapi/slack-github-action#128</a></li>
<li>Bump eslint from 8.23.0 to 8.24.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/135 ">slackapi/slack-github-action#135</a></li>
<li>Bump <code>@actions/core</code> from 1.9.1 to 1.10.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/134 ">slackapi/slack-github-action#134</a></li>
<li>Bump <code>@actions/github</code> from 5.0.3 to 5.1.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/133 ">slackapi/slack-github-action#133</a></li>
<li>Use https proxy agent by <a
href="https://github.com/EHitchcockIAG "><code>@EHitchcockIAG</code></a>
in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/132 ">slackapi/slack-github-action#132</a></li>
<li>Release v1.23.0 by <a
href="https://github.com/hello-ashleyintech "><code>@hello-ashleyintech</code></a>
in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/139 ">slackapi/slack-github-action#139</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/quinnjn "><code>@quinnjn</code></a> made
their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/128 ">slackapi/slack-github-action#128</a></li>
<li><a
href="https://github.com/EHitchcockIAG "><code>@EHitchcockIAG</code></a>
made their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/132 ">slackapi/slack-github-action#132</a></li>
<li><a
href="https://github.com/hello-ashleyintech "><code>@hello-ashleyintech</code></a>
made their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/139 ">slackapi/slack-github-action#139</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/slackapi/slack-github-action/compare/v1.22.0...v1.23.0 ">https://github.com/slackapi/slack-github-action/compare/v1.22.0...v1.23.0 </a></p>
<h2>Slack Send V1.22.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(message): support multiple channel IDs by <a
href="https://github.com/treemmett "><code>@treemmett</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/126 ">slackapi/slack-github-action#126</a>
(fixes <a
href="https://redirect.github.com/slackapi/slack-github-action/issues/118 ">#118</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/treemmett "><code>@treemmett</code></a>
made their first contribution in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/126 ">slackapi/slack-github-action#126</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/slackapi/slack-github-action/compare/v1.21.0...v1.22.0 ">https://github.com/slackapi/slack-github-action/compare/v1.21.0...v1.22.0 </a></p>
<h2>Slack Send V1.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>updated to 1.21.0, fixed update-ts by <a
href="https://github.com/stevengill "><code>@stevengill</code></a> in <a
href="https://redirect.github.com/slackapi/slack-github-action/pull/110 ">slackapi/slack-github-action#110</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/slackapi/slack-github-action/compare/v1.20.0...v1.21.0 ">https://github.com/slackapi/slack-github-action/compare/v1.20.0...v1.21.0 </a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e28cf165c9f07b4a2d032c8b741a82https://redirect.github.com/slackapi/slack-github-action/issues/201 ">#201</a>)</li>
<li><a
href="81a1dc0cd9https://redirect.github.com/slackapi/slack-github-action/issues/200 ">#200</a>)</li>
<li><a
href="4eb7313607https://redirect.github.com/slackapi/slack-github-action/issues/194 ">#194</a>)</li>
<li><a
href="17394c7ff6https://redirect.github.com/slackapi/slack-github-action/issues/195 ">#195</a>)</li>
<li><a
href="2746ea8222https://redirect.github.com/slackapi/slack-github-action/issues/196 ">#196</a>)</li>
<li><a
href="1b89efce66https://redirect.github.com/slackapi/slack-github-action/issues/197 ">#197</a>)</li>
<li><a
href="0e608ca738https://redirect.github.com/slackapi/slack-github-action/issues/188 ">#188</a>)</li>
<li><a
href="02b50ad38bhttps://redirect.github.com/slackapi/slack-github-action/issues/189 ">#189</a>)</li>
<li>Additional commits viewable in <a
href="16b6c78ee7...e28cf165c9
2023-06-23 12:32:30 -07:00
Joanne Stableford
0f9bfa3dbd
Update fleetctl-workstations os update to 13.4.1 ( #12471 )
2023-06-22 20:05:15 -04:00
Joanne Stableford
f6f713f7fc
Update fleetctl-workstations-canary for minimum os 13.4.1 ( #12469 )
2023-06-22 19:54:43 -04:00
Zach Wasserman
1080406266
Generate targets for osquery 5.9.1 ( #12410 )
2023-06-21 23:14:52 -07:00
Luke Heath
1f455055a1
Use actions token during helm-publish workflow ( #12430 )
2023-06-21 09:30:25 -06:00
Luke Heath
b5994e7cb9
Use GitHub token in GoReleaser workflow ( #12303 )
2023-06-13 11:54:55 -05:00
Roberto Dip
ab9ac28538
upgrade go version to 1.19.10 ( #12187 )
...
for #12177
2023-06-07 17:59:30 -03:00
Luke Heath
1f8ca0bbb4
Use personal access token for workflows ( #12118 )
2023-06-02 16:23:23 -05:00
Gabriel Hernandez
2fcc5ee72e
generate js coverage report in CI ( #12029 )
...
relates to #8771
Add coverage for frontend and improve coverage reports around Backend
and frontend code.
2023-06-01 17:46:25 +01:00
Martin Angers
8b1bf35414
Increase Go test timeout to 15m ( #11920 )
2023-05-29 08:44:10 -04:00
KanchiMoe
257336c8b0
Upversion github actions in tfvalidate.yml ( #12005 )
...
This fixes the deprecation warnings that appear at the bottom of
https://github.com/fleetdm/fleet/actions/runs/5083875257
2023-05-28 22:54:46 -04:00
Luke Heath
256aa855d8
Adjust macOS version update deadline ( #11988 )
2023-05-26 10:41:08 -05:00
Zach Wasserman
048de9a002
Move all workstations to macOS 13.4.0 ( #11918 )
2023-05-23 20:42:08 -07:00
Luke Heath
846ee18cb3
Add example workflow ( #11893 )
2023-05-23 13:52:21 -05:00
Zach Wasserman
499a040c1b
Move canary workstations to macOS 13.4.0 ( #11792 )
2023-05-18 15:37:25 -07:00
KanchiMoe
9e9fd633c7
Update 'install go' Github Actions to use tag as it uses deprecated commands ( #11408 )
...
At the moment, in Github Actions, when a job has `uses:
actions/setup-go` it uses a specific commit from that repo.
In that commit, it used `set-output` somewhere, which is now deprecated
and will be disabled within the next month or so.
See here for more information:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
This PR changes every instance where `actions/setup-go@...` was used and
replaces it with release `v2.1.3`. [From the release
notes](https://github.com/actions/setup-go/releases/tag/v2.1.3 ):
> Updated communication with runner to use environment files rather then
workflow commands
Which is what the above Github blog recommends doing.
---
Addationally, the latest version of this Github Action is
[`v4.0.0`](https://github.com/actions/setup-go/releases/tag/v4.0.0 ),
which you may want to update to in the future.
2023-05-17 15:56:16 -05:00
Luke Heath
191302c662
Use github action to apply profiles to workstations team ( #11716 )
2023-05-17 13:07:18 -05:00
Luke Heath
e794356e07
Use new fleet-mdm-gitops GitHub action to apply MDM configuration ( #11681 )
2023-05-16 10:16:22 -05:00
Luke Heath
25b7114174
Use new Fleet MDM gitops action ( #11678 )
2023-05-12 16:54:26 -05:00
Luke Heath
9f7e2ea4cc
Bump workstation macOS version requirement ( #11560 )
2023-05-09 16:07:03 -05:00
Zach Wasserman
8ebd988661
Update Fleet Desktop version ( #11549 )
2023-05-05 15:04:50 -07:00
dependabot[bot]
8c04305f7f
Bump aws-actions/amazon-ecr-login from 1.5.3 to 1.6.0 ( #11514 )
...
Bumps
[aws-actions/amazon-ecr-login](https://github.com/aws-actions/amazon-ecr-login )
from 1.5.3 to 1.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/amazon-ecr-login/releases ">aws-actions/amazon-ecr-login's
releases</a>.</em></p>
<blockquote>
<h2>v1.6.0</h2>
<p>See the <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/HEAD/CHANGELOG.md ">changelog</a>
for details about the changes included in this release.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/main/CHANGELOG.md ">aws-actions/amazon-ecr-login's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version ">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.3...v1.6.0 ">1.6.0</a>
(2023-03-29)</h2>
<h3>Features</h3>
<ul>
<li>add support for HTTP(s) proxy (<a
href="454a99d5dehttps://github.com/aws-actions/amazon-ecr-login/compare/v1.5.2...v1.5.3 ">1.5.3</a>
(2022-10-29)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.1...v1.5.2 ">1.5.2</a>
(2022-10-18)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.0...v1.5.1 ">1.5.1</a>
(2022-08-04)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>reverted change that masked Docker credentials (<a
href="7d073b66cchttps://github.com/aws-actions/amazon-ecr-login/compare/v1.4.0...v1.5.0 ">1.5.0</a>
(2022-06-27)</h2>
<h3>Features</h3>
<ul>
<li>added ECR Public Registry support (<a
href="b4f084e928https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.3...v1.4.0 ">1.4.0</a>
(2022-05-20)</h2>
<h3>Features</h3>
<ul>
<li>output docker credentials after login (<a
href="57206dc28cd121236bfd45a78e2dabhttps://github.com/aws-actions/amazon-ecr-login/compare/v1.3.2...v1.3.3 ">1.3.3</a>
(2021-02-15)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.1...v1.3.2 ">1.3.2</a>
(2021-02-01)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.0...v1.3.1 ">1.3.1</a>
(2020-11-24)</h3>
<h2><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.2.2...v1.3.0 ">1.3.0</a>
(2020-10-29)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2f9f10ea3f7724c7e157https://redirect.github.com/aws-actions/amazon-ecr-login/issues/430 ">#430</a>
from aws-actions/http-proxy</li>
<li><a
href="454a99d5de62f4f872dbhttps://redirect.github.com/aws-actions/amazon-ecr-login/issues/429 ">#429</a>)</li>
<li><a
href="5cf60ad52chttps://redirect.github.com/aws-actions/amazon-ecr-login/issues/428 ">#428</a>)</li>
<li><a
href="7179228b86https://redirect.github.com/aws-actions/amazon-ecr-login/issues/426 ">#426</a>)</li>
<li><a
href="4ccd3fe855https://redirect.github.com/aws-actions/amazon-ecr-login/issues/424 ">#424</a>)</li>
<li><a
href="7ba8fdb4b8https://redirect.github.com/aws-actions/amazon-ecr-login/issues/423 ">#423</a>)</li>
<li><a
href="069994d041https://redirect.github.com/aws-actions/amazon-ecr-login/issues/422 ">#422</a>
from taichunmin/main</li>
<li><a
href="4f0431daa8261a7de32b...2f9f10ea3fhttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/amazon-ecr-login&package-manager=github_actions&previous-version=1.5.3&new-version=1.6.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-03 12:06:24 -07:00
KanchiMoe
3496011e35
Convert remaining uses of set-output for Github Actions ( #11352 )
2023-04-27 16:11:27 -05:00
KanchiMoe
503a30092f
Fix integration Github action using the deprecated command set-output ( #11282 )
2023-04-26 10:15:23 -05:00
Robert Fairburn
eb93343ffe
Warn against deploying fleetdm/fleet:main directly ( #11316 )
...
Deploying `fleetdm/fleet:main` directly to dogfood has problems if
migrations are needed and an image restarts. This causes crashloops in
the containers and leads to being rate-limited for pulls on dockerhub.
Warn against this and also suggest using quay.io as an alternative image
location.
2023-04-25 13:22:59 -05:00
dependabot[bot]
672c0d9239
Bump actions/upload-artifact from 3.1.0 to 3.1.2 ( #10183 )
...
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact )
from 3.1.0 to 3.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases ">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.2</h2>
<ul>
<li>Update all <code>@actions/*</code> NPM packages to their latest
versions- <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/374 ">#374</a></li>
<li>Update all dev dependencies to their most recent versions - <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/375 ">#375</a></li>
</ul>
<h2>v3.1.1</h2>
<ul>
<li>Update actions/core package to latest version to remove
<code>set-output</code> deprecation warning <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/351 ">#351</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b7f8abb15https://github-redirect.dependabot.com/actions/upload-artifact/issues/312 ">#312</a>)</li>
<li><a
href="013d2b89bahttps://github-redirect.dependabot.com/actions/upload-artifact/issues/375 ">#375</a>)</li>
<li><a
href="055b8b3f04https://github-redirect.dependabot.com/actions/upload-artifact/issues/374 ">#374</a>)</li>
<li><a
href="7a5d4831f7https://github-redirect.dependabot.com/actions/upload-artifact/issues/315 ">#315</a>)</li>
<li><a
href="e0057a5b76https://github-redirect.dependabot.com/actions/upload-artifact/issues/352 ">#352</a>)</li>
<li><a
href="7fe6c13ac8https://github-redirect.dependabot.com/actions/upload-artifact/issues/363 ">#363</a>)</li>
<li><a
href="83fd05a356https://github-redirect.dependabot.com/actions/upload-artifact/issues/356 ">#356</a>)</li>
<li>See full diff in <a
href="3cea537223...0b7f8abb15https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.2 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-24 11:27:56 -07:00
Zachary Winnerman
443d2471d2
Add elastic apm to dogfood ( #11287 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-04-24 11:25:57 -04:00
Luke Heath
f53a896f09
Stop using temporary token ( #11210 )
2023-04-14 16:19:36 -05:00
Eric
29c9c17e1b
Remove build-storybook step from deploy website workflow ( #11209 )
...
Changes:
- Removed the build-storybook step from the "Deploy Fleet website"
workflow
- Removed the storybook directory from `website/.eslintignore`
2023-04-14 16:01:07 -05:00
Martin Angers
9aab3d628c
Move Redis cluster docker yml to separate file ( #11162 )
2023-04-12 15:14:28 -04:00
Luke Heath
30bc419491
Update workflow to set macos_updates and disk encryption for canary ( #11168 )
2023-04-12 11:32:13 -05:00
Luke Heath
bd1e7654dc
Use temporary github token to deploy website ( #11137 )
2023-04-11 10:37:47 -05:00
Luke Heath
7c6c209d79
Prepare v4.30.0 ( #11105 )
2023-04-10 15:48:34 -05:00
Zach Wasserman
1a521133f4
Upgrade Go version to 1.19.8 ( #11057 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
2023-04-07 12:05:22 -07:00
Noah Talerman
79e5f11664
Update Workstations YAML: Set macOS update deadline ( #10962 )
2023-04-06 18:42:04 -05:00
Luke Heath
0ee49f11fc
Prepare v4.29.1 ( #10945 )
2023-04-06 11:49:37 -05:00
Luke Heath
689d6ddffe
Exclude certain paths from docker publish workflow ( #10884 )
2023-04-06 11:49:11 -05:00
Robert Fairburn
a257a696a6
Ensure that short tags push to quay in addition to dockerhub ( #11006 )
...
This should include the short tags (such as `fleetdm/fleet:43e434b`)
when pushing to quay.io (`quay.io/fleetdm/fleet:43e434b`)
Additionally, the previous `docker buildx imagetools create` line was
only pushing a linux/amd64 image to quay. This means that for these
tags, one could not pull from quay on an arm64 Mac for example. This
update should correct that.
2023-04-05 12:04:34 -05:00
Luke Heath
bfaa8043bf
Add profiles workflow for canary team ( #10966 )
2023-04-04 15:51:07 -05:00
Luke Heath
ac983a97ab
Update the sentry environment variable name ( #10943 )
2023-04-03 14:12:16 -05:00
Robert Fairburn
fc84da1a36
Add Sentry secret to dogfood ( #10859 )
2023-03-30 12:51:12 -05:00
Robert Fairburn
0de8b58f60
Goreleaser quay push to use docker instead of podman ( #10830 )
...
This is to resolve #10693 and looks to work when it triggered on the
branch.
2023-03-30 12:46:39 -05:00
Lucas Manuel Rodriguez
40265d0e6f
Fix SMTP e-mail send when SMTP server has credentials ( #10758 )
...
#9609
This PR also fixes #10777 .
The issue is: We were using `svc.AppConfig` instead of
`svc.ds.AppConfig` to retrieve the SMTP credentials.
`svc.AppConfig` obfuscates credentials, whereas `svc.ds.AppConfig` does
not.
To help prevent this from happening again I've renamed `svc.AppConfig`
to `svc.AppConfigObfuscated`.
I've also added a new test SMTP server
(https://github.com/axllent/mailpit ) that supports Basic Authentication
and tests that make use of it to catch these kind of bugs (the tests are
executed when running `go test` with `MAIL_TEST=1`).
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-28 15:23:15 -03:00
Zach Wasserman
477bb53f90
Generate targets for osquery 5.8.2 ( #10802 )
2023-03-28 10:50:07 -07:00
Luke Heath
30aa31e763
Remove disable knex, install fleetctl, apply to workstations ( #10757 )
2023-03-27 09:53:05 -05:00
Luke Heath
547111d5b6
Prepare 4.29.0 ( #10610 )
2023-03-22 15:14:51 -05:00
Luke Heath
7ebf308b0c
Revert fleetctl apply token ( #10647 )
2023-03-21 12:51:41 -05:00
Luke Heath
d514998f3a
Use gitops API token ( #10639 )
2023-03-21 11:23:08 -05:00
Luke Heath
9bf4601120
Prepare 4.28.1 ( #10461 ) ( #10609 )
2023-03-20 17:11:38 -05:00
Robert Fairburn
aadfb12d51
Update dogfood deploy help_p1 webhook secret name ( #10537 )
2023-03-16 16:56:46 -05:00
Lucas Manuel Rodriguez
296b70cda3
Add CI check for spec yamls ( #10530 )
...
This is to prevent merging broken yamls.
2023-03-16 08:54:21 -03:00
Zachary Winnerman
3158da0985
Terraform version bump ( #10513 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-15 12:41:25 -04:00
Lucas Manuel Rodriguez
b0f490b4d6
Run make dump-test-schema ( #10505 )
...
Forgot to run this in https://github.com/fleetdm/fleet/pull/10478
2023-03-15 10:47:49 -03:00
Lucas Manuel Rodriguez
e926581427
Observers can observe team settings ( #10447 )
...
#9984
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- [X] Documented any permissions changes: Done by @noahtalerman, see
#10440
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- ~[ ] Manual QA for all new/changed functionality~
- For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-03-13 15:34:39 -03:00
Luke Heath
b3cd710286
Add MDM profiles and github workflow to apply them ( #10416 )
2023-03-10 11:23:10 -06:00
Zachary Winnerman
0ee617778a
Dogfood returns ( #10345 )
...
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-03-08 16:38:53 -05:00
dependabot[bot]
fdc55aabc4
Bump actions/cache from 3.0.8 to 3.2.6 ( #10268 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.8 to
3.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases ">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated branch in Force deletion of caches by <a
href="https://github.com/t-dedah "><code>@t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1108 ">actions/cache#1108</a></li>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners by <a
href="https://github.com/pdotl "><code>@pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1118 ">actions/cache#1118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.6 ">https://github.com/actions/cache/compare/v3...v3.2.6 </a></p>
<h2>v3.2.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Rewrite readmes by <a
href="https://github.com/jsoref "><code>@jsoref</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085 ">actions/cache#1085</a></li>
<li>Fixed typos and formatting in docs by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1076 ">actions/cache#1076</a></li>
<li>Fixing paths for OSes by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1101 ">actions/cache#1101</a></li>
<li>Release patch version update by <a
href="https://github.com/Phantsure "><code>@Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1105 ">actions/cache#1105</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jsoref "><code>@jsoref</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085 ">actions/cache#1085</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.5 ">https://github.com/actions/cache/compare/v3...v3.2.5 </a></p>
<h2>v3.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update json5 package version by <a
href="https://github.com/vsvipul "><code>@vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1065 ">actions/cache#1065</a></li>
<li>Cache recipes for cache, restore and save actions by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1055 ">actions/cache#1055</a></li>
<li>Add gnu tar and zstd as pre-requisites for windows self-hosted
runners by <a href="https://github.com/pdotl "><code>@pdotl</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1068 ">actions/cache#1068</a></li>
<li>Fix a whitespace typo by <a
href="https://github.com/kurtmckee "><code>@kurtmckee</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074 ">actions/cache#1074</a></li>
<li>📝 <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1045 ">#1045</a>
update using the <code>set-output</code> command is deprecated by <a
href="https://github.com/siguikesse "><code>@siguikesse</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046 ">actions/cache#1046</a></li>
<li>Fix referenced output key in save action readme by <a
href="https://github.com/ruudk "><code>@ruudk</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061 ">actions/cache#1061</a></li>
<li>Update workflows to use reusable-workflows by <a
href="https://github.com/jongwooo "><code>@jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1066 ">actions/cache#1066</a></li>
<li>Introduce add-to-project step & rename workflow files by <a
href="https://github.com/pallavx "><code>@pallavx</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077 ">actions/cache#1077</a></li>
<li>chore: Fix syntax error typo by <a
href="https://github.com/vHeemstra "><code>@vHeemstra</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081 ">actions/cache#1081</a></li>
<li>Update caching-strategies.md by <a
href="https://github.com/kpfleming "><code>@kpfleming</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084 ">actions/cache#1084</a></li>
<li>Added another usage hint to foresee <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1072 ">#1072</a>
by <a href="https://github.com/maybeec "><code>@maybeec</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089 ">actions/cache#1089</a></li>
<li>Add <code>fail-on-cache-miss</code> option by <a
href="https://github.com/cdce8p "><code>@cdce8p</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036 ">actions/cache#1036</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kurtmckee "><code>@kurtmckee</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074 ">actions/cache#1074</a></li>
<li><a
href="https://github.com/siguikesse "><code>@siguikesse</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046 ">actions/cache#1046</a></li>
<li><a href="https://github.com/ruudk "><code>@ruudk</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061 ">actions/cache#1061</a></li>
<li><a href="https://github.com/pallavx "><code>@pallavx</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077 ">actions/cache#1077</a></li>
<li><a href="https://github.com/vHeemstra "><code>@vHeemstra</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081 ">actions/cache#1081</a></li>
<li><a href="https://github.com/kpfleming "><code>@kpfleming</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084 ">actions/cache#1084</a></li>
<li><a href="https://github.com/maybeec "><code>@maybeec</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089 ">actions/cache#1089</a></li>
<li><a href="https://github.com/cdce8p "><code>@cdce8p</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036 ">actions/cache#1036</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.4 ">https://github.com/actions/cache/compare/v3...v3.2.4 </a></p>
<h2>v3.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Mint example by <a
href="https://github.com/uhooi "><code>@uhooi</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051 ">actions/cache#1051</a></li>
<li>Fixed broken link by <a
href="https://github.com/kotewar "><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1057 ">actions/cache#1057</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md ">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files > 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624 ">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689 ">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834 ">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809 ">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833 ">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810 ">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888 ">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891 ">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984 ">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="69d9d449achttps://github-redirect.dependabot.com/actions/cache/issues/1118 ">#1118</a>
from actions/pdotl/zstd-hotfix</li>
<li><a
href="8d3a1e02aab1db4b48977d4d6f7ffd8f7fa5d71595b455a0fb81b7281936https://github-redirect.dependabot.com/actions/cache/issues/1108 ">#1108</a>)</li>
<li><a
href="6998d139ddhttps://github-redirect.dependabot.com/actions/cache/issues/1105 ">#1105</a>)</li>
<li><a
href="2b8105bdaehttps://github-redirect.dependabot.com/actions/cache/issues/1101 ">#1101</a>)</li>
<li><a
href="e08330827dhttps://github-redirect.dependabot.com/actions/cache/issues/1076 ">#1076</a>)</li>
<li>Additional commits viewable in <a
href="fd5de65bc8...69d9d449achttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.8&new-version=3.2.6 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-02 13:51:13 -08:00
Zach Wasserman
f8f3a1e335
Update OSSF Scorecards action ( #10255 )
...
Based on the current recommended configuration from
https://github.com/ossf/scorecard-action#installation .
2023-03-02 09:14:42 -08:00
Zach Wasserman
2ed2940683
Generate targets for osqueryd 5.8.1 ( #10245 )
2023-03-01 17:51:15 -08:00
Lucas Manuel Rodriguez
2c6bd879f8
Notify Go and Integration CI failures to new channel ( #10235 )
2023-03-01 20:14:07 -03:00
dependabot[bot]
05d38abc35
Bump github/codeql-action from 2.1.21 to 2.2.5 ( #10220 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 2.1.21 to 2.2.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1543 ">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518 ">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access ">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517 ">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475 ">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images ">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache "><code>@actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object ">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data ">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498 ">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494 ">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/ ">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466 ">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431 ">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32dc499307https://github-redirect.dependabot.com/github/codeql-action/issues/1547 ">#1547</a>
from github/update-v2.2.5-237a258d2</li>
<li><a
href="b742728ac2237a258d2bhttps://github-redirect.dependabot.com/github/codeql-action/issues/1543 ">#1543</a>
from github/alexet/update-2.12.3</li>
<li><a
href="5972e6d72e164027e6823dde1f3512https://github-redirect.dependabot.com/github/codeql-action/issues/1540 ">#1540</a>
from cklin/expect-discarded-cache</li>
<li><a
href="d7d7567b0e0e4e857bab08d1f21d4ff3bd25eefahttps://github-redirect.dependabot.com/github/codeql-action/issues/1544 ">#1544</a>
from github/aeisenberg/clean-cache</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v2.1.21...32dc499307d133bb5085bae78498c0ac2cf762d5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-03-01 11:39:55 -08:00
dependabot[bot]
17ecc388ec
Bump tfsec/tfsec-sarif-action from 0.1.3 to 0.1.4 ( #10219 )
...
Bumps
[tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action )
from 0.1.3 to 0.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tfsec/tfsec-sarif-action/releases ">tfsec/tfsec-sarif-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Replace deprecated <code>set-output</code> usage with environment
file <code>GITHUB_OUTPUT</code> by <a
href="https://github.com/sivapalan "><code>@sivapalan</code></a> in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/35 ">aquasecurity/tfsec-sarif-action#35</a></li>
<li>Fix conditional expression for setting <code>TFSEC_VERSION</code> by
<a href="https://github.com/sivapalan "><code>@sivapalan</code></a> in
<a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/36 ">aquasecurity/tfsec-sarif-action#36</a></li>
<li>Forcing wget to use IPv4 by <a
href="https://github.com/jasonjanderson "><code>@jasonjanderson</code></a>
in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/37 ">aquasecurity/tfsec-sarif-action#37</a></li>
<li>add git and hg to docker image by <a
href="https://github.com/bobcallaway "><code>@bobcallaway</code></a> in
<a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/33 ">aquasecurity/tfsec-sarif-action#33</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/jasonjanderson "><code>@jasonjanderson</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/37 ">aquasecurity/tfsec-sarif-action#37</a></li>
<li><a
href="https://github.com/bobcallaway "><code>@bobcallaway</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/aquasecurity/tfsec-sarif-action/pull/33 ">aquasecurity/tfsec-sarif-action#33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/tfsec-sarif-action/compare/v0.1.3...v0.1.4 ">https://github.com/aquasecurity/tfsec-sarif-action/compare/v0.1.3...v0.1.4 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="21ded20e8chttps://github-redirect.dependabot.com/tfsec/tfsec-sarif-action/issues/33 ">#33</a>)</li>
<li><a
href="8019886f8dhttps://github-redirect.dependabot.com/tfsec/tfsec-sarif-action/issues/37 ">#37</a>)</li>
<li><a
href="83567846f0https://github-redirect.dependabot.com/tfsec/tfsec-sarif-action/issues/36 ">#36</a>)</li>
<li><a
href="9d5437db455d34a982aa...21ded20e8chttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tfsec/tfsec-sarif-action&package-manager=github_actions&previous-version=0.1.3&new-version=0.1.4 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-01 11:37:49 -08:00
dependabot[bot]
74a86ff0ab
Bump dawidd6/action-download-artifact from 2.23.0 to 2.26.0 ( #10218 )
...
Bumps
[dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact )
from 2.23.0 to 2.26.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e780fc7bbhttps://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/227 ">#227</a>)</li>
<li><a
href="b59d8c6a6chttps://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/225 ">#225</a>)</li>
<li><a
href="5004d5476ehttps://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/219 ">#219</a>
from dawidd6/dependabot-npm_and_yarn-actions-artifact...</li>
<li><a
href="b1a9c91d1fbd10f381a9https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/218 ">#218</a>
from dawidd6/dependabot-npm_and_yarn-adm-zip-0.5.10</li>
<li><a
href="61a654a8cedcadc4bd45https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/211 ">#211</a>
from koplo199/master</li>
<li><a
href="ceeb280c4f806bb52fe0e6e25ac3a2https://github-redirect.dependabot.com/dawidd6/action-download-artifact/issues/209 ">#209</a>
from dawidd6/v2</li>
<li>Additional commits viewable in <a
href="7847792dd4...5e780fc7bbhttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dawidd6/action-download-artifact&package-manager=github_actions&previous-version=2.23.0&new-version=2.26.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-03-01 11:32:47 -08:00
StepSecurity Bot
2154c13865
Pin actions to commit SHA ( #10204 )
...
## Summary
This pull request is created by [Secure
Repo](https://app.stepsecurity.io/securerepo ) at the request of @zwass.
Please merge the Pull Request to incorporate the requested changes.
Please tag @zwass on your message if you have any questions related to
the PR. You can also engage with the
[StepSecurity](https://github.com/step-security ) team by tagging
@step-security-bot.
## Security Fixes
### Pinned Dependencies
GitHub Action tags and Docker tags are mutable. This poses a security
risk. GitHub's Security Hardening guide recommends pinning actions to
full length commit.
- [GitHub Security
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions )
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies )
## Feedback
For bug reports, feature requests, and general feedback; please create
an issue in
[step-security/secure-repo](https://github.com/step-security/secure-repo ).
To create such PRs, please visit https://app.stepsecurity.io/securerepo .
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2023-02-28 17:55:38 -08:00
Zach Wasserman
64cd97fc83
Remove debug on failure from integration test action ( #10202 )
...
This would cause the job to take much longer to report a failure.
Instead, just add this line if debugging is necessary.
2023-02-28 17:23:52 -08:00
dependabot[bot]
0ef74017ea
Bump docker/login-action from 2.0.0 to 2.1.0 ( #10182 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from
2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases ">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ensure AWS temp credentials are redacted in workflow logs by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275 ">#275</a>)</li>
<li>Bump <code>@actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/252 ">#252</a>
<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292 ">#292</a>)</li>
<li>Bump <code>@aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298 ">#298</a>)</li>
<li>Bump <code>@aws-sdk/client-ecr-public</code> from 3.53.0 to 3.186.0
(<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299 ">#299</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v2.0.0...v2.1.0 ">https://github.com/docker/login-action/compare/v2.0.0...v2.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f4ef78c080https://github-redirect.dependabot.com/docker/login-action/issues/299 ">#299</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="9ad4ce3929884eadd4f8a266232f5chttps://github-redirect.dependabot.com/docker/login-action/issues/298 ">#298</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="f97efcfbf95ae789beac71c23b5b34https://github-redirect.dependabot.com/docker/login-action/issues/292 ">#292</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="6401d70aab67e8909cc621f251affchttps://github-redirect.dependabot.com/docker/login-action/issues/275 ">#275</a>
from crazy-max/redact-aws-creds</li>
<li>Additional commits viewable in <a
href="49ed152c8e...f4ef78c080https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-02-28 17:19:37 -08:00
dependabot[bot]
56b26753a5
Bump ossf/scorecard-action from 1.1.2 to 2.1.2 ( #10180 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action )
from 1.1.2 to 2.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases ">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.2</h2>
<h2>What's Changed</h2>
<h3>Fixes</h3>
<ul>
<li>🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf
statement. by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1054 ">ossf/scorecard-action#1054</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2 ">https://github.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2 </a></p>
<h2>v2.1.1</h2>
<h2>Scorecard version</h2>
<p>This release use <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.1 ">Scorecard's
v4.10.1</a></p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1 ">https://github.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1 </a></p>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<h3>Scorecard version</h3>
<p>This release uses <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.0 ">scorecard
v4.10.0</a>.</p>
<h3>Improvements</h3>
<ul>
<li>Docker build workflow by <a
href="https://github.com/naveensrinivasan "><code>@naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/981 ">ossf/scorecard-action#981</a></li>
<li>Use root user in distroless to support GitHub Actions by <a
href="https://github.com/spencerschrock "><code>@spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/994 ">ossf/scorecard-action#994</a></li>
<li>Disable pull_request_target by <a
href="https://github.com/laurentsimon "><code>@laurentsimon</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1031 ">ossf/scorecard-action#1031</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add PAT section explaining risks by <a
href="https://github.com/olivekl "><code>@olivekl</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1024 ">ossf/scorecard-action#1024</a></li>
<li>Make the badge text easier to copy by <a
href="https://github.com/rajbos "><code>@rajbos</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026 ">ossf/scorecard-action#1026</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joycebrum "><code>@joycebrum</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/984 ">ossf/scorecard-action#984</a></li>
<li><a href="https://github.com/rajbos "><code>@rajbos</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026 ">ossf/scorecard-action#1026</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0 ">https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0 </a></p>
<h2>v2.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix - Broken dockerfile by <a
href="https://github.com/naveensrinivasan "><code>@naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/979 ">ossf/scorecard-action#979</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6 ">https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6 </a></p>
<h2>v2.0.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove trailing space from example by <a
href="https://github.com/jamacku "><code>@jamacku</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/955 ">ossf/scorecard-action#955</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e38b1902aehttps://github-redirect.dependabot.com/ossf/scorecard-action/issues/1055 ">#1055</a>)</li>
<li><a
href="7da02bf0d5https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1054 ">#1054</a>)</li>
<li><a
href="013c0f8bd2🌱 Bump actions/dependency-review-action from 3.0.1 to
3.0.2</li>
<li><a
href="f93c094f4a🌱 Bump github/codeql-action from 2.1.36 to 2.1.37</li>
<li><a
href="ce8978e058🌱 Bump actions/upload-artifact from 3.1.0 to 3.1.1</li>
<li><a
href="5ce49db1aa🌱 Bump actions/setup-go from 3.4.0 to 3.5.0</li>
<li><a
href="15c10fcf1chttps://github-redirect.dependabot.com/ossf/scorecard-action/issues/1047 ">#1047</a>)</li>
<li><a
href="f96da1a128🌱 Update scorecard for the panic (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1045 ">#1045</a>)</li>
<li><a
href="813a825152https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1044 ">#1044</a>)</li>
<li><a
href="be62ea89c1https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1042 ">#1042</a>)</li>
<li>Additional commits viewable in <a
href="ce330fde6b...e38b1902aehttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=1.1.2&new-version=2.1.2 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-28 17:17:15 -08:00
Luke Heath
ac3541659d
Remove e2e tests from github test workflow ( #10176 )
2023-02-28 14:07:03 -06:00
Zach Wasserman
dfba1d2511
Update codecov action ( #10124 )
2023-02-28 09:42:49 -08:00
Zach Wasserman
e971f4510b
Remove contents:write from build-orbit action ( #10156 )
...
This is no longer needed since we use the upload action rather than
draft GitHub release.
2023-02-27 19:51:43 -08:00
dependabot[bot]
c7672db1f9
Bump goreleaser/goreleaser-action from 3.0.0 to 4.2.0 ( #9558 )
...
Bumps
[goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action )
from 3.0.0 to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/goreleaser-action/releases ">goreleaser/goreleaser-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: don't depend on the GitHub API to check release by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/391 ">goreleaser/goreleaser-action#391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v4.1.1...v4.2.0 ">https://github.com/goreleaser/goreleaser-action/compare/v4.1.1...v4.2.0 </a></p>
<h2>v4.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Readme to reference
<code>goreleaser/goreleaser-action@v4</code> by <a
href="https://github.com/felladrin "><code>@felladrin</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/384 ">goreleaser/goreleaser-action#384</a></li>
<li>docs: fix README badge by <a
href="https://github.com/dirien "><code>@dirien</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/386 ">goreleaser/goreleaser-action#386</a></li>
<li>chore(deps): bump json5 from 2.2.0 to 2.2.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/388 ">goreleaser/goreleaser-action#388</a></li>
<li>fix: use <code>@action/github</code> by <a
href="https://github.com/caarlos0 "><code>@caarlos0</code></a> and <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/390 ">goreleaser/goreleaser-action#390</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/felladrin "><code>@felladrin</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/384 ">goreleaser/goreleaser-action#384</a></li>
<li><a href="https://github.com/dirien "><code>@dirien</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/386 ">goreleaser/goreleaser-action#386</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v4.1.0...v4.1.1 ">https://github.com/goreleaser/goreleaser-action/compare/v4.1.0...v4.1.1 </a></p>
<h2>v4.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat!: remove auto-snapshot on dirty tag by <a
href="https://github.com/caarlos0 "><code>@caarlos0</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/382 ">goreleaser/goreleaser-action#382</a></li>
<li>docs: add example when using workdir along with upload-artifact by
<a href="https://github.com/zdtsw "><code>@zdtsw</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/366 ">goreleaser/goreleaser-action#366</a></li>
<li>Fix Self-Hosted Windows Error: Expand-Archive by <a
href="https://github.com/flarco "><code>@flarco</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/379 ">goreleaser/goreleaser-action#379</a></li>
<li>chore(deps): bump minimatch from 3.0.4 to 3.1.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/383 ">goreleaser/goreleaser-action#383</a></li>
</ul>
<h2>Migrating from v3</h2>
<p>If you need the auto-snapshot feature, take a look at <a
href="https://github.com/caarlos0/goreleaser-action-v4-auto-snapshot-example ">this
example repository</a>: it's a minimal working example with all you
need.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/zdtsw "><code>@zdtsw</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/366 ">goreleaser/goreleaser-action#366</a></li>
<li><a href="https://github.com/flarco "><code>@flarco</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/379 ">goreleaser/goreleaser-action#379</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v4...v4.1.0 ">https://github.com/goreleaser/goreleaser-action/compare/v4...v4.1.0 </a></p>
<h2>v4.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: do not override GORELEASER_CURRENT_TAG by <a
href="https://github.com/caarlos0 "><code>@caarlos0</code></a> in <a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/pull/370 ">goreleaser/goreleaser-action#370</a></li>
</ul>
<h2>Migrating from v3</h2>
<p>If you need the auto-snapshot feature, take a look at <a
href="https://github.com/caarlos0/goreleaser-action-v4-auto-snapshot-example ">this
example repository</a>: it's a minimal working example with all you
need.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v3...v4.0.0 ">https://github.com/goreleaser/goreleaser-action/compare/v3...v4.0.0 </a></p>
<h2>v3.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/374 ">#374</a>)</li>
<li>chore(deps): bump <code>@actions/core</code> from 1.9.1 to 1.10.0
(<a
href="https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/372 ">#372</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f82d6c1c34https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/391 ">#391</a>)</li>
<li><a
href="9754a253a8https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/390 ">#390</a>)</li>
<li><a
href="b1a238106bb1ffc5d990https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/388 ">#388</a>)</li>
<li><a
href="256e4b8b28a7c543ca7ahttps://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/386 ">#386</a>)</li>
<li><a
href="13f1e21a50https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/384 ">#384</a>)</li>
<li><a
href="8f67e590f278df308971https://github-redirect.dependabot.com/goreleaser/goreleaser-action/issues/383 ">#383</a>)</li>
<li><a
href="66134d94a768acf3b1ad...f82d6c1c34https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=goreleaser/goreleaser-action&package-manager=github_actions&previous-version=3.0.0&new-version=4.2.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 18:22:01 -08:00
dependabot[bot]
673a4465cc
Bump stefanprodan/helm-gh-pages from 1.5.0 to 1.7.0 ( #8804 )
...
Bumps
[stefanprodan/helm-gh-pages](https://github.com/stefanprodan/helm-gh-pages )
from 1.5.0 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanprodan/helm-gh-pages/releases ">stefanprodan/helm-gh-pages's
releases</a>.</em></p>
<blockquote>
<h2>v1.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Allow private helm repo auth in dependencies by <a
href="https://github.com/zzorica "><code>@zzorica</code></a> in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/35 ">stefanprodan/helm-gh-pages#35</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/zzorica "><code>@zzorica</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/35 ">stefanprodan/helm-gh-pages#35</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/stefanprodan/helm-gh-pages/compare/v1.6.0...v1.7.0 ">https://github.com/stefanprodan/helm-gh-pages/compare/v1.6.0...v1.7.0 </a></p>
<h2>v1.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for alias:<!-- raw HTML omitted --> in dependencies
check by <a
href="https://github.com/paulcarlton-ww "><code>@paulcarlton-ww</code></a>
in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/32 ">stefanprodan/helm-gh-pages#32</a></li>
<li>Update Helm to v3.10.0 by <a
href="https://github.com/stefanprodan "><code>@stefanprodan</code></a>
in <a
href="https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/pull/33 ">stefanprodan/helm-gh-pages#33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/stefanprodan/helm-gh-pages/compare/v1.5.0...v1.6.0 ">https://github.com/stefanprodan/helm-gh-pages/compare/v1.5.0...v1.6.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0ad2bb3773https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/issues/35 ">#35</a>
from zzorica/allow-private-helm-repo-auth-in-dependencies</li>
<li><a
href="86e9903900a5c9252781https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/issues/33 ">#33</a>
from stefanprodan/helm-3.10.0</li>
<li><a
href="844812954cb97c7e37c5https://github-redirect.dependabot.com/stefanprodan/helm-gh-pages/issues/32 ">#32</a>
from paulcarlton-ww/debug</li>
<li><a
href="84568715a3aa53926042a77eeb9630ce5cd1646e13eb32b03bb43a8719cc...0ad2bb3773https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanprodan/helm-gh-pages&package-manager=github_actions&previous-version=1.5.0&new-version=1.7.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 18:17:32 -08:00
dependabot[bot]
527cb0a622
Bump aws-actions/amazon-ecr-login from 1.5.0 to 1.5.3 ( #8507 )
...
Bumps
[aws-actions/amazon-ecr-login](https://github.com/aws-actions/amazon-ecr-login )
from 1.5.0 to 1.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/amazon-ecr-login/releases ">aws-actions/amazon-ecr-login's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<p>See the <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/HEAD/CHANGELOG.md ">changelog</a>
for details about the changes included in this release.</p>
<h2>v1.5.2</h2>
<p>See the <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/HEAD/CHANGELOG.md ">changelog</a>
for details about the changes included in this release.</p>
<h2>v1.5.1</h2>
<p>See the <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/HEAD/CHANGELOG.md ">changelog</a>
for details about the changes included in this release.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/amazon-ecr-login/blob/main/CHANGELOG.md ">aws-actions/amazon-ecr-login's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version ">standard-version</a>
for commit guidelines.</p>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.2...v1.5.3 ">1.5.3</a>
(2022-10-29)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.1...v1.5.2 ">1.5.2</a>
(2022-10-18)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.5.0...v1.5.1 ">1.5.1</a>
(2022-08-04)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>reverted change that masked Docker credentials (<a
href="7d073b66cchttps://github.com/aws-actions/amazon-ecr-login/compare/v1.4.0...v1.5.0 ">1.5.0</a>
(2022-06-27)</h2>
<h3>Features</h3>
<ul>
<li>added ECR Public Registry support (<a
href="b4f084e928https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.3...v1.4.0 ">1.4.0</a>
(2022-05-20)</h2>
<h3>Features</h3>
<ul>
<li>output docker credentials after login (<a
href="57206dc28cd121236bfd45a78e2dabhttps://github.com/aws-actions/amazon-ecr-login/compare/v1.3.2...v1.3.3 ">1.3.3</a>
(2021-02-15)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.1...v1.3.2 ">1.3.2</a>
(2021-02-01)</h3>
<h3><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.3.0...v1.3.1 ">1.3.1</a>
(2020-11-24)</h3>
<h2><a
href="https://github.com/aws-actions/amazon-ecr-login/compare/v1.2.2...v1.3.0 ">1.3.0</a>
(2020-10-29)</h2>
<h3>Features</h3>
<ul>
<li>optional skipping of docker registries logout in post step (<a
href="https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/78 ">#78</a>)
(<a
href="dd3fdeeb95https://github.com/aws-actions/amazon-ecr-login/compare/v1.2.1...v1.2.2 ">1.2.2</a>
(2020-10-05)</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="261a7de32b3e4df454b5https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/330 ">#330</a>
from aws-actions/docs</li>
<li><a
href="c77259b767383620b24dhttps://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/352 ">#352</a>
from aws-actions/dependabot/npm_and_yarn/actions/core...</li>
<li><a
href="8ccaf47755eb9a709a70ba4f9ee500https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/355 ">#355</a>
from aws-actions/dependabot/npm_and_yarn/eslint-8.25.0</li>
<li><a
href="a1ac76b296c21dbea0d3https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/356 ">#356</a>
from aws-actions/dependabot/npm_and_yarn/aws-sdk-2.12...</li>
<li><a
href="e70c985d14https://github-redirect.dependabot.com/aws-actions/amazon-ecr-login/issues/354 ">#354</a>
from gotoeveryone/chore/update-runtime-to-node16</li>
<li>Additional commits viewable in <a
href="b874a33292...261a7de32bhttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/amazon-ecr-login&package-manager=github_actions&previous-version=1.5.0&new-version=1.5.3 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-27 18:15:16 -08:00
Luke Heath
71f2a62b4c
Prepare for 4.28.0 ( #10103 )
2023-02-27 15:19:15 -08:00
Zach Wasserman
2a7b7100dd
Update Orbit to use CGO on Linux ( #9846 )
2023-02-21 18:49:13 -08:00
Lucas Manuel Rodriguez
2e199dcdab
Fix golangci-lint issue and run Github action on all OSs ( #9944 )
...
We have code that builds conditionally depending on the platform (mostly
Orbit code) so we should run `golangci-lint` checks on all OSs.
This adds it to run on macOS, for Windows see:
https://github.com/fleetdm/fleet/issues/9943
2023-02-21 14:30:45 -03:00
Luke Heath
bc2c6e59f5
Update node-sass frontend dependency ( #9954 )
...
Due to the update in https://github.com/fleetdm/fleet/pull/9950 we need
to update our version of `node-sass` to support Node 19.
2023-02-20 14:23:19 -06:00
Zach Wasserman
4669d8c474
Generate Nudge targets in CI ( #9845 )
...
Tooling to generate targets in CI for #9798 .
---------
Co-authored-by: Roberto Dip <me@roperzh.com>
2023-02-20 09:23:56 -08:00
Luke Heath
13e821d059
Prepare for 4.27.1 ( #9885 )
2023-02-17 19:19:02 -08:00
Zach Wasserman
991858d6d5
Pull go version from GitHub variables for Fleet release builds ( #9883 )
2023-02-16 11:52:09 -06:00
Lucas Manuel Rodriguez
d4a1b4d218
Add CIS checks for 2.9.X and add pmset table to fleetd ( #9470 )
...
#9253
- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.~
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
2023-02-08 13:08:17 -03:00
Luke Heath
b3daf3d715
Prepare for 4.27.0 ( #9683 )
2023-02-03 17:03:06 -08:00
Zach Wasserman
7299879365
Generate targets for osqueryd 5.7.0 ( #9115 )
...
5.7.0 is now released.
2023-01-30 17:29:19 -08:00
Eric
4fd1efe98a
Website: Add API to send signed CSR emails ( #8408 )
...
This pull request relies on the `mdm-gen-cert` command from
https://github.com/fleetdm/fleet/pull/8884 .
Closes: https://github.com/fleetdm/fleet/issues/8223
Changes:
- Updated the deploy Fleet website workflow to:
- Add Go as a dependency
- Build the mdm-gen-cert binary in `/website/.tools/`
- add the `/.tools/` folder to the Heroku app
- Added `deliver-apple-csr.js` - an API that:
- can be called by making a `POST` request to
`/api/v1/deliver-apple-csr`
- accepts `csr` as an input
- runs the `mdm-gen-cert` command with the `csr` set as an environment
variable
- returns an `invalidEmailDomain` response if the user's email domain is
in the array of banned email domains.
- saves the users organization and email address to the website's
database
- Sends an email to the requesting user's email address with the signed
CSR attached as a text file named `apple-apns-request.txt`
- Posts a message to a channel in the Fleet Slack.
- Added a new model: `CertificateSigningRequests` that contains two
required attributes: `emailAddress` and `organization`
- Added a new email template `email-signed-csr-for-apns`
- Updated routes, policies, eslintrc, and rebuilt cloud-sdk
Before this can be merged, we will need to:
- [x] Add new config variables in Heroku
- [x] `sails.config.custom.mdmVendorCertPem`
- [x] `sails.config.custom.mdmVendorKeyPem`
- [x] `sails.config.custom.mdmVendorKeyPassphrase`
- [x] `sails.config.custom.slackWebhookUrlForMDMSignups`
- [x] Add the `CertificateSigningRequests` model to the website's
database
2023-01-19 14:43:14 -06:00
Luke Heath
b6a6ac454f
Prepare for 4.26.0 ( #9326 )
2023-01-13 16:26:22 -08:00
Eric
47d43d5307
Website: fix failing GitHub workflows ( #9285 )
...
Changes:
- Updated the `build-static-content` script to use a GitHub API token
for requests if one is provided e.g., `sails run build-static-content
--githubAccessToken="foo"`
- Updated the `build-for-prod` npm script to run the
`build-static-content` script with a variable named `BUILD_SCRIPT_ARGS`.
- Updated the "Deploy Fleet website" and "Test Fleet website" workflows
to run the `build-for-prod` script with a GitHub API token
. .
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
2023-01-11 13:31:20 -06:00
Lucas Manuel Rodriguez
ac22aadc13
Fleet server and tooling to use NETWORK_TEST_GITHUB_TOKEN when environment variable is set. ( #9143 )
...
* WIP
* Add more logging
* Check rate limit at end of action
* Add github client in more places
* Add new published firefox 93 vulnerabilities to tests
* Remove fmt printfs
* Restore CI check settings
* Readd newline
2023-01-03 14:56:11 -03:00
