<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#33848
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added support for the Security & Compliance project within the GitHub
integration, enabling tracking and visibility alongside existing
projects.
- Refactor
- Streamlined project mapping logic to improve consistency when
processing updates from GitHub; behavior for existing projects remains
unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Related to: https://github.com/fleetdm/fleet/issues/33266
Changes:
- Added a new helper
`sails.helpers.androidProxy.getIsEnterpriseManagedByFleet`. This helper
returns `true` if a provided Android Enterprise ID is present in the
list of all Android Enterprises managed by Fleet, or `false` if it is
not in the list.
- Updated `create-android-enrollment-token`,
`create-android-signup-url`, and `modify-android-policies` to return a
404 response to the requesting Fleet instance if their Android
Enterprise is not managed by Fleet.
Closes: #33548
Changes:
- Added a new configuration variable
`sails.config.custom.bannedEmailDomainsForContactFormSubmissions` that
contains a list of domains (currently a single domain) that cannot be
used to submit the contact form
- Updated the `bannedEmailDomainsForWebsiteSubmissions` list to include
`example.com`
- Updated the deliver-contact-form-message action to return an
`invalidEmailDomain` exit if the contact form is submitted with an email
domain in the `bannedEmailDomainsForContactFormSubmissions` list
Closes: #33548
Changes:
- Added `isEmail` validation to emailAddress inputs. The updated
endpoints will now return 400 responses if a user bypasses the frontend
validation.
Closes: #33454
Changes:
- Updated the receive-from-github webhook to log warnings that includes
information about the affected issue/pr if requests to the GitHub API
fail.
Changes:
- Updated the receive-from-clay webhook's inputs to have the same `isIn`
lists as the helpers the webhook uses.
- Removed the `invalidContactOrAccountCriteria` and
`invalidHistoricalEventCriteria` exits in the receive from clay webhook.
Related to: https://github.com/fleetdm/confidential/issues/11779
Changes:
- Updated the `deliver-talk-to-us-form-submission` to use information
returned by the getEnriched helper to determine the Calendly event users
are taken to when they submit the form.
Closes: https://github.com/fleetdm/confidential/issues/12218
Changes:
- Added a testimonial from David Bodmer
- Updated the device management testimonials shown on the MDM page,
homepage, and testimonials page
Related to: https://github.com/fleetdm/confidential/issues/10737
Changes:
- Added `docs/scripts.yml`, a YAML file that contains a list of scripts
- Added `docs/mdm-commands.yml`, a YAML file that contains Windows and
Apple MDM commands
- Added `/mdm-commands`, a page that contains a list of MDM commands for
Windows and Apple commands
- Added `/scripts`, a page that contains a list of scripts
- Updated the `<docs-nav-and-search>` component to have a link to the
controls library, and reordered the lists.
- Updated the build static content script to add the scripts and mdm
commands from scripts.yml and mdm-commands.yml to the website's
`builtStaticContent` configuration.
- Updated the layout of the os-settings page to match the latest
wireframes
Closes: https://github.com/fleetdm/fleet/issues/33148
Changes:
- Updated the receive-from-zoom webhook to return a `zoomApiError` exit
when Zoom returns a non-200 response when it sends an API request to get
information about a call.
Related to: https://github.com/fleetdm/confidential/issues/11892
Changes:
- Updated the update-or-create-contact-and-account helper to use the
prompt helper to get a global domain for a company, and to use that
global domain when searching for and creating new account records.
Related to https://github.com/fleetdm/confidential/issues/12052
Changes:
- updated the get-enriched helper to use the coresignal's new search API
endpoints
- Updated the `intercept()`s in the get-enriched helper to log warnings
if an error is returned by the coresignal API
Changes:
- Updated the `receive-redirect-from-microsoft` endpoint to redirect
users to their Fleet instance if an Entra admin did not consent to the
permissions requested by Fleet's compliance partner integration.
- Fixed a bug that prevented users from being redirected to their Fleet
instance if their Entra configuration is missing a required group
- Updated the `receive-redirect-from-microsoft` endpoint to require a
`state` input
Related to: #32228
Changes:
- Updated the `receive-redirect-from-microsoft` endpoint to assign the
created compliance policy to an Entra ID group named "Fleet conditional
access"
Fixes#30483
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new webhook endpoint to track GitHub Projects v2 item status
changes and record engineering metrics.
* Integrated with Google BigQuery for storing and analyzing issue status
transition data.
* **Chores**
* Introduced a new POST API route for receiving GitHub Projects v2 item
events.
* Added configuration options for GitHub webhook secrets and Google
Cloud service account keys (commented out for future use).
* Added a new dependency for Google BigQuery integration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Related to: https://github.com/fleetdm/fleet/issues/31986
Changes:
- Updated Microsoft proxy endpoints to log API responses from Microsoft
when it runs for Fleet's dogfood integration.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [ ] Added/updated automated tests
- [ ] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [ ] QA'd all new/changed functionality manually
For unreleased bug fixes in a release candidate, one of:
- [ ] Confirmed that the fix is not expected to adversely impact load
test results
- [ ] Alerted the release DRI if additional load testing is needed
## Database migrations
- [ ] Checked table schema to confirm autoupdate
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
## New Fleet configuration settings
- [ ] Setting(s) is/are explicitly excluded from GitOps
If you didn't check the box above, follow this checklist for
GitOps-enabled settings:
- [ ] Verified that the setting is exported via `fleetctl
generate-gitops`
- [ ] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [ ] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [ ] Verified that any relevant UI is disabled when GitOps mode is
enabled
## fleetd/orbit/Fleet Desktop
- [ ] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [ ] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [ ] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
<ins>*🌐 IT and Enablement:*</ins>
- Rename "🌐 Digital Experience" to "🌐 IT and Enablement" dept
- Rename "digital-experience.rituals.yml" to
"it-and-enablement.rituals.yml"
<ins>*🧑🚀 People*</ins>
- Create 🧑🚀 People dept
- Create "people.rituals.yml"
<ins>*🔭 CEO*</ins> (<= WHY? To maintain the [structure of the
handbook](https://fleetdm.com/handbook/company/leadership#outline-of-departmental-page-structure).)
- Create 🔭 CEO page and link to leadership
- Create ceo.rituals.yml
<ins>*💸 Finance*</ins>
- Renamed label "#g-finance" to ":help-finance" to match the rest of the
departmental labels.
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Closes: https://github.com/fleetdm/fleet/issues/31506
Changes:
- Updated the `create-android-enterprise` action to return a 409
response if a database record already exists for the Android enterprise.
Closes: https://github.com/fleetdm/confidential/issues/11365
Changes:
- Updated the User model's supported `primaryBuyingSituation` values.
- Updated the /start questionnaire to use the new
`primaryBuyingSituation` values.
- Updated the contact form to use the new `primaryBuyingSituation`
values.
