Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/.github/workflows
History
Allen Houchins 151b2bce94
Add secrets in dogfood-gitops workflow to support Okta SSO (#41928) 
This pull request updates the environment variable configuration for
Okta metadata URLs in the `dogfood-gitops` GitHub Actions workflow.
Instead of using a single metadata URL, the workflow now distinguishes
between admin and end user metadata URLs.

Workflow configuration changes:

* Split the `DOGFOOD_OKTA_METADATA_URL` environment variable into two
separate variables: `DOGFOOD_OKTA_METADATA_URL_ADMINS` and
`DOGFOOD_OKTA_METADATA_URL_END_USERS` in the
`.github/workflows/dogfood-gitops.yml` workflow file.
2026-03-18 10:37:46 -05:00
..
config Bump supported MySQL versions (#40892) 2026-03-04 12:25:20 -06:00
auto-tag-unreleased-bugs.yml Add orbit/fleetd version detection and support both singular/plural version fields in bug tagging workflow (#41268) 2026-03-17 17:32:01 -05:00
build-binaries.yaml Upgrade JS deps (#39639) 2026-02-12 09:49:20 -06:00
build-fleetd-base-msi.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
build-fleetd-base-pkg.yml Update Apple's identity to sign pkgs (#41776) 2026-03-16 14:49:40 -05:00
build-fleetd_tables.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
build-fleetdm-fleetctl-check-vulnerabilities.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
build-orbit.yaml Update identity for new apple certificate (#41669) 2026-03-16 10:36:41 -03:00
check-automated-doc.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
check-bomutils-vulnerabilities.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
check-ms-protocol-feeds.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-script-diff.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-tuf-timestamps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-updates-timestamps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-vulnerabilities-in-released-docker-images.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
check-wix-vulnerabilities.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
close-stale-eng-initiated-issues.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
code-sign-windows.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
codeql-analysis.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
collect-eng-metrics-test.yml Update fleet-eng vulnerable dependency. (#41339) 2026-03-10 11:01:50 -05:00
collect-eng-metrics.yml Update fleet-eng vulnerable dependency. (#41339) 2026-03-10 11:01:50 -05:00
db-upgrade-test.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
dependency-review.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
deploy-fleet-website.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
deploy-vulnerability-dashboard.yml 🤖 Bump to the current version of the Heroku deploy GitHub action (#38468) 2026-01-20 17:45:55 -06:00
docs.yml Vendor goval-dictionary (#39430) 2026-02-11 11:11:05 -07:00
dogfood-automated-policy-updates.yml Add automated Safari policy update and remediation (#35890) 2026-01-08 11:00:31 -06:00
dogfood-deploy.yml Dogfood signoz (#38569) 2026-01-22 12:33:27 -06:00
dogfood-gitops.yml Add secrets in dogfood-gitops workflow to support Okta SSO (#41928) 2026-03-18 10:37:46 -05:00
dogfood-signoz-deploy.yml Signoz action fixes (#38656) 2026-01-22 19:10:44 -06:00
dogfood-update-testing-qa-apps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
fleet-and-orbit.yml Bump supported MySQL versions (#40892) 2026-03-04 12:25:20 -06:00
fleetctl-preview-latest.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
fleetctl-preview.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
fleetd-tuf.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
generate-desktop-targets.yml Update identity for new apple certificate (#41669) 2026-03-16 10:36:41 -03:00
generate-nudge-targets.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
generate-osqueryd-targets.yml Release osqueryd 5.22.1 (#40596) 2026-02-26 15:43:22 -03:00
generate-swift-dialog-targets.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
golangci-lint.yml Use nilaway to incrementally check for unsafe nil pointer dereferences (#39030) 2026-02-06 08:51:17 -06:00
goreleaser-fleet.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
goreleaser-orbit.yaml Update identity for new apple certificate (#41669) 2026-03-16 10:36:41 -03:00
goreleaser-snapshot-fleet.yaml Move branch declaration into env var to avoid having branch name be executable (#39636) 2026-02-10 14:11:17 -06:00
ingest-maintained-apps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
integration.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
loadtest-infra.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
loadtest-osquery-perf.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
loadtest-shared.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
pr-helm.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
publish-go-module.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
randokiller-go.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
README.md add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
release-fleetctl-docker-deps.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
release-fleetd-base.yml Update Apple's identity to sign pkgs (#41776) 2026-03-16 14:49:40 -05:00
release-fleetd-chrome-beta.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
release-fleetd-chrome.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
release-helm.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
render-deploy.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
scorecards-analysis.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
secrets-to-confidential.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
tag-aging-bugs.yml Add automated workflow for tagging aging bugs (#39284) 2026-02-03 18:00:58 -06:00
test-android.yml Improving Android CI (Slack notification, coverage) (#36518) 2025-12-01 16:48:32 -06:00
test-db-changes.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
test-fleetd-chrome.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-darwin-pr-only.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-darwin.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-windows-pr-only.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-windows.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-go-activity.yaml Bump supported MySQL versions (#40892) 2026-03-04 12:25:20 -06:00
test-go-suite.yaml Bump supported MySQL versions (#40892) 2026-03-04 12:25:20 -06:00
test-go.yaml Bump supported MySQL versions (#40892) 2026-03-04 12:25:20 -06:00
test-js.yml Upgrade JS deps (#39639) 2026-02-12 09:49:20 -06:00
test-mock-changes.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-native-tooling-packaging.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-packaging-build-docker-deps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-packaging.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-puppet.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-vulnerability-dashboard-changes.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-website.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
test-yml-specs.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
tfvalidate.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
trivy-scan.yml Bump trivy action version (#41579) 2026-03-12 16:17:45 -03:00
update-certs.yml Fix update certs CI check (#38566) 2026-01-21 13:08:22 -03:00
update-old-tuf-timestamp-signature.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
update-osquery-versions.yml [StepSecurity] ci: Harden GitHub Actions (#25985) 2025-02-03 12:25:18 -06:00
validate-maintained-apps-inputs.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
verify-fleetd-base.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00

README.md

Github Actions

Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.

Bash

By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write safer bash scripts in run jobs and avoid common issues, override the default by adding the following to the workflow file

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

By specifying the default shell to bash, some extra flags are set. The option pipefail changes the behaviour when using the pipe | operator such that if any command in a pipeline fails, that commands return code will be used a the return code for the whole pipeline. Consider the following example in test-go.yaml

    - name: Run Go Tests
      run: |
        # omitted ...
          make test-go 2>&1 | tee /tmp/gotest.log

If the pipefail option was not set, this job would always succeed because tee would always return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.

Concurrency

Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

When a workflow is triggered via a pull request, it will cancel previous running workflows for that pull request. This is especially useful when changes are pushed to a pull request frequently. Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to main are unaffected.