mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 08:58:41 +00:00
c6038c6af1
Updated the workflow to use `$GITHUB_OUTPUT` instead of `::set-output` which follows the pattern used by other workflows in our repo. The issue was that `$(date +%s)` was treated as a literal string in YAML which resulted in the branch name `update-testing-qa-apps-$(date +%s)`, which Git rejected because `$` and parentheses are invalid in branch names. <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves # # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [ ] Added/updated automated tests - [ ] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually For unreleased bug fixes in a release candidate, one of: - [ ] Confirmed that the fix is not expected to adversely impact load test results - [ ] Alerted the release DRI if additional load testing is needed ## Database migrations - [ ] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [ ] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ ] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [ ] Verified that the setting is exported via `fleetctl generate-gitops` - [ ] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [ ] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [ ] Verified that any relevant UI is disabled when GitOps mode is enabled ## fleetd/orbit/Fleet Desktop - [ ] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [ ] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes - [ ] Verified that fleetd runs on macOS, Linux and Windows - [ ] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
139 lines
5 KiB
YAML
139 lines
5 KiB
YAML
name: Update Testing & QA Maintained Apps
|
|
|
|
on:
|
|
schedule:
|
|
# Run twice daily at 6:00 AM and 6:00 PM UTC
|
|
- cron: '0 6 * * *'
|
|
- cron: '0 18 * * *'
|
|
workflow_dispatch: # Allow manual triggering
|
|
|
|
# This allows a subsequently queued workflow run to interrupt previous runs
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
|
|
shell: bash
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
update-apps:
|
|
permissions:
|
|
contents: write # Required to push new branch
|
|
pull-requests: write # Required to open PRs
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout Code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 1
|
|
|
|
- name: Install jq
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y jq
|
|
|
|
- name: Update Testing & QA Apps
|
|
id: update-apps
|
|
run: |
|
|
.github/scripts/dogfood-update-testing-qa-apps.sh
|
|
if [ $? -eq 0 ]; then
|
|
# Check if there are any changes
|
|
if git diff --quiet it-and-security/teams/testing-and-qa.yml; then
|
|
echo "changed=false" >> $GITHUB_OUTPUT
|
|
echo "No changes detected"
|
|
else
|
|
echo "changed=true" >> $GITHUB_OUTPUT
|
|
echo "Changes detected"
|
|
git diff it-and-security/teams/testing-and-qa.yml
|
|
fi
|
|
else
|
|
echo "changed=false" >> $GITHUB_OUTPUT
|
|
exit 0
|
|
fi
|
|
|
|
- name: Search for Existing PRs
|
|
if: steps.update-apps.outputs.changed == 'true'
|
|
id: search_pr
|
|
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
|
|
with:
|
|
script: |
|
|
const { data: pullRequests } = await github.rest.pulls.list({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
state: 'open',
|
|
per_page: 100
|
|
});
|
|
const matchingPRs = pullRequests.filter(pr =>
|
|
pr.title.includes('Update Testing & QA maintained apps') ||
|
|
pr.title.includes('Update Testing and QA maintained apps')
|
|
);
|
|
return matchingPRs.map(pr => pr.number);
|
|
|
|
- name: Configure Git
|
|
if: steps.update-apps.outputs.changed == 'true'
|
|
run: |
|
|
git config --local user.email "action@github.com"
|
|
git config --local user.name "GitHub Action"
|
|
|
|
- name: Get current date and time
|
|
if: steps.update-apps.outputs.changed == 'true'
|
|
id: date
|
|
run: echo "date=$(date +'%y%m%d%H%M')" >> $GITHUB_OUTPUT
|
|
|
|
- name: Create Pull Request
|
|
if: steps.update-apps.outputs.changed == 'true'
|
|
id: create-pr
|
|
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
commit-message: |
|
|
Update Testing & QA maintained apps
|
|
|
|
Automatically added new Fleet-maintained apps to the Testing & QA team configuration.
|
|
title: "Update Testing & QA maintained apps"
|
|
body: |
|
|
This PR automatically updates the `fleet_maintained_apps` list in `testing-and-qa.yml` with any new apps from Fleet's maintained apps library.
|
|
|
|
The changes were generated automatically by the [dogfood-update-testing-qa-apps workflow](https://github.com/${{ github.repository }}/actions/workflows/dogfood-update-testing-qa-apps.yml).
|
|
branch: update-testing-qa-apps-${{ steps.date.outputs.date }}
|
|
delete-branch: true
|
|
assignees: allenhouchins
|
|
|
|
- name: Close Existing PRs
|
|
if: steps.update-apps.outputs.changed == 'true' && steps.search_pr.outputs.result != '[]'
|
|
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
|
|
with:
|
|
script: |
|
|
const prNumbers = JSON.parse('${{ steps.search_pr.outputs.result }}');
|
|
const newPrNumber = '${{ steps.create-pr.outputs.pull-request-number }}';
|
|
for (const prNumber of prNumbers) {
|
|
if (prNumber.toString() !== newPrNumber) {
|
|
await github.rest.issues.createComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: prNumber,
|
|
body: `Closing in favor of #${newPrNumber}.`,
|
|
});
|
|
await github.rest.pulls.update({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
pull_number: prNumber,
|
|
state: 'closed',
|
|
});
|
|
}
|
|
}
|
|
|
|
|
|
|