Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 06:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/.github/workflows
History
Lucas Manuel Rodriguez ef2f2e8daa
Move security notifications to orchestration channel (#37549)
2025-12-19 14:50:52 -06:00
..
config Improving Android CI (Slack notification, coverage) (#36518) 2025-12-01 16:48:32 -06:00
build-binaries.yaml Upgrade Fleet's Node.js version (#34603) 2025-10-27 17:21:50 -04:00
build-fleetd-base-msi.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
build-fleetd-base-pkg.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
build-fleetd_tables.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
build-fleetdm-fleetctl-check-vulnerabilities.yml Move security notifications to orchestration channel (#37549) 2025-12-19 14:50:52 -06:00
build-orbit.yaml Update deprecated actions/upload-artifact missed in previous PR. (#25724) 2025-01-23 10:50:55 -06:00
check-automated-doc.yml Make sure VEX report is up-to-date with a CI check (#31759) 2025-08-11 14:55:31 -05:00
check-bomutils-vulnerabilities.yml Move security notifications to orchestration channel (#37549) 2025-12-19 14:50:52 -06:00
check-ms-protocol-feeds.yml Add Github Action to create issues when there are new MS MDM Protocol Changes to Review (#31424) 2025-07-30 16:18:37 -04:00
check-script-diff.yml Pin action versions used in script diff workflow (#32416) 2025-08-28 14:38:45 -05:00
check-tuf-timestamps.yml Add slack notification to TUF signature job when it fails (#32452) 2025-09-03 16:17:53 -03:00
check-updates-timestamps.yml Add slack notification to TUF signature job when it fails (#32452) 2025-09-03 16:17:53 -03:00
check-vulnerabilities-in-released-docker-images.yml Move security notifications to orchestration channel (#37549) 2025-12-19 14:50:52 -06:00
check-wix-vulnerabilities.yml Move security notifications to orchestration channel (#37549) 2025-12-19 14:50:52 -06:00
close-stale-eng-initiated-issues.yml Add stale issues workflow (#27047) 2025-03-14 16:11:43 -05:00
code-sign-windows.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
codeql-analysis.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
collect-eng-metrics-test.yml Add workflows to collect engineering metrics. (#30540) 2025-07-03 16:59:25 -05:00
collect-eng-metrics.yml Added Slack failure notification to the new Collect engineering metrics job. (#30566) 2025-07-07 14:10:29 -05:00
db-upgrade-test.yml Simplify DB test/upgrade tool (#27141) 2025-03-14 17:07:41 -03:00
dependency-review.yml Update dependency-review-action (#29910) 2025-06-11 11:15:48 -03:00
deploy-fleet-website.yml Run website workflows for changes to Fleet maintained apps (#36775) 2025-12-08 16:27:55 -06:00
deploy-vulnerability-dashboard.yml Update vulnerability dashboard to deploy from a parentless commit (#31887) 2025-08-14 09:58:25 -05:00
docs.yml Fail CI if Markdown files have "here" or "click here" as link anchors (#30027) 2025-06-19 10:12:31 -05:00
dogfood-automated-policy-updates.yml Update dogfood-automated-policy-updates.yml (#36294) 2025-12-15 20:44:24 -06:00
dogfood-deploy.yml Dogfood & Dogfood Free - Terraform deprecation fixes (#32101) 2025-08-19 22:48:19 -04:00
dogfood-gitops.yml Fix capitalization in workflow name (#34353) 2025-10-16 10:55:09 -05:00
dogfood-update-testing-qa-apps.yml Update dogfood-update-testing-qa-apps.yml (#35858) 2025-11-19 09:24:54 -06:00
fleet-and-orbit.yml Use macOS 14 runners in GHA rather than macOS 13 since 13 is being browned out (#35550) 2025-11-11 15:18:20 -06:00
fleetctl-preview-latest.yml Apply starter library during for fleetctl preview server (#30519) 2025-07-16 08:12:32 -06:00
fleetctl-preview.yml Bump container for fleetctl preview GH Action (#31389) 2025-07-29 13:25:41 -05:00
fleetd-tuf.yml Update TUF status generation to use new TUF repository (#26099) 2025-02-07 08:30:07 -03:00
generate-desktop-targets.yml Use macOS 14 runners in GHA rather than macOS 13 since 13 is being browned out (#35550) 2025-11-11 15:18:20 -06:00
generate-nudge-targets.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
generate-osqueryd-targets.yml Release osqueryd 5.21.0 (#37528) 2025-12-19 13:56:47 -03:00
generate-swift-dialog-targets.yml Update Makefile swift dialog versions and add github workflow (#32511) 2025-09-05 10:49:21 -04:00
golangci-lint.yml Add incremental lint run, with modernize as the linter. (#36711) 2025-12-08 09:06:05 -06:00
goreleaser-fleet.yaml Move GitHub token to correct step (#30022) (#30023) 2025-06-14 14:36:03 -05:00
goreleaser-orbit.yaml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
goreleaser-snapshot-fleet.yaml Bump Go to 1.25.5, Alpine to 3.23.0 where relevant, bump Trivy to current version (#36848) 2025-12-07 20:04:14 -06:00
ingest-maintained-apps.yml Update ingest-maintained-apps.yml (#35785) 2025-11-17 15:18:02 -06:00
integration.yml Improve integration workflow robustness with health checks and detailed enrollment logging. (#32348) 2025-08-27 14:52:48 -05:00
loadtest-infra.yml Loadtest Github Actions Fixes (#34038) 2025-10-09 10:39:55 -04:00
loadtest-osquery-perf.yml Loadtesting - osquery deployment session timeout increase (#36097) 2025-11-20 21:08:52 -05:00
loadtest-shared.yml Loadtesting IAC updates (#32629) 2025-10-08 15:31:37 -04:00
pr-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
publish-go-module.yml Add workflow to publish go modules (#33335) 2025-09-23 12:03:37 -03:00
randokiller-go.yml Swap minio to rustfs (#36851) 2025-12-10 10:03:48 -06:00
README.md add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
release-fleetctl-docker-deps.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
release-fleetd-base.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
release-fleetd-chrome-beta.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-fleetd-chrome.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
render-deploy.yml Added Render deploy workflow for fleet-gitops CI. (#23190) 2024-10-25 15:55:42 -05:00
scorecards-analysis.yml Update scorecards OSSF action to v2.4.3 (#36972) 2025-12-09 11:43:41 -06:00
secrets-to-confidential.yml Initial action to synchronize signing secrets to confidential repo (#30561) 2025-07-03 16:45:39 -05:00
test-android.yml Improving Android CI (Slack notification, coverage) (#36518) 2025-12-01 16:48:32 -06:00
test-bulk-operations-dashboard-changes.yml Add app to manage scripts and profiles. (#21450) 2024-08-22 14:59:15 -06:00
test-db-changes.yml Merge Android datastore into main Fleet datastore (#32233) 2025-08-25 11:41:28 -04:00
test-fleetd-chrome.yml bump action/cache to version 4.2.0 (#25508) 2025-01-17 15:01:27 +00:00
test-fma-darwin-pr-only.yml Set permission level in FMA workflows (#36930) 2025-12-09 00:31:46 -06:00
test-fma-darwin.yml Set permission level in FMA workflows (#36930) 2025-12-09 00:31:46 -06:00
test-fma-windows-pr-only.yml Add 7-zip as a Windows Fleet-maintained app (#37222) 2025-12-16 09:55:30 -06:00
test-fma-windows.yml Set permission level in FMA workflows (#36930) 2025-12-09 00:31:46 -06:00
test-go.yaml Add enroll OTA and windows TOS to go test CI triggers (#37197) 2025-12-12 19:25:43 -04:00
test-js.yml update storybook to 8.4.7 (#25451) 2025-01-20 16:17:33 +00:00
test-mock-changes.yml Add test to validate mock changes (#35663) 2025-11-17 13:08:02 -05:00
test-native-tooling-packaging.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
test-packaging-build-docker-deps.yml Add initial Arch Linux support (#33096) 2025-09-18 18:55:31 -03:00
test-packaging.yml Add initial Arch Linux support (#33096) 2025-09-18 18:55:31 -03:00
test-puppet.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-vulnerability-dashboard-changes.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-website.yml Run website workflows for changes to Fleet maintained apps (#36775) 2025-12-08 16:27:55 -06:00
test-yml-specs.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
tfvalidate.yml Loadtesting - Enable Cloudfront (#31073) 2025-07-21 16:41:06 -04:00
trivy-scan.yml Fix detected CVEs and docker scout exit code to fail the Github Action (#28836) 2025-05-06 13:35:27 -03:00
update-certs.yml Add reviewers to automated PRs (#18390) 2024-04-18 10:51:07 -03:00
update-old-tuf-timestamp-signature.yaml Add workflow to update timestamp on new repository (#26635) 2025-02-27 18:02:42 -03:00
update-osquery-versions.yml [StepSecurity] ci: Harden GitHub Actions (#25985) 2025-02-03 12:25:18 -06:00
validate-maintained-apps-inputs.yml add a JSON schema for homebrew FMA inputs (#30881) 2025-07-16 19:41:39 -04:00
verify-fleetd-base.yml Increase sleep time in verify-fleetd-base.yml (#27763) 2025-04-02 14:30:04 -03:00

README.md

Github Actions

Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.

Bash

By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write safer bash scripts in run jobs and avoid common issues, override the default by adding the following to the workflow file

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

By specifying the default shell to bash, some extra flags are set. The option pipefail changes the behaviour when using the pipe | operator such that if any command in a pipeline fails, that commands return code will be used a the return code for the whole pipeline. Consider the following example in test-go.yaml

    - name: Run Go Tests
      run: |
        # omitted ...
          make test-go 2>&1 | tee /tmp/gotest.log

If the pipefail option was not set, this job would always succeed because tee would always return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.

Concurrency

Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

When a workflow is triggered via a pull request, it will cancel previous running workflows for that pull request. This is especially useful when changes are pushed to a pull request frequently. Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to main are unaffected.