mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
b94972351f
* Adding permissions to docs.yml and integration.yml * Update codeql-analysis.yml Adding top level read permissions to codeql workflow * Update codeql-analysis.yml Adding manual dispatch to codeql - to be able to test it easier * Update deploy-fleet-website.yml Adding top level read permission + write in the job so it can push the website * Update test-website.yml test-website should only need read permissions on content. * Update fleet-and-orbit.yml Testing Fleet and Orbit should be fine with top level read access * Update fleetctl-preview.yml fleetctl-preview should be fine with just read access at top level * Update push-osquery-perf-to-ecr.yml ECR is out of github so read permissions should be enough * Update semgrep-analysis.yml semgrep should only need read * Update test-packaging.yml Should only need read permission - setting on top * Update test.yml Should not need any write access - setting to READ on top. * Update deploy-fleet-website.yml Removing git write permission - since this pushes to Heroku not GitHub * Tweaked as per Zach's comments Removed some useless restrictions (contents none on a public repo for example) * Removed meaningless permissions contents: none - this does not have any security advantage on a public repo
182 lines
4.5 KiB
YAML
182 lines
4.5 KiB
YAML
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- patch-*
|
|
pull_request:
|
|
paths:
|
|
- assets/**
|
|
- cypress/**
|
|
- ee/**
|
|
- frontend/**
|
|
- pkg/**
|
|
- server/**
|
|
- tools/**
|
|
- go.mod
|
|
- go.sum
|
|
- package.json
|
|
- yarn.lock
|
|
- docker-compose.yml
|
|
- webpack.config.js
|
|
- tsconfig.json
|
|
|
|
name: Run Tests
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
test-e2e:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [ubuntu-latest]
|
|
go-version: ['^1.17.8']
|
|
fleet-tier: [free, premium]
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Install Node
|
|
uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # v2
|
|
with:
|
|
node-version: '14'
|
|
- name: Install Go
|
|
uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2
|
|
with:
|
|
go-version: ${{ matrix.go-version }}
|
|
- name: Checkout Code
|
|
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
|
|
|
|
# Pre-starting dependencies here means they are ready to go when we need them.
|
|
- name: Start Infra Dependencies
|
|
# Use & to background this
|
|
run: docker-compose up -d mysql_test redis mailhog saml_idp &
|
|
|
|
- name: JS Dependency Cache
|
|
id: js-cache
|
|
uses: actions/cache@661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 # v2
|
|
with:
|
|
path: |
|
|
**/node_modules
|
|
~/.cache/Cypress
|
|
# Use a separate cache for this from other JS jobs since we run the
|
|
# webpack steps and will have more to cache.
|
|
key: ${{ runner.os }}-e2e-modules-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-e2e-modules-
|
|
|
|
- name: Go Cache
|
|
id: go-cache
|
|
uses: actions/cache@661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 # v2
|
|
with:
|
|
# In order:
|
|
# * Module download cache
|
|
# * Build cache (Linux)
|
|
# * Build cache (Mac)
|
|
# * Build cache (Windows)
|
|
path: |
|
|
~/go/pkg/mod
|
|
~/.cache/go-build
|
|
~/Library/Caches/go-build
|
|
%LocalAppData%\go-build
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Install JS Dependencies
|
|
if: steps.js-cache.outputs.cache-hit != 'true'
|
|
run: make deps-js
|
|
|
|
- name: Install Go Dependencies
|
|
if: steps.go-cache.outputs.cache-hit != 'true'
|
|
run: make deps-go
|
|
|
|
- name: Build Fleet
|
|
run: |
|
|
export PATH=$PATH:~/go/bin
|
|
make generate-ci
|
|
make
|
|
|
|
- name: Run E2E Tests
|
|
id: e2e
|
|
run: |
|
|
.github/scripts/check-infra-dependencies.sh all
|
|
make e2e-reset-db
|
|
make e2e-serve-${{ matrix.fleet-tier }} &
|
|
sleep 3
|
|
make e2e-setup
|
|
yarn cypress run --config-file cypress/cypress-${{ matrix.fleet-tier }}.json
|
|
|
|
- name: Upload artifacts
|
|
if: failure()
|
|
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2
|
|
with:
|
|
name: cypress
|
|
path: |
|
|
cypress/screenshots/
|
|
cypress/videos/
|
|
|
|
|
|
test-js:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
|
|
|
|
- name: JS Dependency Cache
|
|
id: js-cache
|
|
uses: actions/cache@661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 # v2
|
|
with:
|
|
path: |
|
|
**/node_modules
|
|
~/.cache/Cypress
|
|
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-modules-
|
|
|
|
- name: Install JS Dependencies
|
|
if: steps.js-cache.outputs.cache-hit != 'true'
|
|
run: make deps-js
|
|
|
|
- name: Run JS Tests
|
|
run: |
|
|
make test-js
|
|
|
|
|
|
lint-js:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
|
|
|
|
- name: JS Dependency Cache
|
|
id: js-cache
|
|
uses: actions/cache@661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 # v2
|
|
with:
|
|
path: |
|
|
**/node_modules
|
|
~/.cache/Cypress
|
|
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-modules-
|
|
|
|
- name: Install JS Dependencies
|
|
if: steps.js-cache.outputs.cache-hit != 'true'
|
|
run: make deps-js
|
|
|
|
- name: Run JS Linting
|
|
run: |
|
|
make lint-js
|
|
|
|
- name: Run prettier formatting check
|
|
run: |
|
|
yarn prettier:check
|
|
|
|
|