Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 06:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/.github/workflows
History
Juan Fernandez 583c95c7b9
Added missing permissions required for code-sign-windows (#32281) 
For #32007.

Added missing attestation permission requirements.
2025-08-25 17:08:36 -04:00
..
config Speculative fix for flaky TestVPPApps. (#25385) 2025-01-13 16:28:48 -06:00
build-and-check-fleetctl-docker-and-deps.yml Fix detected CVEs and docker scout exit code to fail the Github Action (#28836) 2025-05-06 13:35:27 -03:00
build-binaries.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
build-fleetd-base-msi.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
build-fleetd-base-pkg.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
build-fleetd_tables.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
build-orbit.yaml Update deprecated actions/upload-artifact missed in previous PR. (#25724) 2025-01-23 10:50:55 -06:00
check-automated-doc.yml Make sure VEX report is up-to-date with a CI check (#31759) 2025-08-11 14:55:31 -05:00
check-ms-protocol-feeds.yml Add Github Action to create issues when there are new MS MDM Protocol Changes to Review (#31424) 2025-07-30 16:18:37 -04:00
check-script-diff.yml Split paths list in script diff GHA workflow to make the filter actually work (#32188) 2025-08-21 17:23:37 -06:00
check-tuf-timestamps.yml Check for timestamps on the new TUF repository (#26638) 2025-02-27 17:59:11 -03:00
check-updates-timestamps.yml Check for timestamps on the new TUF repository (#26638) 2025-02-27 17:59:11 -03:00
check-vulnerabilities-in-released-docker-images.yml Remove pull_request from check-vulnerabilities-in-released-docker-images.yml (#32234) 2025-08-22 17:11:11 -03:00
close-stale-eng-initiated-issues.yml Add stale issues workflow (#27047) 2025-03-14 16:11:43 -05:00
code-sign-windows.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
codeql-analysis.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
collect-eng-metrics-test.yml Add workflows to collect engineering metrics. (#30540) 2025-07-03 16:59:25 -05:00
collect-eng-metrics.yml Added Slack failure notification to the new Collect engineering metrics job. (#30566) 2025-07-07 14:10:29 -05:00
db-upgrade-test.yml Simplify DB test/upgrade tool (#27141) 2025-03-14 17:07:41 -03:00
dependency-review.yml Update dependency-review-action (#29910) 2025-06-11 11:15:48 -03:00
deploy-fleet-website.yml Website: Update deploy workflow to remove website/assets folder from website's build slug. (#31769) 2025-08-13 17:00:14 -05:00
deploy-vulnerability-dashboard.yml Update vulnerability dashboard to deploy from a parentless commit (#31887) 2025-08-14 09:58:25 -05:00
docs.yml Fail CI if Markdown files have "here" or "click here" as link anchors (#30027) 2025-06-19 10:12:31 -05:00
dogfood-automated-policy-updates.yml Added policy automation and new Windows installer (#27244) 2025-03-19 13:54:25 -05:00
dogfood-deploy.yml Dogfood & Dogfood Free - Terraform deprecation fixes (#32101) 2025-08-19 22:48:19 -04:00
dogfood-gitops.yml Update SSO settings for dogfood (#28435) 2025-04-22 10:40:34 -05:00
fleet-and-orbit.yml Update Go to 1.24.6 (#31784) 2025-08-12 08:10:05 -03:00
fleetctl-preview-latest.yml Apply starter library during for fleetctl preview server (#30519) 2025-07-16 08:12:32 -06:00
fleetctl-preview.yml Bump container for fleetctl preview GH Action (#31389) 2025-07-29 13:25:41 -05:00
fleetd-tuf.yml Update TUF status generation to use new TUF repository (#26099) 2025-02-07 08:30:07 -03:00
generate-desktop-targets.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
generate-nudge-targets.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
generate-osqueryd-targets.yml SLSA attestation updates (#31833) 2025-08-14 14:52:16 -04:00
golangci-lint.yml Fix Windows lint issues and enable linting on Windows (#28704) 2025-05-02 16:11:26 -04:00
goreleaser-fleet.yaml Move GitHub token to correct step (#30022) (#30023) 2025-06-14 14:36:03 -05:00
goreleaser-orbit.yaml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
goreleaser-snapshot-fleet.yaml Only run docker publish when PR is not a fork (#30808) 2025-07-14 17:03:37 -06:00
ingest-maintained-apps.yml Use PAT to trigger FMA PRs (#32146) 2025-08-21 15:47:07 -06:00
integration.yml Pin version of cloudflared to 2025.5.0 (#30179) 2025-06-20 13:20:19 -03:00
pr-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
randokiller-go.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
README.md add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
release-fleetctl-docker-deps.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
release-fleetd-base.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
release-fleetd-chrome-beta.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-fleetd-chrome.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
render-deploy.yml Added Render deploy workflow for fleet-gitops CI. (#23190) 2024-10-25 15:55:42 -05:00
scorecards-analysis.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
secrets-to-confidential.yml Initial action to synchronize signing secrets to confidential repo (#30561) 2025-07-03 16:45:39 -05:00
test-bulk-operations-dashboard-changes.yml Add app to manage scripts and profiles. (#21450) 2024-08-22 14:59:15 -06:00
test-db-changes.yml Merge Android datastore into main Fleet datastore (#32233) 2025-08-25 11:41:28 -04:00
test-fleetd-chrome.yml bump action/cache to version 4.2.0 (#25508) 2025-01-17 15:01:27 +00:00
test-fma-darwin.yml pinning dependencies for FMA workflow yml (#31743) 2025-08-08 12:11:55 -05:00
test-fma-windows.yml pinning dependencies for FMA workflow yml (#31743) 2025-08-08 12:11:55 -05:00
test-go.yaml For Go tests, always upload a success/fail status indicator so that aggregate-result works correctly. (#32065) 2025-08-18 17:23:45 -05:00
test-js.yml update storybook to 8.4.7 (#25451) 2025-01-20 16:17:33 +00:00
test-native-tooling-packaging.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
test-packaging-build-docker-deps.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
test-packaging.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
test-puppet.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-vulnerability-dashboard-changes.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-website.yml Disable storybook steps in website-related GH workflows (#31723) 2025-08-08 10:57:46 -05:00
test-yml-specs.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
tfvalidate.yml Loadtesting - Enable Cloudfront (#31073) 2025-07-21 16:41:06 -04:00
trivy-scan.yml Fix detected CVEs and docker scout exit code to fail the Github Action (#28836) 2025-05-06 13:35:27 -03:00
update-certs.yml Add reviewers to automated PRs (#18390) 2024-04-18 10:51:07 -03:00
update-old-tuf-timestamp-signature.yaml Add workflow to update timestamp on new repository (#26635) 2025-02-27 18:02:42 -03:00
update-osquery-versions.yml [StepSecurity] ci: Harden GitHub Actions (#25985) 2025-02-03 12:25:18 -06:00
update-tuf-timestamp-signature.yaml Fix code scanning alerts (#27074) 2025-03-27 10:01:20 -03:00
validate-maintained-apps-inputs.yml add a JSON schema for homebrew FMA inputs (#30881) 2025-07-16 19:41:39 -04:00
verify-fleetd-base.yml Increase sleep time in verify-fleetd-base.yml (#27763) 2025-04-02 14:30:04 -03:00

README.md

Github Actions

Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.

Bash

By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write safer bash scripts in run jobs and avoid common issues, override the default by adding the following to the workflow file

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

By specifying the default shell to bash, some extra flags are set. The option pipefail changes the behaviour when using the pipe | operator such that if any command in a pipeline fails, that commands return code will be used a the return code for the whole pipeline. Consider the following example in test-go.yaml

    - name: Run Go Tests
      run: |
        # omitted ...
          make test-go 2>&1 | tee /tmp/gotest.log

If the pipefail option was not set, this job would always succeed because tee would always return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.

Concurrency

Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

When a workflow is triggered via a pull request, it will cancel previous running workflows for that pull request. This is especially useful when changes are pushed to a pull request frequently. Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to main are unaffected.