mirror of
https://github.com/fleetdm/fleet
synced 2026-05-09 18:20:48 +00:00
134c74a94b
For #32859. We can ignore the "Dependency review" failure in [CVE-2023-32698](https://github.com/advisories/GHSA-w7jw-q4fg-qc4c) because we already have the rules to ignore it (we are not vulnerable). I'm not updating nfpm to latest because it would require further changes on all deb/rpm generation (source code breaking changes on the golang interfaces). --- <img width="448" height="151" alt="screenshot-2025-09-11_08-38-20" src="https://github.com/user-attachments/assets/4c00b960-568a-48d9-8098-308c8ab8916f" /> <img width="391" height="73" alt="screenshot-2025-09-11_08-37-40" src="https://github.com/user-attachments/assets/dec6ea22-31f8-4930-b067-0b04b4ec2b5f" /> <img width="759" height="428" alt="Image" src="https://github.com/user-attachments/assets/0a76d070-4709-4a35-8e6e-caf869473d28" /> <img width="1178" height="634" alt="Image" src="https://github.com/user-attachments/assets/98e6fa2a-ba07-4a55-81aa-ad747f1c57b9" /> <img width="1388" height="830" alt="Image" src="https://github.com/user-attachments/assets/19d36bad-d01d-4130-b271-38bea2534833" /> <img width="933" height="930" alt="Image" src="https://github.com/user-attachments/assets/1d6a369b-65d7-46a4-98a6-e6f0b29be2c8" /> <img width="2241" height="693" alt="Image" src="https://github.com/user-attachments/assets/d8f98e97-f027-4c1c-ae5d-c4fa3b592a20" /> - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [X] QA'd all new/changed functionality manually
134 lines
4.7 KiB
YAML
134 lines
4.7 KiB
YAML
# This workflow tests packaging of fleetd with the
|
|
# `fleetctl package` command.
|
|
#
|
|
# It fetches the targets: orbit, osquery and fleet-desktop from the default
|
|
# (Fleet's) TUF server, https://tuf.fleetctl.com.
|
|
#
|
|
# Docker and colima are extremely unreliable on macOS Github runners
|
|
# thus this workflow is not testing MSI package generation on macOS.
|
|
name: Test packaging
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- patch-*
|
|
- prepare-*
|
|
paths:
|
|
- 'cmd/fleetctl/**.go'
|
|
- 'pkg/**.go'
|
|
- 'server/context/**.go'
|
|
- 'orbit/**.go'
|
|
- 'ee/fleetctl/**.go'
|
|
- 'tools/fleetctl-docker/**'
|
|
- 'tools/wix-docker/**'
|
|
- 'tools/bomutils-docker/**'
|
|
- '.github/workflows/test-packaging.yml'
|
|
pull_request:
|
|
paths:
|
|
- 'cmd/fleetctl/**.go'
|
|
- 'pkg/**.go'
|
|
- 'server/context/**.go'
|
|
- 'orbit/**.go'
|
|
- 'ee/fleetctl/**.go'
|
|
- 'tools/fleetctl-docker/**'
|
|
- 'tools/wix-docker/**'
|
|
- 'tools/bomutils-docker/**'
|
|
- '.github/workflows/test-packaging.yml'
|
|
workflow_dispatch: # Manual
|
|
|
|
# This allows a subsequently queued workflow run to interrupt previous runs
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
|
|
shell: bash
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
test-packaging:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [ubuntu-latest, macos-15]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Pull fleetdm/wix
|
|
if: ${{ !startsWith(matrix.os, 'macos') }}
|
|
# Run in background while other steps complete to speed up the workflow
|
|
run: |
|
|
docker pull fleetdm/wix:latest &
|
|
|
|
- name: Pull fleetdm/bomutils
|
|
if: ${{ !startsWith(matrix.os, 'macos') }}
|
|
# Run in background while other steps complete to speed up the workflow
|
|
run: |
|
|
docker pull fleetdm/bomutils:latest &
|
|
|
|
- name: Checkout Code
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: Install wine and wix
|
|
if: startsWith(matrix.os, 'macos')
|
|
run: |
|
|
./it-and-security/lib/macos/scripts/install-wine.sh -n
|
|
wget https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -nv -O wix.zip
|
|
mkdir wix
|
|
unzip wix.zip -d wix
|
|
rm -f wix.zip
|
|
echo wix installed at $(pwd)/wix
|
|
|
|
- name: Build fleetctl
|
|
run: make fleetctl
|
|
|
|
- name: Build DEB
|
|
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build DEB with Fleet Desktop
|
|
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
|
|
|
|
- name: Build RPM
|
|
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build RPM with Fleet Desktop
|
|
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
|
|
|
|
- name: Build PKG.TAR.ZST
|
|
run: ./build/fleetctl package --type pkg.tar.zst --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build PKG.TAR.ZST with Fleet Desktop
|
|
run: ./build/fleetctl package --type pkg.tar.zst --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
|
|
|
|
- name: Build MSI
|
|
if: ${{ !startsWith(matrix.os, 'macos') }}
|
|
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build MSI with Fleet Desktop
|
|
if: ${{ !startsWith(matrix.os, 'macos') }}
|
|
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
|
|
|
|
- name: Build PKG
|
|
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build PKG with Fleet Desktop
|
|
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
|
|
|
|
- name: Build MSI on macOS (using local Wix)
|
|
if: startsWith(matrix.os, 'macos')
|
|
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop --local-wix-dir ./wix
|