mirror of
https://github.com/fleetdm/fleet
synced 2026-05-14 12:38:41 +00:00
b94972351f
* Adding permissions to docs.yml and integration.yml * Update codeql-analysis.yml Adding top level read permissions to codeql workflow * Update codeql-analysis.yml Adding manual dispatch to codeql - to be able to test it easier * Update deploy-fleet-website.yml Adding top level read permission + write in the job so it can push the website * Update test-website.yml test-website should only need read permissions on content. * Update fleet-and-orbit.yml Testing Fleet and Orbit should be fine with top level read access * Update fleetctl-preview.yml fleetctl-preview should be fine with just read access at top level * Update push-osquery-perf-to-ecr.yml ECR is out of github so read permissions should be enough * Update semgrep-analysis.yml semgrep should only need read * Update test-packaging.yml Should only need read permission - setting on top * Update test.yml Should not need any write access - setting to READ on top. * Update deploy-fleet-website.yml Removing git write permission - since this pushes to Heroku not GitHub * Tweaked as per Zach's comments Removed some useless restrictions (contents none on a public repo for example) * Removed meaningless permissions contents: none - this does not have any security advantage on a public repo
65 lines
1.9 KiB
YAML
65 lines
1.9 KiB
YAML
name: Test packaging
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- patch-*
|
|
pull_request:
|
|
paths:
|
|
- '**.go'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
test-packaging:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [ubuntu-latest, macos-latest]
|
|
go-version: ['^1.17.8']
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- name: Install Docker
|
|
if: matrix.os == 'macos-latest'
|
|
# From https://github.com/docker/for-mac/issues/2359#issuecomment-943131345
|
|
run: |
|
|
brew install --cask docker
|
|
sudo /Applications/Docker.app/Contents/MacOS/Docker --unattended --install-privileged-components
|
|
open -a /Applications/Docker.app --args --unattended --accept-license
|
|
echo "Waiting for Docker to start up..."
|
|
while ! /Applications/Docker.app/Contents/Resources/bin/docker info &>/dev/null; do sleep 1; done
|
|
echo "Docker is ready."
|
|
|
|
- name: Pull fleetdm/wix
|
|
# Run in background while other steps complete to speed up the workflow
|
|
run: docker pull fleetdm/wix:latest &
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2
|
|
with:
|
|
go-version: ${{ matrix.go-version }}
|
|
|
|
- name: Checkout Code
|
|
uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
|
|
|
|
# It seems faster not to cache Go dependencies
|
|
- name: Install Go Dependencies
|
|
run: make deps-go
|
|
|
|
- name: Build fleetctl
|
|
run: make fleetctl
|
|
|
|
- name: Build DEB
|
|
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build RPM
|
|
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build MSI
|
|
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080
|
|
|
|
- name: Build PKG
|
|
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080
|