Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-18 14:38:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 57
fleet/.github/workflows
History
dependabot[bot] dbf87cbe62
Bump github/codeql-action from 2.2.4 to 2.20.1 (#12437) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.4 to 2.20.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>CodeQL Bundle</h2>
<p>Bundles CodeQL CLI v2.13.4</p>
<ul>
<li>(<a
href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li>
</ul>
<p>Includes the following CodeQL language packs from <a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p>
<ul>
<li><code>codeql/cpp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li>
<li><code>codeql/cpp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib">source</a>)</li>
<li><code>codeql/csharp-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src">source</a>)</li>
<li><code>codeql/csharp-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib">source</a>)</li>
<li><code>codeql/go-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src">source</a>)</li>
<li><code>codeql/go-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib">source</a>)</li>
<li><code>codeql/java-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src">source</a>)</li>
<li><code>codeql/java-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib">source</a>)</li>
<li><code>codeql/javascript-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src">source</a>)</li>
<li><code>codeql/javascript-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib">source</a>)</li>
<li><code>codeql/python-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src">source</a>)</li>
<li><code>codeql/python-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib">source</a>)</li>
<li><code>codeql/ruby-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src">source</a>)</li>
<li><code>codeql/ruby-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib">source</a>)</li>
<li><code>codeql/swift-queries</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src">source</a>)</li>
<li><code>codeql/swift-all</code> (<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib/CHANGELOG.md">changelog</a>,
<a
href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib">source</a>)</li>
</ul>
<h2>CodeQL Bundle v2.6.0-beta.1</h2>
<p>Bundles CodeQL CLI <a
href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.0-beta.1">v2.6.0-beta.1</a></p>
<h3>⚠️ This is a beta release containing a new CodeQL packaging feature.
It may not be compatible with existing workflows.</h3>
<p>This release contains beta support for <strong>CodeQL packs</strong>.
Please read the documentation below for more information:</p>
<ul>
<li><a
href="https://codeql.github.com/docs/codeql-cli/about-codeql-packs">Using
CodeQL packs with the CodeQL CLI</a></li>
<li><a
href="https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-codeql-query-packs">Using
CodeQL packs in Code Scanning on GitHub Actions</a></li>
<li><a
href="https://docs.github.com/en/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#downloading-and-using-codeql-query-packs">Using
CodeQL packs in Code Scanning on 3rd-party CI systems</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.20.1 - 21 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.4. <a
href="https://redirect.github.com/github/codeql-action/pull/1721">#1721</a></li>
<li>Experimental: add a new <code>resolve-environment</code> action
which attempts to infer a configuration for the build environment that
is required to build a given project. Do not use this in production as
it is part of an internal experiment and subject to change at any
time.</li>
</ul>
<h2>2.20.0 - 13 Jun 2023</h2>
<ul>
<li>Bump the version of the Action to 2.20.0. This ensures that users
who received a Dependabot upgrade to <a
href="cdcdbb5797"><code>cdcdbb5</code></a>,
which was mistakenly marked as Action version 2.13.4, continue to
receive updates to the CodeQL Action. Full details in <a
href="https://redirect.github.com/github/codeql-action/pull/1729">#1729</a></li>
</ul>
<h2>2.3.6 - 01 Jun 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.3. <a
href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li>
</ul>
<h2>2.3.5 - 25 May 2023</h2>
<ul>
<li>Allow invalid URIs to be used as values to
<code>artifactLocation.uri</code> properties. This reverses a change
from <a
href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a>
that inadvertently led to stricter validation of some URI values. <a
href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li>
<li>Gracefully handle invalid URIs when fingerprinting. <a
href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li>
</ul>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a
href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python
dependency installation for new users of the CodeQL Action. This
improves the speed of analysis while having only a very minor impact on
results. <a
href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
<li>We are improving the way that <a
href="https://github.com/github/codeql-action/releases">CodeQL
bundles</a> are tagged to make it possible to easily identify bundles by
their CodeQL semantic version. <a
href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a>
<ul>
<li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using
semantic versions, for example <code>codeql-bundle-v2.13.4</code>,
instead of timestamps, like <code>codeql-bundle-20230615</code>.</li>
<li>This change does not affect the majority of workflows, and we will
not be changing tags for existing bundle releases.</li>
<li>Some workflows with custom logic that depends on the specific format
of the CodeQL bundle tag may need to be updated. For example, if your
workflow matches CodeQL bundle tag names against a
<code>codeql-bundle-yyyymmdd</code> pattern, you should update it to
also recognize <code>codeql-bundle-vx.y.z</code> tags.</li>
</ul>
</li>
<li>Remove the requirement for <code>on.push</code> and
<code>on.pull_request</code> to trigger on the same branches. <a
href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li>
</ul>
<h2>2.3.3 - 04 May 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.1. <a
href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li>
<li>You can now configure CodeQL within your code scanning workflow by
passing a <code>config</code> input to the <code>init</code> Action. See
<a href="https://aka.ms/code-scanning-docs/config-file">Using a custom
configuration file</a> for more information about configuring code
scanning. <a
href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li>
</ul>
<h2>2.3.2 - 27 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a
href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f6e388ebf0"><code>f6e388e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1736">#1736</a>
from github/update-v2.20.1-4385ad556</li>
<li><a
href="2874247228"><code>2874247</code></a>
Update changelog for v2.20.1</li>
<li><a
href="4385ad5563"><code>4385ad5</code></a>
Send <code>job_run_uuid</code> to status report telemetry (<a
href="https://redirect.github.com/github/codeql-action/issues/1685">#1685</a>)</li>
<li><a
href="8ba77ef4d3"><code>8ba77ef</code></a>
Bump <code>@​octokit/types</code> from 9.0.0 to 10.0.0 (<a
href="https://redirect.github.com/github/codeql-action/issues/1734">#1734</a>)</li>
<li><a
href="82dbde173c"><code>82dbde1</code></a>
Fix setup-swift composite action for versions 5.8, 5.8.1 (<a
href="https://redirect.github.com/github/codeql-action/issues/1735">#1735</a>)</li>
<li><a
href="c6dff3470e"><code>c6dff34</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1721">#1721</a>
from github/update-bundle/codeql-bundle-v2.13.4</li>
<li><a
href="3e0c87dc38"><code>3e0c87d</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.13.4</li>
<li><a
href="de74ca6211"><code>de74ca6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1732">#1732</a>
from github/henrymercer/tolerate-unexpected-processi...</li>
<li><a
href="d6201b58de"><code>d6201b5</code></a>
Improve logging messages</li>
<li><a
href="0ac18158d1"><code>0ac1815</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1684">#1684</a>
from github/mbg/add-resolve-environment</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v2.2.4...f6e388ebf0efc915c6c5b165b019ee61a6746a38">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-23 12:40:54 -07:00
..
config set default shell in workflows (#8108) 2022-10-07 09:43:56 -06:00
build-and-push-fleetctl-docker.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
build-binaries.yaml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
build-orbit.yaml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
codeql-analysis.yml Bump github/codeql-action from 2.2.4 to 2.20.1 (#12437) 2023-06-23 12:40:54 -07:00
deploy-fleet-website.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
docs.yml add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
dogfood-deploy.yml Warn against deploying fleetdm/fleet:main directly (#11316) 2023-04-25 13:22:59 -05:00
example-workflow.yaml Add example workflow (#11893) 2023-05-23 13:52:21 -05:00
fleet-and-orbit.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
fleetctl-preview-latest.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
fleetctl-preview.yml Bump actions/upload-artifact from 3.1.0 to 3.1.2 (#10183) 2023-04-24 11:27:56 -07:00
fleetctl-workstations-canary.yml Update fleetctl-workstations-canary for minimum os 13.4.1 (#12469) 2023-06-22 19:54:43 -04:00
fleetctl-workstations.yml Update fleetctl-workstations os update to 13.4.1 (#12471) 2023-06-22 20:05:15 -04:00
generate-desktop-targets.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
generate-nudge-targets.yml Bump actions/upload-artifact from 3.1.0 to 3.1.2 (#10183) 2023-04-24 11:27:56 -07:00
generate-osqueryd-targets.yml Generate targets for osquery 5.9.1 (#12410) 2023-06-21 23:14:52 -07:00
golangci-lint.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
goreleaser-fleet.yaml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
goreleaser-orbit.yaml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
goreleaser-snapshot-fleet.yaml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
integration.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
pr-helm.yaml add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
push-osquery-perf-to-ecr.yml Bump aws-actions/amazon-ecr-login from 1.5.3 to 1.6.0 (#11514) 2023-05-03 12:06:24 -07:00
README.md add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
release-helm.yaml Use actions token during helm-publish workflow (#12430) 2023-06-21 09:30:25 -06:00
scorecards-analysis.yml Bump github/codeql-action from 2.2.4 to 2.20.1 (#12437) 2023-06-23 12:40:54 -07:00
test-db-changes.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
test-go.yaml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
test-native-tooling-packaging.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
test-packaging.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
test-website.yml Use personal access token for workflows (#12118) 2023-06-02 16:23:23 -05:00
test-yml-specs.yml Bump actions/setup-go from 2.1.3 to 4.0.1 (#12294) 2023-06-23 12:38:42 -07:00
test.yml generate js coverage report in CI (#12029) 2023-06-01 17:46:25 +01:00
tfsec.yml Bump github/codeql-action from 2.2.4 to 2.20.1 (#12437) 2023-06-23 12:40:54 -07:00
tfvalidate.yml Upversion github actions in tfvalidate.yml (#12005) 2023-05-28 22:54:46 -04:00
trivy_scan.yml Bump github/codeql-action from 2.2.4 to 2.20.1 (#12437) 2023-06-23 12:40:54 -07:00
update-certs.yml add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00

README.md

Github Actions

Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.

Bash

By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write safer bash scripts in run jobs and avoid common issues, override the default by adding the following to the workflow file

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

By specifying the default shell to bash, some extra flags are set. The option pipefail changes the behaviour when using the pipe | operator such that if any command in a pipeline fails, that commands return code will be used a the return code for the whole pipeline. Consider the following example in test-go.yaml

    - name: Run Go Tests
      run: |
        # omitted ...
          make test-go 2>&1 | tee /tmp/gotest.log

If the pipefail option was not set, this job would always succeed because tee would always return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.

Concurrency

Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

When a workflow is triggered via a pull request, it will cancel previous running workflows for that pull request. This is especially useful when changes are pushed to a pull request frequently. Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to main are unaffected.