Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/.github/workflows/render-deploy.yml
Ian Littman 18256bdf0e
Add missing step-security hardening action, bump to current version (#38470) 
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Upgraded security protections across build and deployment workflows
for enhanced runner environment hardening.
* Strengthened CI/CD infrastructure security measures throughout
automated processes.
  * No direct user-facing changes.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-01-19 15:10:48 -06:00

48 lines
1.6 KiB
YAML
Raw Blame History

name: Render deploy
# Re-deploy Fleet servers on Render to update to the latest Fleet release.
#
# Render (https://render.com/) is hosting 2 Fleet servers that are used by our gitops repos:
# - https://github.com/fleetdm/fleet-gitops
# - https://gitlab.com/fleetdm/fleet-gitops
#
# The premium server (fleet-gitops-ci-premium) is used by GitHub CI and the free server (fleet-gitops-ci-free) is used by GitLab CI.
# Both servers share a MySQL service (fleet-gitops-ci-mysql).
# - fleet-gitops-ci-premium uses fleet database
# - fleet-gitops-ci-free uses fleet_free database
#
# Both servers share a Redis service (fleet-gitops-ci-redis).
# - fleet-gitops-ci-premium uses database 0 (the default)
# - fleet-gitops-ci-free uses database 1
on:
workflow_dispatch: # Manual
schedule:
- cron: '0 2 * * *' # Nightly 2AM UTC
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
cancel-in-progress: true
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
jobs:
render-deploy:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit
- name: Trigger deploy
run: |
curl "${{ secrets.RENDER_GITOPS_FREE_DEPLOY_HOOK }}"
curl "${{ secrets.RENDER_GITOPS_PREMIUM_DEPLOY_HOOK }}"
Reference in a new issue View git blame Copy permalink