Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-17 22:18:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 44
fleet/.github/workflows
History
Mike McNeil c0b3517f75
Add malicious package checking (Shai-Halud only) to website CI/CD test script (#36438)
2025-12-01 15:04:10 -06:00
..
config Speculative fix for flaky TestVPPApps. (#25385) 2025-01-13 16:28:48 -06:00
build-binaries.yaml Upgrade Fleet's Node.js version (#34603) 2025-10-27 17:21:50 -04:00
build-fleetd-base-msi.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
build-fleetd-base-pkg.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
build-fleetd_tables.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
build-fleetdm-fleetctl-check-vulnerabilities.yml Check the latest published version of bomutils/wix for vulnerabilities, not main, with the option to point back to CI build (#36200) 2025-11-24 10:29:35 -06:00
build-orbit.yaml Update deprecated actions/upload-artifact missed in previous PR. (#25724) 2025-01-23 10:50:55 -06:00
check-automated-doc.yml Make sure VEX report is up-to-date with a CI check (#31759) 2025-08-11 14:55:31 -05:00
check-bomutils-vulnerabilities.yml Check the latest published version of bomutils/wix for vulnerabilities, not main, with the option to point back to CI build (#36200) 2025-11-24 10:29:35 -06:00
check-ms-protocol-feeds.yml Add Github Action to create issues when there are new MS MDM Protocol Changes to Review (#31424) 2025-07-30 16:18:37 -04:00
check-script-diff.yml Pin action versions used in script diff workflow (#32416) 2025-08-28 14:38:45 -05:00
check-tuf-timestamps.yml Add slack notification to TUF signature job when it fails (#32452) 2025-09-03 16:17:53 -03:00
check-updates-timestamps.yml Add slack notification to TUF signature job when it fails (#32452) 2025-09-03 16:17:53 -03:00
check-vulnerabilities-in-released-docker-images.yml Updated docker vulnerabilities slack webhooks. (#33814) 2025-10-06 10:25:38 -05:00
check-wix-vulnerabilities.yml Check the latest published version of bomutils/wix for vulnerabilities, not main, with the option to point back to CI build (#36200) 2025-11-24 10:29:35 -06:00
close-stale-eng-initiated-issues.yml Add stale issues workflow (#27047) 2025-03-14 16:11:43 -05:00
code-sign-windows.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
codeql-analysis.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
collect-eng-metrics-test.yml Add workflows to collect engineering metrics. (#30540) 2025-07-03 16:59:25 -05:00
collect-eng-metrics.yml Added Slack failure notification to the new Collect engineering metrics job. (#30566) 2025-07-07 14:10:29 -05:00
db-upgrade-test.yml Simplify DB test/upgrade tool (#27141) 2025-03-14 17:07:41 -03:00
dependency-review.yml Update dependency-review-action (#29910) 2025-06-11 11:15:48 -03:00
deploy-fleet-website.yml Website: Update deploy workflow to remove website/assets folder from website's build slug. (#31769) 2025-08-13 17:00:14 -05:00
deploy-vulnerability-dashboard.yml Update vulnerability dashboard to deploy from a parentless commit (#31887) 2025-08-14 09:58:25 -05:00
docs.yml Fail CI if Markdown files have "here" or "click here" as link anchors (#30027) 2025-06-19 10:12:31 -05:00
dogfood-automated-policy-updates.yml Refactor policy updater scripts and workflow for PR automation (#35388) 2025-11-19 11:09:36 -06:00
dogfood-deploy.yml Dogfood & Dogfood Free - Terraform deprecation fixes (#32101) 2025-08-19 22:48:19 -04:00
dogfood-gitops.yml Fix capitalization in workflow name (#34353) 2025-10-16 10:55:09 -05:00
dogfood-update-testing-qa-apps.yml Update dogfood-update-testing-qa-apps.yml (#35858) 2025-11-19 09:24:54 -06:00
fleet-and-orbit.yml Use macOS 14 runners in GHA rather than macOS 13 since 13 is being browned out (#35550) 2025-11-11 15:18:20 -06:00
fleetctl-preview-latest.yml Apply starter library during for fleetctl preview server (#30519) 2025-07-16 08:12:32 -06:00
fleetctl-preview.yml Bump container for fleetctl preview GH Action (#31389) 2025-07-29 13:25:41 -05:00
fleetd-tuf.yml Update TUF status generation to use new TUF repository (#26099) 2025-02-07 08:30:07 -03:00
generate-desktop-targets.yml Use macOS 14 runners in GHA rather than macOS 13 since 13 is being browned out (#35550) 2025-11-11 15:18:20 -06:00
generate-nudge-targets.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
generate-osqueryd-targets.yml Release osqueryd 5.20.0 (#35062) 2025-10-31 16:23:03 -05:00
generate-swift-dialog-targets.yml Update Makefile swift dialog versions and add github workflow (#32511) 2025-09-05 10:49:21 -04:00
golangci-lint.yml Update golangci-lint to v2.4.0 (#33251) 2025-09-22 13:17:11 -05:00
goreleaser-fleet.yaml Move GitHub token to correct step (#30022) (#30023) 2025-06-14 14:36:03 -05:00
goreleaser-orbit.yaml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
goreleaser-snapshot-fleet.yaml Add 4 automatic retries to docker publish GitHub action (#36176) 2025-11-24 10:03:11 -08:00
ingest-maintained-apps.yml Update ingest-maintained-apps.yml (#35785) 2025-11-17 15:18:02 -06:00
integration.yml Improve integration workflow robustness with health checks and detailed enrollment logging. (#32348) 2025-08-27 14:52:48 -05:00
loadtest-infra.yml Loadtest Github Actions Fixes (#34038) 2025-10-09 10:39:55 -04:00
loadtest-osquery-perf.yml Loadtesting - osquery deployment session timeout increase (#36097) 2025-11-20 21:08:52 -05:00
loadtest-shared.yml Loadtesting IAC updates (#32629) 2025-10-08 15:31:37 -04:00
pr-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
publish-go-module.yml Add workflow to publish go modules (#33335) 2025-09-23 12:03:37 -03:00
randokiller-go.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
README.md add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
release-fleetctl-docker-deps.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
release-fleetd-base.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
release-fleetd-chrome-beta.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-fleetd-chrome.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
render-deploy.yml Added Render deploy workflow for fleet-gitops CI. (#23190) 2024-10-25 15:55:42 -05:00
scorecards-analysis.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
secrets-to-confidential.yml Initial action to synchronize signing secrets to confidential repo (#30561) 2025-07-03 16:45:39 -05:00
test-android.yml Android SCEP client (#36139) 2025-12-01 10:43:26 -07:00
test-bulk-operations-dashboard-changes.yml Add app to manage scripts and profiles. (#21450) 2024-08-22 14:59:15 -06:00
test-db-changes.yml Merge Android datastore into main Fleet datastore (#32233) 2025-08-25 11:41:28 -04:00
test-fleetd-chrome.yml bump action/cache to version 4.2.0 (#25508) 2025-01-17 15:01:27 +00:00
test-fma-darwin-pr-only.yml Add workflows for validation on new FMAs only (#35888) 2025-11-24 15:00:27 -06:00
test-fma-darwin.yml Add workflows for validation on new FMAs only (#35888) 2025-11-24 15:00:27 -06:00
test-fma-windows-pr-only.yml Add workflows for validation on new FMAs only (#35888) 2025-11-24 15:00:27 -06:00
test-fma-windows.yml Add workflows for validation on new FMAs only (#35888) 2025-11-24 15:00:27 -06:00
test-go.yaml Updates for getting private key from AWS secrets manager (#32789) 2025-09-19 10:57:02 -05:00
test-js.yml update storybook to 8.4.7 (#25451) 2025-01-20 16:17:33 +00:00
test-mock-changes.yml Add test to validate mock changes (#35663) 2025-11-17 13:08:02 -05:00
test-native-tooling-packaging.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
test-packaging-build-docker-deps.yml Add initial Arch Linux support (#33096) 2025-09-18 18:55:31 -03:00
test-packaging.yml Add initial Arch Linux support (#33096) 2025-09-18 18:55:31 -03:00
test-puppet.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-vulnerability-dashboard-changes.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-website.yml Add malicious package checking (Shai-Halud only) to website CI/CD test script (#36438) 2025-12-01 15:04:10 -06:00
test-yml-specs.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
tfvalidate.yml Loadtesting - Enable Cloudfront (#31073) 2025-07-21 16:41:06 -04:00
trivy-scan.yml Fix detected CVEs and docker scout exit code to fail the Github Action (#28836) 2025-05-06 13:35:27 -03:00
update-certs.yml Add reviewers to automated PRs (#18390) 2024-04-18 10:51:07 -03:00
update-old-tuf-timestamp-signature.yaml Add workflow to update timestamp on new repository (#26635) 2025-02-27 18:02:42 -03:00
update-osquery-versions.yml [StepSecurity] ci: Harden GitHub Actions (#25985) 2025-02-03 12:25:18 -06:00
validate-maintained-apps-inputs.yml add a JSON schema for homebrew FMA inputs (#30881) 2025-07-16 19:41:39 -04:00
verify-fleetd-base.yml Increase sleep time in verify-fleetd-base.yml (#27763) 2025-04-02 14:30:04 -03:00

README.md

Github Actions

Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.

Bash

By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write safer bash scripts in run jobs and avoid common issues, override the default by adding the following to the workflow file

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

By specifying the default shell to bash, some extra flags are set. The option pipefail changes the behaviour when using the pipe | operator such that if any command in a pipeline fails, that commands return code will be used a the return code for the whole pipeline. Consider the following example in test-go.yaml

    - name: Run Go Tests
      run: |
        # omitted ...
          make test-go 2>&1 | tee /tmp/gotest.log

If the pipefail option was not set, this job would always succeed because tee would always return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.

Concurrency

Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

When a workflow is triggered via a pull request, it will cancel previous running workflows for that pull request. This is especially useful when changes are pushed to a pull request frequently. Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to main are unaffected.