mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 17:08:53 +00:00
18256bdf0e
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded security protections across build and deployment workflows
for enhanced runner environment hardening.
* Strengthened CI/CD infrastructure security measures throughout
automated processes.
* No direct user-facing changes.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
73 lines
2.2 KiB
YAML
73 lines
2.2 KiB
YAML
name: Test Fleet Maintained Apps - Darwin
|
|
|
|
on:
|
|
# Note: PR triggers removed - use test-fma-darwin-pr-only.yml for PRs
|
|
# This workflow is kept for manual testing of all FMAs via workflow_dispatch
|
|
workflow_dispatch: # Manual trigger
|
|
inputs:
|
|
log_level:
|
|
description: "Log level (debug, info, warn, error)"
|
|
required: false
|
|
default: "info"
|
|
type: choice
|
|
options:
|
|
- debug
|
|
- info
|
|
- warn
|
|
- error
|
|
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
test-fma:
|
|
env:
|
|
LOG_LEVEL: ${{ github.event.inputs.log_level || 'info' }}
|
|
runs-on: macos-latest
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout Fleet
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
repository: fleetdm/fleet
|
|
fetch-depth: 1
|
|
ref: ${{ github.ref }}
|
|
path: fleet
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version-file: "fleet/go.mod"
|
|
|
|
- name: Install osquery mac
|
|
run: |
|
|
echo "Runner architecture: $(uname -m)"
|
|
curl -L -o osquery.tar.gz "https://github.com/osquery/osquery/releases/download/5.18.1/osquery-5.18.1_1.macos_arm64.tar.gz"
|
|
tar -xzf osquery.tar.gz
|
|
sudo cp -r opt /
|
|
sudo cp -r private /
|
|
sudo ln -sf /opt/osquery/lib/osquery.app/Contents/MacOS/osqueryd /usr/local/bin/osqueryi
|
|
sudo ln -sf /opt/osquery/lib/osquery.app/Contents/Resources/osqueryctl /usr/local/bin/osqueryctl
|
|
|
|
- name: Remove pre-installed google chrome mac
|
|
run: |
|
|
ls /Applications | grep -i "Chrome"
|
|
find /Applications -name "*Chrome*.app" -type d | while read app;
|
|
do
|
|
echo "Removing $app..."
|
|
sudo rm -rf "$app"
|
|
done
|
|
|
|
- name: Verify Fleet Maintained Apps mac
|
|
run: |
|
|
ls /Applications
|
|
cd fleet
|
|
sudo -E go run ./cmd/maintained-apps/validate
|