Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 08:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 107
fleet/.github/workflows/fleetctl-preview-latest.yml
Ian Littman 18256bdf0e
Add missing step-security hardening action, bump to current version (#38470) 
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Upgraded security protections across build and deployment workflows
for enhanced runner environment hardening.
* Strengthened CI/CD infrastructure security measures throughout
automated processes.
  * No direct user-facing changes.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-01-19 15:10:48 -06:00

106 lines
3.4 KiB
YAML
Raw Blame History

name: Test latest changes in fleetctl preview
# Tests the `fleetctl preview` command with latest changes in fleetctl and
# docs/01-Using-Fleet/starter-library/starter-library.yml
on:
push:
branches:
- main
- patch-*
- prepare-*
paths:
- 'cmd/fleetctl/**.go'
- 'pkg/**.go'
- 'server/service/**.go'
- 'server/context/**.go'
- 'orbit/**.go'
- 'ee/fleetctl/**.go'
- 'docs/01-Using-Fleet/starter-library/starter-library.yml'
- '.github/workflows/fleetctl-preview-latest.yml'
- 'tools/osquery/in-a-box'
pull_request:
paths:
- 'cmd/fleetctl/**.go'
- 'pkg/**.go'
- 'server/service/**.go'
- 'server/context/**.go'
- 'orbit/**.go'
- 'ee/fleetctl/**.go'
- 'docs/01-Using-Fleet/starter-library/starter-library.yml'
- '.github/workflows/fleetctl-preview-latest.yml'
- 'tools/osquery/in-a-box'
workflow_dispatch: # Manual
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
cancel-in-progress: true
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
jobs:
test-preview:
timeout-minutes: 60
strategy:
matrix:
# Only run on Linux because:
# - Linux Docker containers are not supported in Windows.
# - Unattended installation of Docker on macOS fails. (see
# https://github.com/docker/for-mac/issues/6450)
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit
- name: Checkout Code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
- name: Build Fleetctl
run: make fleetctl
- name: Run fleetctl preview
run: |
./build/fleetctl preview \
--disable-open-browser \
--starter-library-file-path $(pwd)/docs/01-Using-Fleet/starter-library/starter-library.yml \
--preview-config-path ./tools/osquery/in-a-box
sleep 10
./build/fleetctl get hosts | tee hosts.txt
[ $( cat hosts.txt | grep online | wc -l) -eq 8 ]
- name: Get fleet logs
if: always()
run: |
FLEET_LICENSE_KEY=foo docker compose -f ~/.fleet/preview/docker-compose.yml logs fleet01 fleet02 > fleet-logs.txt
# Copying logs, otherwise the upload-artifact action uploads the logs in a hidden folder (.fleet)
# Old location of orbit logs before v4.43.0
cp ~/.fleet/preview/orbit.log orbit.log || true
# New location of orbit logs since v4.43.0
cp ~/.fleet/preview/orbit/orbit.log orbit.log || true
cp -r ~/.fleet/preview/logs osquery_result_status_logs
- name: Upload logs
if: always()
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: ${{ matrix.os }}-log
path: |
fleet-logs.txt
orbit.log
osquery_result_status_logs
Reference in a new issue View git blame Copy permalink