Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/.github/workflows
History
Luke Heath efe35464d5
Add RC version of gitops workflow (#40838)
2026-03-02 17:46:13 -06:00
..
config Improving Android CI (Slack notification, coverage) (#36518) 2025-12-01 16:48:32 -06:00
auto-tag-unreleased-bugs.yml Don't tag g-website or flakey CI bugs with ~unreleased bug tag, add x & y version handling (#39514) 2026-02-10 14:35:38 -06:00
build-binaries.yaml Upgrade JS deps (#39639) 2026-02-12 09:49:20 -06:00
build-fleetd-base-msi.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
build-fleetd-base-pkg.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
build-fleetd_tables.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
build-fleetdm-fleetctl-check-vulnerabilities.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
build-orbit.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-automated-doc.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
check-bomutils-vulnerabilities.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
check-ms-protocol-feeds.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-script-diff.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-tuf-timestamps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-updates-timestamps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
check-vulnerabilities-in-released-docker-images.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
check-wix-vulnerabilities.yml Bump Trivy version to one that's still downloadable (#40778) 2026-03-02 09:50:14 -06:00
close-stale-eng-initiated-issues.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
code-sign-windows.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
codeql-analysis.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
collect-eng-metrics-test.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
collect-eng-metrics.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
db-upgrade-test.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
dependency-review.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
deploy-fleet-website.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
deploy-vulnerability-dashboard.yml 🤖 Bump to the current version of the Heroku deploy GitHub action (#38468) 2026-01-20 17:45:55 -06:00
docs.yml Vendor goval-dictionary (#39430) 2026-02-11 11:11:05 -07:00
dogfood-automated-policy-updates.yml Add automated Safari policy update and remediation (#35890) 2026-01-08 11:00:31 -06:00
dogfood-deploy.yml Dogfood signoz (#38569) 2026-01-22 12:33:27 -06:00
dogfood-gitops-rc.yml Add RC version of gitops workflow (#40838) 2026-03-02 17:46:13 -06:00
dogfood-gitops.yml Pilot deployment of Okta Verify (#38646) 2026-01-28 16:24:21 -06:00
dogfood-signoz-deploy.yml Signoz action fixes (#38656) 2026-01-22 19:10:44 -06:00
dogfood-update-testing-qa-apps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
fleet-and-orbit.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
fleetctl-preview-latest.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
fleetctl-preview.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
fleetd-tuf.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
generate-desktop-targets.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
generate-nudge-targets.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
generate-osqueryd-targets.yml Release osqueryd 5.22.1 (#40596) 2026-02-26 15:43:22 -03:00
generate-swift-dialog-targets.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
golangci-lint.yml Use nilaway to incrementally check for unsafe nil pointer dereferences (#39030) 2026-02-06 08:51:17 -06:00
goreleaser-fleet.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
goreleaser-orbit.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
goreleaser-snapshot-fleet.yaml Move branch declaration into env var to avoid having branch name be executable (#39636) 2026-02-10 14:11:17 -06:00
ingest-maintained-apps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
integration.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
loadtest-infra.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
loadtest-osquery-perf.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
loadtest-shared.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
pr-helm.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
publish-go-module.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
randokiller-go.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
README.md add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
release-fleetctl-docker-deps.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
release-fleetd-base.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
release-fleetd-chrome-beta.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
release-fleetd-chrome.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
release-helm.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
render-deploy.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
scorecards-analysis.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
secrets-to-confidential.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
tag-aging-bugs.yml Add automated workflow for tagging aging bugs (#39284) 2026-02-03 18:00:58 -06:00
test-android.yml Improving Android CI (Slack notification, coverage) (#36518) 2025-12-01 16:48:32 -06:00
test-db-changes.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
test-fleetd-chrome.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-darwin-pr-only.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-darwin.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-windows-pr-only.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-fma-windows.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-go-activity.yaml Added dedicated Go test workflow for activity bounded context (#40653) 2026-02-27 07:53:57 -06:00
test-go-suite.yaml Added dedicated Go test workflow for activity bounded context (#40653) 2026-02-27 07:53:57 -06:00
test-go.yaml Refactoring test-go workflows to be more maintainable (#40404) 2026-02-25 10:45:24 -06:00
test-js.yml Upgrade JS deps (#39639) 2026-02-12 09:49:20 -06:00
test-mock-changes.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-native-tooling-packaging.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-packaging-build-docker-deps.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-packaging.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-puppet.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-vulnerability-dashboard-changes.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
test-website.yml Fix template and while we're at it, typos (#39956) 2026-02-17 15:45:59 -06:00
test-yml-specs.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
tfvalidate.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
trivy-scan.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
update-certs.yml Fix update certs CI check (#38566) 2026-01-21 13:08:22 -03:00
update-old-tuf-timestamp-signature.yaml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
update-osquery-versions.yml [StepSecurity] ci: Harden GitHub Actions (#25985) 2025-02-03 12:25:18 -06:00
validate-maintained-apps-inputs.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00
verify-fleetd-base.yml Add missing step-security hardening action, bump to current version (#38470) 2026-01-19 15:10:48 -06:00

README.md

Github Actions

Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.

Bash

By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write safer bash scripts in run jobs and avoid common issues, override the default by adding the following to the workflow file

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

By specifying the default shell to bash, some extra flags are set. The option pipefail changes the behaviour when using the pipe | operator such that if any command in a pipeline fails, that commands return code will be used a the return code for the whole pipeline. Consider the following example in test-go.yaml

    - name: Run Go Tests
      run: |
        # omitted ...
          make test-go 2>&1 | tee /tmp/gotest.log

If the pipefail option was not set, this job would always succeed because tee would always return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.

Concurrency

Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

When a workflow is triggered via a pull request, it will cancel previous running workflows for that pull request. This is especially useful when changes are pushed to a pull request frequently. Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to main are unaffected.