Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 06:48:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/.github/workflows
History
Ian Littman fa3da7569e
Match Fleet-maintained app update PR assignees to current software team members (#33549)
2025-09-29 09:49:08 -05:00
..
config Speculative fix for flaky TestVPPApps. (#25385) 2025-01-13 16:28:48 -06:00
build-and-check-fleetctl-docker-and-deps.yml Fix detected CVEs and docker scout exit code to fail the Github Action (#28836) 2025-05-06 13:35:27 -03:00
build-binaries.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
build-fleetd-base-msi.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
build-fleetd-base-pkg.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
build-fleetd_tables.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
build-gitops-migrate.yml Update GitHub Actions workflow with permissions (#33220) 2025-09-19 11:19:04 -05:00
build-orbit.yaml Update deprecated actions/upload-artifact missed in previous PR. (#25724) 2025-01-23 10:50:55 -06:00
check-automated-doc.yml Make sure VEX report is up-to-date with a CI check (#31759) 2025-08-11 14:55:31 -05:00
check-ms-protocol-feeds.yml Add Github Action to create issues when there are new MS MDM Protocol Changes to Review (#31424) 2025-07-30 16:18:37 -04:00
check-script-diff.yml Pin action versions used in script diff workflow (#32416) 2025-08-28 14:38:45 -05:00
check-tuf-timestamps.yml Add slack notification to TUF signature job when it fails (#32452) 2025-09-03 16:17:53 -03:00
check-updates-timestamps.yml Add slack notification to TUF signature job when it fails (#32452) 2025-09-03 16:17:53 -03:00
check-vulnerabilities-in-released-docker-images.yml Remove pull_request from check-vulnerabilities-in-released-docker-images.yml (#32234) 2025-08-22 17:11:11 -03:00
close-stale-eng-initiated-issues.yml Add stale issues workflow (#27047) 2025-03-14 16:11:43 -05:00
code-sign-windows.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
codeql-analysis.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
collect-eng-metrics-test.yml Add workflows to collect engineering metrics. (#30540) 2025-07-03 16:59:25 -05:00
collect-eng-metrics.yml Added Slack failure notification to the new Collect engineering metrics job. (#30566) 2025-07-07 14:10:29 -05:00
db-upgrade-test.yml Simplify DB test/upgrade tool (#27141) 2025-03-14 17:07:41 -03:00
dependency-review.yml Update dependency-review-action (#29910) 2025-06-11 11:15:48 -03:00
deploy-fleet-website.yml Website: Update deploy workflow to remove website/assets folder from website's build slug. (#31769) 2025-08-13 17:00:14 -05:00
deploy-vulnerability-dashboard.yml Update vulnerability dashboard to deploy from a parentless commit (#31887) 2025-08-14 09:58:25 -05:00
docs.yml Fail CI if Markdown files have "here" or "click here" as link anchors (#30027) 2025-06-19 10:12:31 -05:00
dogfood-automated-policy-updates.yml Added policy automation and new Windows installer (#27244) 2025-03-19 13:54:25 -05:00
dogfood-deploy.yml Dogfood & Dogfood Free - Terraform deprecation fixes (#32101) 2025-08-19 22:48:19 -04:00
dogfood-gitops.yml Clean up "Compliance exclusions" references (#32969) 2025-09-15 13:38:20 -05:00
fleet-and-orbit.yml Update Go to 1.24.6 (#31784) 2025-08-12 08:10:05 -03:00
fleetctl-preview-latest.yml Apply starter library during for fleetctl preview server (#30519) 2025-07-16 08:12:32 -06:00
fleetctl-preview.yml Bump container for fleetctl preview GH Action (#31389) 2025-07-29 13:25:41 -05:00
fleetd-tuf.yml Update TUF status generation to use new TUF repository (#26099) 2025-02-07 08:30:07 -03:00
generate-desktop-targets.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
generate-nudge-targets.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
generate-osqueryd-targets.yml SLSA attestation updates (#31833) 2025-08-14 14:52:16 -04:00
generate-swift-dialog-targets.yml Update Makefile swift dialog versions and add github workflow (#32511) 2025-09-05 10:49:21 -04:00
golangci-lint.yml Update golangci-lint to v2.4.0 (#33251) 2025-09-22 13:17:11 -05:00
goreleaser-fleet.yaml Move GitHub token to correct step (#30022) (#30023) 2025-06-14 14:36:03 -05:00
goreleaser-orbit.yaml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
goreleaser-snapshot-fleet.yaml Only run docker publish when PR is not a fork (#30808) 2025-07-14 17:03:37 -06:00
ingest-maintained-apps.yml Match Fleet-maintained app update PR assignees to current software team members (#33549) 2025-09-29 09:49:08 -05:00
integration.yml Improve integration workflow robustness with health checks and detailed enrollment logging. (#32348) 2025-08-27 14:52:48 -05:00
pr-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
publish-go-module.yml Add workflow to publish go modules (#33335) 2025-09-23 12:03:37 -03:00
randokiller-go.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
README.md add concurrency to ci (#8271) 2022-10-24 14:01:00 -06:00
release-fleetctl-docker-deps.yaml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
release-fleetd-base.yml Added missing permissions required for code-sign-windows (#32281) 2025-08-25 17:08:36 -04:00
release-fleetd-chrome-beta.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-fleetd-chrome.yml Keep all fleetd-base and fleetd-chrome artifacts. (#19749) 2024-06-17 15:49:06 -05:00
release-helm.yaml Update ubuntu-20.04 to ubuntu-22.04 on CI actions due to deprecation (#26466) 2025-02-21 13:11:50 -03:00
render-deploy.yml Added Render deploy workflow for fleet-gitops CI. (#23190) 2024-10-25 15:55:42 -05:00
scorecards-analysis.yml Update deprecated actions/upload-artifact to v4.5.0 (#25295) 2025-01-09 12:08:02 -06:00
secrets-to-confidential.yml Initial action to synchronize signing secrets to confidential repo (#30561) 2025-07-03 16:45:39 -05:00
test-bulk-operations-dashboard-changes.yml Add app to manage scripts and profiles. (#21450) 2024-08-22 14:59:15 -06:00
test-db-changes.yml Merge Android datastore into main Fleet datastore (#32233) 2025-08-25 11:41:28 -04:00
test-fleetd-chrome.yml bump action/cache to version 4.2.0 (#25508) 2025-01-17 15:01:27 +00:00
test-fma-darwin.yml pinning dependencies for FMA workflow yml (#31743) 2025-08-08 12:11:55 -05:00
test-fma-windows.yml pinning dependencies for FMA workflow yml (#31743) 2025-08-08 12:11:55 -05:00
test-go.yaml Updates for getting private key from AWS secrets manager (#32789) 2025-09-19 10:57:02 -05:00
test-js.yml update storybook to 8.4.7 (#25451) 2025-01-20 16:17:33 +00:00
test-native-tooling-packaging.yml Use go 1.24 new tool feature (#27765) 2025-04-07 11:12:05 -03:00
test-packaging-build-docker-deps.yml Add initial Arch Linux support (#33096) 2025-09-18 18:55:31 -03:00
test-packaging.yml Add initial Arch Linux support (#33096) 2025-09-18 18:55:31 -03:00
test-puppet.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-vulnerability-dashboard-changes.yml [StepSecurity] ci: Harden GitHub Actions (#17780) 2024-03-22 15:32:23 -05:00
test-website.yml Disable storybook steps in website-related GH workflows (#31723) 2025-08-08 10:57:46 -05:00
test-yml-specs.yml Attempt to use go.mod version instead of hidden Github var (#21768) 2024-09-03 20:49:50 -03:00
tfvalidate.yml Loadtesting - Enable Cloudfront (#31073) 2025-07-21 16:41:06 -04:00
trivy-scan.yml Fix detected CVEs and docker scout exit code to fail the Github Action (#28836) 2025-05-06 13:35:27 -03:00
update-certs.yml Add reviewers to automated PRs (#18390) 2024-04-18 10:51:07 -03:00
update-old-tuf-timestamp-signature.yaml Add workflow to update timestamp on new repository (#26635) 2025-02-27 18:02:42 -03:00
update-osquery-versions.yml [StepSecurity] ci: Harden GitHub Actions (#25985) 2025-02-03 12:25:18 -06:00
validate-maintained-apps-inputs.yml add a JSON schema for homebrew FMA inputs (#30881) 2025-07-16 19:41:39 -04:00
verify-fleetd-base.yml Increase sleep time in verify-fleetd-base.yml (#27763) 2025-04-02 14:30:04 -03:00

README.md

Github Actions

Fleet uses Github Actions for continuous integration (CI). This document describes best practices and at patterns for writing and maintaining Fleet's Github Actions workflows.

Bash

By default, Github Actions sets the shell to bash -e for linux and MacOS runners. To help write safer bash scripts in run jobs and avoid common issues, override the default by adding the following to the workflow file

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

By specifying the default shell to bash, some extra flags are set. The option pipefail changes the behaviour when using the pipe | operator such that if any command in a pipeline fails, that commands return code will be used a the return code for the whole pipeline. Consider the following example in test-go.yaml

    - name: Run Go Tests
      run: |
        # omitted ...
          make test-go 2>&1 | tee /tmp/gotest.log

If the pipefail option was not set, this job would always succeed because tee would always return success. This is not the intended behavior. Instead, we want the job to fail if make test-go fails.

Concurrency

Github Action runners are limited. If a lot of workflows are queued, they will wait in pending until a runner becomes available. This has caused issue in the past where workflows take an excessively long time to start. To help with this issue, use the following in workflows

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

When a workflow is triggered via a pull request, it will cancel previous running workflows for that pull request. This is especially useful when changes are pushed to a pull request frequently. Manually triggered workflows, workflows that run on a schedule, and workflows triggered by pushes to main are unaffected.