empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

set default shell in workflows (#8108)

Browse Source 
* wait for mysql in workflows
This commit is contained in:
Michal Nicpon 2022-10-07 09:43:56 -06:00 committed by GitHub
parent bfe698d090
commit 9056b22874
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 193 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/build-and-push-fleetctl-docker.yml vendored
View File

@ -9,6 +9,11 @@ on:
required: true
type: string
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

5
.github/workflows/build-binaries.yaml vendored
View File

@ -7,6 +7,11 @@ on:
pull_request:
workflow_dispatch:
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

7
.github/workflows/codeql-analysis.yml vendored
View File

@ -13,8 +13,15 @@ on:
- '**.jsx'
- '**.ts'
- '**.tsx'
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
jobs:
analyze:
name: Analyze

0
.github/workflows/markdown-link-check-config.json → .github/workflows/config/markdown-link-check-config.json vendored
View File

7
.github/workflows/deploy-fleet-website.yml vendored
View File

@ -9,7 +9,12 @@ on:
- 'handbook/**'
- 'articles/**'
- 'schema/**'
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

13
.github/workflows/docs.yml vendored
View File

@ -8,19 +8,24 @@ on:
workflow_dispatch: # Manual
schedule:
- cron: '0 6 * * *' # Nightly 6AM UTC
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
jobs:
markdown-link-check:
permissions:
contents: read # to read files to check dead links
permissions:
contents: read # to read files to check dead links
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # master
- uses: gaurav-nelson/github-action-markdown-link-check@58f84fd654812d0d8da4e4d4a559eda087daf8ce # v1.0.13
with:
use-quiet-mode: 'yes'
config-file: .github/workflows/markdown-link-check-config.json
config-file: .github/workflows/config/markdown-link-check-config.json
base-branch: ${{ github.base_ref }}

12
.github/workflows/dogfood-deploy.yml vendored
View File

@ -1,4 +1,5 @@
name: Deploy Dogfood Environment
on:
workflow_dispatch:
inputs:
@ -6,6 +7,12 @@ on:
description: 'The image tag wished to be deployed.'
required: true
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
working-directory: infrastructure/dogfood/terraform/aws
env:
AWS_REGION: us-east-2
ECR_REPOSITORY: fleet-test
@ -28,11 +35,6 @@ permissions:
id-token: write
contents: read # This is required for actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
defaults:
run:
working-directory: infrastructure/dogfood/terraform/aws
jobs:
deploy:
name: Deploy Fleet Dogfood Environment

36
.github/workflows/fleet-and-orbit.yml vendored
View File

@ -1,9 +1,8 @@
name: Test Fleetctl Package, Orbit & Fleet
# This workflow tests orbit code changes (compiles orbit from source).
# It uses a fleet instance also built and executed from source.
#
# It tests that orbit osquery agents enroll successfully to Fleet.
name: Test Fleetctl Package, Orbit & Fleet
on:
push:
@ -19,6 +18,11 @@ on:
- '.github/workflows/fleet-and-orbit.yml'
workflow_dispatch: # Manual
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
env:
OSQUERY_VERSION: 5.5.1
@ -42,7 +46,7 @@ jobs:
echo "::set-output name=address::https://fleet-test-$UUID.fleetuem.com"
ENROLL=$(uuidgen)
echo "::set-output name=enroll_secret::$ENROLL"
run-server:
timeout-minutes: 60
strategy:
@ -62,7 +66,7 @@ jobs:
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2
- name: Start tunnel
env:
env:
CERT_PEM: ${{ secrets.CLOUDFLARE_TUNNEL_FLEETUEM_CERT_B64 }}
run: |
# Install cloudflared
@ -387,7 +391,7 @@ jobs:
needs: [run-tuf-and-gen-pkgs]
runs-on: windows-latest
steps:
- name: Download msi
id: download
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2
@ -395,11 +399,11 @@ jobs:
name: fleet-osquery.msi
- name: Install msi
shell: pwsh
run: |
msiexec /i ${{ steps.download.outputs.download-path }}\fleet-osquery.msi /quiet /passive /lv log.txt
- name: Wait enroll
shell: bash
run: |
while curl --fail ${{ needs.gen.outputs.address }};
do
@ -413,52 +417,52 @@ jobs:
"C:\Program Files\Orbit\bin\orbit\orbit.exe" shell -- --json "select * from osquery_info;" | jq -e "if (.[0]) then true else false end"
- name: Fleet Service Tests
shell: powershell
shell: pwsh
run: |
#Tests setup
# Tests setup
$serviceName = "Fleet osquery"
$defaultWaitTime = 2
$orbitRequiredInitExtraTime = 20
#Test 1 - Check that the service starts without issues
# Test 1 - Check that the service starts without issues
Stop-Service -Name $serviceName
Start-Service -Name $serviceName
Get-Service -Name $serviceName | %{ if ($_.Status -ne "Running") { throw "Test #1 failed" } }
#Test 2 - Check that the service stops without issues
# Test 2 - Check that the service stops without issues
Stop-Service -Name $serviceName
Get-Service -Name $serviceName | %{ if ($_.Status -ne "Stopped") { throw "Test #2 failed" } }
#Test 3 - Check that no orbit.exe is running after service stop
# Test 3 - Check that no orbit.exe is running after service stop
Start-Service -Name $serviceName
Stop-Service -Name $serviceName
Start-Sleep -Seconds $defaultWaitTime # shutdown wait time
Get-Process | %{ if ($_.Name -eq "orbit") { throw "Test #3 failed" } }
#Test 4 - Check that service starts in less than 3 secs
# Test 4 - Check that service starts in less than 3 secs
Start-Job { Start-Service -Name $args[0] } -ArgumentList $serviceName | Out-Null #async operation
Start-Sleep -Seconds $defaultWaitTime
Get-Service -Name $serviceName | %{ if ($_.Status -ne "Running") { throw "Test #4 failed" } }
#Test 5 - Check that service stops in less than 3 secs
# Test 5 - Check that service stops in less than 3 secs
Start-Job { Stop-Service -Name $args[0] } -ArgumentList $serviceName | Out-Null #async operation
Start-Sleep -Seconds $defaultWaitTime
Get-Service -Name $serviceName | %{ if ($_.Status -ne "Stopped") { throw "Test #5 failed" } }
#Test 6 - Check that no osqueryd process is running once service stops
# Test 6 - Check that no osqueryd process is running once service stops
Start-Service -Name $serviceName
Start-Sleep -Seconds $orbitRequiredInitExtraTime # orbit takes some time to spawn osquery and desktop app due to update check
Stop-Service -Name $serviceName
Start-Sleep -Seconds $defaultWaitTime
Get-Process | %{ if ($_.Name -eq "osqueryd") { throw "Test #6 failed" } }
#Test 7 - Check that no fleet-desktop process is running once service stops
# Test 7 - Check that no fleet-desktop process is running once service stops
Start-Service -Name $serviceName
Start-Sleep -Seconds $orbitRequiredInitExtraTime # orbit takes some time to spawn osquery and desktop app due to update check
Stop-Service -Name $serviceName
Start-Sleep -Seconds $defaultWaitTime
Get-Process | %{ if ($_.Name -eq "fleet-desktop") { throw "Test #7 failed" } }
- name: Upload Orbit logs
if: always()
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v2

5
.github/workflows/generate-desktop-targets.yml vendored
View File

@ -13,6 +13,11 @@ on:
- '.github/workflows/generate-desktop-targets.yml'
workflow_dispatch:
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
env:
FLEET_DESKTOP_VERSION: 1.2.0

6
.github/workflows/generate-osqueryd-targets.yml vendored
View File

@ -13,6 +13,11 @@ on:
- '.github/workflows/generate-osqueryd-targets.yml'
workflow_dispatch:
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
env:
OSQUERY_VERSION: 5.5.1
@ -63,7 +68,6 @@ jobs:
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2
- name: Download osquery msi for Windows
shell: bash
run: |
curl -L https://github.com/osquery/osquery/releases/download/${{ env.OSQUERY_VERSION }}/osquery-${{ env.OSQUERY_VERSION }}.msi --output osquery-${{ env.OSQUERY_VERSION }}.msi

6
.github/workflows/golangci-lint.yml vendored
View File

@ -1,4 +1,5 @@
name: golangci-lint
on:
push:
branches:
@ -12,6 +13,11 @@ on:
- '.github/workflows/golangci-lint.yml'
workflow_dispatch: # Manual
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

5
.github/workflows/goreleaser-fleet.yaml vendored
View File

@ -5,6 +5,11 @@ on:
tags:
- 'fleet-*'
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

5
.github/workflows/goreleaser-orbit.yaml vendored
View File

@ -5,6 +5,11 @@ on:
tags:
- 'orbit-*'
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

7
.github/workflows/goreleaser-snapshot-fleet.yaml vendored
View File

@ -2,6 +2,11 @@ name: Docker publish
on: push
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
@ -40,7 +45,7 @@ jobs:
args: release --snapshot --rm-dist -f .goreleaser-snapshot.yml
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
- name: Tag image with branch name
run: docker tag fleetdm/fleet:$(git rev-parse --short HEAD) fleetdm/fleet:$(git rev-parse --abbrev-ref HEAD)

22
.github/workflows/integration.yml vendored
View File

@ -1,17 +1,21 @@
name: Test Fleetctl, Orbit & Preview
# This workflow tests enrolling of agents on the supported platforms,
# using the latest version of fleet, fleetctl and orbit.
#
# It starts the latest release of fleet with the "fleetctl preview" command.
# It generates the installers for the latest version of Orbit with the
# "fleetctl package" command.
name: Test Fleetctl, Orbit & Preview
on:
workflow_dispatch: # Manual
schedule:
- cron: '0 2 * * *' # Nightly 2AM UTC
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
@ -27,13 +31,13 @@ jobs:
UUID=$(uuidgen)
echo "::set-output name=subdomain::fleet-test-$UUID"
echo "::set-output name=address::https://fleet-test-$UUID.fleetuem.com"
run-server:
runs-on: ubuntu-latest
needs: gen
steps:
- name: Start tunnel
env:
env:
CERT_PEM: ${{ secrets.CLOUDFLARE_TUNNEL_FLEETUEM_CERT_B64 }}
run: |
# Install cloudflared
@ -103,7 +107,7 @@ jobs:
- name: Cleanup tunnel
if: always()
run: cloudflared tunnel --origincert cert.pem delete --force ${{ needs.gen.outputs.subdomain }}
run: cloudflared tunnel --origincert cert.pem delete --force ${{ needs.gen.outputs.subdomain }}
login:
runs-on: ubuntu-latest
@ -120,7 +124,7 @@ jobs:
name: build
path: build
check_artifacts: true
# Login only here and share the token because otherwise we could hit rate limits.
- id: login
name: Attempt login
@ -135,7 +139,7 @@ jobs:
done
TOKEN=$(cat ~/.fleet/config| grep token | awk '{ print $2 }')
echo "::set-output name=token::$TOKEN"
orbit-macos:
timeout-minutes: 15
strategy:
@ -302,7 +306,7 @@ jobs:
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2
with:
name: orbit-${{ matrix.orbit-channel }}-osqueryd-${{ matrix.osqueryd-channel }}.msi
- name: Install Orbit
run: |

8
.github/workflows/pr-helm.yaml vendored
View File

@ -1,4 +1,5 @@
name: pr-helm
on:
pull_request:
paths:
@ -6,7 +7,12 @@ on:
- '.github/workflows/pr-helm.yaml'
- '.github/scripts/helm-check-expected.sh'
- 'tools/ci/helm-values/**'
-
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

9
.github/workflows/push-osquery-perf-to-ecr.yml vendored
View File

@ -18,6 +18,11 @@ on:
required: true
default: latest
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
@ -27,7 +32,7 @@ jobs:
steps:
- name: Checkout Code
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@05b148adc31e091bafbaf404f745055d4d3bc9d2 # v1
with:
@ -46,4 +51,4 @@ jobs:
IMAGE_TAG: ${{ github.event.inputs.tag }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg ENROLL_SECRET=${{ github.event.inputs.enroll_secret }} --build-arg HOST_COUNT=${{ github.event.inputs.host_count }} --build-arg SERVER_URL=${{ github.event.inputs.url }} -f Dockerfile.osquery-perf .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

7
.github/workflows/release-helm.yaml vendored
View File

@ -1,9 +1,14 @@
name: release-helm
on:
release:
types: [released] # don't trigger on pre-releases
workflow_dispatch: # allow manual trigger
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
@ -20,4 +25,4 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}
charts_dir: charts
target_dir: charts
linting: off
linting: off

6
.github/workflows/scorecards-analysis.yml vendored
View File

@ -1,4 +1,5 @@
name: Scorecards supply-chain security
on:
# Only the default branch is supported.
workflow_dispatch: # Manual
@ -8,6 +9,11 @@ on:
push:
branches: [ main ]
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
# Declare default permissions as read only.
permissions: read-all

16
.github/workflows/test-go.yaml vendored
View File

@ -19,6 +19,11 @@ on:
schedule:
- cron: '0 4 * * *'
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
@ -64,9 +69,16 @@ jobs:
echo "RACE_ENABLED=true" >> $GITHUB_ENV
echo "GO_TEST_TIMEOUT=1h" >> $GITHUB_ENV
- name: Wait for mysql
run: |
echo "waiting for mysql..."
until docker-compose exec -T mysql_test sh -c "mysql -uroot -p\"\${MYSQL_ROOT_PASSWORD}\" -e \"SELECT 1=1\" fleet" &> /dev/null; do
echo "."
sleep 1
done
echo "mysql is ready"
- name: Run Go Tests
# bash shell sets -eo pipefail so that the pipe to tee will exit with an error if test-go fails
shell: bash
run: |
GO_TEST_EXTRA_FLAGS="-v -race=$RACE_ENABLED -timeout=$GO_TEST_TIMEOUT" \
TEST_LOCK_FILE_PATH=$(pwd)/lock \

14
.github/workflows/test-native-tooling-packaging.yml vendored
View File

@ -1,7 +1,6 @@
name: Test native tooling packaging
# This workflow tests packaging of Fleet-osquery with the
# `fleetdm/fleetctl` Docker image.
# `fleetdm/fleetctl` Docker image.
name: Test native tooling packaging
on:
push:
@ -22,6 +21,11 @@ on:
- '.github/workflows/test-native-tooling-packaging.yml'
workflow_dispatch: # Manual
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
@ -54,10 +58,10 @@ jobs:
- name: Build DEB with Fleet Desktop
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop
- name: Build RPM
run: docker run -v "$(pwd):/build" fleetdm/fleetctl --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080
- name: Build RPM with Fleet Desktop
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop

8
.github/workflows/test-packaging.yml vendored
View File

@ -1,9 +1,8 @@
name: Test packaging
# This workflow tests packaging of Fleet-osquery with the
# `fleetctl package` command. It fetches the targets: orbit,
# osquery and fleet-desktop from the default (Fleet's) TUF server,
# https://tuf.fleetctl.com.
name: Test packaging
on:
push:
@ -24,6 +23,11 @@ on:
- '.github/workflows/test-packaging.yml'
workflow_dispatch: # Manual
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

5
.github/workflows/test-schema-changes.yml vendored
View File

@ -12,6 +12,11 @@ on:
- '.github/workflows/test-schema-changes.yml'
workflow_dispatch: # Manual
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

5
.github/workflows/test-website.yml vendored
View File

@ -8,6 +8,11 @@ on:
- 'handbook/**'
- 'schema/**'
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

7
.github/workflows/test.yml vendored
View File

@ -1,3 +1,5 @@
name: Run Tests
on:
push:
branches:
@ -20,7 +22,10 @@ on:
- webpack.config.js
- tsconfig.json
name: Run Tests
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

7
.github/workflows/tfsec.yml vendored
View File

@ -1,4 +1,5 @@
name: tfsec
on:
push:
branches:
@ -9,6 +10,12 @@ on:
paths:
- '**.tf'
workflow_dispatch: # Manual dispatch
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

7
.github/workflows/tfvalidate.yml vendored
View File

@ -1,4 +1,5 @@
name: tfvalidate
on:
push:
branches:
@ -9,6 +10,12 @@ on:
paths:
- '**.tf'
workflow_dispatch: # Manual dispatch
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read

5
.github/workflows/update-certs.yml vendored
View File

@ -5,6 +5,10 @@ on:
schedule:
- cron: '0 6 * * *' # Nightly 6AM UTC
defaults:
run:
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
permissions:
contents: read
@ -19,7 +23,6 @@ jobs:
- name: Checkout code
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v.24.0
- name: Update certs
run: cd orbit/pkg/packaging && ./mk-ca-bundle.pl -u certs.pem