From 9056b228745a6d55261d832f3a9bf77e9bc07866 Mon Sep 17 00:00:00 2001 From: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Date: Fri, 7 Oct 2022 09:43:56 -0600 Subject: [PATCH] set default shell in workflows (#8108) * wait for mysql in workflows --- .../build-and-push-fleetctl-docker.yml | 5 +++ .github/workflows/build-binaries.yaml | 5 +++ .github/workflows/codeql-analysis.yml | 7 ++++ .../markdown-link-check-config.json | 0 .github/workflows/deploy-fleet-website.yml | 7 +++- .github/workflows/docs.yml | 13 ++++--- .github/workflows/dogfood-deploy.yml | 12 ++++--- .github/workflows/fleet-and-orbit.yml | 36 ++++++++++--------- .../workflows/generate-desktop-targets.yml | 5 +++ .../workflows/generate-osqueryd-targets.yml | 6 +++- .github/workflows/golangci-lint.yml | 6 ++++ .github/workflows/goreleaser-fleet.yaml | 5 +++ .github/workflows/goreleaser-orbit.yaml | 5 +++ .../workflows/goreleaser-snapshot-fleet.yaml | 7 +++- .github/workflows/integration.yml | 22 +++++++----- .github/workflows/pr-helm.yaml | 8 ++++- .../workflows/push-osquery-perf-to-ecr.yml | 9 +++-- .github/workflows/release-helm.yaml | 7 +++- .github/workflows/scorecards-analysis.yml | 6 ++++ .github/workflows/test-go.yaml | 16 +++++++-- .../test-native-tooling-packaging.yml | 14 +++++--- .github/workflows/test-packaging.yml | 8 +++-- .github/workflows/test-schema-changes.yml | 5 +++ .github/workflows/test-website.yml | 5 +++ .github/workflows/test.yml | 7 +++- .github/workflows/tfsec.yml | 7 ++++ .github/workflows/tfvalidate.yml | 7 ++++ .github/workflows/update-certs.yml | 5 ++- 28 files changed, 193 insertions(+), 52 deletions(-) rename .github/workflows/{ => config}/markdown-link-check-config.json (100%) diff --git a/.github/workflows/build-and-push-fleetctl-docker.yml b/.github/workflows/build-and-push-fleetctl-docker.yml index 61728b3f5..d6a3921ee 100644 --- a/.github/workflows/build-and-push-fleetctl-docker.yml +++ b/.github/workflows/build-and-push-fleetctl-docker.yml @@ -9,6 +9,11 @@ on: required: true type: string +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/build-binaries.yaml b/.github/workflows/build-binaries.yaml index 8d848d66a..887b1c16c 100644 --- a/.github/workflows/build-binaries.yaml +++ b/.github/workflows/build-binaries.yaml @@ -7,6 +7,11 @@ on: pull_request: workflow_dispatch: +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 46f16dae8..3810a7ad1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,8 +13,15 @@ on: - '**.jsx' - '**.ts' - '**.tsx' + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read + jobs: analyze: name: Analyze diff --git a/.github/workflows/markdown-link-check-config.json b/.github/workflows/config/markdown-link-check-config.json similarity index 100% rename from .github/workflows/markdown-link-check-config.json rename to .github/workflows/config/markdown-link-check-config.json diff --git a/.github/workflows/deploy-fleet-website.yml b/.github/workflows/deploy-fleet-website.yml index 95025c67a..b1eff1d6b 100644 --- a/.github/workflows/deploy-fleet-website.yml +++ b/.github/workflows/deploy-fleet-website.yml @@ -9,7 +9,12 @@ on: - 'handbook/**' - 'articles/**' - 'schema/**' - + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 662620c3c..5d70c8c5c 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -8,19 +8,24 @@ on: workflow_dispatch: # Manual schedule: - cron: '0 6 * * *' # Nightly 6AM UTC - + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read jobs: markdown-link-check: - permissions: - contents: read # to read files to check dead links + permissions: + contents: read # to read files to check dead links runs-on: ubuntu-latest steps: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # master - uses: gaurav-nelson/github-action-markdown-link-check@58f84fd654812d0d8da4e4d4a559eda087daf8ce # v1.0.13 with: use-quiet-mode: 'yes' - config-file: .github/workflows/markdown-link-check-config.json + config-file: .github/workflows/config/markdown-link-check-config.json base-branch: ${{ github.base_ref }} diff --git a/.github/workflows/dogfood-deploy.yml b/.github/workflows/dogfood-deploy.yml index a4b39b453..da8fa559d 100644 --- a/.github/workflows/dogfood-deploy.yml +++ b/.github/workflows/dogfood-deploy.yml @@ -1,4 +1,5 @@ name: Deploy Dogfood Environment + on: workflow_dispatch: inputs: @@ -6,6 +7,12 @@ on: description: 'The image tag wished to be deployed.' required: true +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + working-directory: infrastructure/dogfood/terraform/aws + env: AWS_REGION: us-east-2 ECR_REPOSITORY: fleet-test @@ -28,11 +35,6 @@ permissions: id-token: write contents: read # This is required for actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - -defaults: - run: - working-directory: infrastructure/dogfood/terraform/aws - jobs: deploy: name: Deploy Fleet Dogfood Environment diff --git a/.github/workflows/fleet-and-orbit.yml b/.github/workflows/fleet-and-orbit.yml index 69a93392a..224f4cf23 100644 --- a/.github/workflows/fleet-and-orbit.yml +++ b/.github/workflows/fleet-and-orbit.yml @@ -1,9 +1,8 @@ -name: Test Fleetctl Package, Orbit & Fleet - # This workflow tests orbit code changes (compiles orbit from source). # It uses a fleet instance also built and executed from source. # # It tests that orbit osquery agents enroll successfully to Fleet. +name: Test Fleetctl Package, Orbit & Fleet on: push: @@ -19,6 +18,11 @@ on: - '.github/workflows/fleet-and-orbit.yml' workflow_dispatch: # Manual +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + env: OSQUERY_VERSION: 5.5.1 @@ -42,7 +46,7 @@ jobs: echo "::set-output name=address::https://fleet-test-$UUID.fleetuem.com" ENROLL=$(uuidgen) echo "::set-output name=enroll_secret::$ENROLL" - + run-server: timeout-minutes: 60 strategy: @@ -62,7 +66,7 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Start tunnel - env: + env: CERT_PEM: ${{ secrets.CLOUDFLARE_TUNNEL_FLEETUEM_CERT_B64 }} run: | # Install cloudflared @@ -387,7 +391,7 @@ jobs: needs: [run-tuf-and-gen-pkgs] runs-on: windows-latest steps: - + - name: Download msi id: download uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2 @@ -395,11 +399,11 @@ jobs: name: fleet-osquery.msi - name: Install msi + shell: pwsh run: | msiexec /i ${{ steps.download.outputs.download-path }}\fleet-osquery.msi /quiet /passive /lv log.txt - name: Wait enroll - shell: bash run: | while curl --fail ${{ needs.gen.outputs.address }}; do @@ -413,52 +417,52 @@ jobs: "C:\Program Files\Orbit\bin\orbit\orbit.exe" shell -- --json "select * from osquery_info;" | jq -e "if (.[0]) then true else false end" - name: Fleet Service Tests - shell: powershell + shell: pwsh run: | - #Tests setup + # Tests setup $serviceName = "Fleet osquery" $defaultWaitTime = 2 $orbitRequiredInitExtraTime = 20 - #Test 1 - Check that the service starts without issues + # Test 1 - Check that the service starts without issues Stop-Service -Name $serviceName Start-Service -Name $serviceName Get-Service -Name $serviceName | %{ if ($_.Status -ne "Running") { throw "Test #1 failed" } } - #Test 2 - Check that the service stops without issues + # Test 2 - Check that the service stops without issues Stop-Service -Name $serviceName Get-Service -Name $serviceName | %{ if ($_.Status -ne "Stopped") { throw "Test #2 failed" } } - #Test 3 - Check that no orbit.exe is running after service stop + # Test 3 - Check that no orbit.exe is running after service stop Start-Service -Name $serviceName Stop-Service -Name $serviceName Start-Sleep -Seconds $defaultWaitTime # shutdown wait time Get-Process | %{ if ($_.Name -eq "orbit") { throw "Test #3 failed" } } - #Test 4 - Check that service starts in less than 3 secs + # Test 4 - Check that service starts in less than 3 secs Start-Job { Start-Service -Name $args[0] } -ArgumentList $serviceName | Out-Null #async operation Start-Sleep -Seconds $defaultWaitTime Get-Service -Name $serviceName | %{ if ($_.Status -ne "Running") { throw "Test #4 failed" } } - #Test 5 - Check that service stops in less than 3 secs + # Test 5 - Check that service stops in less than 3 secs Start-Job { Stop-Service -Name $args[0] } -ArgumentList $serviceName | Out-Null #async operation Start-Sleep -Seconds $defaultWaitTime Get-Service -Name $serviceName | %{ if ($_.Status -ne "Stopped") { throw "Test #5 failed" } } - #Test 6 - Check that no osqueryd process is running once service stops + # Test 6 - Check that no osqueryd process is running once service stops Start-Service -Name $serviceName Start-Sleep -Seconds $orbitRequiredInitExtraTime # orbit takes some time to spawn osquery and desktop app due to update check Stop-Service -Name $serviceName Start-Sleep -Seconds $defaultWaitTime Get-Process | %{ if ($_.Name -eq "osqueryd") { throw "Test #6 failed" } } - #Test 7 - Check that no fleet-desktop process is running once service stops + # Test 7 - Check that no fleet-desktop process is running once service stops Start-Service -Name $serviceName Start-Sleep -Seconds $orbitRequiredInitExtraTime # orbit takes some time to spawn osquery and desktop app due to update check Stop-Service -Name $serviceName Start-Sleep -Seconds $defaultWaitTime Get-Process | %{ if ($_.Name -eq "fleet-desktop") { throw "Test #7 failed" } } - + - name: Upload Orbit logs if: always() uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v2 diff --git a/.github/workflows/generate-desktop-targets.yml b/.github/workflows/generate-desktop-targets.yml index d8f6a1d34..7eea240fe 100644 --- a/.github/workflows/generate-desktop-targets.yml +++ b/.github/workflows/generate-desktop-targets.yml @@ -13,6 +13,11 @@ on: - '.github/workflows/generate-desktop-targets.yml' workflow_dispatch: +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + env: FLEET_DESKTOP_VERSION: 1.2.0 diff --git a/.github/workflows/generate-osqueryd-targets.yml b/.github/workflows/generate-osqueryd-targets.yml index 716df6569..47d8f7a85 100644 --- a/.github/workflows/generate-osqueryd-targets.yml +++ b/.github/workflows/generate-osqueryd-targets.yml @@ -13,6 +13,11 @@ on: - '.github/workflows/generate-osqueryd-targets.yml' workflow_dispatch: +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + env: OSQUERY_VERSION: 5.5.1 @@ -63,7 +68,6 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Download osquery msi for Windows - shell: bash run: | curl -L https://github.com/osquery/osquery/releases/download/${{ env.OSQUERY_VERSION }}/osquery-${{ env.OSQUERY_VERSION }}.msi --output osquery-${{ env.OSQUERY_VERSION }}.msi diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index aa98621eb..71067514a 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -1,4 +1,5 @@ name: golangci-lint + on: push: branches: @@ -12,6 +13,11 @@ on: - '.github/workflows/golangci-lint.yml' workflow_dispatch: # Manual +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/goreleaser-fleet.yaml b/.github/workflows/goreleaser-fleet.yaml index afe9b51e9..37ccb35df 100644 --- a/.github/workflows/goreleaser-fleet.yaml +++ b/.github/workflows/goreleaser-fleet.yaml @@ -5,6 +5,11 @@ on: tags: - 'fleet-*' +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/goreleaser-orbit.yaml b/.github/workflows/goreleaser-orbit.yaml index b1125c086..641259a5a 100644 --- a/.github/workflows/goreleaser-orbit.yaml +++ b/.github/workflows/goreleaser-orbit.yaml @@ -5,6 +5,11 @@ on: tags: - 'orbit-*' +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/goreleaser-snapshot-fleet.yaml b/.github/workflows/goreleaser-snapshot-fleet.yaml index f94df9a22..b50fe2c70 100644 --- a/.github/workflows/goreleaser-snapshot-fleet.yaml +++ b/.github/workflows/goreleaser-snapshot-fleet.yaml @@ -2,6 +2,11 @@ name: Docker publish on: push +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read @@ -40,7 +45,7 @@ jobs: args: release --snapshot --rm-dist -f .goreleaser-snapshot.yml env: GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} - + - name: Tag image with branch name run: docker tag fleetdm/fleet:$(git rev-parse --short HEAD) fleetdm/fleet:$(git rev-parse --abbrev-ref HEAD) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index e2e896da2..990903b2d 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -1,17 +1,21 @@ -name: Test Fleetctl, Orbit & Preview - # This workflow tests enrolling of agents on the supported platforms, # using the latest version of fleet, fleetctl and orbit. # # It starts the latest release of fleet with the "fleetctl preview" command. # It generates the installers for the latest version of Orbit with the # "fleetctl package" command. +name: Test Fleetctl, Orbit & Preview on: workflow_dispatch: # Manual schedule: - cron: '0 2 * * *' # Nightly 2AM UTC - + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read @@ -27,13 +31,13 @@ jobs: UUID=$(uuidgen) echo "::set-output name=subdomain::fleet-test-$UUID" echo "::set-output name=address::https://fleet-test-$UUID.fleetuem.com" - + run-server: runs-on: ubuntu-latest needs: gen steps: - name: Start tunnel - env: + env: CERT_PEM: ${{ secrets.CLOUDFLARE_TUNNEL_FLEETUEM_CERT_B64 }} run: | # Install cloudflared @@ -103,7 +107,7 @@ jobs: - name: Cleanup tunnel if: always() - run: cloudflared tunnel --origincert cert.pem delete --force ${{ needs.gen.outputs.subdomain }} + run: cloudflared tunnel --origincert cert.pem delete --force ${{ needs.gen.outputs.subdomain }} login: runs-on: ubuntu-latest @@ -120,7 +124,7 @@ jobs: name: build path: build check_artifacts: true - + # Login only here and share the token because otherwise we could hit rate limits. - id: login name: Attempt login @@ -135,7 +139,7 @@ jobs: done TOKEN=$(cat ~/.fleet/config| grep token | awk '{ print $2 }') echo "::set-output name=token::$TOKEN" - + orbit-macos: timeout-minutes: 15 strategy: @@ -302,7 +306,7 @@ jobs: uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2 with: name: orbit-${{ matrix.orbit-channel }}-osqueryd-${{ matrix.osqueryd-channel }}.msi - + - name: Install Orbit run: | diff --git a/.github/workflows/pr-helm.yaml b/.github/workflows/pr-helm.yaml index 012ab1ac6..435363f0e 100644 --- a/.github/workflows/pr-helm.yaml +++ b/.github/workflows/pr-helm.yaml @@ -1,4 +1,5 @@ name: pr-helm + on: pull_request: paths: @@ -6,7 +7,12 @@ on: - '.github/workflows/pr-helm.yaml' - '.github/scripts/helm-check-expected.sh' - 'tools/ci/helm-values/**' - - + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/push-osquery-perf-to-ecr.yml b/.github/workflows/push-osquery-perf-to-ecr.yml index ffa488c0f..dd7336110 100644 --- a/.github/workflows/push-osquery-perf-to-ecr.yml +++ b/.github/workflows/push-osquery-perf-to-ecr.yml @@ -18,6 +18,11 @@ on: required: true default: latest +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read @@ -27,7 +32,7 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@05b148adc31e091bafbaf404f745055d4d3bc9d2 # v1 with: @@ -46,4 +51,4 @@ jobs: IMAGE_TAG: ${{ github.event.inputs.tag }} run: | docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg ENROLL_SECRET=${{ github.event.inputs.enroll_secret }} --build-arg HOST_COUNT=${{ github.event.inputs.host_count }} --build-arg SERVER_URL=${{ github.event.inputs.url }} -f Dockerfile.osquery-perf . - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \ No newline at end of file + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG diff --git a/.github/workflows/release-helm.yaml b/.github/workflows/release-helm.yaml index 180d60911..15e2e2ba7 100644 --- a/.github/workflows/release-helm.yaml +++ b/.github/workflows/release-helm.yaml @@ -1,9 +1,14 @@ name: release-helm + on: release: types: [released] # don't trigger on pre-releases workflow_dispatch: # allow manual trigger +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash permissions: contents: read @@ -20,4 +25,4 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} charts_dir: charts target_dir: charts - linting: off \ No newline at end of file + linting: off diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 66d3d93f3..734807258 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -1,4 +1,5 @@ name: Scorecards supply-chain security + on: # Only the default branch is supported. workflow_dispatch: # Manual @@ -8,6 +9,11 @@ on: push: branches: [ main ] +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + # Declare default permissions as read only. permissions: read-all diff --git a/.github/workflows/test-go.yaml b/.github/workflows/test-go.yaml index 2b43dcaf9..8c9b9fd57 100644 --- a/.github/workflows/test-go.yaml +++ b/.github/workflows/test-go.yaml @@ -19,6 +19,11 @@ on: schedule: - cron: '0 4 * * *' +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read @@ -64,9 +69,16 @@ jobs: echo "RACE_ENABLED=true" >> $GITHUB_ENV echo "GO_TEST_TIMEOUT=1h" >> $GITHUB_ENV + - name: Wait for mysql + run: | + echo "waiting for mysql..." + until docker-compose exec -T mysql_test sh -c "mysql -uroot -p\"\${MYSQL_ROOT_PASSWORD}\" -e \"SELECT 1=1\" fleet" &> /dev/null; do + echo "." + sleep 1 + done + echo "mysql is ready" + - name: Run Go Tests - # bash shell sets -eo pipefail so that the pipe to tee will exit with an error if test-go fails - shell: bash run: | GO_TEST_EXTRA_FLAGS="-v -race=$RACE_ENABLED -timeout=$GO_TEST_TIMEOUT" \ TEST_LOCK_FILE_PATH=$(pwd)/lock \ diff --git a/.github/workflows/test-native-tooling-packaging.yml b/.github/workflows/test-native-tooling-packaging.yml index d5d111266..0c322d9b5 100644 --- a/.github/workflows/test-native-tooling-packaging.yml +++ b/.github/workflows/test-native-tooling-packaging.yml @@ -1,7 +1,6 @@ -name: Test native tooling packaging - # This workflow tests packaging of Fleet-osquery with the -# `fleetdm/fleetctl` Docker image. +# `fleetdm/fleetctl` Docker image. +name: Test native tooling packaging on: push: @@ -22,6 +21,11 @@ on: - '.github/workflows/test-native-tooling-packaging.yml' workflow_dispatch: # Manual +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read @@ -54,10 +58,10 @@ jobs: - name: Build DEB with Fleet Desktop run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop - + - name: Build RPM run: docker run -v "$(pwd):/build" fleetdm/fleetctl --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 - + - name: Build RPM with Fleet Desktop run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop diff --git a/.github/workflows/test-packaging.yml b/.github/workflows/test-packaging.yml index bce29db26..a25f805ab 100644 --- a/.github/workflows/test-packaging.yml +++ b/.github/workflows/test-packaging.yml @@ -1,9 +1,8 @@ -name: Test packaging - # This workflow tests packaging of Fleet-osquery with the # `fleetctl package` command. It fetches the targets: orbit, # osquery and fleet-desktop from the default (Fleet's) TUF server, # https://tuf.fleetctl.com. +name: Test packaging on: push: @@ -24,6 +23,11 @@ on: - '.github/workflows/test-packaging.yml' workflow_dispatch: # Manual +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/test-schema-changes.yml b/.github/workflows/test-schema-changes.yml index 2e8ceb859..27b20968b 100644 --- a/.github/workflows/test-schema-changes.yml +++ b/.github/workflows/test-schema-changes.yml @@ -12,6 +12,11 @@ on: - '.github/workflows/test-schema-changes.yml' workflow_dispatch: # Manual +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/test-website.yml b/.github/workflows/test-website.yml index a9e1a5edb..8f0b0cb7d 100644 --- a/.github/workflows/test-website.yml +++ b/.github/workflows/test-website.yml @@ -8,6 +8,11 @@ on: - 'handbook/**' - 'schema/**' +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6423769ec..2851ab303 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,3 +1,5 @@ +name: Run Tests + on: push: branches: @@ -20,7 +22,10 @@ on: - webpack.config.js - tsconfig.json -name: Run Tests +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash permissions: contents: read diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 908d55be1..16ac603ed 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -1,4 +1,5 @@ name: tfsec + on: push: branches: @@ -9,6 +10,12 @@ on: paths: - '**.tf' workflow_dispatch: # Manual dispatch + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/tfvalidate.yml b/.github/workflows/tfvalidate.yml index 1e23d7c94..0f8006450 100644 --- a/.github/workflows/tfvalidate.yml +++ b/.github/workflows/tfvalidate.yml @@ -1,4 +1,5 @@ name: tfvalidate + on: push: branches: @@ -9,6 +10,12 @@ on: paths: - '**.tf' workflow_dispatch: # Manual dispatch + +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash + permissions: contents: read diff --git a/.github/workflows/update-certs.yml b/.github/workflows/update-certs.yml index 374296987..1060b19e7 100644 --- a/.github/workflows/update-certs.yml +++ b/.github/workflows/update-certs.yml @@ -5,6 +5,10 @@ on: schedule: - cron: '0 6 * * *' # Nightly 6AM UTC +defaults: + run: + # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference + shell: bash permissions: contents: read @@ -19,7 +23,6 @@ jobs: - name: Checkout code uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v.24.0 - - name: Update certs run: cd orbit/pkg/packaging && ./mk-ca-bundle.pl -u certs.pem