gillespi314
4a4e832d3a
Increase minimum password length to 12 characters ( #5712 )
2022-05-18 12:03:00 -05:00
dependabot[bot]
ade929bc90
Bump github/codeql-action ( #5779 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.11. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75b4f1c466...a3a6c128d7
2022-05-17 16:36:47 -03:00
Lucas Manuel Rodriguez
d50e97d250
Upload logs on fleetctl preview action ( #5745 )
...
* Upload logs on fleetctl preview action
* Group logs
* Avoid hidden folder
2022-05-16 18:39:31 -03:00
Lucas Manuel Rodriguez
74dfdcb882
Kickoff documentation for Orbit Release Process ( #5544 )
...
* Kickoff documentation for Orbit releasing
* Fixes to the github action
* Missing follow redirect on curl
* Run osqueryd --version to verify before uploading artifacts
* Use cmd as shell for windows-latest runner
* Final set of changes to the guide
2022-05-13 07:15:29 -03:00
dependabot[bot]
85013e87a4
Bump github/codeql-action from 2.1.9 to 2.1.10 ( #5668 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...75b4f1c466
2022-05-10 18:18:15 -07:00
Lucas Manuel Rodriguez
fda79a8770
Run network test serially to prevent timeouts on Github CI ( #5557 )
...
* Run network test serially to prevent timeouts on Github CI
* Revert lint changes
* Add simple file lock
* Revert test change
* Clarify error check
2022-05-10 11:52:33 -03:00
Lucas Manuel Rodriguez
b6bbbbe186
Add (beta) support for Fleet Desktop to linux ( #5221 )
...
* Add (beta) support for Fleet Desktop to linux
* Add dependency for linux desktop
* Amend makefile uname check
* Clarify env vars used for linux in execuser
* Add final set of fixes
* Remove -it from docker run
* Add desktop to the update runner for Linux
* Re-arrange tag.gz and fix upgrade check for linux desktop
2022-05-04 11:14:12 -03:00
Mike McNeil
0b7e07a9fb
Website: Ignore top level gitignore when deploying ( #5549 )
...
* Website: Ignore top level gitignore when deploying
* Update deploy-fleet-website.yml
2022-05-03 21:05:19 -05:00
Lucas Manuel Rodriguez
a5349672eb
Amend fleetctl package to support /var/lib legacy orbit (legacy would mean <= 0.0.11) ( #5532 )
...
* Add logs to troubleshoot orbit
* Run journalctl on a different step
* Add legacy orbit support to opt version of fleetctl
* Fix macos logs permission error
* Checkout repository
* Compile fleetctl from branch
2022-05-03 16:46:02 -03:00
Lucas Manuel Rodriguez
221232580c
Add fleetctl preview automation for latest changes ( #5485 )
...
* Add fleetctl preview automation for latest changes
* Fix pwd invocation and remove slack notification
* Just run on ubuntu-latest and macos-latest
* Fix path
2022-05-02 13:10:11 -03:00
Lucas Manuel Rodriguez
ed8faa791c
Add slack notification ( #5481 )
...
* Add slack notification
* Fix standard-query-library.yml
2022-05-02 08:42:20 -03:00
Zach Wasserman
26eae438f6
Document supported MySQL versions ( #5421 )
...
- Pin versions in development and CI.
2022-04-27 16:21:16 -07:00
Lucas Manuel Rodriguez
f2e8329e57
Changes to support fleetctl preview with custom TUF server ( #5418 )
2022-04-27 18:17:20 -03:00
dependabot[bot]
86c62a6cc4
Bump github/codeql-action from 2.1.8 to 2.1.9 ( #5419 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991
2022-04-27 11:57:42 -07:00
Lucas Manuel Rodriguez
f806cbc638
Update slack webhook urls to use new channel ( #5373 )
2022-04-26 14:44:46 -03:00
Lucas Manuel Rodriguez
0c9e7fb604
Add osquery-perf to pull request template ( #5351 )
2022-04-26 14:44:31 -03:00
Zach Wasserman
54ab298363
Upgrade osquery version ( #5353 )
...
In preparation to deploy osquery 5.2.3
2022-04-25 10:47:36 -07:00
Lucas Manuel Rodriguez
77f3513020
Add fleet-desktop test to test-packaging.yml ( #5289 )
...
* Add fleet-desktop test to test-packaging.yml
* Add itself to be able to trigger action
* Use stable
* Add --fleet-desktop flag to integration.yml
2022-04-25 10:21:00 -03:00
Lucas Manuel Rodriguez
15636cd760
Add slack notif when integration test fails ( #5332 )
2022-04-22 14:39:55 -03:00
dependabot[bot]
a856d748bd
Bump returntocorp/semgrep-action ( #5259 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from b93bc50eb1bd1a016cf749808608ee465db13f9d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](b93bc50eb1...a9f6c903be
2022-04-20 16:45:36 -07:00
Reed Haynes
854f9e66b1
Include sso testing to smoke test checklist ( #5247 )
2022-04-20 10:59:19 -05:00
dependabot[bot]
1cf551be51
Bump akhileshns/heroku-deploy from 3.6.8 to 3.12.12 ( #5217 )
...
Bumps [akhileshns/heroku-deploy](https://github.com/akhileshns/heroku-deploy ) from 3.6.8 to 3.12.12.
- [Release notes](https://github.com/akhileshns/heroku-deploy/releases )
- [Commits](cdd8fc68da...79ef2ae4ff
2022-04-19 17:19:34 -07:00
dependabot[bot]
63df041ecc
Update github/codeql-action requirement to 1ed1437484560351c5be56cf73a48a279d116b78 ( #5213 )
...
Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action ) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484
2022-04-19 16:52:17 -07:00
dependabot[bot]
45e9b18b5e
Bump actions/setup-go from 2 to 3 ( #5215 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v2...f6164bd8c8acb4a71fb2791a8b6c4024ff038dab )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-19 16:51:42 -07:00
Lucas Manuel Rodriguez
29a902960e
Fix typos and amend PR template ( #5227 )
2022-04-19 18:09:55 -03:00
Guillaume Ross
a774aa42c2
Adding docker to dependabot ( #5076 )
...
* Adding docker to dependabot
Adding the docker ecosystem to Dependabot, so PRs get auto-created when necessary.
* Update dependabot.yml
Changed comment on top
2022-04-19 09:02:52 -04:00
Lucas Manuel Rodriguez
2e7bbf960a
Add pre and post remove scripts for rpm and deb packages ( #5150 )
2022-04-19 09:32:47 -03:00
dependabot[bot]
11b19e1101
Bump returntocorp/semgrep-action ( #5208 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from b4ae418326a5e8bd4fc3b0b658695aee09ca0e2a to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](b4ae418326...b93bc50eb1
2022-04-18 19:14:39 -07:00
dependabot[bot]
1a0b39fee3
Bump dawidd6/action-download-artifact from 2.16.0 to 2.19.0 ( #5207 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.16.0 to 2.19.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](09385b76de...b2abf17054
2022-04-18 19:14:13 -07:00
dependabot[bot]
24bc385ede
Bump codecov/codecov-action from 2.1.0 to 3 ( #5206 )
...
* Bump codecov/codecov-action from 2.1.0 to 3
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
2022-04-18 19:12:18 -07:00
dependabot[bot]
1187a3fcad
Bump tfsec/tfsec-sarif-action ( #5204 )
...
Bumps [tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action ) from 7ae00b384bff7f14cfa52cc3c73a5e6807a41398 to 0.1.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/tfsec/tfsec-sarif-action/releases )
- [Commits](7ae00b384b...56bc584a83
2022-04-18 19:11:24 -07:00
dependabot[bot]
a6763210c4
Bump gaurav-nelson/github-action-markdown-link-check ( #4639 )
...
Bumps [gaurav-nelson/github-action-markdown-link-check](https://github.com/gaurav-nelson/github-action-markdown-link-check ) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/gaurav-nelson/github-action-markdown-link-check/releases )
- [Commits](9710f0fec8...58f84fd654
2022-04-18 19:11:01 -07:00
dependabot[bot]
d4c864e691
Bump docker/login-action from 1.10.0 to 1.14.1 ( #4638 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.10.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f054a8b539...dd4fa0671b
2022-04-18 19:09:41 -07:00
dependabot[bot]
83ffcc4b7d
Bump actions/upload-artifact from 2.3.1 to 3 ( #4637 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
2022-04-18 19:09:17 -07:00
dependabot[bot]
5e1da4b28a
Bump actions/download-artifact from 2.1.0 to 3 ( #5205 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 2.1.0 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](f023be2c48...fb598a63ae
2022-04-18 18:59:59 -07:00
dependabot[bot]
3fbd017512
Bump goreleaser/goreleaser-action from 2.6.1 to 2.9.1 ( #4636 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.1 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](ac067437f5...b953231f81
2022-04-18 17:55:55 -07:00
dependabot[bot]
87d96c24e1
Bump stefanprodan/helm-gh-pages from 1.4.1 to 1.5.0 ( #4635 )
...
Bumps [stefanprodan/helm-gh-pages](https://github.com/stefanprodan/helm-gh-pages ) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/stefanprodan/helm-gh-pages/releases )
- [Commits](f1701eb82e...b43a8719cc
2022-04-18 17:52:54 -07:00
Zach Wasserman
7cb71bc5a8
Run CodeQL on every commit to main ( #4794 )
...
Practically, we were scanning enough previously (at least once a day, plus any commit that changed source files), but this will help check the box in CII Best Practices.
2022-04-11 11:53:08 -07:00
Zach Wasserman
025d6c7b96
Run CodeQL on all pushes ( #4960 )
...
Even when Go and JS files aren't changed, just to keep the security scanners happy.
2022-04-05 18:10:12 -07:00
Michal Nicpon
74555e4bf4
fix lint workflow ( #4935 )
...
* use go version 1.17 in golanci-lint workflow
2022-04-04 14:14:05 -06:00
Zach Wasserman
7d68f69ab4
Update CodeQL action version and exclude paths ( #4930 )
2022-04-04 12:14:21 -07:00
Lucas Manuel Rodriguez
c82c580716
Orbit: Add Fleet Desktop support to Windows ( #4873 )
...
* Orbit: Add Fleet Desktop support to Windows
* Rename workflow, fix linux build
* Do not compile systray on linux
* nolint on unused
* Fix lint properly
* nolint both checkers
* Fix monitor logic in desktopRunner
* Fix interrupt and execute order
2022-04-01 17:28:51 -03:00
Guillaume Ross
f87fcb544a
Update generate-desktop-app-tar-gz.yml ( #4893 )
...
Removing PR from this action as it contains secrets.
2022-03-31 16:38:44 -04:00
Guillaume Ross
e6c6b7e840
Added explicit read permissions + tweaked permissions ( #4843 )
...
* Added explicit read permissions + tweaked permissions
As a part of #4698 - this should fix the remaining warnings we get from the OSSF scorecard in relation to github workflows. They now all have explicit read permissions with more granular permissions granted in jobs.
* Update tfsec.yml
New workflow that I had not fixed in this PR.
2022-03-28 16:20:31 -04:00
Guillaume Ross
d0f6c9e32d
Adding tfsec for all *.tf pushes ( #4777 )
...
* Create tfsec.yml
Draft tfsec workflow for #4762
* Update tfsec.yml
* Update tfsec.yml
Fixed identation
2022-03-28 15:15:40 -04:00
Guillaume Ross
b94972351f
Adding permissions to some workflows ( #4698 )
...
* Adding permissions to docs.yml and integration.yml
* Update codeql-analysis.yml
Adding top level read permissions to codeql workflow
* Update codeql-analysis.yml
Adding manual dispatch to codeql - to be able to test it easier
* Update deploy-fleet-website.yml
Adding top level read permission + write in the job so it can push the website
* Update test-website.yml
test-website should only need read permissions on content.
* Update fleet-and-orbit.yml
Testing Fleet and Orbit should be fine with top level read access
* Update fleetctl-preview.yml
fleetctl-preview should be fine with just read access at top level
* Update push-osquery-perf-to-ecr.yml
ECR is out of github so read permissions should be enough
* Update semgrep-analysis.yml
semgrep should only need read
* Update test-packaging.yml
Should only need read permission - setting on top
* Update test.yml
Should not need any write access - setting to READ on top.
* Update deploy-fleet-website.yml
Removing git write permission - since this pushes to Heroku not GitHub
* Tweaked as per Zach's comments
Removed some useless restrictions (contents none on a public repo for example)
* Removed meaningless permissions
contents: none - this does not have any security advantage on a public repo
2022-03-25 14:19:42 -04:00
eashaw
666509e634
Ignore FleetDM GitHub project URLs when checking Markdown links ( #4712 )
...
* Add GitHub projects to link check ignorePatterns
* update pattern to exclude private GitHub projects
2022-03-21 17:21:12 -05:00
Zach Wasserman
cc687d9d1e
Add Notarization for Fleet Desktop ( #4720 )
2022-03-21 15:01:50 -07:00
Guillaume Ross
d60ee47545
Securing desktop github workflow ( #4718 )
...
Pinning the dependencies and putting an explicit read only permission on the new desktop github workflow
2022-03-21 15:38:21 -04:00
Lucas Manuel Rodriguez
ecdfd627b6
Fleet Desktop MVP ( #4530 )
...
* WIP
* WIP2
* Fix orbit and fleetctl tests
* Amend macos-app default
* Add some fixes
* Use fleetctl updates roots command
* Add more fixes to Updater
* Fixes to app publishing and downloading
* Add more changes to support fleetctl cross generation
* Amend comment
* Add pkg generation to ease testing
* Make more fixes
* Add changes entry
* Add legacy targets (until our TUF system exposes the new app)
* Fix fleetctl preview
* Fix bool flag
* Fix orbit logic for disabled-updates and dev-mode
* Fix TestPreview
* Remove constant and fix zip-slip attack (codeql)
* Return unknown error
* Fix updater's checkExec
* Add support for executable signing in init_tuf.sh
* Try only signing orbit
* Fix init_tuf.sh targets, macos-app only for osqueryd
* Specify GOARCH to support M1s
* Add workflow to generate osqueryd.app.tar.gz
* Use 5.2.2 on init_tuf.sh
* Add unit test for tar.gz target
* Use artifacts instead of releases
* Remove copy paste residue
* Fleet Desktop Packaging WIP
* Ignore gosec warning
* Trigger on PR too
* Install Go in workflow
* Pass url parameter to desktop app
* Fix fleetctl package
* Final set of changes for v1 of Fleet Desktop
* Add changes
* PR fixes
* Fix CI build
* add larger menu bar icon
* Add transparency item
* Delete host_device_auth entry on host deletion
* Add SetTargetChannel
* Update white logo and add desktop to update runner
* Add fleet-desktop monitoring to orbit
* Define fleet-desktop app exec name
* Fix update runner creation
* Add API test before enabling the My device menu item
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2022-03-21 14:53:53 -03:00
