dependabot[bot]
b26a5cdb4e
Bump github.com/open-policy-agent/opa from 0.40.0 to 0.42.0 ( #6537 )
...
* Bump github.com/open-policy-agent/opa from 0.40.0 to 0.42.0
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) from 0.40.0 to 0.42.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.40.0...v0.42.0 )
---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* Include go.* files in tests
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
2022-07-11 14:58:27 -03:00
Roberto Dip
78fbf4c35a
tag fleetdm/fleetctl docker image before pushing to Hub ( #6585 )
2022-07-11 14:57:54 -03:00
Roberto Dip
6a1724a474
add a workflow to build and push fleetdm/fleetctl images ( #6533 )
2022-07-11 10:32:40 -03:00
Roberto Dip
f7dd8c86cd
implement a docker image to package orbit natively in Linux ( #6504 )
...
Related to #6364 and #6363 , this:
- Adds a new Docker image, `fleetdm/fleetctl` equipped with all necessary dependencies to build Fleet-osquery binaries for all platforms
- Modifies the package generation logic to special case this scenario via an environment variable `FLEETCTL_NATIVE_TOOLING`
- Adds a new GitHub workflow to test this
There are more details in the README, but part of the special-casing logic is in place to output the binaries to a folder named `build` when they are run with `FLEETCTL_NATIVE_TOOLING`, this is so we can persist the binary generated by the docker container via a bind mount:
```bash
docker run -v "$(pwd):/build" fleetdm/fleetctl package --type=msi
```
To test this changeset, I have generated packages for all platforms, both via the new Docker image and via the classic `fleetctl package`.
2022-07-11 09:49:13 -03:00
Lucas Manuel Rodriguez
a336ed61e5
Add gotestfmt to improve test output and fix flaky tests ( #6528 )
2022-07-11 08:12:33 -03:00
Lucas Manuel Rodriguez
e92ea532b6
Orbit to cleanup extension socket at startup ( #6474 )
...
* Orbit to cleanup extension socket at startup
* Remove extra quote
2022-07-01 16:56:37 -03:00
dependabot[bot]
3da9f6cb38
Bump ossf/scorecard-action from 1.0.4 to 1.1.2 ( #6419 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...ce330fde6b
2022-06-28 18:31:37 -07:00
dependabot[bot]
985eccc442
Bump dawidd6/action-download-artifact from 2.19.0 to 2.21.1 ( #6418 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.19.0 to 2.21.1.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](b2abf17054...6765a42d86
2022-06-28 18:31:16 -07:00
dependabot[bot]
690595f9b3
Bump returntocorp/semgrep-action ( #6417 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from 619fcfc626fd7b93e0f350c46e67671f2c962265 to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](619fcfc626...177d02a2d1
2022-06-28 18:30:50 -07:00
dependabot[bot]
c160588ef3
Bump aws-actions/amazon-ecr-login from 1.3.3 to 1.5.0 ( #6404 )
...
Bumps [aws-actions/amazon-ecr-login](https://github.com/aws-actions/amazon-ecr-login ) from 1.3.3 to 1.5.0.
- [Release notes](https://github.com/aws-actions/amazon-ecr-login/releases )
- [Changelog](https://github.com/aws-actions/amazon-ecr-login/blob/main/CHANGELOG.md )
- [Commits](aaf69d68aa...b874a33292
2022-06-28 18:30:25 -07:00
dependabot[bot]
314afc694b
Bump tfsec/tfsec-sarif-action from 0.1.0 to 0.1.3 ( #6415 )
...
Bumps [tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action ) from 0.1.0 to 0.1.3.
- [Release notes](https://github.com/tfsec/tfsec-sarif-action/releases )
- [Commits](56bc584a83...5d34a982aa
2022-06-28 18:29:11 -07:00
dependabot[bot]
39192a2b89
Bump docker/login-action from 1.14.1 to 2 ( #5598 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](dd4fa0671b...49ed152c8e
2022-06-28 18:27:48 -07:00
dependabot[bot]
c90b4b8d50
Bump github/codeql-action from 2.1.11 to 2.1.15 ( #6416 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.11 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a3a6c128d7...3f62b754e2
2022-06-28 18:26:55 -07:00
dependabot[bot]
15873bfbe2
Bump codecov/codecov-action from 3.0.0 to 3.1.0 ( #5310 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
2022-06-28 18:26:00 -07:00
dependabot[bot]
d317b2792c
Bump returntocorp/semgrep-action ( #5309 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from a9f6c903be5b9bc982d6be6f9312146daa4964b5 to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](a9f6c903be...619fcfc626
2022-06-28 18:25:28 -07:00
dependabot[bot]
3b86836c3f
Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #5835 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
2022-06-22 16:07:08 -03:00
Zach Wasserman
7cede96089
Generate osqueryd target from DEB package ( #6258 )
...
The DEB packages have a stripped (smaller) binary rather than the
unstripped binary in the tarball.
2022-06-20 11:13:01 -07:00
Zach Wasserman
8228681119
Bump Fleet Desktop version ( #6255 )
2022-06-16 18:34:30 -07:00
Zach Wasserman
12d915531e
Build universal macOS binaries for Orbit ( #6208 )
2022-06-13 19:43:47 -03:00
Zach Wasserman
ca1c8ffd58
Generate targets for osquery 5.3.0 ( #6188 )
2022-06-13 08:04:21 -07:00
Lucas Manuel Rodriguez
4cfeaa1580
Do not use golangci action for better reproducibility (use make lint-go) ( #6175 )
...
* Do not use golangci action for better reproducibility
* Add fix to trigger build
* Fix all reported issues
* fix more lint errors
* Add missing import
* Remove unused method
* Remove change not necessary
2022-06-10 18:52:24 -03:00
Lucas Manuel Rodriguez
33bb7886b6
Add automation for orbit shell (with TUF) ( #5856 )
...
* fix old root dir in orbit
* add changes
* Add automation for orbit shell (with TUF)
* Fix workflow syntax
* Add logging to latest fleetctl preview action
* Add changes to fix workflow
* Use macOS host for TUF server and package generation
* Remove copy/paste if clause
* Fix orbit logs on macOS, Ubuntu
* Simplify TUF and generation of packages
* Set enroll secret instead of getting it
* Increase timeouts
* Add step id
* Fixes to the upload/download of artifacts
* Rearrange steps to not lose the downloads
* Fix copy/paste
* Add fleetctl login step
* Add missing config set
* Fix quotes on Windows
* Increase timeout
* Fix job termination
* Disable FLEET_DESKTOP for now
* Checkout repository on macOS
* Fix logs path
* Enable fleet desktop
* Use cancel, nitpick
Co-authored-by: Michal Nicpon <michal@fleetdm.com>
2022-06-01 13:54:16 -03:00
dependabot[bot]
e8c61abc92
Bump goreleaser/goreleaser-action from 2.9.1 to 3 ( #5972 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...68acf3b1ad
2022-05-31 13:24:23 -03:00
dependabot[bot]
de3e19e52f
Bump actions/setup-go from 3.0.0 to 3.2.0 ( #5917 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...b22fbbc292
2022-05-31 10:13:26 -03:00
Lucas Manuel Rodriguez
5527cf3cef
Add --fleet-desktop to linux packaging on test-integration.yml ( #5926 )
...
* Add --fleet-desktop to linux packaging on test-integration.yml
* Fix --fleet-desktop flag
2022-05-31 07:14:59 -03:00
Zach Wasserman
b9161d008f
Use goreleaser v1.1.0 for Orbit build ( #5934 )
2022-05-26 18:03:15 -07:00
Zach Wasserman
087b85a540
Bump Orbit Go version to 1.18.2 ( #5933 )
2022-05-26 17:32:34 -07:00
Zach Wasserman
023a9b4be6
Update Fleet Desktop version to 0.0.2 ( #5932 )
2022-05-26 17:26:00 -07:00
Zach Wasserman
bcaa95e5a2
Explicitly set goreleaser version in Orbit release ( #5931 )
2022-05-26 17:24:57 -07:00
Benjamin Edwards
58d2b66042
add github action deploy via OIDC credentials ( #5339 )
...
* remove unused iam poilcy attributes and remove github action on pull request, only workflow dispatch will be required
* update github.tf, commenting out all resources, but leaving in place in case someone else wants to use ODIC providers & Github actions
2022-05-25 14:03:29 -04:00
gillespi314
4a4e832d3a
Increase minimum password length to 12 characters ( #5712 )
2022-05-18 12:03:00 -05:00
dependabot[bot]
ade929bc90
Bump github/codeql-action ( #5779 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.11. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](75b4f1c466...a3a6c128d7
2022-05-17 16:36:47 -03:00
Lucas Manuel Rodriguez
d50e97d250
Upload logs on fleetctl preview action ( #5745 )
...
* Upload logs on fleetctl preview action
* Group logs
* Avoid hidden folder
2022-05-16 18:39:31 -03:00
Lucas Manuel Rodriguez
74dfdcb882
Kickoff documentation for Orbit Release Process ( #5544 )
...
* Kickoff documentation for Orbit releasing
* Fixes to the github action
* Missing follow redirect on curl
* Run osqueryd --version to verify before uploading artifacts
* Use cmd as shell for windows-latest runner
* Final set of changes to the guide
2022-05-13 07:15:29 -03:00
dependabot[bot]
85013e87a4
Bump github/codeql-action from 2.1.9 to 2.1.10 ( #5668 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...75b4f1c466
2022-05-10 18:18:15 -07:00
Lucas Manuel Rodriguez
fda79a8770
Run network test serially to prevent timeouts on Github CI ( #5557 )
...
* Run network test serially to prevent timeouts on Github CI
* Revert lint changes
* Add simple file lock
* Revert test change
* Clarify error check
2022-05-10 11:52:33 -03:00
Lucas Manuel Rodriguez
b6bbbbe186
Add (beta) support for Fleet Desktop to linux ( #5221 )
...
* Add (beta) support for Fleet Desktop to linux
* Add dependency for linux desktop
* Amend makefile uname check
* Clarify env vars used for linux in execuser
* Add final set of fixes
* Remove -it from docker run
* Add desktop to the update runner for Linux
* Re-arrange tag.gz and fix upgrade check for linux desktop
2022-05-04 11:14:12 -03:00
Mike McNeil
0b7e07a9fb
Website: Ignore top level gitignore when deploying ( #5549 )
...
* Website: Ignore top level gitignore when deploying
* Update deploy-fleet-website.yml
2022-05-03 21:05:19 -05:00
Lucas Manuel Rodriguez
a5349672eb
Amend fleetctl package to support /var/lib legacy orbit (legacy would mean <= 0.0.11) ( #5532 )
...
* Add logs to troubleshoot orbit
* Run journalctl on a different step
* Add legacy orbit support to opt version of fleetctl
* Fix macos logs permission error
* Checkout repository
* Compile fleetctl from branch
2022-05-03 16:46:02 -03:00
Lucas Manuel Rodriguez
221232580c
Add fleetctl preview automation for latest changes ( #5485 )
...
* Add fleetctl preview automation for latest changes
* Fix pwd invocation and remove slack notification
* Just run on ubuntu-latest and macos-latest
* Fix path
2022-05-02 13:10:11 -03:00
Lucas Manuel Rodriguez
ed8faa791c
Add slack notification ( #5481 )
...
* Add slack notification
* Fix standard-query-library.yml
2022-05-02 08:42:20 -03:00
Zach Wasserman
26eae438f6
Document supported MySQL versions ( #5421 )
...
- Pin versions in development and CI.
2022-04-27 16:21:16 -07:00
Lucas Manuel Rodriguez
f2e8329e57
Changes to support fleetctl preview with custom TUF server ( #5418 )
2022-04-27 18:17:20 -03:00
dependabot[bot]
86c62a6cc4
Bump github/codeql-action from 2.1.8 to 2.1.9 ( #5419 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991
2022-04-27 11:57:42 -07:00
Lucas Manuel Rodriguez
f806cbc638
Update slack webhook urls to use new channel ( #5373 )
2022-04-26 14:44:46 -03:00
Zach Wasserman
54ab298363
Upgrade osquery version ( #5353 )
...
In preparation to deploy osquery 5.2.3
2022-04-25 10:47:36 -07:00
Lucas Manuel Rodriguez
77f3513020
Add fleet-desktop test to test-packaging.yml ( #5289 )
...
* Add fleet-desktop test to test-packaging.yml
* Add itself to be able to trigger action
* Use stable
* Add --fleet-desktop flag to integration.yml
2022-04-25 10:21:00 -03:00
Lucas Manuel Rodriguez
15636cd760
Add slack notif when integration test fails ( #5332 )
2022-04-22 14:39:55 -03:00
dependabot[bot]
a856d748bd
Bump returntocorp/semgrep-action ( #5259 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from b93bc50eb1bd1a016cf749808608ee465db13f9d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](b93bc50eb1...a9f6c903be
2022-04-20 16:45:36 -07:00
dependabot[bot]
1cf551be51
Bump akhileshns/heroku-deploy from 3.6.8 to 3.12.12 ( #5217 )
...
Bumps [akhileshns/heroku-deploy](https://github.com/akhileshns/heroku-deploy ) from 3.6.8 to 3.12.12.
- [Release notes](https://github.com/akhileshns/heroku-deploy/releases )
- [Commits](cdd8fc68da...79ef2ae4ff
2022-04-19 17:19:34 -07:00
dependabot[bot]
63df041ecc
Update github/codeql-action requirement to 1ed1437484560351c5be56cf73a48a279d116b78 ( #5213 )
...
Updates the requirements on [github/codeql-action](https://github.com/github/codeql-action ) to permit the latest version.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484
2022-04-19 16:52:17 -07:00
dependabot[bot]
45e9b18b5e
Bump actions/setup-go from 2 to 3 ( #5215 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v2...f6164bd8c8acb4a71fb2791a8b6c4024ff038dab )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-19 16:51:42 -07:00
Lucas Manuel Rodriguez
2e7bbf960a
Add pre and post remove scripts for rpm and deb packages ( #5150 )
2022-04-19 09:32:47 -03:00
dependabot[bot]
11b19e1101
Bump returntocorp/semgrep-action ( #5208 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from b4ae418326a5e8bd4fc3b0b658695aee09ca0e2a to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/returntocorp/semgrep-action/releases )
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](b4ae418326...b93bc50eb1
2022-04-18 19:14:39 -07:00
dependabot[bot]
1a0b39fee3
Bump dawidd6/action-download-artifact from 2.16.0 to 2.19.0 ( #5207 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.16.0 to 2.19.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](09385b76de...b2abf17054
2022-04-18 19:14:13 -07:00
dependabot[bot]
24bc385ede
Bump codecov/codecov-action from 2.1.0 to 3 ( #5206 )
...
* Bump codecov/codecov-action from 2.1.0 to 3
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
2022-04-18 19:12:18 -07:00
dependabot[bot]
1187a3fcad
Bump tfsec/tfsec-sarif-action ( #5204 )
...
Bumps [tfsec/tfsec-sarif-action](https://github.com/tfsec/tfsec-sarif-action ) from 7ae00b384bff7f14cfa52cc3c73a5e6807a41398 to 0.1.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/tfsec/tfsec-sarif-action/releases )
- [Commits](7ae00b384b...56bc584a83
2022-04-18 19:11:24 -07:00
dependabot[bot]
a6763210c4
Bump gaurav-nelson/github-action-markdown-link-check ( #4639 )
...
Bumps [gaurav-nelson/github-action-markdown-link-check](https://github.com/gaurav-nelson/github-action-markdown-link-check ) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/gaurav-nelson/github-action-markdown-link-check/releases )
- [Commits](9710f0fec8...58f84fd654
2022-04-18 19:11:01 -07:00
dependabot[bot]
d4c864e691
Bump docker/login-action from 1.10.0 to 1.14.1 ( #4638 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.10.0 to 1.14.1.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f054a8b539...dd4fa0671b
2022-04-18 19:09:41 -07:00
dependabot[bot]
83ffcc4b7d
Bump actions/upload-artifact from 2.3.1 to 3 ( #4637 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
2022-04-18 19:09:17 -07:00
dependabot[bot]
5e1da4b28a
Bump actions/download-artifact from 2.1.0 to 3 ( #5205 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 2.1.0 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](f023be2c48...fb598a63ae
2022-04-18 18:59:59 -07:00
dependabot[bot]
3fbd017512
Bump goreleaser/goreleaser-action from 2.6.1 to 2.9.1 ( #4636 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.6.1 to 2.9.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](ac067437f5...b953231f81
2022-04-18 17:55:55 -07:00
dependabot[bot]
87d96c24e1
Bump stefanprodan/helm-gh-pages from 1.4.1 to 1.5.0 ( #4635 )
...
Bumps [stefanprodan/helm-gh-pages](https://github.com/stefanprodan/helm-gh-pages ) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/stefanprodan/helm-gh-pages/releases )
- [Commits](f1701eb82e...b43a8719cc
2022-04-18 17:52:54 -07:00
Zach Wasserman
7cb71bc5a8
Run CodeQL on every commit to main ( #4794 )
...
Practically, we were scanning enough previously (at least once a day, plus any commit that changed source files), but this will help check the box in CII Best Practices.
2022-04-11 11:53:08 -07:00
Zach Wasserman
025d6c7b96
Run CodeQL on all pushes ( #4960 )
...
Even when Go and JS files aren't changed, just to keep the security scanners happy.
2022-04-05 18:10:12 -07:00
Michal Nicpon
74555e4bf4
fix lint workflow ( #4935 )
...
* use go version 1.17 in golanci-lint workflow
2022-04-04 14:14:05 -06:00
Zach Wasserman
7d68f69ab4
Update CodeQL action version and exclude paths ( #4930 )
2022-04-04 12:14:21 -07:00
Lucas Manuel Rodriguez
c82c580716
Orbit: Add Fleet Desktop support to Windows ( #4873 )
...
* Orbit: Add Fleet Desktop support to Windows
* Rename workflow, fix linux build
* Do not compile systray on linux
* nolint on unused
* Fix lint properly
* nolint both checkers
* Fix monitor logic in desktopRunner
* Fix interrupt and execute order
2022-04-01 17:28:51 -03:00
Guillaume Ross
f87fcb544a
Update generate-desktop-app-tar-gz.yml ( #4893 )
...
Removing PR from this action as it contains secrets.
2022-03-31 16:38:44 -04:00
Guillaume Ross
e6c6b7e840
Added explicit read permissions + tweaked permissions ( #4843 )
...
* Added explicit read permissions + tweaked permissions
As a part of #4698 - this should fix the remaining warnings we get from the OSSF scorecard in relation to github workflows. They now all have explicit read permissions with more granular permissions granted in jobs.
* Update tfsec.yml
New workflow that I had not fixed in this PR.
2022-03-28 16:20:31 -04:00
Guillaume Ross
d0f6c9e32d
Adding tfsec for all *.tf pushes ( #4777 )
...
* Create tfsec.yml
Draft tfsec workflow for #4762
* Update tfsec.yml
* Update tfsec.yml
Fixed identation
2022-03-28 15:15:40 -04:00
Guillaume Ross
b94972351f
Adding permissions to some workflows ( #4698 )
...
* Adding permissions to docs.yml and integration.yml
* Update codeql-analysis.yml
Adding top level read permissions to codeql workflow
* Update codeql-analysis.yml
Adding manual dispatch to codeql - to be able to test it easier
* Update deploy-fleet-website.yml
Adding top level read permission + write in the job so it can push the website
* Update test-website.yml
test-website should only need read permissions on content.
* Update fleet-and-orbit.yml
Testing Fleet and Orbit should be fine with top level read access
* Update fleetctl-preview.yml
fleetctl-preview should be fine with just read access at top level
* Update push-osquery-perf-to-ecr.yml
ECR is out of github so read permissions should be enough
* Update semgrep-analysis.yml
semgrep should only need read
* Update test-packaging.yml
Should only need read permission - setting on top
* Update test.yml
Should not need any write access - setting to READ on top.
* Update deploy-fleet-website.yml
Removing git write permission - since this pushes to Heroku not GitHub
* Tweaked as per Zach's comments
Removed some useless restrictions (contents none on a public repo for example)
* Removed meaningless permissions
contents: none - this does not have any security advantage on a public repo
2022-03-25 14:19:42 -04:00
eashaw
666509e634
Ignore FleetDM GitHub project URLs when checking Markdown links ( #4712 )
...
* Add GitHub projects to link check ignorePatterns
* update pattern to exclude private GitHub projects
2022-03-21 17:21:12 -05:00
Zach Wasserman
cc687d9d1e
Add Notarization for Fleet Desktop ( #4720 )
2022-03-21 15:01:50 -07:00
Guillaume Ross
d60ee47545
Securing desktop github workflow ( #4718 )
...
Pinning the dependencies and putting an explicit read only permission on the new desktop github workflow
2022-03-21 15:38:21 -04:00
Lucas Manuel Rodriguez
ecdfd627b6
Fleet Desktop MVP ( #4530 )
...
* WIP
* WIP2
* Fix orbit and fleetctl tests
* Amend macos-app default
* Add some fixes
* Use fleetctl updates roots command
* Add more fixes to Updater
* Fixes to app publishing and downloading
* Add more changes to support fleetctl cross generation
* Amend comment
* Add pkg generation to ease testing
* Make more fixes
* Add changes entry
* Add legacy targets (until our TUF system exposes the new app)
* Fix fleetctl preview
* Fix bool flag
* Fix orbit logic for disabled-updates and dev-mode
* Fix TestPreview
* Remove constant and fix zip-slip attack (codeql)
* Return unknown error
* Fix updater's checkExec
* Add support for executable signing in init_tuf.sh
* Try only signing orbit
* Fix init_tuf.sh targets, macos-app only for osqueryd
* Specify GOARCH to support M1s
* Add workflow to generate osqueryd.app.tar.gz
* Use 5.2.2 on init_tuf.sh
* Add unit test for tar.gz target
* Use artifacts instead of releases
* Remove copy paste residue
* Fleet Desktop Packaging WIP
* Ignore gosec warning
* Trigger on PR too
* Install Go in workflow
* Pass url parameter to desktop app
* Fix fleetctl package
* Final set of changes for v1 of Fleet Desktop
* Add changes
* PR fixes
* Fix CI build
* add larger menu bar icon
* Add transparency item
* Delete host_device_auth entry on host deletion
* Add SetTargetChannel
* Update white logo and add desktop to update runner
* Add fleet-desktop monitoring to orbit
* Define fleet-desktop app exec name
* Fix update runner creation
* Add API test before enabling the My device menu item
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2022-03-21 14:53:53 -03:00
Guillaume Ross
befbe88eb8
Adding manual execution to ossf scorecard workflow
2022-03-18 14:36:10 -04:00
Guillaume Ross
62d3b9145f
4620 pin action dependencies ( #4622 )
...
* Update build-binaries.yaml
Pin action versions + add read only token to build-binaries.yaml
* Update codeql-analysis.yml
Pin dependencies with hash for codeql-analysis.yml
* Update deploy-fleet-website.yml
Pin dependencies in deploy-fleet-website.yml
* Update docs.yml
Pin dependencies for docs.yml
* Update fleet-and-orbit.yml
Pinning dependencies for fleet-and-orbit.yml
* Update generate-osqueryd-app-tar-gz.yml
Pin dependencies for generate-osqueryd-app-tar-gz.yml
* Pin dependencies in goreleaser workflows
Pinned dependencies in the 3 goreleaser workflows
* Update integration.yml
Pinned dependencies with hash
* Update pr-helm.yaml
Pinned dependencies with hash
* Update push-osquery-perf-to-ecr.yml
Pinned dependencies with a hash
* Update release-helm.yaml
Pinned one dependency with a hash
* Update semgrep-analysis.yml
Pinned dependencies with hashes
* Update test-go.yaml
Pinned dependencies with hash
* Update test-packaging.yml
Pinned dependencies with hashes
* Update test-website.yml
Pinned dependencies with hashes
* Update test.yml
Pinned dependencies with hashes
2022-03-16 15:42:28 -04:00
Guillaume Ross
8700fc6498
Go 1.17.8 ( #4560 )
...
* Go 1.17.8
* Enforcing go minimum 1.17.8
Bumping minimum version in a few more files
2022-03-16 14:56:58 -04:00
Lucas Manuel Rodriguez
f4d3159cc9
Fleetctl to package .app bundles for osquery (and changes for orbit to support them) ( #4393 )
...
* WIP
* WIP2
* Fix orbit and fleetctl tests
* Amend macos-app default
* Add some fixes
* Use fleetctl updates roots command
* Add more fixes to Updater
* Fixes to app publishing and downloading
* Add more changes to support fleetctl cross generation
* Amend comment
* Add pkg generation to ease testing
* Make more fixes
* Add changes entry
* Add legacy targets (until our TUF system exposes the new app)
* Fix fleetctl preview
* Fix bool flag
* Fix orbit logic for disabled-updates and dev-mode
* Fix TestPreview
* Remove constant and fix zip-slip attack (codeql)
* Return unknown error
* Fix updater's checkExec
* Add support for executable signing in init_tuf.sh
* Try only signing orbit
* Fix init_tuf.sh targets, macos-app only for osqueryd
* Specify GOARCH to support M1s
* Add workflow to generate osqueryd.app.tar.gz
* Use 5.2.2 on init_tuf.sh
* Add unit test for tar.gz target
* Use artifacts instead of releases
* Remove copy paste residue
* Trigger workflow on PR
* Fixes to ease handling of artifact
* Fix, do not use target name as dir
* Remove workaround
2022-03-15 16:04:12 -03:00
Guillaume Ross
b620d2b7d8
Fix code scanning issues with golangci-lint.yml ( #4606 )
...
Making permissions more restricted to reduce impact if token leaked, and pinning dependencies more strictly.
2022-03-15 14:44:30 -04:00
Lucas Manuel Rodriguez
29bd76f60d
Add manual dispatch to golangci-lint.yml ( #4440 )
2022-03-03 17:15:17 -03:00
Lucas Manuel Rodriguez
b5be858071
Fix update checks for orbit at startup ( #3835 )
...
* Fix update checks for orbit at startup
* Add tests
* Add scripts for testing local TUF server
* Remove -x used for debugging
2022-02-23 14:58:07 -03:00
Guillaume Ross
0ac0c9de3e
Update scorecards-analysis.yml ( #4322 )
...
Update scorecard analysis version from 1.0.2 to 1.0.4 - has updates on how env variables are handled, need to update and see if it fixes the issue we have with the cron job.
2022-02-22 20:00:41 -05:00
Lucas Manuel Rodriguez
e39ba93a90
Orbit to wait for osqueryd extension manager socket to be ready ( #3836 )
...
* Wait for osquery extension manager socket to be ready
* PR review feedback
* Add WIP Github Action to test orbit
* Set fleet address on fleetctl
* Add logging for troubleshooting
* Add prepare db statement
* Use tls-skip-verify on fleetctl
* Move steps around
* Fix addresses
* Fix fleetctl path
* Add certs.pem to orbit root dir
* Add orbit logs
* Increase timeout
* Add proper orbit log paths
* Fix tmp path orbit
* Add get hosts command to troubleshoot
* Fix orbit job termination
* Add comments to workflows
* Wait for server to go down
* Add orbit Windows job
* Use bash on windws-latest
* Fix missing quote
* Run orbit on Ubuntu
* Bump host count
* Increase timeout for extensions and not terminate on err
* Add comment to clarify high timeout value
* Revert change, we do want to exit in case of err
2022-02-22 15:05:32 -03:00
Lucas Manuel Rodriguez
d8b8794d51
Fix setting of envs for schedule ( #4205 )
...
* Attempt to fix setting of env for schedule
* Revert logic after testing
2022-02-15 09:26:28 -03:00
Lucas Manuel Rodriguez
297dd245ec
Run go tests with -race at night ( #4090 )
...
* Run go tests with race at night
* Add missing run on step
* Fix boolean logic
* Allow manual run for test-go.yaml
* Add slack notification step
* Try global environment variable for cron schedule
* Fix indentation
* Try number 2
* Try setting cron as usual
* Remove global env
* Only send notification in case of failure when running schedule
* Run with race enable to test
* Add more fixes
* Fix github event variable name
* Set timeouts
* Fix slack notification link
* Re-enable if clause
* Last try on Github Actions
* Re-enable the if clause
2022-02-14 16:38:53 -03:00
Lucas Manuel Rodriguez
0ed0c4e27f
Allow manual dispatch of test-go.yml ( #4160 )
2022-02-14 12:13:02 -03:00
Noah Talerman
67827474c2
Prepare for Fleet 4.10.0 ( #4161 )
...
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2022-02-13 18:13:06 -08:00
Zach Wasserman
96d81596f3
Add GitHub action for updating CA certs bundle ( #4041 )
...
See #4029
2022-02-07 09:44:31 -08:00
Mike McNeil
3f26d650a5
Disable link checking for more sites ( #4000 )
...
gusto, crunchbase, and angellist
relates to https://github.com/fleetdm/fleet/pull/3999#issuecomment-1028545628
2022-02-03 15:14:08 -06:00
Zach Wasserman
a5b2e60075
Update triggers for link check Action ( #3972 )
...
Only check on changes to .md files, nightly, and on manual trigger.
This was generating a lot of false positives in CI.
2022-02-01 18:02:37 -08:00
Guillaume Ross
05431b556a
Configuring OSSF Scorecard ( #3960 )
...
From https://github.com/ossf/scorecard-action#installation
Configuring the OSSF Scorecard on the Fleet repo and configuring it so results are sent back to dashboard and github codescanning alerts.
2022-02-01 09:31:07 -05:00
Zach Wasserman
b9696f67e6
Skip link check for goreportcard.com ( #3805 )
...
It goes down relatively often, causing flaky CI.
2022-01-19 17:56:01 -08:00
Zach Wasserman
be1105757b
Simplify docker publish action ( #3769 )
2022-01-18 18:03:14 -08:00
Zach Wasserman
1782fc7b8f
Build Docker images on push to any branch ( #3756 )
...
Allows for testing release branches and any others.
2022-01-18 12:41:04 -08:00
Zach Wasserman
9c845ec26b
Integration test packaging ( #3633 )
2022-01-13 13:59:22 -08:00
Zach Wasserman
d358c703b8
Only run E2E tests on relevant commits ( #3674 )
2022-01-13 10:48:26 -08:00
Lucas Manuel Rodriguez
49ceee59aa
Add fixes for running tests with mysql:8 and add mysql to test-go job matrix ( #3627 )
...
* Add fixes for running tests with mysql:8
* Add getServer function
* Test github matrix
* Add changes file for the user facing fix
* Remove unused mysql8 docker-compose
2022-01-11 22:44:37 -03:00
Zach Wasserman
b56c620007
Pin actions to commit ( #3566 )
2022-01-04 09:30:02 -08:00
