empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29580a242d
fleet/schema/tables/xprotect_meta.yml
Mike McNeil 6091556b7a
Fix build (#10018) 
mikermcneil
  3 minutes ago
@Kathy Satterlee
 I think https://github.com/fleetdm/fleet/pull/9881 broke the build
4 replies

 .
mikermcneil
  2 minutes ago
https://github.com/fleetdm/fleet/pull/9979#issuecomment-1440604277


Zay Hanlon
  1 minute ago
Oops. That was my approval/merge on Kathy's change


Zay Hanlon
  1 minute ago
How do I fix?


mikermcneil
  < 1 minute ago
@Zay Hanlon
All good. I think we should make it so that PRs can't be merged until
they pass the CI checks. It's annoying but would prevent things like
this, which are expensive and involve multiple folks' time.
@Zach Wasserman
 
@Luke Heath
I'm going to turn on the branch protection that prevents merging when
automated CI checks are failing.
@Kathy Satterlee
 I'll follow up with a fix now.
@Jarod Reyes
 Feel free to go ahead and merge your PR in the meantime.


Zay Hanlon
:spiral_calendar_pad: [11 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091760162369?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
Sorry 😞


mikermcneil
[10 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091789685699?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
All good, inevitable


Zach Wasserman
[9 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091841779269?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
FWIW turning that on will really slow down my dev process at times.


Zach Wasserman
[8 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091942206439?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
eg. if I make one tiny change on a PR that I already know passes all the
tests then I'll have to wait 15 mins for the whole CI to run before I
can merge.


mikermcneil
[7 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091967828479?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
it was an indentation issue:
https://github.com/fleetdm/fleet/pull/10018/files#diff-68623aac08ce48b5c1275a38ea9f42a8a730a9c2e04ab1946174cdc67f4ce686R8
:ty:
1



Luke Heath
[7 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092006055779?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
Is it possible to conditionally enable the required CI checks?


Zach Wasserman
[6 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092018873739?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
Maybe you can just turn on a limited set of checks that we know go
really fast and have a high true-positive rate?


Luke Heath
[6 minutes
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092062859149?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
That's a good idea. FWIW we'll be removing e2e test runs in CI later
this week, which will reduce the CI run time by ~25 minutes.


mikermcneil
[< 1 minute
ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092432337109?thread_ts=1677091575.384279&cid=C01EZVBHFHU)
This is not the first time this has happened and I'd like to put an end
to the emergency remediation that takes a chunk of the day's focus away
from multiple people each time it occurs. If it causes a drain on our
ability to move quickly, let's def change it back. If it's worth the
friction (like the PR approval restriction), then we can keep it.
I'm running into the problem of being able to select the "test-website"
job from [this
list](https://github.com/fleetdm/fleet/settings/branch_protection_rules/18283834),
likely because it is already conditional:
image.png
2023-02-22 13:00:45 -06:00

18 lines
703 B
YAML
Raw Blame History

name: xprotect_meta
description: "This Mac's browser-related [XProtect](https://support.apple.com/en-ca/guide/security/sec469d47bd8/web) signatures."
columns:
- name: identifier
description: "Browser extension or plugin [identifier](https://fleetdm.com/tables/safari_extensions)"
- name: min_version
description: "The minimum allowed plugin version, or 'any' if no version is allowed."
examples: >-
See the minimum version of specific components allowed by Xprotect. This
usually means the previous versions have vulnerabilities that are being
exploited at scale, or were exploited at scale at some point in time.
```
SELECT * FROM xprotect_meta WHERE min_version!='any';
```
Reference in New Issue View Git Blame Copy Permalink