6091556b7a
mikermcneil 3 minutes ago @Kathy Satterlee I think https://github.com/fleetdm/fleet/pull/9881 broke the build 4 replies . mikermcneil 2 minutes ago https://github.com/fleetdm/fleet/pull/9979#issuecomment-1440604277 Zay Hanlon 1 minute ago Oops. That was my approval/merge on Kathy's change Zay Hanlon 1 minute ago How do I fix? mikermcneil < 1 minute ago @Zay Hanlon All good. I think we should make it so that PRs can't be merged until they pass the CI checks. It's annoying but would prevent things like this, which are expensive and involve multiple folks' time. @Zach Wasserman @Luke Heath I'm going to turn on the branch protection that prevents merging when automated CI checks are failing. @Kathy Satterlee I'll follow up with a fix now. @Jarod Reyes Feel free to go ahead and merge your PR in the meantime. Zay Hanlon :spiral_calendar_pad: [11 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091760162369?thread_ts=1677091575.384279&cid=C01EZVBHFHU) Sorry 😞 mikermcneil [10 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091789685699?thread_ts=1677091575.384279&cid=C01EZVBHFHU) All good, inevitable Zach Wasserman [9 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091841779269?thread_ts=1677091575.384279&cid=C01EZVBHFHU) FWIW turning that on will really slow down my dev process at times. Zach Wasserman [8 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091942206439?thread_ts=1677091575.384279&cid=C01EZVBHFHU) eg. if I make one tiny change on a PR that I already know passes all the tests then I'll have to wait 15 mins for the whole CI to run before I can merge. mikermcneil [7 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677091967828479?thread_ts=1677091575.384279&cid=C01EZVBHFHU) it was an indentation issue: https://github.com/fleetdm/fleet/pull/10018/files#diff-68623aac08ce48b5c1275a38ea9f42a8a730a9c2e04ab1946174cdc67f4ce686R8 :ty: 1 Luke Heath [7 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092006055779?thread_ts=1677091575.384279&cid=C01EZVBHFHU) Is it possible to conditionally enable the required CI checks? Zach Wasserman [6 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092018873739?thread_ts=1677091575.384279&cid=C01EZVBHFHU) Maybe you can just turn on a limited set of checks that we know go really fast and have a high true-positive rate? Luke Heath [6 minutes ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092062859149?thread_ts=1677091575.384279&cid=C01EZVBHFHU) That's a good idea. FWIW we'll be removing e2e test runs in CI later this week, which will reduce the CI run time by ~25 minutes. mikermcneil [< 1 minute ago](https://fleetdm.slack.com/archives/C01EZVBHFHU/p1677092432337109?thread_ts=1677091575.384279&cid=C01EZVBHFHU) This is not the first time this has happened and I'd like to put an end to the emergency remediation that takes a chunk of the day's focus away from multiple people each time it occurs. If it causes a drain on our ability to move quickly, let's def change it back. If it's worth the friction (like the PR approval restriction), then we can keep it. I'm running into the problem of being able to select the "test-website" job from [this list](https://github.com/fleetdm/fleet/settings/branch_protection_rules/18283834), likely because it is already conditional: image.png |
||
|---|---|---|
| .. | ||
| tables | ||
| fleet_schema.json | ||
| osquery_fleet_schema.json | ||
| README.md | ||
Hello! Welcome to Fleet's osquery tables documentation.
This folder contains additional documentation that we add on top of the existing documentation for osquery to make the documentation of each table more useful for Fleet users.
Fleet's schema tables live in the tables/ folder. Each osquery table with Fleet overrides has a corresponding YAML file that will override information in the osquery schema documentation.
The existing documentation data lives in the osquery repo at: https://github.com/osquery/osquery-site/tree/source/src/data/osquery_schema_versions.
You can open PRs against a table's YAML file in the tables/ folder or the osquery schema file. Just note that the data in a table's YAML file overwrites the osquery data whenever there is a conflict.
When adding a new YAML override to Fleet's osquery schema you can use this template:
name: # (required) string - The name of the table.
description: >- # (required) string - The description for this table. Note: this field supports markdown
# Add description here
examples: >- # (optional) string - An example query for this table. Note: This field supports markdown
# Add examples here
notes: >- # (optional) string - Notes about this table. Note: This field supports markdown.
# Add notes here
columns: # (required) array - An array of columns in this table
- name: # (required) string - The name of the column
description: # (required) string - The column's description
type: # (required) string - the column's data type
required: # (required) boolean - whether or not this column is required to query this table.
Alternatively, if you want to add documentation about an osquery table for which we don't have a YAML override, you can find the table's page on the Fleet website and click the "edit page" button. Clicking this button will take you to the GitHub web editor with the template pre-filled. After you add information about the table and its columns, you can open a new pull request to add the new YAML file to Fleet's overrides.