Implement targeted certificate patching in fleetd #16349
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow tests packaging of Fleet-osquery with the | |
# `fleetdm/fleetctl` Docker image. | |
name: Test native tooling packaging | |
on: | |
push: | |
branches: | |
- main | |
- patch-* | |
- prepare-* | |
pull_request: | |
paths: | |
- 'cmd/fleetctl/**.go' | |
- 'pkg/**.go' | |
- 'server/service/**.go' | |
- 'server/context/**.go' | |
- 'orbit/**.go' | |
- 'ee/fleetctl/**.go' | |
- 'tools/fleetctl-docker/**' | |
- 'tools/wix-docker/**' | |
- 'tools/bomutils-docker/**' | |
- '.github/workflows/test-native-tooling-packaging.yml' | |
workflow_dispatch: # Manual | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
cancel-in-progress: true | |
defaults: | |
run: | |
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
shell: bash | |
permissions: | |
contents: read | |
jobs: | |
test-packaging: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
go-version: ['${{ vars.GO_VERSION }}'] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: Install Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: Checkout Code | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Install Go Dependencies | |
run: make deps-go | |
- name: Build fleetdm/fleetctl | |
run: make fleetctl-docker | |
- name: Build DEB | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build DEB with Fleet Desktop | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
- name: Build RPM | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build RPM with Fleet Desktop | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
- name: Build MSI | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build MSI with Fleet Desktop | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
- name: Build PKG | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build PKG with Fleet Desktop | |
run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop |