Linux disk encryption: frontend changes, backend missing private key errors, remove disk encryption endpoints dependence on MDM being enabled #17721
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow tests generation of fleetd packages with the | |
| # `fleetdm/fleetctl` Docker image. | |
| name: Test native tooling packaging | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - patch-* | |
| - prepare-* | |
| pull_request: | |
| paths: | |
| - 'cmd/fleetctl/**.go' | |
| - 'pkg/**.go' | |
| - 'server/service/**.go' | |
| - 'server/context/**.go' | |
| - 'orbit/**.go' | |
| - 'ee/fleetctl/**.go' | |
| - 'tools/fleetctl-docker/**' | |
| - 'tools/wix-docker/**' | |
| - 'tools/bomutils-docker/**' | |
| - '.github/workflows/test-native-tooling-packaging.yml' | |
| workflow_dispatch: # Manual | |
| schedule: | |
| - cron: "0 5 * * *" | |
| # This allows a subsequently queued workflow run to interrupt previous runs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-packaging: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest] | |
| # build_type == 'remote' means this job will test the fleetdm/fleetctl:latest from Docker Hub. | |
| # build_type == 'local' means this job will build the the image locally. | |
| # | |
| # TODO(lucas): We should only run 'remote' on schedule | |
| # (adding conditionals to 'matrix' requires many tricks). | |
| build_type: ["remote", "local"] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout Code | |
| if: ${{ matrix.build_type == 'local' }} | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Install Go | |
| if: ${{ matrix.build_type == 'local' }} | |
| uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Install Go Dependencies | |
| if: ${{ matrix.build_type == 'local' }} | |
| run: make deps-go | |
| - name: Build fleetdm/wix | |
| if: ${{ matrix.build_type == 'local' }} | |
| run: make wix-docker | |
| - name: Build fleetdm/bomutils | |
| if: ${{ matrix.build_type == 'local' }} | |
| run: make bomutils-docker | |
| - name: Build fleetdm/fleetctl | |
| if: ${{ matrix.build_type == 'local' }} | |
| run: make fleetctl-docker | |
| - name: Build DEB | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 | |
| - name: Build DEB with Fleet Desktop | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
| - name: Build RPM | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 | |
| - name: Build RPM with Fleet Desktop | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
| - name: Build MSI | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 | |
| - name: Build MSI with Fleet Desktop | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
| - name: Build PKG | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 | |
| - name: Build PKG with Fleet Desktop | |
| run: docker run -v "$(pwd):/build" fleetdm/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
| - name: Slack Notification | |
| if: github.event.schedule == '0 5 * * *' && failure() | |
| uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 | |
| with: | |
| payload: | | |
| { | |
| "text": "${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head.html_url }}", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "⚠️ Tests on fleetdm/fleetctl docker image failed.\nhttps://github.com/fleetdm/fleet/actions/runs/${{ github.run_id }}" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_G_HELP_ENGINEERING_WEBHOOK_URL }} | |
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |