Linux Key Escrow - Agent #20842
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow tests packaging of fleetd with the | |
# `fleetctl package` command. | |
# | |
# It fetches the targets: orbit, osquery and fleet-desktop from the default | |
# (Fleet's) TUF server, https://tuf.fleetctl.com. | |
# | |
# Docker and colima are extremely unreliable on macOS Github runners | |
# thus this workflow is not testing MSI package generation on macOS. | |
name: Test packaging | |
on: | |
push: | |
branches: | |
- main | |
- patch-* | |
- prepare-* | |
paths: | |
- 'cmd/fleetctl/**.go' | |
- 'pkg/**.go' | |
- 'server/context/**.go' | |
- 'orbit/**.go' | |
- 'ee/fleetctl/**.go' | |
- 'tools/fleetctl-docker/**' | |
- 'tools/wix-docker/**' | |
- 'tools/bomutils-docker/**' | |
- '.github/workflows/test-packaging.yml' | |
pull_request: | |
paths: | |
- 'cmd/fleetctl/**.go' | |
- 'pkg/**.go' | |
- 'server/context/**.go' | |
- 'orbit/**.go' | |
- 'ee/fleetctl/**.go' | |
- 'tools/fleetctl-docker/**' | |
- 'tools/wix-docker/**' | |
- 'tools/bomutils-docker/**' | |
- '.github/workflows/test-packaging.yml' | |
workflow_dispatch: # Manual | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
cancel-in-progress: true | |
defaults: | |
run: | |
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
shell: bash | |
permissions: | |
contents: read | |
jobs: | |
test-packaging: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-15] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: Pull fleetdm/wix | |
if: ${{ !startsWith(matrix.os, 'macos') }} | |
# Run in background while other steps complete to speed up the workflow | |
run: | | |
docker pull fleetdm/wix:latest & | |
- name: Pull fleetdm/bomutils | |
if: ${{ !startsWith(matrix.os, 'macos') }} | |
# Run in background while other steps complete to speed up the workflow | |
run: | | |
docker pull fleetdm/bomutils:latest & | |
- name: Checkout Code | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Install Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version-file: "go.mod" | |
- name: Install wine and wix | |
if: startsWith(matrix.os, 'macos') | |
run: | | |
./scripts/macos-install-wine.sh -n | |
wget https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip -nv -O wix.zip | |
mkdir wix | |
unzip wix.zip -d wix | |
rm -f wix.zip | |
echo wix installed at $(pwd)/wix | |
# It seems faster not to cache Go dependencies | |
- name: Install Go Dependencies | |
run: make deps-go | |
- name: Build fleetctl | |
run: make fleetctl | |
- name: Build DEB | |
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build DEB with Fleet Desktop | |
run: ./build/fleetctl package --type deb --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
- name: Build RPM | |
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build RPM with Fleet Desktop | |
run: ./build/fleetctl package --type rpm --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
- name: Build MSI | |
if: ${{ !startsWith(matrix.os, 'macos') }} | |
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build MSI with Fleet Desktop | |
if: ${{ !startsWith(matrix.os, 'macos') }} | |
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
- name: Build PKG | |
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 | |
- name: Build PKG with Fleet Desktop | |
run: ./build/fleetctl package --type pkg --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop | |
- name: Build MSI on macOS (using local Wix) | |
if: startsWith(matrix.os, 'macos') | |
run: ./build/fleetctl package --type msi --enroll-secret=foo --fleet-url=https://localhost:8080 --fleet-desktop --local-wix-dir ./wix |