[Activity changes] Add applied_spec_software activity

[eugkuo]

Activity changes for the following user story:

• Add a global activity entry into the activity feed when software is managed via GitOps #28849

[rachaelshaw]

Changes lgtm! Should this PR be to a release docs branch or was this already implemented?

[eugkuo]

@rachaelshaw Oh right! Let me see about moving this to a branch. Sorry!

[Sampfluger88]

Hey this PR should not be merged. It's pulling in all changes. Nvm just saw the above comment.

🪓

[rachaelshaw]

@eugkuo converting this PR to a draft; changing the base branch always seems to result in massive diffs (183 files changed 🫠) and auto-requests reviews from all the codeowners. I'm not sure how to fix it other than making a new PR.

[codecov]

Codecov Report

Attention: Patch coverage is 55.88235% with 30 lines in your changes missing coverage. Please review.

Project coverage is 63.59%. Comparing base (c9bdae8) to head (27f6db7).
Report is 39 commits behind head on docs-v4.63.0.

Files with missing lines	Patch %	Lines
.../components/TableContainer/DataTable/DataTable.tsx	14.28%	6 Missing ⚠️
server/mdm/nanomdm/service/nanomdm/service.go	44.44%	3 Missing and 2 partials ⚠️
server/mdm/nanomdm/storage/allmulti/allmulti.go	0.00%	5 Missing ⚠️
server/service/microsoft_mdm.go	28.57%	3 Missing and 2 partials ⚠️
server/datastore/mysql/microsoft_mdm.go	63.63%	3 Missing and 1 partial ⚠️
server/service/orbit.go	20.00%	3 Missing and 1 partial ⚠️
frontend/components/forms/fields/Slider/Slider.tsx	80.00%	1 Missing ⚠️

Additional details and impacted files

@@               Coverage Diff                @@
##           docs-v4.63.0   #24913      +/-   ##
================================================
+ Coverage         63.56%   63.59%   +0.02%     
================================================
  Files              1603     1603              
  Lines            151958   152006      +48     
  Branches           3900     3871      -29     
================================================
+ Hits              96590    96661      +71     
+ Misses            47667    47650      -17     
+ Partials           7701     7695       -6     

Flag	Coverage Δ
backend	64.39% <57.40%> (+0.03%)	⬆️
frontend	53.73% <50.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[eugkuo]

@rachaelshaw

@eugkuo converting this PR to a draft; changing the base branch always seems to result in massive diffs (183 files changed 🫠) and auto-requests reviews from all the codeowners. I'm not sure how to fix it other than making a new PR.

Thanks for doing this. Does that mean we should update the process here?

[noahtalerman]

Dev note

Activity is generated when GitOps runs and there is at least one software (package, App Store app, or Fleet-maintained app) is specified in the YAML's software: https://fleetdm.com/docs/configuration/yaml-files#software

[noahtalerman]

cc @eugkuo

[iansltx]

I want to say this is a reversal from the (potentially inconsistently applied) pattern of "GitOps applies don't show up in the activity feed"? Seems like if we want them to show up we'd want the existing app add/edit/delete events for consistency with what manual actions add to the feed, but maybe I'm missing something?

[noahtalerman]

Why are adding this? There's a missing gap in activities for GitOps right now: software isn't mentioned. I think let's stick with the current pattern now to keep changes small.

we'd want the existing app add/edit/delete

Eventually we can come back to more specific language and addressing the problem of only showing activities if something changed.

[iansltx]

As we're digging back into this post-user-story-review, heads-up that the software gitops endpoints (packages and VPP apps) are always called 1x each per team, at least with Fleet Premium, and currently e.g. the script batch endpoint adds an activity whenever it's called, even if no scripts are supplied (because the bulk action may have deleted all scripts).

[noahtalerman]

Got it! Thanks for checking.

If I'm understanding correctly, it sounds like this new applied_spec_activity will be consistent with the other applied_spec activities. I think that's what we want 👍

[noahtalerman]

@eugkuo @iansltx I just pushed some tweaks.

I think it would be nice if this matched the structure of software key in the YAML: https://fleetdm.com/docs/configuration/yaml-files#software

What do y'all think?

[noahtalerman]

Adding VPP into the mix would significantly affect level of effort

@iansltx by how many points you think? Might be worth it to hit VPP while we're doing this. So we don't forget to do it and never come back to it.

[iansltx]

Minimum +3, since in order to avoid broadcasting an activity when no software was provided but also broadcast an activity when software was deleted, we would need to merge VPP batch and software installer batch endpoints so we have a clear picture of before/after.

Additionally, right now fleetctl applies software packages and then VPP apps and without further digging I can't say whether that order of operations is significant. So either that order doesn't matter or it's an unknown-sized can of worms. Thinking more likely the latter since we're talking about GitOps code here.

[iansltx]

Re: the software key, if I'm consuming this JSON I'd rather iterate over one set of items and filter/null-check slug if I care about FMA, vs. iterating over two nearly identical keys (I had thought about splitting FMA out).

[noahtalerman]

@iansltx I think let's keep VPP in this pass. So we can get it all the way done while we're at it.

Re: the software key, if I'm consuming this JSON

I'll defer to you and @rachaelshaw (API design DRI) here. Please feel free to update the PR with your proposed changes.

The base branch was changed.

[eugkuo]

@rachaelshaw Okee. I converted this to draft and I believe I just manually requested your review. LMK if I messed anything up.

cc @noahtalerman

[noahtalerman]

Closing this PR because we decided to de-prioritize the user story for now.