Skip to content

produce failed enrollment renewal activity#44511

Merged
MagnusHJensen merged 3 commits into
mainfrom
41418-backend-failed-enrollment-renewal-activity
May 1, 2026
Merged

produce failed enrollment renewal activity#44511
MagnusHJensen merged 3 commits into
mainfrom
41418-backend-failed-enrollment-renewal-activity

Conversation

@MagnusHJensen
Copy link
Copy Markdown
Member

@MagnusHJensen MagnusHJensen commented Apr 30, 2026
edited by coderabbitai Bot
Loading

Related issue: Resolves #41418

Checklist for submitter

If some of the following don't apply, delete the relevant line.

  • Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
    See Changes files for more information.

  • Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters.

  • Timeouts are implemented and retries are limited to avoid infinite loops

  • If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes

Testing

  • Added/updated automated tests
  • QA'd all new/changed functionality manually

To manually QA, I put an early return with msg.Fail in the mdm_scep.go file under PKIOperation method, and then triggered a SCEP renewal.

Summary by CodeRabbit

  • New Features

    • Activity logging for Apple MDM enrollment profile renewal failures to improve auditing and diagnostics.
    • Host display enhancements: include computer name and hardware model to improve host identification in activities and UI.

  • Tests

    • Integration tests verifying enrollment renewal failure activity creation, association to the correct host, and activity payload contents.

Copilot AI review requested due to automatic review settings April 30, 2026 17:20
@MagnusHJensen MagnusHJensen requested a review from a team as a code owner April 30, 2026 17:20
claude[bot]
claude Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 30, 2026
edited
Loading

Walkthrough

Adds a new activity type failed_enrollment_profile_renewal and records that activity when an Apple enrollment renewal command fails. Introduces Datastore.IsAppleEnrollmentRenewalCommand to detect renewal commands, extends HostLite with ComputerName and HardwareModel and a DisplayName() method, threads fleet.NewActivityFunc through MDM/profile handlers and service code, updates profile installation result handling to create the new activity for matching renewal failures, and adds integration tests covering the behavior.

Possibly related PRs

  • PR 40752: Refactors activity callback types and propagates NewActivityFunc through MDM/profile handlers, aligning activity-callback surface changes with this PR.
  • PR 43437: Modifies activity definitions and related wiring in the activities subsystem, overlapping with the addition and handling of failed_enrollment_profile_renewal.
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'produce failed enrollment renewal activity' directly summarizes the main change: adding logic to generate a new activity type when enrollment profile renewal fails.
Description check ✅ Passed The PR description covers key aspects including the related issue, security validations, testing approach, and manual QA details. However, it lacks detailed explanation of the technical changes and implementation approach.
Linked Issues check ✅ Passed The PR successfully implements all requirements from issue #41418: defines the failed_enrollment_profile_renewal activity type [41418], updates InstallProfile result handling to detect SCEP renewal commands [41418], queries nano_cert_auth_associations appropriately [41418], and creates the activity without retry [41418].
Out of Scope Changes check ✅ Passed All changes directly support the enrollment renewal activity feature. The addition of ComputerName and HardwareModel to HostLite, DisplayName() method, and supporting datastore methods are necessary for activity details. No extraneous changes detected.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 41418-backend-failed-enrollment-renewal-activity

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 6/8 reviews remaining, refill in 7 minutes and 46 seconds.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@server/fleet/activities.go`:
- Around line 1988-1996: The new struct
ActivityTypeFailedEnrollmentProfileRenewal and its ActivityName() method were
added but not registered in the ActivityDetailsList used for docs generation;
update the ActivityDetailsList to include an entry for
ActivityTypeFailedEnrollmentProfileRenewal keyed by its ActivityName() (i.e.,
"failed_enrollment_profile_renewal") with the appropriate details/description
and example payload so it appears in generated activity documentation. Locate
the ActivityDetailsList declaration and add the mapping referencing
ActivityTypeFailedEnrollmentProfileRenewal and its fields to maintain consistent
docs generation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f3f3b203-cbe4-41a4-a123-e81ec445ea4e

📥 Commits

Reviewing files that changed from the base of the PR and between 13cec63 and 5333d9e.

📒 Files selected for processing (11)
  • changes/40623-failed-enrollment-renewal
  • server/datastore/mysql/apple_mdm.go
  • server/datastore/mysql/hosts.go
  • server/fleet/activities.go
  • server/fleet/datastore.go
  • server/fleet/hosts.go
  • server/mdm/apple/profile_verifier.go
  • server/mdm/lifecycle/lifecycle.go
  • server/mock/datastore_mock.go
  • server/service/apple_mdm.go
  • server/service/integration_mdm_test.go

Comment thread server/fleet/activities.go
@MagnusHJensen MagnusHJensen mentioned this pull request Apr 30, 2026
Merged
Copilot AI reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds an activity record when an Apple enrollment profile renewal (SCEP/ACME) fails to install, enabling visibility into renewal failures (Resolves #41418).

Changes:

  • Introduces a new activity type for failed enrollment profile renewal events.
  • Detects “enrollment renewal” install-profile failures via datastore lookup and emits an activity instead of surfacing a not-found error.
  • Adds an integration test covering when the activity should/shouldn’t be produced.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
server/mdm/apple/profile_verifier.go Emits the new activity when a failed InstallProfile result matches an enrollment renewal command.
server/datastore/mysql/apple_mdm.go Adds datastore query to determine whether a command UUID is an enrollment renewal command for a host.
server/service/apple_mdm.go Passes the service activity function down to the profile install result handler.
server/fleet/activities.go Defines failed_enrollment_profile_renewal activity payload and metadata.
server/fleet/datastore.go Extends datastore interfaces to support renewal-command detection and host-lite lookup.
server/fleet/hosts.go Adds HostLite.DisplayName() and fields needed to compute it.
server/datastore/mysql/hosts.go Loads additional HostLite fields from DB.
server/mock/datastore_mock.go Extends datastore mock to support the new method.
server/service/integration_mdm_test.go Adds integration coverage for activity emission rules.
changes/40623-failed-enrollment-renewal Documents the user-visible change.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread server/mdm/apple/profile_verifier.go
Comment thread server/mdm/apple/profile_verifier.go
Comment thread server/datastore/mysql/apple_mdm.go Outdated
Comment thread server/mdm/apple/profile_verifier.go Outdated
Comment thread server/mock/datastore_mock.go
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 30, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 62.50000% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.77%. Comparing base (0e0ae68) to head (f403ed4).
⚠️ Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
server/mdm/apple/profile_verifier.go 64.70% 3 Missing and 3 partials ⚠️
server/datastore/mysql/apple_mdm.go 50.00% 3 Missing and 1 partial ⚠️
server/service/apple_mdm.go 50.00% 0 Missing and 1 partial ⚠️
server/service/apple_mdm_cmd_results.go 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #44511      +/-   ##
==========================================
+ Coverage   66.65%   66.77%   +0.11%     
==========================================
  Files        2645     2637       -8     
  Lines      212854   212402     -452     
  Branches     9610     9549      -61     
==========================================
- Hits       141888   141832      -56     
+ Misses      58091    57697     -394     
+ Partials    12875    12873       -2
Flag Coverage Δ
backend 68.54% <62.50%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@MagnusHJensen MagnusHJensen mentioned this pull request May 1, 2026
Merged
5 tasks
JordanMontgomery pushed a commit that referenced this pull request May 1, 2026
@MagnusHJensen
remove activity details list (#44513)
0e0ae68 
This is no longer used, but gets flagged by AI.

#44511 (comment)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Removed a now-redundant exported activity list from the codebase,
simplifying internal activity declarations. This streamlines internal
structures without changing user-visible behavior or altering existing
activity types.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
coderabbitai[bot]
coderabbitai Bot reviewed May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
server/service/integration_mdm_test.go (1)

24217-24227: ⚡ Quick win

Assert expected negative-path errors instead of discarding them.

Line 24217 and Line 24226 ignore HandleHostMDMProfileInstallResult errors, which can hide unrelated regressions. Prefer asserting the expected not-found behavior in both cases.

Suggested test tightening 
-	_ = apple_mdm.HandleHostMDMProfileInstallResult(ctx, s.ds, host.UUID, case1Cmd, &failed, "boom", s.fleetSvc.NewActivity)
+	err := apple_mdm.HandleHostMDMProfileInstallResult(ctx, s.ds, host.UUID, case1Cmd, &failed, "boom", s.fleetSvc.NewActivity)
+	require.Error(t, err)
+	require.True(t, fleet.IsNotFound(err))

 ...
-	_ = apple_mdm.HandleHostMDMProfileInstallResult(ctx, s.ds, host.UUID, case2OtherCmd, &failed, "boom", s.fleetSvc.NewActivity)
+	err = apple_mdm.HandleHostMDMProfileInstallResult(ctx, s.ds, host.UUID, case2OtherCmd, &failed, "boom", s.fleetSvc.NewActivity)
+	require.Error(t, err)
+	require.True(t, fleet.IsNotFound(err))
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@server/service/integration_mdm_test.go` around lines 24217 - 24227, The test
currently ignores errors returned by apple_mdm.HandleHostMDMProfileInstallResult
for the negative cases (case1Cmd and case2OtherCmd); capture the returned error
(err := apple_mdm.HandleHostMDMProfileInstallResult(...)) and assert it matches
the expected not-found/failure type instead of discarding it (use
require.Error/require.ErrorIs or require.ErrorContains as appropriate), doing
this for both the call with case1Cmd and the call with case2OtherCmd so
regressions are surfaced.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@server/service/integration_mdm_test.go`:
- Around line 24217-24227: The test currently ignores errors returned by
apple_mdm.HandleHostMDMProfileInstallResult for the negative cases (case1Cmd and
case2OtherCmd); capture the returned error (err :=
apple_mdm.HandleHostMDMProfileInstallResult(...)) and assert it matches the
expected not-found/failure type instead of discarding it (use
require.Error/require.ErrorIs or require.ErrorContains as appropriate), doing
this for both the call with case1Cmd and the call with case2OtherCmd so
regressions are surfaced.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3f3edc3e-cbff-4e59-95a9-aca947e2139d

📥 Commits

Reviewing files that changed from the base of the PR and between 10f150d and f403ed4.

📒 Files selected for processing (4)
  • server/fleet/activities.go
  • server/fleet/datastore.go
  • server/mock/datastore_mock.go
  • server/service/integration_mdm_test.go
✅ Files skipped from review due to trivial changes (1)
  • server/fleet/activities.go

@qodo-free-for-open-source-projects
Copy link
Copy Markdown

qodo-free-for-open-source-projects Bot commented May 1, 2026

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: test-go (fleetctl, mysql:8.0.44) / test

Failed stage: Run Go Tests [❌]

Failed test name: TestIntegrationsVulnerabilityDataStream

Failure summary:

The action failed because a Go integration test failed: TestIntegrationsVulnerabilityDataStream in
cmd/fleetctl/integrationtest/vuln.
The test error is caused by repeated network timeouts while
trying to download Ubuntu OVAL vulnerability definitions from
https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2 (multiple dial tcp
...:443: i/o timeout and one connection reset by peer).
The failure is reported at
cmd/fleetctl/integrationtest/vuln/vulnerability_data_stream_test.go:44, causing make test-go to exit
non-zero (make[1]: *** [Makefile:278: .run-go-tests] Error 1 / make: *** [Makefile:393: test-go]
Error 2).

Relevant error logs: 
1:  ##[group]Runner Image Provisioner
2:  Hosted Compute Agent
...

1629:  �[36;1mattempt=1�[0m
1630:  �[36;1m�[0m
1631:  �[36;1mwhile [ $attempt -le $max_attempts ]; do�[0m
1632:  �[36;1m  echo "Attempt $attempt of $max_attempts"�[0m
1633:  �[36;1m�[0m
1634:  �[36;1m  # Try to connect to MySQL�[0m
1635:  �[36;1m  if wait_for_mysql "mysql_test"; then�[0m
1636:  �[36;1m    # If MySQL is ready, try to connect to MySQL replica�[0m
1637:  �[36;1m    if wait_for_mysql "mysql_replica_test"; then�[0m
1638:  �[36;1m      # Both are ready, we're done�[0m
1639:  �[36;1m      echo "All MySQL connections successful"�[0m
1640:  �[36;1m      exit 0�[0m
1641:  �[36;1m    fi�[0m
1642:  �[36;1m  fi�[0m
1643:  �[36;1m�[0m
1644:  �[36;1m  # If we get here, at least one connection failed�[0m
1645:  �[36;1m  echo "Failed to connect to MySQL on attempt $attempt"�[0m
1646:  �[36;1m�[0m
1647:  �[36;1m  if [ $attempt -lt $max_attempts ]; then�[0m
1648:  �[36;1m    echo "Restarting containers and trying again..."�[0m
1649:  �[36;1m    restart_containers�[0m
1650:  �[36;1m  else�[0m
1651:  �[36;1m    echo "Maximum attempts reached. Failing the job."�[0m
1652:  �[36;1m    exit 1�[0m
...

1721:  gotestsum --format=testdox --jsonfile=/tmp/test-output.json -- -tags full,fts5,netgo -run=  -v -race=false -timeout=20m  -parallel 8 -coverprofile=coverage.txt -covermode=atomic -coverpkg=github.com/fleetdm/fleet/v4/... ././cmd/fleetctl/... 
1722:  go: downloading github.com/stretchr/testify v1.11.1
1723:  go: downloading github.com/AbGuthrie/goquery/v2 v2.0.1
1724:  go: downloading github.com/go-git/go-git/v5 v5.18.0
1725:  go: downloading github.com/beevik/etree v1.6.0
1726:  go: downloading github.com/briandowns/spinner v1.23.1
1727:  go: downloading github.com/google/go-github/v37 v37.0.0
1728:  go: downloading github.com/gosuri/uilive v0.0.4
1729:  go: downloading github.com/manifoldco/promptui v0.9.0
1730:  go: downloading github.com/mitchellh/go-ps v1.0.0
1731:  go: downloading github.com/olekukonko/tablewriter v0.0.5
1732:  go: downloading github.com/sethvargo/go-password v0.3.0
1733:  go: downloading github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
1734:  go: downloading github.com/urfave/cli/v2 v2.27.7
1735:  go: downloading github.com/patrickmn/go-cache v2.1.0+incompatible
1736:  go: downloading github.com/hashicorp/go-multierror v1.1.1
1737:  go: downloading github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f
...

1986:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days not a number (0.46s)
1987:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days out of range (0.46s)
1988:  �[32m✓�[0m Apply specs deprecated keys config with FIM values for agent options (#869 9) (0.42s)
1989:  �[32m✓�[0m Apply specs deprecated keys config with blank required org name (0.51s)
1990:  �[32m✓�[0m Apply specs deprecated keys config with blank required server url (0.41s)
1991:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options command-line flags (0.68s)
1992:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type in dry-run (0.54s)
1993:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type with force (0.60s)
1994:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options in dry-run (0.36s)
1995:  �[32m✓�[0m Apply specs deprecated keys config with invalid key type (0.44s)
1996:  �[32m✓�[0m Apply specs deprecated keys config with invalid value for agent options command-line flags (0.52s)
1997:  �[32m✓�[0m Apply specs deprecated keys config with unknown key (0.52s)
1998:  �[32m✓�[0m Apply specs deprecated keys config with valid agent options command-line flags (0.44s)
1999:  �[32m✓�[0m Apply specs deprecated keys dry-run set with unsupported spec (0.51s)
2000:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, appconfig warning for legacy (0.99s)
2001:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, no errors (0.47s)
2002:  �[32m✓�[0m Apply specs deprecated keys empty config (0.51s)
...

2005:  �[32m✓�[0m Apply specs deprecated keys invalid agent options dry-run (0.50s)
2006:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type (0.52s)
2007:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type in overrides (0.46s)
2008:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for existing team (0.59s)
2009:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for new team (0.59s)
2010:  �[32m✓�[0m Apply specs deprecated keys invalid agent options force (0.48s)
2011:  �[32m✓�[0m Apply specs deprecated keys invalid known key's value type for team cannot be forced (0.48s)
2012:  �[32m✓�[0m Apply specs deprecated keys invalid team agent options command-line flag (0.49s)
2013:  �[32m✓�[0m Apply specs deprecated keys invalid top-level key for team (0.61s)
2014:  �[32m✓�[0m Apply specs deprecated keys macos updates deadline set but minimum version empty (0.40s)
2015:  �[32m✓�[0m Apply specs deprecated keys macos updates minimum version set but deadline empty (0.45s)
2016:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with incomplete date (0.52s)
2017:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with invalid date (0.72s)
2018:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with timestamp (0.37s)
2019:  �[32m✓�[0m Apply specs deprecated keys macos updates.minimum version with build version (0.39s)
2020:  �[32m✓�[0m Apply specs deprecated keys missing required failing policies destination url (0.35s)
2021:  �[32m✓�[0m Apply specs deprecated keys missing required host status days count (0.39s)
...

2029:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption true (0.39s)
2030:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption with invalid value type (0.47s)
2031:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption without a value (0.45s)
2032:  �[32m✓�[0m Apply specs deprecated keys unknown key for team can be forced (0.62s)
2033:  �[32m✓�[0m Apply specs deprecated keys valid team agent options command-line flag (0.49s)
2034:  �[32m✓�[0m Apply specs deprecated keys windows updates unset valid (0.50s)
2035:  �[32m✓�[0m Apply specs deprecated keys windows updates valid (0.49s)
2036:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days but grace period empty (0.35s)
2037:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days not a number (0.41s)
2038:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days out of range (0.51s)
2039:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days but deadline empty (0.36s)
2040:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days not a number (0.48s)
2041:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days out of range (0.43s)
2042:  �[32m✓�[0m Apply specs dry-run set with unsupported spec (0.37s)
2043:  �[32m✓�[0m Apply specs dry-run set with various specs, appconfig warning for legacy (0.36s)
2044:  �[32m✓�[0m Apply specs dry-run set with various specs, no errors (0.38s)
2045:  �[32m✓�[0m Apply specs empty config (0.41s)
...

2048:  �[32m✓�[0m Apply specs invalid agent options dry-run (0.54s)
2049:  �[32m✓�[0m Apply specs invalid agent options field type (0.40s)
2050:  �[32m✓�[0m Apply specs invalid agent options field type in overrides (0.39s)
2051:  �[32m✓�[0m Apply specs invalid agent options for existing team (0.42s)
2052:  �[32m✓�[0m Apply specs invalid agent options for new team (0.61s)
2053:  �[32m✓�[0m Apply specs invalid agent options force (0.49s)
2054:  �[32m✓�[0m Apply specs invalid known key's value type for team cannot be forced (0.41s)
2055:  �[32m✓�[0m Apply specs invalid team agent options command-line flag (0.46s)
2056:  �[32m✓�[0m Apply specs invalid top-level key for team (0.37s)
2057:  �[32m✓�[0m Apply specs macos updates deadline set but minimum version empty (0.42s)
2058:  �[32m✓�[0m Apply specs macos updates minimum version set but deadline empty (0.32s)
2059:  �[32m✓�[0m Apply specs macos updates.deadline with incomplete date (0.38s)
2060:  �[32m✓�[0m Apply specs macos updates.deadline with invalid date (0.58s)
2061:  �[32m✓�[0m Apply specs macos updates.deadline with timestamp (0.49s)
2062:  �[32m✓�[0m Apply specs macos updates.minimum version with build version (0.37s)
2063:  �[32m✓�[0m Apply specs missing required failing policies destination url (0.48s)
2064:  �[32m✓�[0m Apply specs missing required host status days count (0.49s)
...

2150:  �[32m✓�[0m Filename functions (0.00s)
2151:  �[32m✓�[0m Filename functions outfile name builds a file name using the name provided + current time (0.00s)
2152:  �[32m✓�[0m Filename functions outfile name with ext builds a file name using the name and extension provided + current time (0.00s)
2153:  �[32m✓�[0m FleetctlUpgradePacks empty packs (0.49s)
2154:  �[32m✓�[0m FleetctlUpgradePacks no pack (0.52s)
2155:  �[32m✓�[0m FleetctlUpgradePacks non empty (0.34s)
2156:  �[32m✓�[0m FleetctlUpgradePacks not admin (0.46s)
2157:  �[32m✓�[0m Format XML (0.00s)
2158:  �[32m✓�[0m Format XML XML with attributes (0.00s)
2159:  �[32m✓�[0m Format XML basic XML (0.00s)
2160:  �[32m✓�[0m Format XML empty XML (0.00s)
2161:  �[32m✓�[0m Format XML invalid XML (0.00s)
2162:  �[32m✓�[0m Format XML nested XML (0.00s)
2163:  �[32m✓�[0m Generate MDM apple (0.92s)
2164:  �[32m✓�[0m Generate MDM apple BM (0.34s)
2165:  �[32m✓�[0m Generate MDM apple CSR API call fails (0.46s)
2166:  �[32m✓�[0m Generate MDM apple successful run (0.46s)
2167:  �[32m✓�[0m Generate MDMVPP tokens (0.00s)
2168:  �[32m✓�[0m Generate MDMVPP tokens get VPP tokens error (0.00s)
2169:  �[32m✓�[0m Generate MDMVPP tokens multiple tokens with different teams (0.00s)
...

2181:  �[32m✓�[0m Generate org settings insecure (0.00s)
2182:  �[32m✓�[0m Generate org settings masked google calendar api key (0.00s)
2183:  �[32m✓�[0m Generate policies (0.00s)
2184:  �[32m✓�[0m Generate queries (0.00s)
2185:  �[32m✓�[0m Generate software (0.00s)
2186:  �[32m✓�[0m Generate software auto update schedule (0.00s)
2187:  �[32m✓�[0m Generate software script packages (0.00s)
2188:  �[32m✓�[0m Generate team settings (0.00s)
2189:  �[32m✓�[0m Generate team settings insecure (0.00s)
2190:  �[32m✓�[0m Generated org settings no SSO (0.00s)
2191:  �[32m✓�[0m Generated org settings okta conditional access not included (0.00s)
2192:  �[32m✓�[0m Get MDM command results (0.49s)
2193:  �[32m✓�[0m Get MDM command results command flag required (0.00s)
2194:  �[32m✓�[0m Get MDM command results command not found (0.01s)
2195:  �[32m✓�[0m Get MDM command results command results empty (0.01s)
2196:  �[32m✓�[0m Get MDM command results command results error (0.01s)
2197:  �[32m✓�[0m Get MDM command results darwin command results (0.00s)
2198:  �[32m✓�[0m Get MDM command results host specific results (0.00s)
2199:  �[32m✓�[0m Get MDM command results windows command results (0.00s)
2200:  �[32m✓�[0m Get MDM commands (0.35s)
2201:  �[32m✓�[0m Get apple BM (1.59s)
2202:  �[32m✓�[0m Get apple BM free license (0.33s)
2203:  �[32m✓�[0m Get apple BM premium license, multiple tokens (0.44s)
2204:  �[32m✓�[0m Get apple BM premium license, no token (0.47s)
2205:  �[32m✓�[0m Get apple BM premium license, single token (0.34s)
2206:  �[32m✓�[0m Get apple MDM (0.48s)
2207:  �[32m✓�[0m Get carve (0.41s)
2208:  �[32m✓�[0m Get carve with error (0.52s)
2209:  �[32m✓�[0m Get carves (0.58s)
...

2235:  �[32m✓�[0m Get queries as observer (0.50s)
2236:  �[32m✓�[0m Get queries as observer global observer (0.01s)
2237:  �[32m✓�[0m Get queries as observer observer of multiple teams (0.01s)
2238:  �[32m✓�[0m Get queries as observer team observer (0.01s)
2239:  �[32m✓�[0m Get query (0.41s)
2240:  �[32m✓�[0m Get software titles (0.51s)
2241:  �[32m✓�[0m Get software versions (0.42s)
2242:  �[32m✓�[0m Get teams (0.77s)
2243:  �[32m✓�[0m Get teams YAML and apply (0.38s)
2244:  �[32m✓�[0m Get teams by name (0.40s)
2245:  �[32m✓�[0m Get teams expired license (0.39s)
2246:  �[32m✓�[0m Get teams not expired license (0.38s)
2247:  �[32m✓�[0m Get user roles (0.44s)
2248:  �[32m✓�[0m Git ops ABM (5.76s)
2249:  �[32m✓�[0m Git ops ABM backwards compat (0.59s)
2250:  �[32m✓�[0m Git ops ABM both keys errors (0.53s)
2251:  �[32m✓�[0m Git ops ABM deprecated config with two tokens in the db fails (0.63s)
2252:  �[32m✓�[0m Git ops ABM new key all valid (0.72s)
2253:  �[32m✓�[0m Git ops ABM new key multiple elements (0.57s)
2254:  �[32m✓�[0m Git ops ABM no team is supported (0.48s)
2255:  �[32m✓�[0m Git ops ABM non existent org name fails (0.61s)
2256:  �[32m✓�[0m Git ops ABM not provided teams defaults to no team (0.52s)
2257:  �[32m✓�[0m Git ops ABM renamed new key all valid (0.64s)
2258:  �[32m✓�[0m Git ops ABM using an undefined team errors (0.46s)
2259:  �[32m✓�[0m Git ops EULA setting (4.19s)
...

2262:  �[32m✓�[0m Git ops EULA setting not a PDF file (0.40s)
2263:  �[32m✓�[0m Git ops EULA setting relative path to working dir to pdf file (no existing EULA uploaded) (0.63s)
2264:  �[32m✓�[0m Git ops EULA setting relative path to yaml file to pdf file (no existing EULA uploaded) (0.52s)
2265:  �[32m✓�[0m Git ops EULA setting uploading the same EULA again (0.48s)
2266:  �[32m✓�[0m Git ops EULA setting valid new pdf file (different EULA already uploaded) (0.44s)
2267:  �[32m✓�[0m Git ops EULA setting valid pdf file (no existing EULA uploaded) (0.48s)
2268:  �[32m✓�[0m Git ops MDM auth settings (0.48s)
2269:  �[32m✓�[0m Git ops SMTP settings (0.46s)
2270:  �[32m✓�[0m Git ops SSO server URL (0.51s)
2271:  �[32m✓�[0m Git ops SSO settings (0.57s)
2272:  �[32m✓�[0m Git ops android certificates add (0.58s)
2273:  �[32m✓�[0m Git ops android certificates change (0.71s)
2274:  �[32m✓�[0m Git ops android certificates delete all (0.58s)
2275:  �[32m✓�[0m Git ops android certificates delete one (0.43s)
2276:  �[32m✓�[0m Git ops app store app auto update (0.49s)
2277:  �[32m✓�[0m Git ops app store app auto update invalid auto-update window triggers error and does not call update software title auto update config (0.01s)
2278:  �[32m✓�[0m Git ops app store app auto update no auto update settings and no existing schedule does not call update software title auto update config (0.02s)
...

2281:  �[32m✓�[0m Git ops apple OS updates (0.71s)
2282:  �[32m✓�[0m Git ops apple OS updates ios updates (0.08s)
2283:  �[32m✓�[0m Git ops apple OS updates ios updates changed deadline triggers bulk set pending MDM host profiles (0.03s)
2284:  �[32m✓�[0m Git ops apple OS updates ios updates changed minimum version triggers bulk set pending MDM host profiles (0.02s)
2285:  �[32m✓�[0m Git ops apple OS updates ios updates same values do not trigger bulk set pending MDM host profiles (0.02s)
2286:  �[32m✓�[0m Git ops apple OS updates ipados updates (0.06s)
2287:  �[32m✓�[0m Git ops apple OS updates ipados updates changed deadline triggers bulk set pending MDM host profiles (0.02s)
2288:  �[32m✓�[0m Git ops apple OS updates ipados updates changed minimum version triggers bulk set pending MDM host profiles (0.02s)
2289:  �[32m✓�[0m Git ops apple OS updates ipados updates same values do not trigger bulk set pending MDM host profiles (0.02s)
2290:  �[32m✓�[0m Git ops apple OS updates macos updates (0.08s)
2291:  �[32m✓�[0m Git ops apple OS updates macos updates changed deadline triggers bulk set pending MDM host profiles (0.03s)
2292:  �[32m✓�[0m Git ops apple OS updates macos updates changed minimum version triggers bulk set pending MDM host profiles (0.02s)
2293:  �[32m✓�[0m Git ops apple OS updates macos updates same values do not trigger bulk set pending MDM host profiles (0.02s)
2294:  �[32m✓�[0m Git ops basic global and no team (0.58s)
2295:  �[32m✓�[0m Git ops basic global and no team basic global and no-team.yml (0.05s)
2296:  �[32m✓�[0m Git ops basic global and no team both global and no-team.yml define controls -- should fail (0.01s)
2297:  �[32m✓�[0m Git ops basic global and no team controls only defined in no-team.yml (0.05s)
2298:  �[32m✓�[0m Git ops basic global and no team global DOES NOT define controls -- should fail (0.01s)
2299:  �[32m✓�[0m Git ops basic global and no team global and no-team.yml DO NOT define controls -- should fail (0.02s)
2300:  �[32m✓�[0m Git ops basic global and no team global defines software -- should fail (0.01s)
2301:  �[32m✓�[0m Git ops basic global and no team no-team provided without global -- should fail (0.01s)
2302:  �[32m✓�[0m Git ops basic global and no team no-team.yml defines policy with calendar events enabled -- should fail (0.01s)
2303:  �[32m✓�[0m Git ops basic global and no team unassigned provided without global -- should fail (0.01s)
2304:  �[32m✓�[0m Git ops basic global and team (0.61s)
...

2309:  �[32m✓�[0m Git ops custom settings global macos custom settings valid deprecated.yml (0.51s)
2310:  �[32m✓�[0m Git ops custom settings global macos windows custom settings valid.yml (0.37s)
2311:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix 2 .yml (0.45s)
2312:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix.yml (0.36s)
2313:  �[32m✓�[0m Git ops custom settings global windows custom settings unknown label.yml (0.41s)
2314:  �[32m✓�[0m Git ops custom settings team macos custom settings valid deprecated.yml (0.54s)
2315:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix 2 .yml (0.42s)
2316:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix.yml (0.44s)
2317:  �[32m✓�[0m Git ops custom settings team macos windows custom settings unknown label.yml (0.45s)
2318:  �[32m✓�[0m Git ops custom settings team macos windows custom settings valid.yml (0.47s)
2319:  �[32m✓�[0m Git ops exception enforcement (0.40s)
2320:  �[32m✓�[0m Git ops exception enforcement free tier (0.45s)
2321:  �[32m✓�[0m Git ops exceptions preserve omitted keys (0.50s)
2322:  �[32m✓�[0m Git ops features (0.44s)
2323:  �[32m✓�[0m Git ops filename validation (0.00s)
2324:  �[32m✓�[0m Git ops fleet failing policies webhook policy IDs (0.45s)
2325:  �[32m✓�[0m Git ops fleet webhooks and tickets enabled (0.51s)
...

2480:  �[32m✓�[0m Run api command get scripts full path missing (0.00s)
2481:  �[32m✓�[0m Run api command get scripts team (0.00s)
2482:  �[32m✓�[0m Run api command get scripts team no cache (0.00s)
2483:  �[32m✓�[0m Run api command get typo (0.00s)
2484:  �[32m✓�[0m Run api command upload script (0.00s)
2485:  �[32m✓�[0m Run script command (0.60s)
2486:  �[32m✓�[0m Run script command disabled scripts globally (0.00s)
2487:  �[32m✓�[0m Run script command host not found (0.01s)
2488:  �[32m✓�[0m Run script command invalid file type (0.00s)
2489:  �[32m✓�[0m Run script command invalid hashbang (0.00s)
2490:  �[32m✓�[0m Run script command invalid utf 8 (0.01s)
2491:  �[32m✓�[0m Run script command missing one of script-path and script-nqme (0.00s)
2492:  �[32m✓�[0m Run script command output truncated (0.01s)
2493:  �[32m✓�[0m Run script command posix shell hashbang (0.01s)
2494:  �[32m✓�[0m Run script command script empty (0.01s)
2495:  �[32m✓�[0m Run script command script failed (0.01s)
2496:  �[32m✓�[0m Run script command script killed (0.01s)
...

2532:  �[32m✓�[0m User create force password reset (0.57s)
2533:  �[32m✓�[0m User delete (0.45s)
2534:  �[32m✓�[0m User is observer (0.00s)
2535:  �[32m✓�[0m User is observer global maintainer (0.00s)
2536:  �[32m✓�[0m User is observer global observer (0.00s)
2537:  �[32m✓�[0m User is observer global observer+ (0.00s)
2538:  �[32m✓�[0m User is observer team maintainer (0.00s)
2539:  �[32m✓�[0m User is observer team observer (0.00s)
2540:  �[32m✓�[0m User is observer team observer and maintainer (0.00s)
2541:  �[32m✓�[0m User is observer team observer+ (0.00s)
2542:  �[32m✓�[0m User is observer user without roles (0.00s)
2543:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/vuln:
2544:  �[31m✖�[0m Integrations vulnerability data stream (329.92s)
2545:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/preview:
2546:  �[32m✓�[0m Integrations preview (398.78s)
2547:  �[32m✓�[0m Preview fails on invalid license key (0.00s)
2548:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/gitops:
2549:  �[32m✓�[0m Git ops VPP (4.19s)
2550:  �[32m✓�[0m Git ops VPP all teams is supported (0.66s)
2551:  �[32m✓�[0m Git ops VPP new key all valid (0.61s)
2552:  �[32m✓�[0m Git ops VPP new key multiple elements (0.55s)
2553:  �[32m✓�[0m Git ops VPP no team is supported (0.53s)
2554:  �[32m✓�[0m Git ops VPP non existent location fails (0.41s)
2555:  �[32m✓�[0m Git ops VPP not provided teams defaults to no team (0.81s)
2556:  �[32m✓�[0m Git ops VPP using an undefined team errors (0.62s)
2557:  �[32m✓�[0m Git ops existing team VPP apps with missing team (0.69s)
...

2637:  �[32m✓�[0m Git ops team software installers team software installer with display name.yml (1.42s)
2638:  �[32m✓�[0m Integrations enterprise gitops (325.48s)
2639:  �[32m✓�[0m Integrations enterprise gitops test CA integrations (5.71s)
2640:  �[32m✓�[0m Integrations enterprise gitops test FMA labels include all (7.48s)
2641:  �[32m✓�[0m Integrations enterprise gitops test IPA software installers (12.49s)
2642:  �[32m✓�[0m Integrations enterprise gitops test JSON configuration profile escaping (1.49s)
2643:  �[32m✓�[0m Integrations enterprise gitops test add manual labels (2.11s)
2644:  �[32m✓�[0m Integrations enterprise gitops test configuration profile escaping (1.72s)
2645:  �[32m✓�[0m Integrations enterprise gitops test delete CA with certificate templates (7.10s)
2646:  �[32m✓�[0m Integrations enterprise gitops test delete mac OS setup (5.89s)
2647:  �[32m✓�[0m Integrations enterprise gitops test deleting no team YAML (3.41s)
2648:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience (125.39s)
2649:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience all VPP with setup experience (1.56s)
2650:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team VPP (1.35s)
2651:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team installers (61.04s)
2652:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience packages fail (61.22s)
2653:  �[32m✓�[0m Integrations enterprise gitops test env substitution in profiles (1.65s)
...

2675:  �[32m✓�[0m Integrations enterprise gitops test omitted top level keys global (2.94s)
2676:  �[32m✓�[0m Integrations enterprise gitops test remove custom settings from default YAML (3.20s)
2677:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps (4.66s)
2678:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps all teams (2.91s)
2679:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps no team (1.56s)
2680:  �[32m✓�[0m Integrations enterprise gitops test unset configuration profile labels (6.02s)
2681:  �[32m✓�[0m Integrations enterprise gitops test unset software installer labels (10.14s)
2682:  �[32m✓�[0m Integrations enterprise starter library (5.33s)
2683:  �[32m✓�[0m Integrations enterprise starter library test apply starter library premium (3.90s)
2684:  �[32m✓�[0m Integrations gitops (2.77s)
2685:  �[32m✓�[0m Integrations gitops test fleet gitops (0.65s)
2686:  �[32m✓�[0m Integrations gitops test fleet gitops DDM fleet vars requires premium (0.18s)
2687:  �[32m✓�[0m Integrations gitops test fleet gitops with fleet secrets (0.46s)
2688:  �[32m✓�[0m Integrations starter library (1.73s)
2689:  �[32m✓�[0m Integrations starter library test apply starter library free (0.31s)
2690:  === �[31mFailed�[0m
2691:  === �[31mFAIL�[0m: cmd/fleetctl/integrationtest/vuln TestIntegrationsVulnerabilityDataStream (329.92s)
2692:  nettest.go:33: network test start: TestIntegrationsVulnerabilityDataStream
2693:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.21:443: i/o timeout. Retrying in 556.683485ms
2694:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.21:443: i/o timeout. Retrying in 1.090800679s
2695:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.29:443: i/o timeout. Retrying in 1.180118553s
2696:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.29:443: i/o timeout. Retrying in 1.005481222s
2697:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.21:443: i/o timeout. Retrying in 3.126772493s
2698:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": read tcp 10.1.1.110:40936->185.125.190.21:443: read: connection reset by peer. Retrying in 3.426173838s
2699:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.21:443: i/o timeout. Retrying in 6.106485143s
2700:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.21:443: i/o timeout. Retrying in 4.453419718s
2701:  Download failed on https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.29:443: i/o timeout. Retrying in 17.671382133s
2702:  vulnerability_data_stream_test.go:44: 
2703:  Error Trace:	/home/runner/work/fleet/fleet/cmd/fleetctl/integrationtest/vuln/vulnerability_data_stream_test.go:44
2704:  Error:      	Received unexpected error:
2705:  Error downloading Oval definitions: downloadDefinitions: download and extract url https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2: download and write file: do request: Get "https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2": dial tcp 185.125.190.21:443: i/o timeout
2706:  Test:       	TestIntegrationsVulnerabilityDataStream
2707:  nettest.go:36: network test done: TestIntegrationsVulnerabilityDataStream
2708:  DONE 807 tests, 1 failure in 651.272s
2709:  make[1]: *** [Makefile:278: .run-go-tests] Error 1
2710:  make[1]: Leaving directory '/home/runner/work/fleet/fleet'
2711:  make: *** [Makefile:393: test-go] Error 2
2712:  ##[error]Process completed with exit code 2.
2713:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
2714:  with:
2715:  name: fleetctl-mysql8.0.44-coverage
2716:  path: ./coverage.txt
2717:  if-no-files-found: error
2718:  compression-level: 6
...

2730:  With the provided path, there will be 1 file uploaded
2731:  Artifact name is valid!
2732:  Root directory input is valid!
2733:  Beginning upload of artifact content to blob storage
2734:  Uploaded bytes 2835993
2735:  Finished uploading artifact content to blob storage!
2736:  SHA256 hash of uploaded artifact zip is 59b6265dbe06cf496ef0297a1256775b327eb236a6d1391724fd696e1baba7e2
2737:  Finalizing artifact upload
2738:  Artifact fleetctl-mysql8.0.44-coverage.zip successfully finalized. Artifact ID 6753560126
2739:  Artifact fleetctl-mysql8.0.44-coverage has been successfully uploaded! Final size is 2835993 bytes. Artifact ID is 6753560126
2740:  Artifact download URL: https://github.com/fleetdm/fleet/actions/runs/25223993492/artifacts/6753560126
2741:  ##[group]Run c1grep() { grep "$@" || test $? = 1; }
2742:  �[36;1mc1grep() { grep "$@" || test $? = 1; }�[0m
2743:  �[36;1mc1grep -oP 'FAIL: .*$' /tmp/gotest.log > /tmp/summary.txt�[0m
2744:  �[36;1mc1grep 'test timed out after' /tmp/gotest.log >> /tmp/summary.txt�[0m
2745:  �[36;1mc1grep 'fatal error:' /tmp/gotest.log >> /tmp/summary.txt�[0m
2746:  �[36;1mc1grep -A 10 'panic: runtime error: ' /tmp/gotest.log >> /tmp/summary.txt�[0m
2747:  �[36;1mc1grep ' FAIL\t' /tmp/gotest.log >> /tmp/summary.txt�[0m
2748:  �[36;1mGO_FAIL_SUMMARY=$(head -n 5 /tmp/summary.txt | sed ':a;N;$!ba;s/\n/\\n/g')�[0m
2749:  �[36;1mecho "GO_FAIL_SUMMARY=$GO_FAIL_SUMMARY"�[0m
2750:  �[36;1mif [[ -z "$GO_FAIL_SUMMARY" ]]; then�[0m
2751:  �[36;1m  GO_FAIL_SUMMARY="unknown, please check the build URL"�[0m
2752:  �[36;1mfi�[0m
2753:  �[36;1mGO_FAIL_SUMMARY=$GO_FAIL_SUMMARY envsubst < .github/workflows/config/slack_payload_template.json > ./payload.json�[0m
2754:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2755:  env:
2756:  RACE_ENABLED: false
2757:  GO_TEST_TIMEOUT: 20m
2758:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2759:  RUN_TESTS_ARG: 
2760:  CI_TEST_PKG: fleetctl
2761:  NEED_DOCKER: 1
2762:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2763:  GOTOOLCHAIN: local
2764:  ##[endgroup]
2765:  GO_FAIL_SUMMARY=
2766:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
2767:  with:
2768:  name: fleetctl-mysql8.0.44-test-log
2769:  path: /tmp/gotest.log
2770:  if-no-files-found: error
2771:  compression-level: 6

@MagnusHJensen MagnusHJensen merged commit 275b266 into main May 1, 2026
53 of 56 checks passed
@MagnusHJensen MagnusHJensen deleted the 41418-backend-failed-enrollment-renewal-activity branch May 1, 2026 17:38
MagnusHJensen added a commit that referenced this pull request May 1, 2026
@MagnusHJensen
Add frontend support for enrollment profile renewal failed activity (#…
0f9df40 
…44530)

Backend PR: #44511
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #41422 

<img width="618" height="244" alt="image"
src="https://github.com/user-attachments/assets/c223e37d-7051-46a6-a2ea-6bd1bdcbb53e"
/>

<img width="777" height="780" alt="image"
src="https://github.com/user-attachments/assets/3b9ef4e9-2181-406b-a22e-e6773eba67af"
/>

<img width="649" height="236" alt="image"
src="https://github.com/user-attachments/assets/3985faf0-a1e4-404a-b190-cb623f52339a"
/>

<img width="1083" height="768" alt="image"
src="https://github.com/user-attachments/assets/2d4df607-4b34-435c-88db-6dc0fa09db2e"
/>


# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information. Part of backend PR

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects, and untrusted
data interpolated into shell scripts/commands is validated against shell
metacharacters.
- [x] Timeouts are implemented and retries are limited to avoid infinite
loops
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing
- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Added "Enrollment profile renewal failed" activity type and label.
* Failure entries now appear in activity feeds and host details with a
dedicated activity item and a details flow.
* Users can open a failure details modal showing a status icon, host
name (with fallback), relative failure time, guidance about certificate
expiration, and a link to Fleet support.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

@claude claude[bot] claude[bot] left review comments

@JordanMontgomery JordanMontgomery JordanMontgomery approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

New activity for failed_enrollment_profile_renewal: Backend changes

3 participants

@MagnusHJensen @JordanMontgomery