markkenny
diff --git a/‎.github/gitops-action/action.yml‎
Lines changed: 42 additions & 0 deletions b/‎.github/gitops-action/action.yml‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎.github/workflows/workflow.yml‎
Lines changed: 44 additions & 0 deletions b/‎.github/workflows/workflow.yml‎
Lines changed: 44 additions & 0 deletions
@@ -0,0 +1,42 @@
+name: fleetctl-gitops
+description: Runs fleetctl gitops to apply configuration to Fleet
+
+inputs:
+  working-directory:
+    description: 'The working directory, which should be the root of the fleet-gitops repository.'
+    default: './'
+  dry-run-only:
+    description: 'Whether to only run the fleetctl gitops commands in dry-run mode.'
+    default: 'false'
+  delete-other-teams:
+    description: 'Whether to delete other teams in Fleet which are not part of the gitops config.'
+    default: 'true'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install fleetctl
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: |
+        FLEET_VERSION="$(curl "$FLEET_URL/api/v1/fleet/version" --header "Authorization: Bearer $FLEET_API_TOKEN" --fail --silent | jq --raw-output '.version')"
+
+        if [[ -n "$FLEET_VERSION" ]] ; then
+          npm install -g "fleetctl@$FLEET_VERSION" || npm install -g fleetctl
+        else
+          echo "Failed to get Fleet version from $FLEET_URL, installing latest version of fleetctl"
+          npm install -g fleetctl
+        fi
+
+    - name: Configure fleetctl
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: fleetctl config set --address ${{ env.FLEET_URL }} --token ${{ env.FLEET_API_TOKEN }}
+
+    - name: Run fleetctl gitops commands
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      env:
+        FLEET_DRY_RUN_ONLY: ${{ inputs.dry-run-only }}
+        FLEET_DELETE_OTHER_TEAMS: ${{ inputs.delete-other-teams }}
+      run: ./gitops.sh
@@ -0,0 +1,44 @@
+name: 'Apply latest configuration to Fleet'
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+  - cron: '0 6 * * *' # Nightly 6AM UTC
+
+# Prevent concurrent runs of this workflow.
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+defaults:
+  run:
+    shell: bash
+
+# Limit permissions of GITHUB_TOKEN.
+permissions:
+  contents: read
+
+jobs:
+  fleet-gitops:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout GitOps repository
+        uses: actions/checkout@v4
+
+      - name: Apply latest configuration to Fleet
+        uses: ./.github/gitops-action
+        with:
+          # Run GitOps in dry-run mode for pull requests.
+          dry-run-only: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
+        # Add FLEET_URL and FLEET_API_TOKEN to the repository secrets.
+        # In addition, specify or add secrets for all the environment variables that are mentioned in the global/team YAML files.
+        env:
+          FLEET_URL: ${{ secrets.FLEET_URL }}
+          FLEET_API_TOKEN: ${{ secrets.FLEET_API_TOKEN }}
+          FLEET_GLOBAL_ENROLL_SECRET: ${{ secrets.FLEET_GLOBAL_ENROLL_SECRET }}
+          FLEET_WORKSTATIONS_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_ENROLL_SECRET }}
+          FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET }}