Skip to content

Android Load testing with osquery perf#48535

Open
ksykulev wants to merge 1 commit into
mainfrom
26225-android-load-testing
Open

Android Load testing with osquery perf#48535
ksykulev wants to merge 1 commit into
mainfrom
26225-android-load-testing

Conversation

@ksykulev

@ksykulev ksykulev commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Related issue: Resolves #26225

go run ./cmd/android-amapi-mock --listen :9999 --google-credentials <path/to/credentials>

go run ./cmd/osquery-perf --server_url https://localhost:8080 --enroll_secret <secret> --os_templates android:2 --host_count 2 --android_pubsub_token '<token>' --android_proxy_address http://localhost:9999 --android_enterprise_id <enterprise id> --android_status_interval 30s

Testing

  • QA'd all new/changed functionality manually

Summary by CodeRabbit

  • New Features

    • Added Android device simulation support for load testing, including enrollment, status updates, and command acknowledgments.
    • Added a mock Android Management API server that can serve local responses and optionally forward selected requests to Google.
    • Added support for Android-specific test configuration and tracking in performance statistics.
  • Bug Fixes

    • Improved handling of device and policy requests, including pagination and clearer error responses when upstream calls fail.

@ksykulev ksykulev requested a review from a team as a code owner July 1, 2026 00:45
Copilot AI review requested due to automatic review settings July 1, 2026 00:45

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends Fleet’s existing osquery-perf load-testing harness to simulate Android MDM behavior (enrollment, periodic status reporting, and command acknowledgements) and adds a lightweight Android Management API (AMAPI) mock/proxy to support realistic policy/command flows at scale.

Changes:

  • Add Android-specific stats counters and reporting in osquery-perf.
  • Introduce an androidAgent simulator that sends Android PubSub push payloads to Fleet and polls a mock AMAPI proxy for policy/command state.
  • Add android-amapi-mock, a standalone mock/proxy server for AMAPI endpoints plus a coordination API used by osquery-perf.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
cmd/osquery-perf/osquery_perf/stats.go Adds Android counters and logs Android activity alongside existing osquery/orbit/MDM metrics.
cmd/osquery-perf/android.tmpl Placeholder template enabling --os_templates=android to work with existing template parsing.
cmd/osquery-perf/android_agent.go Implements a fake Android device loop (enroll → periodic status → command ack) using Fleet’s PubSub endpoint + mock proxy coordination.
cmd/osquery-perf/agent.go Wires Android template selection and adds Android-specific CLI flags for osquery-perf.
cmd/android-amapi-mock/middleware.go Adds middleware for forwarding non-fake-device requests to Google AMAPI when configured.
cmd/android-amapi-mock/main.go Implements the android-amapi-mock command wiring: routes, forwarding, and coordination API endpoints.
cmd/android-amapi-mock/handlers.go Adds mock handlers for device/policy/command endpoints and coordination endpoints.
cmd/android-amapi-mock/google_forwarder.go Implements Google AMAPI forwarding via the official SDK when credentials are provided.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines 304 to 308
log.Printf(
"uptime: %s, error rate: %.2f, osquery enrolls: %d, orbit enrolls: %d, mdm enrolls: %d, distributed/reads: %d, distributed/writes: %d, config requests: %d, result log requests: %d, mdm sessions initiated: %d, mdm on-demand syncs: %d, mdm commands received: %d, config errors: %d, distributed/read errors: %d, distributed/write errors: %d, log result errors: %d, orbit errors: %d, desktop errors: %d, mdm errors: %d, mdm scep requests: %d, mdm scep success: %d, mdm scep errors: %d, ddm tokens success: %d, ddm tokens errors: %d, ddm declaration items success: %d, ddm declaration items errors: %d, ddm activation success: %d, ddm activation errors: %d, ddm configuration success: %d, ddm configuration errors: %d, ddm status success: %d, ddm status errors: %d, buffered logs: %d, script execs (errs): %d (%d), software installs (errs): %d (%d)",
"uptime: %s, error rate: %.2f, osquery enrolls: %d, orbit enrolls: %d, mdm enrolls: %d, distributed/reads: %d, distributed/writes: %d, config requests: %d, result log requests: %d, mdm sessions initiated: %d, mdm on-demand syncs: %d, mdm commands received: %d, config errors: %d, distributed/read errors: %d, distributed/write errors: %d, log result errors: %d, orbit errors: %d, desktop errors: %d, mdm errors: %d, mdm scep requests: %d, mdm scep success: %d, mdm scep errors: %d, ddm tokens success: %d, ddm tokens errors: %d, ddm declaration items success: %d, ddm declaration items errors: %d, ddm activation success: %d, ddm activation errors: %d, ddm configuration success: %d, ddm configuration errors: %d, ddm status success: %d, ddm status errors: %d, buffered logs: %d, script execs (errs): %d (%d), software installs (errs): %d (%d), android enrolls: %d, android status reports: %d, android command acks: %d, android errors: %d",
time.Since(s.StartTime).Round(time.Second),
float64(s.errors)/float64(s.osqueryEnrollments),
s.osqueryEnrollments,
Comment on lines +229 to +233
if google != nil && hasSeenRealDevice.Load() {
go func() {
google.ForwardPoliciesPatch(&discardResponseWriter{}, r)
}()
}
Comment on lines +24 to +33
switch r.Method {
case "GET":
google.ForwardDevicesGet(w, r)
case "PATCH":
google.ForwardDevicesPatch(w, r)
case "DELETE":
google.ForwardDevicesDelete(w, r)
case "POST":
google.ForwardIssueCommand(w, r)
}
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

This change adds a new cmd/android-amapi-mock server that simulates and optionally forwards Android Management API traffic to Google, using an in-memory device/policy store, HTTP handlers for device/policy/enrollment operations, and middleware to route requests between mock responses and Google forwarding. It also extends cmd/osquery-perf with an Android device agent that registers with the mock server and sends PubSub enrollment, status report, and command acknowledgement messages to Fleet, along with new CLI flags, a placeholder Android template, and additional Android-related counters in the load-test Stats type.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description includes the issue link, usage examples, and testing, but omits most required checklist items from the template. Add the missing checklist sections or state which items are not applicable, including changes files, validation, testing, and DB/config checks.
Docstring Coverage ⚠️ Warning Docstring coverage is 42.31% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately describes the main change: Android load testing support in osquery-perf.
Linked Issues check ✅ Passed The changes add Android device simulation, mock AMAPI forwarding, and periodic sync/command handling, matching the load-testing goals.
Out of Scope Changes check ✅ Passed The added files and handlers all support Android load testing or the mock proxy, with no clear unrelated feature work.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 26225-android-load-testing

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🧹 Nitpick comments (2)
cmd/osquery-perf/android_agent.go (1)

198-209: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Register/enrollment failures aren't counted in Stats.

Unlike the per-iteration status-report/poll/command-ack failures in the loop below (which call a.stats.IncrementAndroidErrors()), the initial registerWithProxy and sendEnrollment failures just log and return, leaving these failures invisible in the aggregated stats output.

🔧 Suggested fix
 	if err := a.registerWithProxy(); err != nil {
 		log.Printf("Android agent %d: failed to register with proxy: %v", a.agentIndex, err)
+		a.stats.IncrementAndroidErrors()
 		return
 	}
 
 	// Step 2: Send ENROLLMENT PubSub to Fleet
 	if err := a.sendEnrollment(); err != nil {
 		log.Printf("Android agent %d: enrollment failed: %v", a.agentIndex, err)
+		a.stats.IncrementAndroidErrors()
 		return
 	}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/osquery-perf/android_agent.go` around lines 198 - 209, The initial
register/enrollment failures in androidAgent.runLoop are only logged, so they
never show up in aggregated error stats. Update the registerWithProxy and
sendEnrollment error paths in runLoop to also call
a.stats.IncrementAndroidErrors() before returning, matching the existing failure
handling used for the per-iteration status-report/poll/command-ack paths.
cmd/osquery-perf/agent.go (1)

4059-4062: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Validate Android flags before starting any agents, not mid-loop.

The required-flag check only fires when the loop reaches the first android.tmpl host. If --os_templates mixes android with other templates, earlier non-android hosts will already be enrolling against Fleet before this fatal error triggers, wasting the partial run.

🔧 Suggested fix: validate right after flag parsing
 	flag.Parse()
 	rand.Seed(*randSeed)
+
+	if strings.Contains(*osTemplates, "android") &&
+		(*androidPubSubToken == "" || *androidProxyAddress == "" || *androidEnterpriseID == "") {
+		log.Fatalf("Android template requires --android_pubsub_token, --android_proxy_address, and --android_enterprise_id flags")
+	}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/osquery-perf/agent.go` around lines 4059 - 4062, Move the Android
required-flag validation out of the host-processing loop in agent.go and run it
immediately after flag parsing, before any enrollment or agent-start logic
begins. Use the existing android.tmpl check and the --android_pubsub_token,
--android_proxy_address, and --android_enterprise_id flags to fail fast up front
so mixed-template runs cannot partially enroll non-Android hosts before the
fatal error.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cmd/android-amapi-mock/google_forwarder.go`:
- Around line 104-108: ForwardDevicesList is swallowing Google API list errors
by logging and breaking out of the loop, which can make callers think the
request succeeded with a partial or empty result. Update the error path in
googleForwarder’s device-list loop to return the failure from ForwardDevicesList
instead of continuing, and make the HTTP handler that calls it propagate that
error as a failed response rather than a 200. Use the existing
ForwardDevicesList and call.Do symbols to locate the affected flow.

In `@cmd/android-amapi-mock/handlers.go`:
- Around line 229-232: The asynchronous Google forward in the handler reuses the
live request, so `ForwardPoliciesPatch` may see a canceled context or a closed
body after the handler returns. In the `google != nil &&
hasSeenRealDevice.Load()` branch, clone the incoming request before starting the
goroutine by creating a detached copy with a new context and a copied body, then
pass that cloned request into `google.ForwardPoliciesPatch` instead of `r`.
- Around line 104-107: The request body parsing in the handler that reads r.Body
and unmarshals into reqBody currently ignores malformed JSON, causing bad device
patch requests to succeed as empty patches. Update this logic to check the
json.Unmarshal error in the relevant handler in handlers.go and return a 400
response for invalid JSON instead of proceeding; keep the fix localized around
the request parsing path that handles the patch request.
- Around line 315-323: The catch-all in handleCatchAll currently returns a
successful empty JSON response for unsupported AMAPI paths, which masks missing
coverage. Update handleCatchAll to send an error status for unhandled requests
and return an error payload instead of "{}"; keep the existing logging and use
the googleForwarder context to preserve the current log message behavior.
- Around line 189-202: Validate the parsed pageToken before using it to slice
allDevices in the handler that builds resp. The current offset can become
negative from fmt.Sscanf, so add bounds checks to clamp offset to the valid
range before computing end and before evaluating allDevices[offset:end],
ensuring both offset and end are safe for slicing.
- Around line 170-184: The device list handler is mixing fake devices from all
enterprises because it always uses store.allDeviceNames() in the GET
/v1/enterprises/{eid}/devices flow. Update the handler in handlers.go so the
fake-device lookup is scoped by the requested enterprise ID (the same
r.PathValue("eid") used for enterpriseName), and only append fake devices
belonging to that enterprise before returning allDevices.

In `@cmd/osquery-perf/android_agent.go`:
- Line 268: The outbound HTTP calls in registerWithProxy, pollProxyState, and
sendPubSubMessage currently use http.Post/http.Get with http.DefaultClient and
no timeout, so they can hang indefinitely. Update these paths to use a shared
http.Client with an explicit Timeout (while preserving the existing TLS
transport customization from main in agent.go), and route the proxy
registration, polling, and Fleet PubSub requests through that client instead of
the default helpers.

---

Nitpick comments:
In `@cmd/osquery-perf/agent.go`:
- Around line 4059-4062: Move the Android required-flag validation out of the
host-processing loop in agent.go and run it immediately after flag parsing,
before any enrollment or agent-start logic begins. Use the existing android.tmpl
check and the --android_pubsub_token, --android_proxy_address, and
--android_enterprise_id flags to fail fast up front so mixed-template runs
cannot partially enroll non-Android hosts before the fatal error.

In `@cmd/osquery-perf/android_agent.go`:
- Around line 198-209: The initial register/enrollment failures in
androidAgent.runLoop are only logged, so they never show up in aggregated error
stats. Update the registerWithProxy and sendEnrollment error paths in runLoop to
also call a.stats.IncrementAndroidErrors() before returning, matching the
existing failure handling used for the per-iteration
status-report/poll/command-ack paths.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 420d2d0b-a623-43da-ae9c-78a99b65d9e5

📥 Commits

Reviewing files that changed from the base of the PR and between 5ada6e8 and bdb167a.

📒 Files selected for processing (8)
  • cmd/android-amapi-mock/google_forwarder.go
  • cmd/android-amapi-mock/handlers.go
  • cmd/android-amapi-mock/main.go
  • cmd/android-amapi-mock/middleware.go
  • cmd/osquery-perf/agent.go
  • cmd/osquery-perf/android.tmpl
  • cmd/osquery-perf/android_agent.go
  • cmd/osquery-perf/osquery_perf/stats.go

Comment on lines +104 to +108
resp, err := call.Do()
if err != nil {
log.Printf("googleForwarder: list devices failed: %v", err)
break
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Propagate Google list failures instead of returning a successful partial list.

Line 104 logs and breaks on Google API errors, so callers can return 200 with an empty/truncated device list. Return an error from ForwardDevicesList and let the HTTP handler emit a failure instead.

🐛 Proposed fix
-func (g *googleForwarder) ForwardDevicesList(enterpriseName string, ctx context.Context) []map[string]string {
+func (g *googleForwarder) ForwardDevicesList(enterpriseName string, ctx context.Context) ([]map[string]string, error) {
 	var allDevices []map[string]string
@@
 		resp, err := call.Do()
 		if err != nil {
-			log.Printf("googleForwarder: list devices failed: %v", err)
-			break
+			return nil, fmt.Errorf("list google devices: %w", err)
 		}
@@
-	return allDevices
+	return allDevices, nil
 }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/android-amapi-mock/google_forwarder.go` around lines 104 - 108,
ForwardDevicesList is swallowing Google API list errors by logging and breaking
out of the loop, which can make callers think the request succeeded with a
partial or empty result. Update the error path in googleForwarder’s device-list
loop to return the failure from ForwardDevicesList instead of continuing, and
make the HTTP handler that calls it propagate that error as a failed response
rather than a 200. Use the existing ForwardDevicesList and call.Do symbols to
locate the affected flow.

Comment on lines +104 to +107
if r.Body != nil {
body, _ := io.ReadAll(r.Body)
json.Unmarshal(body, &reqBody) //nolint:errcheck
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Return 400 for malformed device patch JSON.

Invalid JSON is currently ignored, so a bad Fleet request is treated as an empty successful patch.

🐛 Proposed fix
 	if r.Body != nil {
-		body, _ := io.ReadAll(r.Body)
-		json.Unmarshal(body, &reqBody) //nolint:errcheck
+		if err := json.NewDecoder(r.Body).Decode(&reqBody); err != nil && err != io.EOF {
+			http.Error(w, "invalid json: "+err.Error(), http.StatusBadRequest)
+			return
+		}
 	}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if r.Body != nil {
body, _ := io.ReadAll(r.Body)
json.Unmarshal(body, &reqBody) //nolint:errcheck
}
if r.Body != nil {
if err := json.NewDecoder(r.Body).Decode(&reqBody); err != nil && err != io.EOF {
http.Error(w, "invalid json: "+err.Error(), http.StatusBadRequest)
return
}
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/android-amapi-mock/handlers.go` around lines 104 - 107, The request body
parsing in the handler that reads r.Body and unmarshals into reqBody currently
ignores malformed JSON, causing bad device patch requests to succeed as empty
patches. Update this logic to check the json.Unmarshal error in the relevant
handler in handlers.go and return a 400 response for invalid JSON instead of
proceeding; keep the fix localized around the request parsing path that handles
the patch request.

Comment on lines +170 to +184
fakeNames := store.allDeviceNames()

var realDevices []map[string]string
if google != nil {
enterpriseName := "enterprises/" + r.PathValue("eid")
realDevices = google.ForwardDevicesList(enterpriseName, r.Context())
if len(realDevices) > 0 {
hasSeenRealDevice.Store(true)
}
}

allDevices := make([]map[string]string, 0, len(realDevices)+len(fakeNames))
allDevices = append(allDevices, realDevices...)
for _, name := range fakeNames {
allDevices = append(allDevices, map[string]string{"name": name})

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Scope fake device list results to the requested enterprise.

GET /v1/enterprises/{eid}/devices appends every fake device from store.allDeviceNames(), so multi-enterprise tests can see devices from the wrong enterprise.

🐛 Proposed fix
-		fakeNames := store.allDeviceNames()
+		enterpriseID := r.PathValue("eid")
+		fakeNames := store.deviceNamesForEnterprise(enterpriseID)
@@
-			enterpriseName := "enterprises/" + r.PathValue("eid")
+			enterpriseName := "enterprises/" + enterpriseID
-func (ds *deviceStore) allDeviceNames() []string {
+func (ds *deviceStore) deviceNamesForEnterprise(enterpriseID string) []string {
 	ds.mu.RLock()
 	defer ds.mu.RUnlock()
 	names := make([]string, 0, len(ds.byName))
+	prefix := "enterprises/" + enterpriseID + "/devices/"
 	for name := range ds.byName {
-		names = append(names, name)
+		if strings.HasPrefix(name, prefix) {
+			names = append(names, name)
+		}
 	}
 	return names
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
fakeNames := store.allDeviceNames()
var realDevices []map[string]string
if google != nil {
enterpriseName := "enterprises/" + r.PathValue("eid")
realDevices = google.ForwardDevicesList(enterpriseName, r.Context())
if len(realDevices) > 0 {
hasSeenRealDevice.Store(true)
}
}
allDevices := make([]map[string]string, 0, len(realDevices)+len(fakeNames))
allDevices = append(allDevices, realDevices...)
for _, name := range fakeNames {
allDevices = append(allDevices, map[string]string{"name": name})
enterpriseID := r.PathValue("eid")
fakeNames := store.deviceNamesForEnterprise(enterpriseID)
var realDevices []map[string]string
if google != nil {
enterpriseName := "enterprises/" + enterpriseID
realDevices = google.ForwardDevicesList(enterpriseName, r.Context())
if len(realDevices) > 0 {
hasSeenRealDevice.Store(true)
}
}
allDevices := make([]map[string]string, 0, len(realDevices)+len(fakeNames))
allDevices = append(allDevices, realDevices...)
for _, name := range fakeNames {
allDevices = append(allDevices, map[string]string{"name": name})
}
Suggested change
fakeNames := store.allDeviceNames()
var realDevices []map[string]string
if google != nil {
enterpriseName := "enterprises/" + r.PathValue("eid")
realDevices = google.ForwardDevicesList(enterpriseName, r.Context())
if len(realDevices) > 0 {
hasSeenRealDevice.Store(true)
}
}
allDevices := make([]map[string]string, 0, len(realDevices)+len(fakeNames))
allDevices = append(allDevices, realDevices...)
for _, name := range fakeNames {
allDevices = append(allDevices, map[string]string{"name": name})
func (ds *deviceStore) deviceNamesForEnterprise(enterpriseID string) []string {
ds.mu.RLock()
defer ds.mu.RUnlock()
names := make([]string, 0, len(ds.byName))
prefix := "enterprises/" + enterpriseID + "/devices/"
for name := range ds.byName {
if strings.HasPrefix(name, prefix) {
names = append(names, name)
}
}
return names
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/android-amapi-mock/handlers.go` around lines 170 - 184, The device list
handler is mixing fake devices from all enterprises because it always uses
store.allDeviceNames() in the GET /v1/enterprises/{eid}/devices flow. Update the
handler in handlers.go so the fake-device lookup is scoped by the requested
enterprise ID (the same r.PathValue("eid") used for enterpriseName), and only
append fake devices belonging to that enterprise before returning allDevices.

Comment on lines +189 to +202
if pt := r.URL.Query().Get("pageToken"); pt != "" {
fmt.Sscanf(pt, "%d", &offset)
}

end := offset + pageSize
if end > len(allDevices) {
end = len(allDevices)
}
if offset > len(allDevices) {
offset = len(allDevices)
}

resp := map[string]any{
"devices": allDevices[offset:end],

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🔴 Critical | ⚡ Quick win

Validate pageToken before slicing.

A negative pageToken parses into a negative offset and panics at allDevices[offset:end].

🐛 Proposed fix
+		pageToken := r.URL.Query().Get("pageToken")
 		pageSize := 100
 		offset := 0
-		if pt := r.URL.Query().Get("pageToken"); pt != "" {
-			fmt.Sscanf(pt, "%d", &offset)
+		if pageToken != "" {
+			parsed, err := strconv.Atoi(pageToken)
+			if err != nil || parsed < 0 {
+				http.Error(w, "invalid pageToken", http.StatusBadRequest)
+				return
+			}
+			offset = parsed
 		}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if pt := r.URL.Query().Get("pageToken"); pt != "" {
fmt.Sscanf(pt, "%d", &offset)
}
end := offset + pageSize
if end > len(allDevices) {
end = len(allDevices)
}
if offset > len(allDevices) {
offset = len(allDevices)
}
resp := map[string]any{
"devices": allDevices[offset:end],
pageToken := r.URL.Query().Get("pageToken")
pageSize := 100
offset := 0
if pageToken != "" {
parsed, err := strconv.Atoi(pageToken)
if err != nil || parsed < 0 {
http.Error(w, "invalid pageToken", http.StatusBadRequest)
return
}
offset = parsed
}
end := offset + pageSize
if end > len(allDevices) {
end = len(allDevices)
}
if offset > len(allDevices) {
offset = len(allDevices)
}
resp := map[string]any{
"devices": allDevices[offset:end],
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/android-amapi-mock/handlers.go` around lines 189 - 202, Validate the
parsed pageToken before using it to slice allDevices in the handler that builds
resp. The current offset can become negative from fmt.Sscanf, so add bounds
checks to clamp offset to the valid range before computing end and before
evaluating allDevices[offset:end], ensuring both offset and end are safe for
slicing.

Comment on lines +229 to +232
if google != nil && hasSeenRealDevice.Load() {
go func() {
google.ForwardPoliciesPatch(&discardResponseWriter{}, r)
}()

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Don’t reuse the live request in the async Google forward.

The goroutine uses r.Context() and r.Body after the handler can return, so the context may be canceled and the body closed before ForwardPoliciesPatch reads it. Clone the request with a detached context and copied body before starting the goroutine.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/android-amapi-mock/handlers.go` around lines 229 - 232, The asynchronous
Google forward in the handler reuses the live request, so `ForwardPoliciesPatch`
may see a canceled context or a closed body after the handler returns. In the
`google != nil && hasSeenRealDevice.Load()` branch, clone the incoming request
before starting the goroutine by creating a detached copy with a new context and
a copied body, then pass that cloned request into `google.ForwardPoliciesPatch`
instead of `r`.

Comment on lines +315 to +323
func handleCatchAll(google *googleForwarder) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if google != nil {
log.Printf("Unhandled request (no Google SDK mapping): %s %s", r.Method, r.URL.Path)
} else {
log.Printf("Mock AMAPI: unhandled %s %s", r.Method, r.URL.Path)
}
w.Header().Set("Content-Type", "application/json")
fmt.Fprint(w, "{}")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Return an error for unhandled AMAPI endpoints.

A 200 {} catch-all hides missing mock/forwarding coverage, which can make load tests pass while Fleet is calling an unsupported AMAPI endpoint.

🐛 Proposed fix
 		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprint(w, "{}")
+		w.WriteHeader(http.StatusNotImplemented)
+		fmt.Fprint(w, `{"error":{"code":501,"message":"AMAPI endpoint not implemented","status":"NOT_IMPLEMENTED"}}`)
 	}
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func handleCatchAll(google *googleForwarder) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if google != nil {
log.Printf("Unhandled request (no Google SDK mapping): %s %s", r.Method, r.URL.Path)
} else {
log.Printf("Mock AMAPI: unhandled %s %s", r.Method, r.URL.Path)
}
w.Header().Set("Content-Type", "application/json")
fmt.Fprint(w, "{}")
func handleCatchAll(google *googleForwarder) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if google != nil {
log.Printf("Unhandled request (no Google SDK mapping): %s %s", r.Method, r.URL.Path)
} else {
log.Printf("Mock AMAPI: unhandled %s %s", r.Method, r.URL.Path)
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusNotImplemented)
fmt.Fprint(w, `{"error":{"code":501,"message":"AMAPI endpoint not implemented","status":"NOT_IMPLEMENTED"}}`)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/android-amapi-mock/handlers.go` around lines 315 - 323, The catch-all in
handleCatchAll currently returns a successful empty JSON response for
unsupported AMAPI paths, which masks missing coverage. Update handleCatchAll to
send an error status for unhandled requests and return an error payload instead
of "{}"; keep the existing logging and use the googleForwarder context to
preserve the current log message behavior.

return fmt.Errorf("marshal register body: %w", err)
}

resp, err := http.Post(a.proxyAddress+"/mock/devices/register", "application/json", bytes.NewReader(data))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

No timeout on outbound HTTP calls (proxy register/poll, Fleet PubSub POST).

registerWithProxy, pollProxyState, and sendPubSubMessage all use http.Post/http.Get, which use http.DefaultClient. That client's Transport is customized for TLS in agent.go's main(), but no Timeout is ever set, so any of these calls can hang indefinitely if the mock proxy or Fleet server stalls — blocking the agent goroutine and skewing load-test results/timing.

🔧 Suggested fix: use a client with a timeout
+var androidHTTPClient = &http.Client{Timeout: 30 * time.Second}
+
 func (a *androidAgent) registerWithProxy() error {
 	...
-	resp, err := http.Post(a.proxyAddress+"/mock/devices/register", "application/json", bytes.NewReader(data))
+	resp, err := androidHTTPClient.Post(a.proxyAddress+"/mock/devices/register", "application/json", bytes.NewReader(data))

Apply similarly to pollProxyState and sendPubSubMessage.

Also applies to: 283-283, 409-409

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cmd/osquery-perf/android_agent.go` at line 268, The outbound HTTP calls in
registerWithProxy, pollProxyState, and sendPubSubMessage currently use
http.Post/http.Get with http.DefaultClient and no timeout, so they can hang
indefinitely. Update these paths to use a shared http.Client with an explicit
Timeout (while preserving the existing TLS transport customization from main in
agent.go), and route the proxy registration, polling, and Fleet PubSub requests
through that client instead of the default helpers.

@qodo-free-for-open-source-projects

Copy link
Copy Markdown

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: test-go (fleetctl, mysql:8.0.44) / test

Failed stage: Run Go Tests [❌]

Failed test name: TestGitOpsFullGlobal

Failure summary:

The action failed because Go tests in ./cmd/fleetctl/... failed during make .run-go-tests (Makefile
targets .run-go-tests at Makefile:302 and test-go at Makefile:417).
- Failing tests:
TestGitOpsFullGlobal/useDeprecatedKeys=false and TestGitOpsFullGlobal/useDeprecatedKeys=true
(reported at /home/runner/work/fleet/fleet/cmd/fleetctl/fleetctl/gitops_test.go:2244, via assertion
in /home/runner/work/fleet/fleet/cmd/fleetctl/fleetctl/testing_utils_test.go:20).
- Root cause: the
tests attempt to apply MDM custom settings and the API call POST
/api/latest/fleet/mdm/profiles/batch returns 422 Validation Failed with the message cannot set
custom settings: Windows MDM isn't turned on, causing the gitops apply step to error and the tests
to fail.

Relevant error logs:
1:  Runner name: 'ubuntu-8core-1000962565'
2:  Runner group name: 'default larger runners'
...

1266:  �[36;1mattempt=1�[0m
1267:  �[36;1m�[0m
1268:  �[36;1mwhile [ $attempt -le $max_attempts ]; do�[0m
1269:  �[36;1m  echo "Attempt $attempt of $max_attempts"�[0m
1270:  �[36;1m�[0m
1271:  �[36;1m  # Try to connect to MySQL�[0m
1272:  �[36;1m  if wait_for_mysql "mysql_test"; then�[0m
1273:  �[36;1m    # If MySQL is ready, try to connect to MySQL replica�[0m
1274:  �[36;1m    if wait_for_mysql "mysql_replica_test"; then�[0m
1275:  �[36;1m      # Both are ready, we're done�[0m
1276:  �[36;1m      echo "All MySQL connections successful"�[0m
1277:  �[36;1m      exit 0�[0m
1278:  �[36;1m    fi�[0m
1279:  �[36;1m  fi�[0m
1280:  �[36;1m�[0m
1281:  �[36;1m  # If we get here, at least one connection failed�[0m
1282:  �[36;1m  echo "Failed to connect to MySQL on attempt $attempt"�[0m
1283:  �[36;1m�[0m
1284:  �[36;1m  if [ $attempt -lt $max_attempts ]; then�[0m
1285:  �[36;1m    echo "Restarting containers and trying again..."�[0m
1286:  �[36;1m    restart_containers�[0m
1287:  �[36;1m  else�[0m
1288:  �[36;1m    echo "Maximum attempts reached. Failing the job."�[0m
1289:  �[36;1m    exit 1�[0m
...

1450:  make .run-go-tests PKG_TO_TEST="./cmd/fleetctl/..."
1451:  make[1]: Entering directory '/home/runner/work/fleet/fleet'
1452:  Running Go tests with gotestsum:
1453:  gotestsum --format=testdox --jsonfile=/tmp/test-output.json -- -tags full,fts5,netgo -run=  -v -race=false -timeout=20m  -parallel 8 -coverprofile=coverage.txt -covermode=atomic -coverpkg=github.com/fleetdm/fleet/v4/... ././cmd/fleetctl/... 
1454:  github.com/fleetdm/fleet/v4/cmd/fleetctl:
1455:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/goquerycmd:
1456:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest:
1457:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/testing_utils:
1458:  github.com/fleetdm/fleet/v4/cmd/fleetctl/fleetctl/fleetctltest:
1459:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/package:
1460:  �[32m✓�[0m Package (3.74s)
1461:  �[32m✓�[0m Package - -use-sytem-configuration can't be used on installers that aren't pkg (0.00s)
1462:  �[32m✓�[0m Package deb (2.07s)
1463:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/preview:
1464:  �[32m✓�[0m Integrations preview (53.89s)
1465:  �[32m✓�[0m Preview fails on invalid license key (0.00s)
1466:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/vuln:
...

1573:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days not a number (0.48s)
1574:  �[32m✓�[0m Apply specs deprecated keys app config windows updates.grace period days out of range (0.48s)
1575:  �[32m✓�[0m Apply specs deprecated keys config with FIM values for agent options (#869 9) (0.38s)
1576:  �[32m✓�[0m Apply specs deprecated keys config with blank required org name (0.52s)
1577:  �[32m✓�[0m Apply specs deprecated keys config with blank required server url (0.39s)
1578:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options command-line flags (0.56s)
1579:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type in dry-run (0.38s)
1580:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options data type with force (0.48s)
1581:  �[32m✓�[0m Apply specs deprecated keys config with invalid agent options in dry-run (0.41s)
1582:  �[32m✓�[0m Apply specs deprecated keys config with invalid key type (0.37s)
1583:  �[32m✓�[0m Apply specs deprecated keys config with invalid value for agent options command-line flags (0.40s)
1584:  �[32m✓�[0m Apply specs deprecated keys config with unknown key (0.44s)
1585:  �[32m✓�[0m Apply specs deprecated keys config with valid agent options command-line flags (0.52s)
1586:  �[32m✓�[0m Apply specs deprecated keys dry-run set with unsupported spec (0.56s)
1587:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, appconfig warning for legacy (0.44s)
1588:  �[32m✓�[0m Apply specs deprecated keys dry-run set with various specs, no errors (0.37s)
1589:  �[32m✓�[0m Apply specs deprecated keys empty config (0.58s)
...

1592:  �[32m✓�[0m Apply specs deprecated keys invalid agent options dry-run (0.40s)
1593:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type (0.41s)
1594:  �[32m✓�[0m Apply specs deprecated keys invalid agent options field type in overrides (0.54s)
1595:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for existing team (0.62s)
1596:  �[32m✓�[0m Apply specs deprecated keys invalid agent options for new team (0.39s)
1597:  �[32m✓�[0m Apply specs deprecated keys invalid agent options force (0.42s)
1598:  �[32m✓�[0m Apply specs deprecated keys invalid known key's value type for team cannot be forced (0.41s)
1599:  �[32m✓�[0m Apply specs deprecated keys invalid team agent options command-line flag (0.58s)
1600:  �[32m✓�[0m Apply specs deprecated keys invalid top-level key for team (0.38s)
1601:  �[32m✓�[0m Apply specs deprecated keys macos updates deadline set but minimum version empty (0.42s)
1602:  �[32m✓�[0m Apply specs deprecated keys macos updates minimum version set but deadline empty (0.40s)
1603:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with incomplete date (0.63s)
1604:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with invalid date (0.46s)
1605:  �[32m✓�[0m Apply specs deprecated keys macos updates.deadline with timestamp (0.41s)
1606:  �[32m✓�[0m Apply specs deprecated keys macos updates.minimum version with build version (0.49s)
1607:  �[32m✓�[0m Apply specs deprecated keys missing required failing policies destination url (0.41s)
1608:  �[32m✓�[0m Apply specs deprecated keys missing required host status days count (0.46s)
...

1616:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption true (0.45s)
1617:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption with invalid value type (0.48s)
1618:  �[32m✓�[0m Apply specs deprecated keys team config macos settings.enable disk encryption without a value (0.39s)
1619:  �[32m✓�[0m Apply specs deprecated keys unknown key for team can be forced (0.44s)
1620:  �[32m✓�[0m Apply specs deprecated keys valid team agent options command-line flag (0.43s)
1621:  �[32m✓�[0m Apply specs deprecated keys windows updates unset valid (0.45s)
1622:  �[32m✓�[0m Apply specs deprecated keys windows updates valid (0.45s)
1623:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days but grace period empty (0.48s)
1624:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days not a number (0.52s)
1625:  �[32m✓�[0m Apply specs deprecated keys windows updates.deadline days out of range (0.49s)
1626:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days but deadline empty (0.53s)
1627:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days not a number (0.46s)
1628:  �[32m✓�[0m Apply specs deprecated keys windows updates.grace period days out of range (0.46s)
1629:  �[32m✓�[0m Apply specs dry-run set with unsupported spec (0.35s)
1630:  �[32m✓�[0m Apply specs dry-run set with various specs, appconfig warning for legacy (0.47s)
1631:  �[32m✓�[0m Apply specs dry-run set with various specs, no errors (0.37s)
1632:  �[32m✓�[0m Apply specs empty config (0.36s)
...

1635:  �[32m✓�[0m Apply specs invalid agent options dry-run (0.45s)
1636:  �[32m✓�[0m Apply specs invalid agent options field type (0.38s)
1637:  �[32m✓�[0m Apply specs invalid agent options field type in overrides (0.39s)
1638:  �[32m✓�[0m Apply specs invalid agent options for existing team (0.51s)
1639:  �[32m✓�[0m Apply specs invalid agent options for new team (0.41s)
1640:  �[32m✓�[0m Apply specs invalid agent options force (0.43s)
1641:  �[32m✓�[0m Apply specs invalid known key's value type for team cannot be forced (0.58s)
1642:  �[32m✓�[0m Apply specs invalid team agent options command-line flag (0.48s)
1643:  �[32m✓�[0m Apply specs invalid top-level key for team (0.60s)
1644:  �[32m✓�[0m Apply specs macos updates deadline set but minimum version empty (0.36s)
1645:  �[32m✓�[0m Apply specs macos updates minimum version set but deadline empty (0.42s)
1646:  �[32m✓�[0m Apply specs macos updates.deadline with incomplete date (0.41s)
1647:  �[32m✓�[0m Apply specs macos updates.deadline with invalid date (0.39s)
1648:  �[32m✓�[0m Apply specs macos updates.deadline with timestamp (0.37s)
1649:  �[32m✓�[0m Apply specs macos updates.minimum version with build version (0.41s)
1650:  �[32m✓�[0m Apply specs missing required failing policies destination url (0.53s)
1651:  �[32m✓�[0m Apply specs missing required host status days count (0.43s)
...

1670:  �[32m✓�[0m Apply specs windows updates.grace period days not a number (0.46s)
1671:  �[32m✓�[0m Apply specs windows updates.grace period days out of range (0.42s)
1672:  �[32m✓�[0m Apply team specs (0.69s)
1673:  �[32m✓�[0m Apply user roles (0.57s)
1674:  �[32m✓�[0m Apply user roles deprecated (0.59s)
1675:  �[32m✓�[0m Apply windows updates (0.45s)
1676:  �[32m✓�[0m Apply windows updates field omitted (0.00s)
1677:  �[32m✓�[0m Apply windows updates with null values (0.00s)
1678:  �[32m✓�[0m Apply windows updates with values (0.00s)
1679:  �[32m✓�[0m Can apply intervals in nanoseconds (0.48s)
1680:  �[32m✓�[0m Can apply intervals using durations (0.47s)
1681:  �[32m✓�[0m Clean status code err (0.00s)
1682:  �[32m✓�[0m Clean status code err bare wrapped status code err (0.00s)
1683:  �[32m✓�[0m Clean status code err nil (0.00s)
1684:  �[32m✓�[0m Clean status code err outer-wrapped status code err (0.00s)
1685:  �[32m✓�[0m Clean status code err plain error untouched (0.00s)
1686:  �[32m✓�[0m Compute label changes (0.00s)
...

1742:  �[32m✓�[0m Filename functions (0.00s)
1743:  �[32m✓�[0m Filename functions outfile name builds a file name using the name provided + current time (0.00s)
1744:  �[32m✓�[0m Filename functions outfile name with ext builds a file name using the name and extension provided + current time (0.00s)
1745:  �[32m✓�[0m FleetctlUpgradePacks empty packs (0.36s)
1746:  �[32m✓�[0m FleetctlUpgradePacks no pack (0.33s)
1747:  �[32m✓�[0m FleetctlUpgradePacks non empty (0.41s)
1748:  �[32m✓�[0m FleetctlUpgradePacks not admin (0.35s)
1749:  �[32m✓�[0m Format XML (0.00s)
1750:  �[32m✓�[0m Format XML XML with attributes (0.00s)
1751:  �[32m✓�[0m Format XML basic XML (0.00s)
1752:  �[32m✓�[0m Format XML empty XML (0.00s)
1753:  �[32m✓�[0m Format XML invalid XML (0.00s)
1754:  �[32m✓�[0m Format XML nested XML (0.00s)
1755:  �[32m✓�[0m Generate MDM apple (0.92s)
1756:  �[32m✓�[0m Generate MDM apple BM (0.41s)
1757:  �[32m✓�[0m Generate MDM apple CSR API call fails (0.39s)
1758:  �[32m✓�[0m Generate MDM apple successful run (0.52s)
1759:  �[32m✓�[0m Generate MDMVPP tokens (0.00s)
1760:  �[32m✓�[0m Generate MDMVPP tokens get VPP tokens error (0.00s)
1761:  �[32m✓�[0m Generate MDMVPP tokens multiple tokens with different teams (0.00s)
...

1779:  �[32m✓�[0m Generate org settings masked google workspace api key (0.00s)
1780:  �[32m✓�[0m Generate policies (0.00s)
1781:  �[32m✓�[0m Generate policies patch policy orphaned from fleet maintained app (0.00s)
1782:  �[32m✓�[0m Generate queries (0.00s)
1783:  �[32m✓�[0m Generate software (0.00s)
1784:  �[32m✓�[0m Generate software auto update schedule (0.00s)
1785:  �[32m✓�[0m Generate software script packages (0.00s)
1786:  �[32m✓�[0m Generate team settings (0.00s)
1787:  �[32m✓�[0m Generate team settings insecure (0.00s)
1788:  �[32m✓�[0m Generated org settings no SSO (0.00s)
1789:  �[32m✓�[0m Generated org settings okta conditional access not included (0.00s)
1790:  �[32m✓�[0m Get MDM command results (0.42s)
1791:  �[32m✓�[0m Get MDM command results command flag required (0.00s)
1792:  �[32m✓�[0m Get MDM command results command not found (0.01s)
1793:  �[32m✓�[0m Get MDM command results command results empty (0.01s)
1794:  �[32m✓�[0m Get MDM command results command results error (0.01s)
1795:  �[32m✓�[0m Get MDM command results darwin command results (0.00s)
1796:  �[32m✓�[0m Get MDM command results host specific results (0.00s)
1797:  �[32m✓�[0m Get MDM command results windows command results (0.00s)
1798:  �[32m✓�[0m Get MDM commands (0.38s)
1799:  �[32m✓�[0m Get apple BM (1.61s)
1800:  �[32m✓�[0m Get apple BM free license (0.39s)
1801:  �[32m✓�[0m Get apple BM premium license, multiple tokens (0.38s)
1802:  �[32m✓�[0m Get apple BM premium license, no token (0.50s)
1803:  �[32m✓�[0m Get apple BM premium license, single token (0.34s)
1804:  �[32m✓�[0m Get apple MDM (0.36s)
1805:  �[32m✓�[0m Get carve (0.37s)
1806:  �[32m✓�[0m Get carve with error (0.32s)
1807:  �[32m✓�[0m Get carves (0.37s)
...

1821:  �[32m✓�[0m Get hosts MDM get hosts - -mdm - -mdm-pending - (0.01s)
1822:  �[32m✓�[0m Get hosts MDM get hosts - -mdm-pending - -yaml - expected list hosts yaml.yml (0.00s)
1823:  �[32m✓�[0m Get hosts get hosts - -json - -remove-deprecated-keys (0.00s)
1824:  �[32m✓�[0m Get hosts get hosts - -json - expected list hosts json.json (0.00s)
1825:  �[32m✓�[0m Get hosts get hosts - -json test host - expected host detail response json.json (0.00s)
1826:  �[32m✓�[0m Get hosts get hosts - -yaml - expected list hosts yaml.yml (0.00s)
1827:  �[32m✓�[0m Get hosts get hosts - -yaml test host - expected host detail response yaml.yml (0.00s)
1828:  �[32m✓�[0m Get label (0.38s)
1829:  �[32m✓�[0m Get label usage include and exclude allowed (0.00s)
1830:  �[32m✓�[0m Get label usage include and exclude allowed macos (0.00s)
1831:  �[32m✓�[0m Get label usage include and exclude allowed macos# 01 (0.00s)
1832:  �[32m✓�[0m Get label usage include and exclude allowed macos# 02 (0.00s)
1833:  �[32m✓�[0m Get label usage include and exclude allowed windows (0.00s)
1834:  �[32m✓�[0m Get label usage include and exclude allowed windows# 01 (0.00s)
1835:  �[32m✓�[0m Get label usage include and exclude allowed windows# 02 (0.00s)
1836:  �[32m✓�[0m Get label usage include exclude overlap error (0.00s)
1837:  �[32m✓�[0m Get label usage include exclude overlap error macos (0.00s)
1838:  �[32m✓�[0m Get label usage include exclude overlap error macos# 01 (0.00s)
1839:  �[32m✓�[0m Get label usage include exclude overlap error macos# 02 (0.00s)
1840:  �[32m✓�[0m Get label usage include exclude overlap error windows (0.00s)
1841:  �[32m✓�[0m Get label usage include exclude overlap error windows# 01 (0.00s)
1842:  �[32m✓�[0m Get label usage include exclude overlap error windows# 02 (0.00s)
1843:  �[32m✓�[0m Get label usage multiple label keys error (0.00s)
1844:  �[32m✓�[0m Get label usage multiple label keys error macos (0.00s)
1845:  �[32m✓�[0m Get label usage multiple label keys error windows (0.00s)
1846:  �[32m✓�[0m Get label usage policy scopes (0.00s)
...

1862:  �[32m✓�[0m Get queries as observer team observer (0.01s)
1863:  �[32m✓�[0m Get query (0.37s)
1864:  �[32m✓�[0m Get query labels include all (0.38s)
1865:  �[32m✓�[0m Get reports labels include all (0.36s)
1866:  �[32m✓�[0m Get software titles (0.49s)
1867:  �[32m✓�[0m Get software versions (0.43s)
1868:  �[32m✓�[0m Get teams (1.09s)
1869:  �[32m✓�[0m Get teams YAML and apply (0.44s)
1870:  �[32m✓�[0m Get teams by name (0.35s)
1871:  �[32m✓�[0m Get teams expired license (0.51s)
1872:  �[32m✓�[0m Get teams not expired license (0.58s)
1873:  �[32m✓�[0m Get teams software from source of truth (0.52s)
1874:  �[32m✓�[0m Get user roles (0.39s)
1875:  �[32m✓�[0m Git ops ABM (5.54s)
1876:  �[32m✓�[0m Git ops ABM backwards compat (0.64s)
1877:  �[32m✓�[0m Git ops ABM both keys errors (0.60s)
1878:  �[32m✓�[0m Git ops ABM deprecated config with two tokens in the db fails (0.40s)
1879:  �[32m✓�[0m Git ops ABM new key all valid (0.66s)
1880:  �[32m✓�[0m Git ops ABM new key multiple elements (0.68s)
1881:  �[32m✓�[0m Git ops ABM no team is supported (0.58s)
1882:  �[32m✓�[0m Git ops ABM non existent org name fails (0.39s)
1883:  �[32m✓�[0m Git ops ABM not provided teams defaults to no team (0.46s)
1884:  �[32m✓�[0m Git ops ABM renamed new key all valid (0.59s)
1885:  �[32m✓�[0m Git ops ABM using an undefined team errors (0.55s)
1886:  �[32m✓�[0m Git ops EULA setting (4.12s)
...

1889:  �[32m✓�[0m Git ops EULA setting not a PDF file (0.50s)
1890:  �[32m✓�[0m Git ops EULA setting relative path to working dir to pdf file (no existing EULA uploaded) (0.52s)
1891:  �[32m✓�[0m Git ops EULA setting relative path to yaml file to pdf file (no existing EULA uploaded) (0.42s)
1892:  �[32m✓�[0m Git ops EULA setting uploading the same EULA again (0.59s)
1893:  �[32m✓�[0m Git ops EULA setting valid new pdf file (different EULA already uploaded) (0.56s)
1894:  �[32m✓�[0m Git ops EULA setting valid pdf file (no existing EULA uploaded) (0.58s)
1895:  �[32m✓�[0m Git ops MDM auth settings (0.43s)
1896:  �[32m✓�[0m Git ops SMTP settings (0.45s)
1897:  �[32m✓�[0m Git ops SSO server URL (0.58s)
1898:  �[32m✓�[0m Git ops SSO settings (0.41s)
1899:  �[32m✓�[0m Git ops android certificates add (0.44s)
1900:  �[32m✓�[0m Git ops android certificates change (0.66s)
1901:  �[32m✓�[0m Git ops android certificates delete all (0.62s)
1902:  �[32m✓�[0m Git ops android certificates delete one (0.58s)
1903:  �[32m✓�[0m Git ops app store app auto update (0.56s)
1904:  �[32m✓�[0m Git ops app store app auto update invalid auto-update window triggers error and does not call update software title auto update config (0.02s)
1905:  �[32m✓�[0m Git ops app store app auto update no auto update settings and no existing schedule does not call update software title auto update config (0.02s)
1906:  �[32m✓�[0m Git ops app store app auto update update software title auto update config is applied for i OS VPP apps (0.03s)
1907:  �[32m✓�[0m Git ops app store app auto update update software title auto update config is not called when no VPP apps provided (0.02s)
1908:  �[32m✓�[0m Git ops apple OS updates (0.38s)
1909:  �[32m✓�[0m Git ops apple OS updates ios updates (0.01s)
1910:  �[32m✓�[0m Git ops apple OS updates ios updates os updated when existing OS update declaration (0.01s)
1911:  �[32m✓�[0m Git ops apple OS updates ipados updates (0.01s)
1912:  �[32m✓�[0m Git ops apple OS updates ipados updates os updated when existing OS update declaration (0.01s)
1913:  �[32m✓�[0m Git ops apple OS updates macos updates (0.01s)
1914:  �[32m✓�[0m Git ops apple OS updates macos updates os updated when existing OS update declaration (0.01s)
1915:  �[32m✓�[0m Git ops basic global and no team (0.66s)
1916:  �[32m✓�[0m Git ops basic global and no team basic global and no-team.yml (0.05s)
1917:  �[32m✓�[0m Git ops basic global and no team both global and no-team.yml define controls -- should fail (0.01s)
1918:  �[32m✓�[0m Git ops basic global and no team controls only defined in no-team.yml (0.05s)
1919:  �[32m✓�[0m Git ops basic global and no team global DOES NOT define controls -- should fail (0.01s)
1920:  �[32m✓�[0m Git ops basic global and no team global and no-team.yml DO NOT define controls -- should fail (0.01s)
1921:  �[32m✓�[0m Git ops basic global and no team global defines software -- should fail (0.01s)
1922:  �[32m✓�[0m Git ops basic global and no team no-team provided without global -- should fail (0.01s)
1923:  �[32m✓�[0m Git ops basic global and no team no-team.yml defines policy with calendar events enabled -- should fail (0.01s)
1924:  �[32m✓�[0m Git ops basic global and no team unassigned provided without global -- should fail (0.01s)
1925:  �[32m✓�[0m Git ops basic global and team (0.62s)
...

1931:  �[32m✓�[0m Git ops custom settings global macos windows custom settings valid.yml (0.60s)
1932:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix 2 .yml (0.53s)
1933:  �[32m✓�[0m Git ops custom settings global windows custom settings invalid label mix.yml (0.56s)
1934:  �[32m✓�[0m Git ops custom settings global windows custom settings unknown label.yml (0.50s)
1935:  �[32m✓�[0m Git ops custom settings team macos custom settings valid deprecated.yml (0.42s)
1936:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix 2 .yml (0.54s)
1937:  �[32m✓�[0m Git ops custom settings team macos windows custom settings invalid labels mix.yml (0.40s)
1938:  �[32m✓�[0m Git ops custom settings team macos windows custom settings unknown label.yml (0.44s)
1939:  �[32m✓�[0m Git ops custom settings team macos windows custom settings valid.yml (0.58s)
1940:  �[32m✓�[0m Git ops dry run rejects invalid label platform (0.46s)
1941:  �[32m✓�[0m Git ops exception enforcement (0.43s)
1942:  �[32m✓�[0m Git ops exception enforcement free tier (0.56s)
1943:  �[32m✓�[0m Git ops exceptions preserve omitted keys (0.52s)
1944:  �[32m✓�[0m Git ops features (0.53s)
1945:  �[32m✓�[0m Git ops filename validation (0.00s)
1946:  �[32m✓�[0m Git ops fleet failing policies webhook policy IDs (0.48s)
1947:  �[32m✓�[0m Git ops fleet webhooks and tickets enabled (0.58s)
...

2104:  �[32m✓�[0m New basic file structure has expected files (0.00s)
2105:  �[32m✓�[0m New basic file structure replaces and escapes org name template var (0.00s)
2106:  �[32m✓�[0m New basic file structure strips .template. from output filenames (0.00s)
2107:  �[32m✓�[0m New dir flag (0.01s)
2108:  �[32m✓�[0m New existing dir with force (0.01s)
2109:  �[32m✓�[0m New existing dir without force (0.00s)
2110:  �[32m✓�[0m New org name YAML quoting (0.01s)
2111:  �[32m✓�[0m New org name validation (0.01s)
2112:  �[32m✓�[0m New org name validation at max length (0.01s)
2113:  �[32m✓�[0m New org name validation control characters stripped (0.01s)
2114:  �[32m✓�[0m New org name validation only control characters (0.00s)
2115:  �[32m✓�[0m New org name validation only whitespace (0.00s)
2116:  �[32m✓�[0m New org name validation too long (0.00s)
2117:  �[32m✓�[0m New output messages (0.01s)
2118:  �[32m✓�[0m New template stripping (0.01s)
2119:  �[32m✓�[0m Print auth error (0.35s)
2120:  �[32m✓�[0m Print auth error SSO disabled shows default login message (0.00s)
2121:  �[32m✓�[0m Print auth error SSO enabled shows SSO instructions (0.00s)
2122:  �[32m✓�[0m Render template (0.00s)
...

2142:  �[32m✓�[0m Run api command get scripts full path missing (0.00s)
2143:  �[32m✓�[0m Run api command get scripts team (0.00s)
2144:  �[32m✓�[0m Run api command get scripts team no cache (0.00s)
2145:  �[32m✓�[0m Run api command get typo (0.00s)
2146:  �[32m✓�[0m Run api command upload script (0.00s)
2147:  �[32m✓�[0m Run script command (0.56s)
2148:  �[32m✓�[0m Run script command disabled scripts globally (0.00s)
2149:  �[32m✓�[0m Run script command host not found (0.01s)
2150:  �[32m✓�[0m Run script command invalid file type (0.00s)
2151:  �[32m✓�[0m Run script command invalid hashbang (0.01s)
2152:  �[32m✓�[0m Run script command invalid utf 8 (0.00s)
2153:  �[32m✓�[0m Run script command missing one of script-path and script-nqme (0.00s)
2154:  �[32m✓�[0m Run script command output truncated (0.01s)
2155:  �[32m✓�[0m Run script command posix shell hashbang (0.01s)
2156:  �[32m✓�[0m Run script command script empty (0.00s)
2157:  �[32m✓�[0m Run script command script failed (0.01s)
2158:  �[32m✓�[0m Run script command script killed (0.01s)
...

2213:  �[32m✓�[0m Validate git ops group EUA global-only run degrades id p but the team's in-run file disables EU A: accepted (0.00s)
2214:  �[32m✓�[0m Validate git ops group EUA global-only run degrades id p while a stored team keeps EUA on: rejected (#4337 1) (0.00s)
2215:  �[32m✓�[0m Validate git ops group EUA no EUA enabled anywhere is accepted (0.00s)
2216:  �[32m✓�[0m Validate git ops group EUA team enables EU A, global file adds complete id P: accepted (0.00s)
2217:  �[32m✓�[0m Validate git ops group EUA team enables EU A, global file adds id p missing entity id: rejected (0.00s)
2218:  �[32m✓�[0m Validate git ops group EUA team enables EU A, global file omits id P, stored has id P: rejected (overwrite clears) (0.00s)
2219:  �[32m✓�[0m Validate git ops group EUA team enables EU A, stored has id P, no global file: accepted (0.00s)
2220:  �[32m✓�[0m Validate git ops group EUA team enables EU A, stored has no id P, no global file: rejected (0.00s)
2221:  github.com/fleetdm/fleet/v4/cmd/fleetctl/integrationtest/gitops:
2222:  �[32m✓�[0m Git ops VPP (4.81s)
2223:  �[32m✓�[0m Git ops VPP all fleets is supported (0.56s)
2224:  �[32m✓�[0m Git ops VPP all teams is supported (0.56s)
2225:  �[32m✓�[0m Git ops VPP new key all valid (0.72s)
2226:  �[32m✓�[0m Git ops VPP new key multiple elements (0.67s)
2227:  �[32m✓�[0m Git ops VPP no team is supported (0.54s)
2228:  �[32m✓�[0m Git ops VPP non existent location fails (0.54s)
2229:  �[32m✓�[0m Git ops VPP not provided teams defaults to no team (0.59s)
2230:  �[32m✓�[0m Git ops VPP using an undefined team errors (0.64s)
2231:  �[32m✓�[0m Git ops existing team VPP apps with missing team (0.57s)
...

2324:  �[32m✓�[0m Git ops team software installers team software installer with display name.yml (1.47s)
2325:  �[32m✓�[0m Integrations enterprise gitops (317.20s)
2326:  �[32m✓�[0m Integrations enterprise gitops test CA integrations (3.95s)
2327:  �[32m✓�[0m Integrations enterprise gitops test FMA labels include all (6.04s)
2328:  �[32m✓�[0m Integrations enterprise gitops test IPA software installers (10.55s)
2329:  �[32m✓�[0m Integrations enterprise gitops test JSON configuration profile escaping (1.28s)
2330:  �[32m✓�[0m Integrations enterprise gitops test add manual labels (1.57s)
2331:  �[32m✓�[0m Integrations enterprise gitops test configuration profile escaping (1.33s)
2332:  �[32m✓�[0m Integrations enterprise gitops test delete CA with certificate templates (6.03s)
2333:  �[32m✓�[0m Integrations enterprise gitops test delete mac OS setup (5.02s)
2334:  �[32m✓�[0m Integrations enterprise gitops test deleting no team YAML (2.65s)
2335:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience (123.71s)
2336:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience all VPP with setup experience (1.23s)
2337:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team VPP (1.14s)
2338:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience no team installers (60.51s)
2339:  �[32m✓�[0m Integrations enterprise gitops test disallow software setup experience packages fail (60.65s)
2340:  �[32m✓�[0m Integrations enterprise gitops test dry run mac OS setup script with manual agent install conflict (0.42s)
...

2370:  �[32m✓�[0m Integrations enterprise gitops test omitted top level keys global (2.48s)
2371:  �[32m✓�[0m Integrations enterprise gitops test remove custom settings from default YAML (2.56s)
2372:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps (3.81s)
2373:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps all teams (2.41s)
2374:  �[32m✓�[0m Integrations enterprise gitops test special case teams VPP apps no team (1.24s)
2375:  �[32m✓�[0m Integrations enterprise gitops test unset configuration profile labels (4.92s)
2376:  �[32m✓�[0m Integrations enterprise gitops test unset software installer labels (11.37s)
2377:  �[32m✓�[0m Integrations enterprise starter library (4.96s)
2378:  �[32m✓�[0m Integrations enterprise starter library test apply starter library premium (3.53s)
2379:  �[32m✓�[0m Integrations gitops (2.58s)
2380:  �[32m✓�[0m Integrations gitops test fleet gitops (0.78s)
2381:  �[32m✓�[0m Integrations gitops test fleet gitops DDM fleet vars requires premium (0.11s)
2382:  �[32m✓�[0m Integrations gitops test fleet gitops with fleet secrets (0.23s)
2383:  �[32m✓�[0m Integrations starter library (1.57s)
2384:  �[32m✓�[0m Integrations starter library test apply starter library free (0.18s)
2385:  === �[31mFailed�[0m
2386:  === �[31mFAIL�[0m: cmd/fleetctl/fleetctl TestGitOpsFullGlobal/useDeprecatedKeys=false (0.04s)
2387:  time=level=INFO msg="request error" path=/api/latest/fleet/setup_experience/eula/metadata took=122.299µs uuid=3e37370a-6c34-4c19-affb-0030e8648974 err="not found"
2388:  [-] would've deleted report Query to delete
2389:  time=level=INFO msg="request error" path=/api/latest/fleet/setup_experience/eula/metadata took=110.216µs uuid=79748ab3-f22b-46a7-aa20-254b90c640aa err="not found"
2390:  testing_utils_test.go:20: 
2391:  Error Trace:	/home/runner/work/fleet/fleet/cmd/fleetctl/fleetctl/testing_utils_test.go:20
2392:  /home/runner/work/fleet/fleet/cmd/fleetctl/fleetctl/gitops_test.go:2244
2393:  Error:      	Received unexpected error:
2394:  applying custom settings: POST /api/latest/fleet/mdm/profiles/batch received status 422 Validation Failed: cannot set custom settings: Windows MDM isn't turned on. For more information about setting up MDM, please visit https://fleetdm.com/learn-more-about/windows-mdm (API time: 1ms)
2395:  Test:       	TestGitOpsFullGlobal/useDeprecatedKeys=false
2396:  --- FAIL: TestGitOpsFullGlobal/useDeprecatedKeys=false (0.04s)
2397:  === �[31mFAIL�[0m: cmd/fleetctl/fleetctl TestGitOpsFullGlobal/useDeprecatedKeys=true (0.04s)
2398:  time=level=INFO msg="request error" path=/api/latest/fleet/setup_experience/eula/metadata took=113.572µs uuid=dcc73cda-27e9-4846-a5a7-3add593f3350 err="not found"
2399:  [-] would've deleted report Query to delete
2400:  time=level=INFO msg="request error" path=/api/latest/fleet/setup_experience/eula/metadata took=150.672µs uuid=f4fa2687-09b2-458e-9453-d5e3136a9cac err="not found"
2401:  testing_utils_test.go:20: 
2402:  Error Trace:	/home/runner/work/fleet/fleet/cmd/fleetctl/fleetctl/testing_utils_test.go:20
2403:  /home/runner/work/fleet/fleet/cmd/fleetctl/fleetctl/gitops_test.go:2244
2404:  Error:      	Received unexpected error:
2405:  applying custom settings: POST /api/latest/fleet/mdm/profiles/batch received status 422 Validation Failed: cannot set custom settings: Windows MDM isn't turned on. For more information about setting up MDM, please visit https://fleetdm.com/learn-more-about/windows-mdm (API time: 1ms)
2406:  Test:       	TestGitOpsFullGlobal/useDeprecatedKeys=true
2407:  --- FAIL: TestGitOpsFullGlobal/useDeprecatedKeys=true (0.04s)
2408:  === �[31mFAIL�[0m: cmd/fleetctl/fleetctl TestGitOpsFullGlobal (0.52s)
2409:  DONE 921 tests, 3 failures in 646.086s
2410:  make[1]: *** [Makefile:302: .run-go-tests] Error 1
2411:  make[1]: Leaving directory '/home/runner/work/fleet/fleet'
2412:  make: *** [Makefile:417: test-go] Error 2
2413:  ##[error]Process completed with exit code 2.
2414:  Node 20 is being deprecated. This workflow is running with Node 24 by default. If you need to temporarily use Node 20, you can set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true environment variable. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
2415:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
2416:  with:
2417:  name: fleetctl-mysql8.0.44-coverage
2418:  path: ./coverage.txt
2419:  if-no-files-found: error
2420:  compression-level: 6
...

2423:  RACE_ENABLED: false
2424:  GO_TEST_TIMEOUT: 20m
2425:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2426:  RUN_TESTS_ARG: 
2427:  CI_TEST_PKG: fleetctl
2428:  NEED_DOCKER: 1
2429:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2430:  GOTOOLCHAIN: local
2431:  ##[endgroup]
2432:  (node:44535) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2433:  (Use `node --trace-deprecation ...` to show where the warning was created)
2434:  With the provided path, there will be 1 file uploaded
2435:  Artifact name is valid!
2436:  Root directory input is valid!
2437:  Beginning upload of artifact content to blob storage
2438:  (node:44535) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2439:  Uploaded bytes 2308908
2440:  Finished uploading artifact content to blob storage!
2441:  SHA256 hash of uploaded artifact zip is c66f3c277bcffb4aec00feff98761fa112523caa1c3047a8068b656abf14587d
2442:  Finalizing artifact upload
2443:  Artifact fleetctl-mysql8.0.44-coverage.zip successfully finalized. Artifact ID 7997465762
2444:  Artifact fleetctl-mysql8.0.44-coverage has been successfully uploaded! Final size is 2308908 bytes. Artifact ID is 7997465762
2445:  Artifact download URL: https://github.com/fleetdm/fleet/actions/runs/28485559355/artifacts/7997465762
2446:  ##[group]Run c1grep() { grep "$@" || test $? = 1; }
2447:  �[36;1mc1grep() { grep "$@" || test $? = 1; }�[0m
2448:  �[36;1mc1grep -oP 'FAIL: .*$' /tmp/gotest.log > /tmp/summary.txt�[0m
2449:  �[36;1mc1grep 'test timed out after' /tmp/gotest.log >> /tmp/summary.txt�[0m
2450:  �[36;1mc1grep 'fatal error:' /tmp/gotest.log >> /tmp/summary.txt�[0m
2451:  �[36;1mc1grep -A 10 'panic: runtime error: ' /tmp/gotest.log >> /tmp/summary.txt�[0m
2452:  �[36;1mc1grep ' FAIL\t' /tmp/gotest.log >> /tmp/summary.txt�[0m
2453:  �[36;1mGO_FAIL_SUMMARY=$(head -n 5 /tmp/summary.txt | sed ':a;N;$!ba;s/\n/\\n/g')�[0m
2454:  �[36;1mecho "GO_FAIL_SUMMARY=$GO_FAIL_SUMMARY"�[0m
2455:  �[36;1mif [[ -z "$GO_FAIL_SUMMARY" ]]; then�[0m
2456:  �[36;1m  GO_FAIL_SUMMARY="unknown, please check the build URL"�[0m
2457:  �[36;1mfi�[0m
2458:  �[36;1mGO_FAIL_SUMMARY=$GO_FAIL_SUMMARY envsubst < .github/workflows/config/slack_payload_template.json > ./payload.json�[0m
2459:  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2460:  env:
2461:  RACE_ENABLED: false
2462:  GO_TEST_TIMEOUT: 20m
2463:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2464:  RUN_TESTS_ARG: 
2465:  CI_TEST_PKG: fleetctl
2466:  NEED_DOCKER: 1
2467:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2468:  GOTOOLCHAIN: local
2469:  ##[endgroup]
2470:  GO_FAIL_SUMMARY=FAIL: TestGitOpsFullGlobal/useDeprecatedKeys=false (0.04s)\nFAIL: TestGitOpsFullGlobal/useDeprecatedKeys=true (0.04s)
2471:  Node 20 is being deprecated. This workflow is running with Node 24 by default. If you need to temporarily use Node 20, you can set the ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true environment variable. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
2472:  ##[group]Run actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a
2473:  with:
2474:  name: fleetctl-mysql8.0.44-test-log
2475:  path: /tmp/gotest.log
2476:  if-no-files-found: error
2477:  compression-level: 6
...

2480:  RACE_ENABLED: false
2481:  GO_TEST_TIMEOUT: 20m
2482:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2483:  RUN_TESTS_ARG: 
2484:  CI_TEST_PKG: fleetctl
2485:  NEED_DOCKER: 1
2486:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2487:  GOTOOLCHAIN: local
2488:  ##[endgroup]
2489:  (node:44557) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2490:  (Use `node --trace-deprecation ...` to show where the warning was created)
2491:  With the provided path, there will be 1 file uploaded
2492:  Artifact name is valid!
2493:  Root directory input is valid!
2494:  Beginning upload of artifact content to blob storage
2495:  (node:44557) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2496:  Uploaded bytes 10950
...

2512:  RACE_ENABLED: false
2513:  GO_TEST_TIMEOUT: 20m
2514:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2515:  RUN_TESTS_ARG: 
2516:  CI_TEST_PKG: fleetctl
2517:  NEED_DOCKER: 1
2518:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2519:  GOTOOLCHAIN: local
2520:  ##[endgroup]
2521:  (node:44569) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2522:  (Use `node --trace-deprecation ...` to show where the warning was created)
2523:  With the provided path, there will be 1 file uploaded
2524:  Artifact name is valid!
2525:  Root directory input is valid!
2526:  Beginning upload of artifact content to blob storage
2527:  (node:44569) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2528:  Uploaded bytes 205
...

2544:  RACE_ENABLED: false
2545:  GO_TEST_TIMEOUT: 20m
2546:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2547:  RUN_TESTS_ARG: 
2548:  CI_TEST_PKG: fleetctl
2549:  NEED_DOCKER: 1
2550:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2551:  GOTOOLCHAIN: local
2552:  ##[endgroup]
2553:  (node:44581) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2554:  (Use `node --trace-deprecation ...` to show where the warning was created)
2555:  With the provided path, there will be 1 file uploaded
2556:  Artifact name is valid!
2557:  Root directory input is valid!
2558:  Beginning upload of artifact content to blob storage
2559:  (node:44581) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2560:  Uploaded bytes 104687
...

2593:  RACE_ENABLED: false
2594:  GO_TEST_TIMEOUT: 20m
2595:  DOCKER_COMMAND: docker compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup s3 saml_idp mailhog mailpit smtp4dev_test
2596:  RUN_TESTS_ARG: 
2597:  CI_TEST_PKG: fleetctl
2598:  NEED_DOCKER: 1
2599:  ARTIFACT_PREFIX: fleetctl-mysql8.0.44
2600:  GOTOOLCHAIN: local
2601:  ##[endgroup]
2602:  (node:44616) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
2603:  (Use `node --trace-deprecation ...` to show where the warning was created)
2604:  With the provided path, there will be 1 file uploaded
2605:  Artifact name is valid!
2606:  Root directory input is valid!
2607:  Beginning upload of artifact content to blob storage
2608:  (node:44616) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
2609:  Uploaded bytes 133

@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 0% with 727 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.79%. Comparing base (0656141) to head (bdb167a).
⚠️ Report is 38 commits behind head on main.

Files with missing lines Patch % Lines
cmd/osquery-perf/android_agent.go 0.00% 214 Missing ⚠️
cmd/android-amapi-mock/handlers.go 0.00% 208 Missing ⚠️
cmd/android-amapi-mock/google_forwarder.go 0.00% 134 Missing ⚠️
cmd/android-amapi-mock/main.go 0.00% 82 Missing ⚠️
cmd/android-amapi-mock/middleware.go 0.00% 43 Missing ⚠️
cmd/osquery-perf/agent.go 0.00% 25 Missing ⚠️
cmd/osquery-perf/osquery_perf/stats.go 0.00% 21 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main   #48535      +/-   ##
==========================================
+ Coverage   67.48%   67.79%   +0.30%     
==========================================
  Files        3676     3682       +6     
  Lines      233629   234398     +769     
  Branches    12261    12261              
==========================================
+ Hits       157672   158901    +1229     
+ Misses      61806    61197     -609     
- Partials    14151    14300     +149     
Flag Coverage Δ
backend 69.39% <0.00%> (+0.35%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Android: Load testing

2 participants