Skip to content

Switch FMA manifest retrieval to use Cloudflare R2 bucket#43012

Merged
sgress454 merged 3 commits intomainfrom
42751-r2-fma
Apr 4, 2026
Merged

Switch FMA manifest retrieval to use Cloudflare R2 bucket#43012
sgress454 merged 3 commits intomainfrom
42751-r2-fma

Conversation

@iansltx
Copy link
Copy Markdown
Member

@iansltx iansltx commented Apr 3, 2026

Fixes #42751

Checklist for submitter

If some of the following don't apply, delete the relevant line.

  • Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
    See Changes files for more information.

Testing

  • QA'd all new/changed functionality manually

@iansltx iansltx requested a review from a team as a code owner April 3, 2026 21:58
Copilot AI review requested due to automatic review settings April 3, 2026 21:58
claude[bot]
claude bot reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

sgress454
sgress454 previously approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sgress454 sgress454 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://maintained-apps.fleetdm.com/manifests/apps.json is a go!

Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Switches the Fleet-maintained apps (FMA) manifest download base URL from GitHub raw content to the maintained-apps.fleetdm.com endpoint (Cloudflare R2-backed), and documents the new outbound dependency.

Changes:

  • Updated the base URL used by maintained apps sync to https://maintained-apps.fleetdm.com/manifests.
  • Added a changelog entry warning operators to allowlist the new manifests host.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

File Description
server/mdm/maintainedapps/sync.go Points manifest retrieval at the new maintained-apps domain instead of GitHub raw content.
changes/42751-r2-fma Documents the user-visible change and new outbound network requirement.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

server/mdm/maintainedapps/sync.go
}

const fmaOutputsBase = "https://raw.githubusercontent.com/fleetdm/fleet/refs/heads/main/ee/maintained-apps/outputs"
const fmaOutputsBase = "https://maintained-apps.fleetdm.com/manifests"
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fmaOutputsBase no longer matches the new path/name (/manifests). Renaming this constant to something like fmaManifestsBaseURL (and updating its usages) would make the intent clearer and avoid confusion during future maintenance.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@iansltx iansltx Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a minimal change on a Friday afternoon. Nope, not touching this.

server/mdm/maintainedapps/sync.go
}

const fmaOutputsBase = "https://raw.githubusercontent.com/fleetdm/fleet/refs/heads/main/ee/maintained-apps/outputs"
const fmaOutputsBase = "https://maintained-apps.fleetdm.com/manifests"
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This introduces a new hard-coded external dependency for production sync behavior. Consider making the base URL configurable (e.g., via server config/env with a sane default) so operators can quickly redirect/override in incident scenarios (DNS issues, regional blocks, temporary migration), rather than requiring a redeploy.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@iansltx iansltx Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already configurable.

changes/42751-r2-fma
@@ -0,0 +1 @@
* Switched Fleet-maintained apps serving location from GitHub to https://maintained-apps.fleetdm.com/manifests. If you limit outbound Fleet server traffic, make sure it can access the new FMA manifests location.
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changelog sentence references “FMA manifests location” without defining “FMA” in this entry. Consider expanding it once (e.g., “Fleet-maintained apps (FMA)”) to keep the entry self-contained for readers skimming release notes.

Suggested change
* Switched Fleet-maintained apps serving location from GitHub to https://maintained-apps.fleetdm.com/manifests. If you limit outbound Fleet server traffic, make sure it can access the new FMA manifests location.
* Switched Fleet-maintained apps (FMA) serving location from GitHub to https://maintained-apps.fleetdm.com/manifests. If you limit outbound Fleet server traffic, make sure it can access the new FMA manifests location.

Copilot uses AI. Check for mistakes.
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 3, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.86%. Comparing base (9eb1e2a) to head (7cf4212).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #43012      +/-   ##
==========================================
+ Coverage   66.85%   66.86%   +0.01%     
==========================================
  Files        2578     2578              
  Lines      206880   206880              
  Branches     9166     9166              
==========================================
+ Hits       138301   138332      +31     
+ Misses      56003    55979      -24     
+ Partials    12576    12569       -7
Flag Coverage Δ
backend 68.63% <ø> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sgress454 sgress454 merged commit 77639d5 into main Apr 4, 2026
51 checks passed
@sgress454 sgress454 deleted the 42751-r2-fma branch April 4, 2026 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@claude claude[bot] claude[bot] left review comments

@sgress454 sgress454 sgress454 approved these changes

Assignees

@sgress454 sgress454

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Switch Fleet-maintained app manifest primary CDN to Cloudflare R2

3 participants

@iansltx @sgress454