#### README #### # # This action "tests" your AutoPKG JSS recipes by running them on a macOS machine and uploading them to your JAMF instance via JSSImporter # I recommend using a sandbox/dev instance for this, which your JAMF rep will happily provide for you on request. # #### REQUIREMENTS #### # # The below action assumes that your repository contains a RecipeOverrides folder at its root that contains your overrides # It also assumes you have a file called repo_list.txt in the root of your repository which lists the parent repositories used by your recipes. # # This action also references (3) Github repository secrets: # - JSS_USERNAME # - JSS_PASSWORD # - JSS_URL # # I HIGHLY RECOMMEND USING A JAMF SANDBOX/DEV ENVIRONMENT # #### name: AutoPkg Recipe Test on: pull_request: branches: - main paths: - 'RecipeOverrides/**' jobs: AutoPkg: runs-on: macos-latest timeout-minutes: 25 steps: - name: Checkout it-autopkg uses: actions/checkout@v2 with: fetch-depth: 0 - name: Get file changes uses: dorny/paths-filter@v2 id: filter with: filters: | recipes: - 'RecipeOverrides/**.recipe' templates: - 'RecipeOverrides/**.xml' - name: List new recipes in temp file if: steps.filter.outputs.recipes == 'true' run: | git diff --name-status origin/main | grep ".*\.recipe$" | sed '/^D/d' | grep -v '^R100' | cut -c 3- | sort -u > /tmp/new_recipes.txt - name: List new recipe templates in temp file if: steps.filter.outputs.templates == 'true' run: | git diff --name-status origin/main | grep ".*\.xml" | sed '/^D/d' | grep -v '^R100' | cut -c 3- | sort -u > /tmp/new_templates.txt - name: Validate XML syntax for recipes if: steps.filter.outputs.recipes == 'true' run: | while read recipe; do xmllint --noout "$recipe"; done < <(cat /tmp/new_recipes.txt) - name: Validate XML syntax for recipe templates if: steps.filter.outputs.templates == 'true' run: | while read template; do xmllint --noout "$template"; done < <(cat /tmp/new_templates.txt) - name: Install AutoPkg if: steps.filter.outputs.recipes == 'true' run: | curl -L https://github.com/autopkg/autopkg/releases/download/v2.3.1/autopkg-2.3.1.pkg --output /tmp/autopkg.pkg sudo installer -pkg /tmp/autopkg.pkg -target / - name: Install JSSImporter if: steps.filter.outputs.recipes == 'true' run: | curl -L https://github.com/jssimporter/JSSImporter/releases/download/v1.1.5/jssimporter-1.1.5.pkg --output /tmp/jssimporter.pkg sudo installer -pkg /tmp/jssimporter.pkg -target / - name: Configure AutoPkg if: steps.filter.outputs.recipes == 'true' env: JSS_USERNAME: ${{ secrets.JSS_USERNAME_SANDBOX }} JSS_PASSWORD: ${{ secrets.JSS_PASSWORD_SANDBOX }} JSS_URL: ${{ secrets.JSS_URL }} GH_TOKEN: ${{ secrets.GH_TOKEN }} run: | defaults write com.github.autopkg RECIPE_OVERRIDE_DIRS $(pwd)/RecipeOverrides/ defaults write com.github.autopkg RECIPE_REPO_DIR $(pwd)/repos/ defaults write com.github.autopkg FAIL_RECIPES_WITHOUT_TRUST_INFO -bool YES defaults write com.github.autopkg JSS_URL $JSS_URL defaults write com.github.autopkg API_USERNAME $JSS_USERNAME defaults write com.github.autopkg API_PASSWORD $JSS_PASSWORD defaults write com.github.autopkg GITHUB_TOKEN $GH_TOKEN - name: Clone AutoPkg parent repos if: steps.filter.outputs.recipes == 'true' run: | for repo in $(cat repo_list.txt); do autopkg repo-add $repo && autopkg repo-update $repo; done - name: Verify trust info if: steps.filter.outputs.recipes == 'true' run: | while read recipe; do autopkg verify-trust-info -vv "$recipe"; done < <(cat /tmp/new_recipes.txt) - name: Run recipes if: steps.filter.outputs.recipes == 'true' run: | while read recipe; do autopkg run -vvvv "$recipe" --key STOP_IF_NO_JSS_UPLOAD=False; done < <(cat /tmp/new_recipes.txt)