2023-03-10 17:23:10 +00:00
# This workflow applies the latest MDM profiles to the workstations team.
# It uses a fleet instance also built and executed from source.
#
# It runs automatically when a file is changed in /mdm_profiles.
name : Apply latest MDM profiles
on :
push :
branches :
- main
paths :
- 'mdm_profiles/**.mobileconfig'
workflow_dispatch : # Manual
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency :
group : ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
cancel-in-progress : true
defaults :
run :
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell : bash
permissions :
contents : read
env :
2023-03-21 16:23:08 +00:00
DOGFOOD_API_TOKEN : ${{ secrets.FLEET_GITOPS_API_ACCESS_TOKEN }}
2023-03-10 17:23:10 +00:00
DOGFOOD_URL : ${{ secrets.DOGFOOD_URL }}
CLOUD_MANAGEMENT_ENROLLMENT_TOKEN : ${{ secrets.CLOUD_MANAGEMENT_ENROLLMENT_TOKEN }}
jobs :
apply-profiles :
timeout-minutes : 15
runs-on : ubuntu-latest
strategy :
matrix :
go-version : [ '^1.19.4' ]
steps :
- name : Install Go
uses : actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2
with :
go-version : ${{ matrix.go-version }}
- name : Checkout Code
uses : actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2
with :
repository : fleetdm/fleet
- name : Build Fleetctl
run : make fleetctl
- name : Configure Fleetctl
run : build/fleetctl config set --address $DOGFOOD_URL --token $DOGFOOD_API_TOKEN
- name : Run fleetctl apply
run : |
profiles=""
for file in mdm_profiles/*.mobileconfig; do
envsubst < "$file" > "${file}.new"
mv "${file}.new" "$file"
profiles+="- $file
"
done
echo "apiVersion: v1
kind : team
spec :
team :
name : 🧪 g-mdm lab
mdm :
macos_settings :
custom_settings :
$profiles
" > team-workstations-config.yml
build/fleetctl apply -f team-workstations-config.yml
