# This workflow applies the latest configuration profiles (macOS settings) and macOS updates minimum version and deadline to the workstations team.
# It uses a Fleet instance also built and executed from source.
#
# It runs when the GitHub action is triggered manually
name: Apply latest configuration profiles and macOS updates

on:
  push:
    branches:
      - main
    paths:
      - "mdm_profiles/**.mobileconfig"
      - ".github/workflows/fleetctl-workstations.yml"
  workflow_dispatch: # Manual

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

permissions:
  contents: read

env:
  DOGFOOD_API_TOKEN: ${{ secrets.DOGFOOD_API_TOKEN }}
  DOGFOOD_URL: ${{ secrets.DOGFOOD_URL }}
  CLOUD_MANAGEMENT_ENROLLMENT_TOKEN: ${{ secrets.CLOUD_MANAGEMENT_ENROLLMENT_TOKEN }}

jobs:
  apply-profiles:
    timeout-minutes: 5
    runs-on: ubuntu-latest
    steps:
      - name: Apply configuration profiles and updates
        uses: fleetdm/fleet-mdm-gitops@15072f2739ef92c6357414ddd86e89b6bf302a2b # v1.1.0
        with:
          FLEET_API_TOKEN: $DOGFOOD_API_TOKEN
          FLEET_URL: $DOGFOOD_URL
          FLEET_TEAM_NAME: 💻 Workstations
          MDM_CONFIG_REPO: fleetdm/fleet
          MDM_CONFIG_DIRECTORY: mdm_profiles
          MAC_OS_MIN_VERSION: "14.1.1"
          MAC_OS_VERSION_DEADLINE: 2023-11-29
          MAC_OS_ENABLE_DISK_ENCRYPTION: true