Make it easier to debug #112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run `autopkg run` | |
on: [push, pull_request] | |
jobs: | |
autopkg_run: | |
name: Install and configure AutoPkg | |
runs-on: macos-latest | |
steps: | |
- name: Dump environment information | |
run: | | |
sw_vers | |
$(which curl) --version | |
$(which jq) --version | |
shell: bash -x {0} | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
- name: Get changed files | |
id: changed-recipe-files | |
uses: tj-actions/[email protected] | |
with: | |
files: "**/**.recipe" | |
separator: "," | |
- name: Install AutoPkg (latest) | |
if: steps.changed-recipe-files.outputs.any_changed == 'true' | |
run: | | |
AUTOPKG_LATEST=$(curl -Ls -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/autopkg/autopkg/releases/latest) | |
AUTOPKG_LATEST_URL=$(jq -r '.["assets"][0]["browser_download_url"]' <<< ${AUTOPKG_LATEST}) | |
curl -LOJs "${AUTOPKG_LATEST_URL}" | |
sudo installer -pkg "${AUTOPKG_LATEST_URL##*/}" -target / | |
shell: bash -exuo pipefail {0} | |
- name: Configure AutoPkg | |
if: steps.changed-recipe-files.outputs.any_changed == 'true' | |
run: | | |
AUTOPKG_DIR="/usr/local/autopkg" | |
sudo mkdir -p "${AUTOPKG_DIR}" | |
sudo chown root:admin "${AUTOPKG_DIR}" | |
sudo chmod 775 "${AUTOPKG_DIR}" | |
# Configure AutoPkg override directory to be server wide (multi-user) | |
RECIPE_OVERRIDE_DIRS="${AUTOPKG_DIR}/recipe_overrides" | |
mkdir -p "${RECIPE_OVERRIDE_DIRS}" | |
defaults write com.github.autopkg RECIPE_OVERRIDE_DIRS "${RECIPE_OVERRIDE_DIRS}" | |
defaults read com.github.autopkg RECIPE_OVERRIDE_DIRS | |
# Configure AutoPkg cache dir to be on the data volume | |
CACHE_DIR="${AUTOPKG_DIR}/cache" | |
mkdir -p "${CACHE_DIR}" | |
defaults write com.github.autopkg CACHE_DIR "${CACHE_DIR}" | |
defaults read com.github.autopkg CACHE_DIR | |
# Configure AutoPkg recipe repo dir to be on the data volume | |
RECIPE_REPO_DIR="${AUTOPKG_DIR}/recipe_repos" | |
mkdir -p "${RECIPE_REPO_DIR}" | |
defaults write com.github.autopkg RECIPE_REPO_DIR "${RECIPE_REPO_DIR}" | |
defaults read com.github.autopkg RECIPE_REPO_DIR | |
autopkg repo-add https://github.com/autopkg/recipes.git | |
autopkg repo-add https://github.com/autopkg/n8felton-recipes.git | |
shell: bash -exuo pipefail {0} | |
- name: Install Munki (latest) | |
if: steps.changed-recipe-files.outputs.any_changed == 'true' | |
run: | | |
# Build a temp munki enviornment | |
MUNKI_REPO="/Users/Shared/munki" | |
sudo mkdir -p "${MUNKI_REPO}" | |
sudo chown root:admin "${MUNKI_REPO}" | |
sudo chmod 775 "${MUNKI_REPO}" | |
cd "${MUNKI_REPO}" | |
mkdir catalogs manifests pkgs pkgsinfo icons | |
# defaults write com.googlecode.munki.munkiimport repo_path "${MUNKI_REPO}" | |
defaults write com.googlecode.munki.munkiimport repo_url "file://${MUNKI_REPO}" | |
defaults write com.googlecode.munki.munkiimport pkginfo_extension ".plist" | |
defaults write com.googlecode.munki.munkiimport default_catalog "testing" | |
defaults read com.googlecode.munki.munkiimport | |
defaults write com.github.autopkg MUNKI_REPO "${MUNKI_REPO}" | |
# Install Admin only version of Munki | |
MUNKI_LATEST=$(curl -Ls -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/munki/munki/releases/latest) | |
MUNKI_LATEST_URL=$(jq -r '.["assets"][0]["browser_download_url"]' <<< ${MUNKI_LATEST}) | |
MUNKI_ADMIN_URL="https://raw.githubusercontent.com/n8felton/macOS-Scripts/master/munki/admin.xml" | |
curl -LOJs -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "${MUNKI_LATEST_URL}" | |
curl -LOJs -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "${MUNKI_ADMIN_URL}" | |
sudo /usr/sbin/installer -applyChoiceChangesXML "${MUNKI_ADMIN_URL##*/}" -pkg "${MUNKI_LATEST_URL##*/}" -target / | |
shell: bash -exuo pipefail {0} | |
- name: Run AutoPkg for changed recipes | |
if: steps.changed-recipe-files.outputs.any_changed == 'true' | |
run: | | |
export PYTHONUNBUFFERED=1 | |
IFS=$',' read -a ALL_CHANGED_FILES <<< "${{ steps.changed-recipe-files.outputs.all_changed_files }}" | |
for changed_file in "${ALL_CHANGED_FILES[@]}"; do | |
echo "${changed_file}" | |
case "${changed_file}" in | |
*.recipe) | |
if [ -f "${changed_file}" ]; then | |
autopkg run -vvvv "${changed_file}" | |
fi | |
;; | |
*) | |
;; | |
esac | |
done |