Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/homebysix/pre-commit-macadmin

Pre-commit hooks for Mac admins.
https://github.com/homebysix/pre-commit-macadmin

apple autopkg hacktoberfest jamf mac macadmin macdevops macos munki munkipkg outset

Last synced: 1 day ago
JSON representation

Pre-commit hooks for Mac admins.

Awesome Lists containing this project

README

        

# Pre-Commit Hooks for Mac Admins

![CodeQL](https://github.com/homebysix/pre-commit-macadmin/workflows/CodeQL/badge.svg)

This repository contains hooks for [pre-commit](https://pre-commit.com/hooks.html) that may be useful to Mac admins, client engineers, and other Apple-focused IT professionals.

## Requirements

To use these hooks, you first need to install pre-commit using the instructions here:
https://pre-commit.com/#install

## Adding hooks to your pre-commit config

For any hook in this repo you wish to use, add the following to your pre-commit config:

```yaml
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.17.0
hooks:
- id: check-plists
# - id: ...
```

After adding a hook to your pre-commit config, it's not a bad idea to run `pre-commit autoupdate` to ensure you have the latest version of the hooks.

## Hooks available

### General

- __check-git-config-email__

This hook checks to ensure the Git config email matches one of the specified domains:
`args: ['--domains', 'pretendco.com', 'contoso.com', '--']`

- __check-munkipkg-buildinfo__

This hook checks [MunkiPkg](https://github.com/munki/munki-pkg) build-info files to ensure they are valid.

- __check-outset-scripts__

This hook checks [Outset](https://github.com/chilcote/outset) scripts to ensure they're executable.

- __check-plists__

This hook checks XML property list (plist) files for basic syntax errors. Does not modify or autoformat these files; see the `format-xml-plist` hook below if you want autoformatting.

- __format-xml-plist__

This hook will auto-format XML property list (plist) files to use tabs instead of spaces, and will alphabetically sort keys.

__NOTE__: This will remove any HTML-style comments `` in your plist files, so convert those to `Comment` format first.

### [AutoPkg](https://github.com/autopkg/autopkg)

- __check-autopkg-recipe-list__

This hook checks AutoPkg recipe lists (in txt, plist, yaml, or json format) for common issues.

- __check-autopkg-recipes__

This hook checks AutoPkg recipes to ensure they meet various requirements and conventions.

- Optionally specify your preferred AutoPkg recipe and/or override prefix, if you wish to enforce them:
`args: ['--override-prefix=com.yourcompany.autopkg.']`
(default: `local.`)
`args: ['--recipe-prefix=com.github.yourusername.']`
(default: `com.github.`)

- Optionally specify the version of AutoPkg for which you want to ignore MinimumVersion mismatches with processors.
`args: ['--ignore-min-vers-before=0.5.0']`
(default: `1.0.0`)
Specifying `0.1.0` will not ignore any MinimumVersion mismatches.

- If you're a purist, you can also enable strict mode. This enforces recipe type conventions, all processor/MinimumVersion mismatches, forbids `` style comments, and ensures all processor input variables (arguments) are valid.
`args: ['--strict']`
(default: False)

- __forbid-autopkg-overrides__

This hook prevents AutoPkg overrides from being added to the repo.

- __forbid-autopkg-trust-info__

This hook prevents AutoPkg recipes with trust info from being added to the repo.

### [Jamf](https://www.jamf.com/)

- __check-jamf-extension-attributes__

This hook checks Jamf extension attributes for common issues. (Looks for EAs in a path containing jamf/extension_attributes or jss/extension_attributes.)

- __check-jamf-scripts__

This hook checks Jamf scripts for common issues. (Looks for scripts in a path containing jamf/scripts or jss/scripts.)

- __check-jamf-profiles__

This hook checks Jamf profiles for common issues. (Looks for profiles in a path containing jamf/profiles or jss/profiles.)

### [Munki](https://github.com/munki/munki)

- __check-munki-pkgsinfo__

This hook checks Munki pkginfo files to ensure they are valid.

- Specify your preferred list of pkginfo catalogs, if you wish to enforce it, followed by `--` to signal the end of the list:
`args: ['--catalogs', 'testing', 'stable', '--']`

- Specify your preferred list of pkginfo categories, if you wish to enforce it, followed by `--`:
`args: ['--categories', 'Productivity', 'Design', 'Utilities', 'Web Browsers', '--']`

- Specify required pkginfo keys, followed by `--`:
`args: ['--required-keys', 'category', 'description', 'developer', 'name', 'version', '--']`
(default: description, name)

- Specify an alternate munki repo location by passing the argument:
`args: ['--munki-repo', './my_repo_location']`
(default: ".")

- Choose to just warn if icons referenced in pkginfo files are missing (this will allow pre-commit checks to pass if no other issues exist):
`args: ['--warn-on-missing-icons]`

- Choose to just warn if pkg/pkginfo files with __1 (or similar) suffixes are detected (this will allow pre-commit checks to pass if no other issues exist):
`args: ['--warn-on-duplicate-imports]`

- Add additional shebangs that are valid for your environment:
`args: ['--valid-shebangs', '#!/bin/macadmin/python37', '#!/bin/macadmin/python42', '--']`

- __check-munkiadmin-scripts__

This hook ensures MunkiAdmin scripts are executable.

- __munki-makecatalogs__

This hook runs the "makecatalogs" command to ensure all referenced packages are present and catalogs are up to date.

- Specify an alternate munki repo location by passing the argument:
`args: ['--munki-repo', './my_repo_location']`
(default: ".")

## Note about combining arguments

When combining arguments that take lists (for example: `--required-keys`, `--catalogs`, and `--categories`), only the _last_ list needs to have a trailing `--`. For example, if you use the check-munki-pkgsinfo hook with only the `--catalogs` argument, your yaml config would look like this:

```yaml
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.17.0
hooks:
- id: check-munki-pkgsinfo
args: ['--catalogs', 'testing', 'stable', '--']
```

But if you also use the `--categories` argument, you would move the trailing `--` to the end, after all the lists, like this:

```yaml
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.17.0
hooks:
- id: check-munki-pkgsinfo
args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--']
```

The `--` only serves as a signal to the hook that the list of arguments is complete, and is only needed for "list" type arguments.

If it looks better to your eye, feel free to use a multi-line list for long arguments:

```yaml
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.17.0
hooks:
- id: check-munki-pkgsinfo
args: [
'--required-keys', 'description', 'name', 'developer', 'category', 'version',
'--catalogs', 'testing', 'stable',
'--categories', 'Communication', 'Design', 'Engineering', 'macOS', 'Printers',
'Productivity', 'Security', 'Utilities', 'Web Browsers',
'--']
```

## Recommendations

If you find my hooks useful, you may also want to use one or more of the Python, Markdown, and Git-related hooks listed here:
https://pre-commit.com/hooks.html

Specifically, here are a few I use for Mac admin work:

- `check-added-large-files`
- `check-executables-have-shebangs`
- `check-merge-conflict`
- `check-yaml`
- `detect-aws-credentials`
- `detect-private-key`
- `mixed-line-ending`
- `no-commit-to-branch`
- `trailing-whitespace`