This project pulls our private recipe, override, and cache repositories. Packages are uploaded to Jamf Pro and notifications sent to Microsoft Teams.
Configuring this github actions rely on numerous secrets. While many of these values don't need to be secret, it was the quickest way to make this project portable without editing source code.
Name | Value |
---|---|
AUTOPKG_RECIPE_REPO | Github Recipe Repo |
AUTOPKG_CACHE_REPO | Github Cache Repo |
AUTOPKG_OVERRIDES_REPO | Github Recipe Override Repo |
Historically I've had issues with Jamf Pro passwords with special characters. I'd recommend avoiding them.
Name | Value |
---|---|
JSS_URL | https://my.jamfpro.com:port |
JSS_API_USERNAME | username |
JSS_API_PASSWORD | password |
These values should be generated from a service account with limited permissions on your repositories.
Name | Value |
---|---|
AUTOPKG_GITHUB_SSH_PRIV | ssh private key used to access repos |
AUTOPKG_GITHUB_TOKEN | Token used to access repos |
AUTOPKG_GITHUB_USER | Username associated with other github repos |
You'll need to provide a Developer ID Installer certificate & private key in p12 format and the associated password for the p12 file. You can create the base64 text with this command:
base64 cert.p12 > cert.txt
Name | Value |
---|---|
SIGNING_CERT_P112 | p12 in base 64 |
SIGNING_CERT_PASS | password to the p12 file |
This article explains how to setup an incoming Webhook.
Here is the Microsoft documentation used for the Teams integration.
- Webhooks
- Send Adaptive Cards using an Incoming Webhook
- Create your first adaptive card
- Adaptive Cards
Name | Value |
---|---|
TEAMS_WEBHOOK_URL | https://****.webhook.office.com |
The 'Autopkg' action runs daily. It can also be run manually against the recipe_list.json file or provided with a single recipe file name.