Bump to next major version and add profile manifest hooks

Author: homebysix

.pre-commit-hooks.yaml

@@ -32,14 +32,12 @@
   files: '(jamf|jss)/extension.?attributes/.*\.(sh|bash|py|rb|js|pl)$'
   types: [text]
 
-- id: check-jamf-scripts
-  name: Check Jamf Scripts
-  description: This hook checks Jamf scripts for common issues.
-  entry: check-jamf-scripts
+- id: check-jamf-json-schemas
+  name: Check Jamf JSON Schemas
+  description: This hook checks Jamf JSON schemas for inconsistencies and common issues.
+  entry: check-jamf-json-schemas
   language: python
-  # Switch from files regex to "OR" types when that feature is available:
-  # https://github.com/pre-commit/pre-commit/issues/607
-  files: '(jamf|jss)/scripts/.*\.(sh|bash|py|rb|js|pl)$'
+  files: '\.json$'
   types: [text]
 
 - id: check-jamf-profiles
@@ -52,20 +50,30 @@
   files: '(jamf|jss)/profiles/.*\.(mobileconfig|plist)$'
   types: [text]
 
+- id: check-jamf-scripts
+  name: Check Jamf Scripts
+  description: This hook checks Jamf scripts for common issues.
+  entry: check-jamf-scripts
+  language: python
+  # Switch from files regex to "OR" types when that feature is available:
+  # https://github.com/pre-commit/pre-commit/issues/607
+  files: '(jamf|jss)/scripts/.*\.(sh|bash|py|rb|js|pl)$'
+  types: [text]
+
 - id: check-munki-pkgsinfo
   name: Check Munki Pkginfo Files
   description: This hook checks Munki pkginfo files to ensure they are valid.
   entry: check-munki-pkgsinfo
   language: python
-  files: '^pkgsinfo/'
+  files: "^pkgsinfo/"
   types: [text]
 
 - id: check-munkiadmin-scripts
   name: Check MunkiAdmin Scripts
   description: This hook ensures MunkiAdmin scripts are executable.
   entry: check-munkiadmin-scripts
   language: python
-  files: '^MunkiAdmin/scripts/'
+  files: "^MunkiAdmin/scripts/"
   types: [text]
 
 - id: check-munkipkg-buildinfo
@@ -81,7 +89,7 @@
   description: This hook checks Outset scripts to ensure they're executable.
   entry: check-outset-scripts
   language: python
-  files: 'usr/local/outset/(boot-once|boot-every|login-once|login-every|login-privileged-once|login-privileged-every|on-demand)/'
+  files: "usr/local/outset/(boot-once|boot-every|login-once|login-every|login-privileged-once|login-privileged-every|on-demand)/"
   types: [text]
 
 - id: check-plists
@@ -92,6 +100,14 @@
   files: '\.(plist|recipe|mobileconfig|pkginfo)$'
   types: [text]
 
+- id: check-profilecreator-manifests
+  name: Check ProfileCreator Manifests
+  description: This hook checks ProfileCreator manifest plists for inconsistencies and common issues.
+  entry: check-profilecreator-manifests
+  language: python
+  files: '\.plist$'
+  types: [text]
+
 - id: forbid-autopkg-overrides
   name: Forbid AutoPkg Overrides
   description: This hook prevents AutoPkg overrides from being added to the repo.

CHANGELOG.md

@@ -14,6 +14,8 @@ All notable changes to this project will be documented in this file. This projec
 
 ### Added
 
+- New `check-jamf-json-schemas` hook for checking [Jamf JSON schemas](https://docs.jamf.com/technical-papers/jamf-pro/json-schema/10.19.0/Introduction.html) for management of app settings.
+- New `check-profilecreator-manifests` hook for checking ProfileCreator and iMazing Profile Editor [manifest plists](https://github.com/ProfileCreator/ProfileManifests).
 - Check for the [recommended order](https://youtu.be/srz4U9RHliQ?list=PLlxHm_Px-Ie1EIRlDHG2lW5H7c2UYvops&t=1010) of JamfUploader processors.
 
 ## [1.11.0] - 2021-11-20

README.md

@@ -15,7 +15,7 @@ For any hook in this repo you wish to use, add the following to your pre-commit
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.1
+    rev: v1.12.0
     hooks:
     -   id: check-plists
     # -   id: ...
@@ -121,7 +121,7 @@ When combining arguments that take lists (for example: `--required-keys`, `--cat
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.1
+    rev: v1.12.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--']
@@ -131,7 +131,7 @@ But if you also use the `--categories` argument, you would move the trailing `--
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.1
+    rev: v1.12.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--']
@@ -143,7 +143,7 @@ If it looks better to your eye, feel free to use a multi-line list for long argu
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.1
+    rev: v1.12.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: [

pre_commit_hooks/check_jamf_json_schemas.py

@@ -0,0 +1,39 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+"""This hook checks Jamf JSON schemas for inconsistencies and common issues."""
+
+import argparse
+import json
+
+
+def build_argument_parser():
+    """Build and return the argument parser."""
+
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("filenames", nargs="*", help="Filenames to check.")
+    return parser
+
+
+def main(argv=None):
+    """Main process."""
+
+    # Parse command line arguments.
+    argparser = build_argument_parser()
+    args = argparser.parse_args(argv)
+
+    retval = 0
+    for filename in args.filenames:
+        try:
+            with open(filename, "rb") as openfile:
+                schema = json.load(openfile)
+        except Exception as err:
+            print("{}: json parsing error: {}".format(filename, err))
+            retval = 1
+
+    return retval
+
+
+if __name__ == "__main__":
+    exit(main())

pre_commit_hooks/check_profilecreator_manifests.py

@@ -0,0 +1,91 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+"""This hook checks ProfileCreator manifest plists for inconsistencies and common issues."""
+
+import argparse
+import plistlib
+import sys
+from datetime import datetime
+from xml.parsers.expat import ExpatError
+
+from pre_commit_hooks.util import validate_required_keys
+
+
+def build_argument_parser():
+    """Build and return the argument parser."""
+
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.RawDescriptionHelpFormatter
+    )
+    parser.add_argument("filenames", nargs="*", help="Filenames to check.")
+    return parser
+
+
+def validate_manifest_key_types(manifest, filename):
+    """Validation of manifest key types.
+
+    Used for AutoPkg- and Munki-related hooks.
+    """
+
+    # Remap string type to support unicode in both Python 2 and 3
+    string = basestring if sys.version_info.major == 2 else str
+
+    # manifest keys and their known types. Omitted keys are left unvalidated.
+    # Last updated 2021-12-03.
+    key_types = {
+        "pfm_description_reference": string,
+        "pfm_description": string,
+        "pfm_domain": string,
+        "pfm_format_version": int,
+        "pfm_format": string,
+        "pfm_last_modified": datetime,
+        "pfm_name": string,
+        "pfm_note": string,
+        "pfm_platforms": list,
+        "pfm_require": string,
+        "pfm_subkeys": list,
+        "pfm_targets": list,
+        "pfm_title": string,
+        "pfm_type": string,
+        "pfm_unique": bool,
+        "pfm_version": int,
+    }
+
+    passed = True
+    for manifest_key, expected_type in key_types.items():
+        if manifest_key in manifest:
+            if not isinstance(manifest[manifest_key], expected_type):
+                print(
+                    "{}: manifest key {} should be type {}, not type {}".format(
+                        filename,
+                        manifest_key,
+                        expected_type,
+                        type(manifest[manifest_key]),
+                    )
+                )
+                passed = False
+
+    return passed
+
+
+def main(argv=None):
+    """Main process."""
+
+    # Parse command line arguments.
+    argparser = build_argument_parser()
+    args = argparser.parse_args(argv)
+
+    retval = 0
+    for filename in args.filenames:
+        try:
+            with open(filename, "rb") as openfile:
+                manifest = plistlib.load(openfile)
+        except (ExpatError, ValueError) as err:
+            print("{}: plist parsing error: {}".format(filename, err))
+            retval = 1
+
+    return retval
+
+
+if __name__ == "__main__":
+    exit(main())

setup.py

@@ -7,7 +7,7 @@
     name="pre-commit-macadmin",
     description="Pre-commit hooks for Mac admins, client engineers, and IT consultants.",
     url="https://github.com/homebysix/pre-commit-macadmin",
-    version="1.11.1",
+    version="1.12.0",
     author="Elliot Jordan",
     author_email="elliot@elliotjordan.com",
     packages=["pre_commit_hooks"],
@@ -18,13 +18,15 @@
             "check-autopkg-recipes = pre_commit_hooks.check_autopkg_recipes:main",
             "check-git-config-email = pre_commit_hooks.check_git_config_email:main",
             "check-jamf-extension-attributes = pre_commit_hooks.check_jamf_extension_attributes:main",
-            "check-jamf-scripts = pre_commit_hooks.check_jamf_scripts:main",
+            "check-jamf-json-schemas = pre_commit_hooks.check_jamf_json_schemas:main",
             "check-jamf-profiles = pre_commit_hooks.check_jamf_profiles:main",
+            "check-jamf-scripts = pre_commit_hooks.check_jamf_scripts:main",
             "check-munki-pkgsinfo = pre_commit_hooks.check_munki_pkgsinfo:main",
             "check-munkiadmin-scripts = pre_commit_hooks.check_munkiadmin_scripts:main",
             "check-munkipkg-buildinfo = pre_commit_hooks.check_munkipkg_buildinfo:main",
             "check-outset-scripts = pre_commit_hooks.check_outset_scripts:main",
             "check-plists = pre_commit_hooks.check_plists:main",
+            "check-profilecreator-manifests = pre_commit_hooks.check_profilecreator_manifests:main",
             "forbid-autopkg-overrides = pre_commit_hooks.forbid_autopkg_overrides:main",
             "forbid-autopkg-trust-info = pre_commit_hooks.forbid_autopkg_trust_info:main",
             "munki-makecatalogs = pre_commit_hooks.munki_makecatalogs:main",