Merge pull request #50 from homebysix/profile-manifests

Add check-preference-manifests hook, and prepare check-jamf-json-manifests hook for future development

Author: homebysix

.pre-commit-hooks.yaml

@@ -32,15 +32,14 @@
   files: '(jamf|jss)/extension.?attributes/.*\.(sh|bash|py|rb|js|pl)$'
   types: [text]
 
-- id: check-jamf-scripts
-  name: Check Jamf Scripts
-  description: This hook checks Jamf scripts for common issues.
-  entry: check-jamf-scripts
-  language: python
-  # Switch from files regex to "OR" types when that feature is available:
-  # https://github.com/pre-commit/pre-commit/issues/607
-  files: '(jamf|jss)/scripts/.*\.(sh|bash|py|rb|js|pl)$'
-  types: [text]
+# WORK IN PROGRESS
+# - id: check-jamf-json-manifests
+#   name: Check Jamf JSON Manifests
+#   description: This hook checks Jamf JSON manifests for inconsistencies and common issues.
+#   entry: check-jamf-json-manifests
+#   language: python
+#   files: '\.json$'
+#   types: [text]
 
 - id: check-jamf-profiles
   name: Check Jamf Profiles
@@ -52,20 +51,30 @@
   files: '(jamf|jss)/profiles/.*\.(mobileconfig|plist)$'
   types: [text]
 
+- id: check-jamf-scripts
+  name: Check Jamf Scripts
+  description: This hook checks Jamf scripts for common issues.
+  entry: check-jamf-scripts
+  language: python
+  # Switch from files regex to "OR" types when that feature is available:
+  # https://github.com/pre-commit/pre-commit/issues/607
+  files: '(jamf|jss)/scripts/.*\.(sh|bash|py|rb|js|pl)$'
+  types: [text]
+
 - id: check-munki-pkgsinfo
   name: Check Munki Pkginfo Files
   description: This hook checks Munki pkginfo files to ensure they are valid.
   entry: check-munki-pkgsinfo
   language: python
-  files: '^pkgsinfo/'
+  files: "^pkgsinfo/"
   types: [text]
 
 - id: check-munkiadmin-scripts
   name: Check MunkiAdmin Scripts
   description: This hook ensures MunkiAdmin scripts are executable.
   entry: check-munkiadmin-scripts
   language: python
-  files: '^MunkiAdmin/scripts/'
+  files: "^MunkiAdmin/scripts/"
   types: [text]
 
 - id: check-munkipkg-buildinfo
@@ -81,7 +90,7 @@
   description: This hook checks Outset scripts to ensure they're executable.
   entry: check-outset-scripts
   language: python
-  files: 'usr/local/outset/(boot-once|boot-every|login-once|login-every|login-privileged-once|login-privileged-every|on-demand)/'
+  files: "usr/local/outset/(boot-once|boot-every|login-once|login-every|login-privileged-once|login-privileged-every|on-demand)/"
   types: [text]
 
 - id: check-plists
@@ -92,6 +101,14 @@
   files: '\.(plist|recipe|mobileconfig|pkginfo)$'
   types: [text]
 
+- id: check-preference-manifests
+  name: Check Apple Preference Manifests
+  description: This hook checks preference manifest plists for inconsistencies and common issues.
+  entry: check-preference-manifests
+  language: python
+  files: '\.plist$'
+  types: [text]
+
 - id: forbid-autopkg-overrides
   name: Forbid AutoPkg Overrides
   description: This hook prevents AutoPkg overrides from being added to the repo.

CHANGELOG.md

@@ -14,6 +14,13 @@ All notable changes to this project will be documented in this file. This projec
 
 Nothing yet.
 
+## [1.12.0] - 2021-12-19
+
+### Added
+
+- New `check-preference-manifests` hook for checking Apple preference manifests like those used by ProfileCreator and iMazing Profile Editor [manifests](https://github.com/ProfileCreator/ProfileManifests).
+- Check for the [recommended order](https://youtu.be/srz4U9RHliQ?list=PLlxHm_Px-Ie1EIRlDHG2lW5H7c2UYvops&t=1010) of JamfUploader processors.
+
 ## [1.11.0] - 2021-11-20
 
 ### Added
@@ -262,7 +269,8 @@ Nothing yet.
 
 - Initial release
 
-[Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.11.0...HEAD
+[Unreleased]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.12.0...HEAD
+[1.12.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.11.0...v1.12.0
 [1.11.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.10.1...v1.11.0
 [1.10.1]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.9.0...v1.10.1
 [1.9.0]: https://github.com/homebysix/pre-commit-macadmin/compare/v1.8.2...v1.9.0

README.md

@@ -15,7 +15,7 @@ For any hook in this repo you wish to use, add the following to your pre-commit
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.0
+    rev: v1.12.0
     hooks:
     -   id: check-plists
     # -   id: ...
@@ -121,7 +121,7 @@ When combining arguments that take lists (for example: `--required-keys`, `--cat
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.0
+    rev: v1.12.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--']
@@ -131,7 +131,7 @@ But if you also use the `--categories` argument, you would move the trailing `--
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.0
+    rev: v1.12.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--']
@@ -143,7 +143,7 @@ If it looks better to your eye, feel free to use a multi-line list for long argu
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.11.0
+    rev: v1.12.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: [

pre_commit_hooks/check_autopkg_recipes.py

@@ -279,6 +279,46 @@ def validate_no_superclass_procs(process, filename):
     return passed
 
 
+def validate_jamf_processor_order(process, filename):
+    """Warn if JamfUploader processors are not in their conventional order.
+    https://youtu.be/srz4U9RHliQ?list=PLlxHm_Px-Ie1EIRlDHG2lW5H7c2UYvops&t=1010
+    """
+
+    # Recommended order of Jamf processors
+    rec_order = (
+        "com.github.grahampugh.jamf-upload.processors/JamfCategoryUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfExtensionAttributeUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfPackageUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfScriptUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfComputerGroupUploader",
+        # TODO: The three below may depend on computer groups, but there's no
+        # easy way to ignore relative order if multiple are used. Focusing on
+        # JamfPolicyUploader only for now.
+        "com.github.grahampugh.jamf-upload.processors/JamfPolicyUploader",
+        # "com.github.grahampugh.jamf-upload.processors/JamfComputerProfileUploader",
+        # "com.github.grahampugh.jamf-upload.processors/JamfSoftwareRestrictionUploader",
+    )
+
+    passed = True
+    # All JamfUploader processors in recipe, ignoring duplicates, preserving order.
+    actual_order = list(
+        dict.fromkeys(
+            [x.get("Processor") for x in process if x.get("Processor") in rec_order]
+        )
+    )
+    desired_order = [x for x in rec_order if x in actual_order]
+    if desired_order != actual_order:
+        print(
+            "{}: WARNING: JamfUploader processors are not in "
+            "the recommended order: {}.".format(
+                filename,
+                ", ".join([x.split("/")[-1] for x in desired_order]),
+            )
+        )
+
+    return passed
+
+
 # def validate_unused_input_vars(recipe, recipe_text, filename):
 #     """Warn if any input variables are not referenced in the recipe."""
 
@@ -367,7 +407,6 @@ def validate_proc_type_conventions(process, filename):
             "com.github.grahampugh.jamf-upload.processors/JamfPolicyUploader",
             "com.github.grahampugh.jamf-upload.processors/JamfScriptUploader",
             "com.github.grahampugh.jamf-upload.processors/JamfSoftwareRestrictionUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfUploaderSlacker",
         ],
         # https://github.com/autopkg/filewave
         "filewave": ["FileWaveImporter"],
@@ -610,6 +649,9 @@ def main(argv=None):
             if not validate_no_superclass_procs(process, filename):
                 retval = 1
 
+            if not validate_jamf_processor_order(process, filename):
+                retval = 1
+
             if HAS_AUTOPKGLIB:
                 if not validate_proc_args(process, filename):
                     retval = 1