-
Notifications
You must be signed in to change notification settings - Fork 14
100 lines (74 loc) · 3.37 KB
/
workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: 'Apply latest configuration profiles via Fleet'
description: 'Applies the latest MDM configuration profiles to a Fleet team'
inputs:
FLEET_API_TOKEN:
description: 'Fleet API Token'
required: true
FLEET_URL:
description: 'Fleet URL'
required: true
runs:
using: 'composite'
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
repository: ${{ inputs.MDM_CONFIG_REPO }}
- name: Install fleetctl
run: npm install -g fleetctl
shell: bash
- name: Configure fleetctl
run: fleetctl config set --address ${{ inputs.FLEET_URL }} --token ${{ inputs.FLEET_API_TOKEN }}
shell: bash
- name: Run fleetctl apply
run: |
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# STEP 1: Apply config
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Combine the contents of all the top-level config into a single YAML document
# - Include the contents of no-team.controls.yml
# TODO
# - Include the contents of default.settings.yml
# TODO
# - Include anything of `kind: config` in default.queries.yml
# TODO
# - Include anything of `kind: config` in default.policies.yml
# TODO
# Apply top-level config with `--replace` (replaces all existing top-level config)
# TODO
# Loop through folders in /teams and combine the contents of all team config into a single YAML document
# - Include the contents of <folder-name>.controls.yml
# TODO
# - Include the contents of <folder-name>.settings.yml
# TODO
# - Include anything of `kind: team` in <folder-name>.queries.yml
# TODO
# - Include anything of `kind: team` in <folder-name>.policies.yml
# TODO
# Apply team config with `--replace` (replaces all existing config for this team)
# TODO
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# STEP 2: Apply queries
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Compile all queries into a single YAML document
# - Include anything of `kind: query` in default.queries.yml
# TODO
# - Loop through folders in /teams and include anything of `kind: query` in <folder-name>.queries.yml for each
# TODO
# Apply compiled queries YAML with `--replace` (deletes any queries in Fleet that aren't present in this config)
# TODO
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# STEP 3: Apply policies
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Compile all policies into a single YAML document
# TODO
# - Include anything of `kind: policy` in default.policies.yml
# TODO
# - Loop through folders in /teams and include anything of `kind: policy` in <folder-name>.policies.yml for each
# TODO
# Apply compiled policies YAML with `--replace` (deletes any policies in Fleet that aren't present in this config)
# TODO
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# All done!
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
shell: bash