mirror of
https://github.com/fleetdm/fleet
synced 2026-05-06 06:48:54 +00:00
Update dogfood-policy-updater-latest-macos.sh (#31440)
- Updated this script to update the policy file and OS updates settings automatically anytime a new version of macOS is released
This commit is contained in:
Allen Houchins
GitHub
parent
e0b6d1a441
commit
5f09718daa
1 changed files with 177 additions and 36 deletions
|
|
@ -3,7 +3,9 @@
|
|||
# Variables
|
||||
REPO_OWNER="fleetdm"
|
||||
REPO_NAME="fleet"
|
||||
FILE_PATH="it-and-security/lib/macos/policies/latest-macos.yml"
|
||||
POLICY_FILE_PATH="it-and-security/lib/macos/policies/latest-macos.yml"
|
||||
WORKSTATIONS_FILE="it-and-security/teams/workstations.yml"
|
||||
WORKSTATIONS_CANARY_FILE="it-and-security/teams/workstations-canary.yml"
|
||||
BRANCH="main"
|
||||
NEW_BRANCH="update-macos-version-$(date +%s)"
|
||||
|
||||
|
|
@ -13,21 +15,101 @@ if [ -z "$DOGFOOD_AUTOMATION_TOKEN" ] || [ -z "$DOGFOOD_AUTOMATION_USER_NAME" ]
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# GitHub API URL
|
||||
FILE_URL="https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/contents/$FILE_PATH?ref=$BRANCH"
|
||||
# Function to calculate 4 Sundays from today
|
||||
calculate_deadline() {
|
||||
# Get current date
|
||||
current_date=$(date +%Y-%m-%d)
|
||||
|
||||
# Calculate days until next Sunday (0 = Sunday, 1 = Monday, ..., 6 = Saturday)
|
||||
current_day=$(date +%u) # 1-7 (Monday=1, Sunday=7)
|
||||
days_to_next_sunday=$((7 - current_day))
|
||||
if [ $days_to_next_sunday -eq 0 ]; then
|
||||
days_to_next_sunday=7
|
||||
fi
|
||||
|
||||
# Calculate 4 Sundays from today
|
||||
days_to_deadline=$((days_to_next_sunday + 21)) # 3 more weeks (21 days)
|
||||
|
||||
# Calculate the deadline date
|
||||
deadline_date=$(date -d "$current_date + $days_to_deadline days" +%Y-%m-%d)
|
||||
echo "$deadline_date"
|
||||
}
|
||||
|
||||
# Fetch the file contents from GitHub
|
||||
response=$(curl -s -H "Authorization: token $DOGFOOD_AUTOMATION_TOKEN" -H "Accept: application/vnd.github.v3.raw" "$FILE_URL")
|
||||
# Function to fetch file content from GitHub
|
||||
fetch_file_content() {
|
||||
local file_path="$1"
|
||||
local file_url="https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/contents/$file_path?ref=$BRANCH"
|
||||
|
||||
local response=$(curl -s -H "Authorization: token $DOGFOOD_AUTOMATION_TOKEN" -H "Accept: application/vnd.github.v3.raw" "$file_url")
|
||||
|
||||
if [ -z "$response" ] || [[ "$response" == *"Not Found"* ]]; then
|
||||
echo "Error: Failed to fetch file $file_path or file does not exist in the repository."
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo "$response"
|
||||
}
|
||||
|
||||
if [ -z "$response" ] || [[ "$response" == *"Not Found"* ]]; then
|
||||
echo "Error: Failed to fetch file or file does not exist in the repository."
|
||||
# Function to extract current minimum version from team file content
|
||||
extract_minimum_version() {
|
||||
local content="$1"
|
||||
local minimum_version=$(echo "$content" | grep -A 1 "macos_updates:" | grep "minimum_version:" | sed 's/.*minimum_version: *"\([^"]*\)".*/\1/')
|
||||
echo "$minimum_version"
|
||||
}
|
||||
|
||||
# Function to extract current deadline from team file content
|
||||
extract_deadline() {
|
||||
local content="$1"
|
||||
local deadline=$(echo "$content" | grep -A 2 "macos_updates:" | grep "deadline:" | sed 's/.*deadline: *"\([^"]*\)".*/\1/')
|
||||
echo "$deadline"
|
||||
}
|
||||
|
||||
# Function to update team file content with new version and deadline
|
||||
update_team_file_content() {
|
||||
local content="$1"
|
||||
local new_version="$2"
|
||||
local new_deadline="$3"
|
||||
|
||||
# Update minimum_version
|
||||
content=$(echo "$content" | sed "s/minimum_version: \"[^\"]*\"/minimum_version: \"$new_version\"/")
|
||||
|
||||
# Update deadline
|
||||
content=$(echo "$content" | sed "s/deadline: \"[^\"]*\"/deadline: \"$new_deadline\"/")
|
||||
|
||||
echo "$content"
|
||||
}
|
||||
|
||||
# Fetch the latest macOS version
|
||||
echo "Fetching latest macOS version..."
|
||||
latest_macos_version=$(curl -s "https://sofafeed.macadmins.io/v1/macos_data_feed.json" | \
|
||||
jq -r '.. | objects | select(has("ProductVersion")) | .ProductVersion' | sort -Vr | head -n 1)
|
||||
|
||||
if [ -z "$latest_macos_version" ]; then
|
||||
echo "Error: Failed to fetch the latest macOS version."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Extract the query line
|
||||
query_line=$(echo "$response" | grep 'query:')
|
||||
echo "Latest macOS version: $latest_macos_version"
|
||||
|
||||
# Initialize update flags
|
||||
policy_update_needed=false
|
||||
team_updates_needed=false
|
||||
updates_needed=false
|
||||
|
||||
# Check policy file
|
||||
echo "Checking policy file..."
|
||||
POLICY_FILE_URL="https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/contents/$POLICY_FILE_PATH?ref=$BRANCH"
|
||||
policy_response=$(curl -s -H "Authorization: token $DOGFOOD_AUTOMATION_TOKEN" -H "Accept: application/vnd.github.v3.raw" "$POLICY_FILE_URL")
|
||||
|
||||
if [ -z "$policy_response" ] || [[ "$policy_response" == *"Not Found"* ]]; then
|
||||
echo "Error: Failed to fetch policy file or file does not exist in the repository."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Extract the query line from policy
|
||||
query_line=$(echo "$policy_response" | grep 'query:')
|
||||
if [ -z "$query_line" ]; then
|
||||
echo "Error: Could not find the query line in the file."
|
||||
echo "Error: Could not find the query line in the policy file."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -40,34 +122,52 @@ fi
|
|||
|
||||
echo "Policy version number: $policy_version_number"
|
||||
|
||||
# Fetch the latest macOS version
|
||||
latest_macos_version=$(curl -s "https://sofafeed.macadmins.io/v1/macos_data_feed.json" | \
|
||||
jq -r '.. | objects | select(has("ProductVersion")) | .ProductVersion' | sort -Vr | head -n 1)
|
||||
|
||||
if [ -z "$latest_macos_version" ]; then
|
||||
echo "Error: Failed to fetch the latest macOS version."
|
||||
exit 1
|
||||
if [ "$policy_version_number" != "$latest_macos_version" ]; then
|
||||
policy_update_needed=true
|
||||
updates_needed=true
|
||||
fi
|
||||
|
||||
echo "Latest macOS version: $latest_macos_version"
|
||||
# Check team files
|
||||
echo "Checking team files..."
|
||||
workstations_content=$(fetch_file_content "$WORKSTATIONS_FILE")
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Warning: Could not fetch workstations file, skipping team updates."
|
||||
else
|
||||
workstations_canary_content=$(fetch_file_content "$WORKSTATIONS_CANARY_FILE")
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Warning: Could not fetch workstations-canary file, skipping team updates."
|
||||
else
|
||||
# Extract current versions and deadlines
|
||||
current_workstations_version=$(extract_minimum_version "$workstations_content")
|
||||
current_workstations_deadline=$(extract_deadline "$workstations_content")
|
||||
current_workstations_canary_version=$(extract_minimum_version "$workstations_canary_content")
|
||||
current_workstations_canary_deadline=$(extract_deadline "$workstations_canary_content")
|
||||
|
||||
# Compare versions and update the file if needed
|
||||
if [ "$policy_version_number" != "$latest_macos_version" ]; then
|
||||
echo "Updating query line with the new version..."
|
||||
echo "Current Workstations minimum_version: $current_workstations_version"
|
||||
echo "Current Workstations deadline: $current_workstations_deadline"
|
||||
echo "Current Workstations (canary) minimum_version: $current_workstations_canary_version"
|
||||
echo "Current Workstations (canary) deadline: $current_workstations_canary_deadline"
|
||||
|
||||
# Prepare the new query line
|
||||
new_query_line="query: SELECT 1 FROM os_version WHERE version >= '$latest_macos_version';"
|
||||
# Calculate new deadline
|
||||
new_deadline=$(calculate_deadline)
|
||||
echo "New deadline (4 Sundays from today): $new_deadline"
|
||||
|
||||
# Update the response
|
||||
updated_response=$(echo "$response" | sed "s/query: .*/$new_query_line/")
|
||||
if [ -z "$updated_response" ]; then
|
||||
echo "Error: Failed to update the query line."
|
||||
exit 1
|
||||
# Check if team updates are needed
|
||||
if [ "$current_workstations_version" != "$latest_macos_version" ] || [ "$current_workstations_deadline" != "$new_deadline" ]; then
|
||||
team_updates_needed=true
|
||||
updates_needed=true
|
||||
fi
|
||||
|
||||
if [ "$current_workstations_canary_version" != "$latest_macos_version" ] || [ "$current_workstations_canary_deadline" != "$new_deadline" ]; then
|
||||
team_updates_needed=true
|
||||
updates_needed=true
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create a temporary file for the update
|
||||
temp_file=$(mktemp)
|
||||
echo "$updated_response" > "$temp_file"
|
||||
# Create updates if needed
|
||||
if [ "$updates_needed" = true ]; then
|
||||
echo "Updates needed. Creating pull request..."
|
||||
|
||||
# Configure Git
|
||||
git config --global user.name "$DOGFOOD_AUTOMATION_USER_NAME"
|
||||
|
|
@ -80,13 +180,54 @@ if [ "$policy_version_number" != "$latest_macos_version" ]; then
|
|||
}
|
||||
cd repo || exit
|
||||
git checkout -b "$NEW_BRANCH"
|
||||
cp "$temp_file" "$FILE_PATH"
|
||||
git add "$FILE_PATH"
|
||||
git commit -m "Update macOS version number to $latest_macos_version"
|
||||
|
||||
# Update policy file if needed
|
||||
if [ "$policy_update_needed" = true ]; then
|
||||
echo "Updating policy file..."
|
||||
new_query_line="query: SELECT 1 FROM os_version WHERE version >= '$latest_macos_version';"
|
||||
updated_policy_response=$(echo "$policy_response" | sed "s/query: .*/$new_query_line/")
|
||||
|
||||
if [ -z "$updated_policy_response" ]; then
|
||||
echo "Error: Failed to update the policy query line."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "$updated_policy_response" > "$POLICY_FILE_PATH"
|
||||
git add "$POLICY_FILE_PATH"
|
||||
fi
|
||||
|
||||
# Update team files if needed
|
||||
if [ "$team_updates_needed" = true ]; then
|
||||
echo "Updating team files..."
|
||||
updated_workstations_content=$(update_team_file_content "$workstations_content" "$latest_macos_version" "$new_deadline")
|
||||
updated_canary_content=$(update_team_file_content "$workstations_canary_content" "$latest_macos_version" "$new_deadline")
|
||||
|
||||
echo "$updated_workstations_content" > "$WORKSTATIONS_FILE"
|
||||
echo "$updated_canary_content" > "$WORKSTATIONS_CANARY_FILE"
|
||||
|
||||
git add "$WORKSTATIONS_FILE" "$WORKSTATIONS_CANARY_FILE"
|
||||
fi
|
||||
|
||||
# Create commit message
|
||||
commit_message="Update macOS version to $latest_macos_version"
|
||||
if [ "$policy_update_needed" = true ]; then
|
||||
commit_message="$commit_message
|
||||
|
||||
- Updated policy version from $policy_version_number to $latest_macos_version"
|
||||
fi
|
||||
if [ "$team_updates_needed" = true ]; then
|
||||
commit_message="$commit_message
|
||||
- Updated team minimum_version from $current_workstations_version to $latest_macos_version
|
||||
- Updated team deadline from $current_workstations_deadline to $new_deadline (4 Sundays from today)
|
||||
- Applied to both workstations and workstations-canary teams"
|
||||
fi
|
||||
|
||||
git commit -m "$commit_message"
|
||||
git push origin "$NEW_BRANCH"
|
||||
|
||||
# Create a pull request
|
||||
pr_data=$(jq -n --arg title "Update macOS version number to $latest_macos_version" \
|
||||
pr_title="Update macOS version to $latest_macos_version"
|
||||
pr_data=$(jq -n --arg title "$pr_title" \
|
||||
--arg head "$NEW_BRANCH" \
|
||||
--arg base "$BRANCH" \
|
||||
'{title: $title, head: $head, base: $base}')
|
||||
|
|
@ -133,5 +274,5 @@ if [ "$policy_version_number" != "$latest_macos_version" ]; then
|
|||
fi
|
||||
echo "Reviewers added successfully."
|
||||
else
|
||||
echo "No updates needed; the version is the same."
|
||||
echo "No updates needed; all versions and deadlines are current."
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue