From bfaa8043bf8b0aca8662299ba720abe4f49491ff Mon Sep 17 00:00:00 2001
From: Luke Heath <luke@fleetdm.com>
Date: Tue, 4 Apr 2023 15:51:07 -0500
Subject: [PATCH] Add profiles workflow for canary team (#10966)

---
 .../workflows/fleetctl-profiles-canary.yml    | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 .github/workflows/fleetctl-profiles-canary.yml

diff --git a/.github/workflows/fleetctl-profiles-canary.yml b/.github/workflows/fleetctl-profiles-canary.yml
new file mode 100644
index 0000000000..60186f1c7f
--- /dev/null
+++ b/.github/workflows/fleetctl-profiles-canary.yml
@@ -0,0 +1,68 @@
+# This workflow applies the latest MDM profiles to the workstations team.
+# It uses a fleet instance also built and executed from source.
+#
+# It runs automatically when a file is changed in /mdm_profiles.
+name: Apply latest MDM profiles (Canary)
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'mdm_profiles/**.mobileconfig'
+  workflow_dispatch: # Manual
+
+# This allows a subsequently queued workflow run to interrupt previous runs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
+    shell: bash
+
+permissions:
+  contents: read
+
+env:
+  DOGFOOD_API_TOKEN: ${{ secrets.DOGFOOD_API_TOKEN }}
+  DOGFOOD_URL: ${{ secrets.DOGFOOD_URL }}
+  CLOUD_MANAGEMENT_ENROLLMENT_TOKEN: ${{ secrets.CLOUD_MANAGEMENT_ENROLLMENT_TOKEN }}
+
+jobs:
+  apply-profiles:
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2
+      with:
+        repository: fleetdm/fleet
+
+    - name: Install fleetctl
+      run: npm install -g fleetctl
+
+    - name: Configure fleetctl
+      run: fleetctl config set --address $DOGFOOD_URL --token $DOGFOOD_API_TOKEN
+
+    - name: Run fleetctl apply
+      run: |
+        profiles=""
+          for file in mdm_profiles/*.mobileconfig; do
+            envsubst < "$file" > "${file}.new"
+            mv "${file}.new" "$file"
+            profiles+="- $file
+                  "
+        done
+        echo "apiVersion: v1
+        kind: team
+        spec:
+          team:
+            name: 💻🐣 Workstations (canary)
+            mdm:
+              macos_settings:
+                custom_settings:
+                  $profiles
+        " > team-workstations-config.yml
+        fleetctl apply -f team-workstations-config.yml