Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/it-and-security/lib/macos/scripts
History
Allen Houchins cc6b995e22
Add automated Safari policy update and remediation (#35890) 
This pull request introduces automation for keeping the Fleet macOS
Safari update policy current, along with a new script for updating
Safari on endpoints. The main changes include a new GitHub Actions
workflow step to run an automated script that checks for the latest
Safari versions, updates the policy YAML if needed, and creates a pull
request with the changes. Additionally, a new endpoint script is added
to perform Safari updates via `softwareupdate`.

**Automation for Safari Policy Updates:**

* Added `.github/scripts/dogfood-policy-updater-latest-safari.sh`, a
script that fetches the latest Safari versions from the SOFA feed,
compares them to the versions in `update-safari.yml`, updates the YAML
if necessary, and automatically creates a pull request with reviewers
assigned.
* Updated `.github/workflows/dogfood-automated-policy-updates.yml` to
add a step that runs the new Safari version update script as part of the
workflow, using the required automation secrets.

**Policy and Endpoint Script Enhancements:**

* Added a new policy to
`it-and-security/lib/macos/policies/update-safari.yml` that checks if
the installed Safari version matches the latest for macOS 15 (Safari
18.6) and macOS 26 (Safari 26.1).
* Introduced `it-and-security/lib/macos/scripts/update-safari.sh`, a
script for endpoints that runs `softwareupdate` with the `--safari-only`
flag, logging the outcome and requiring root privileges.
2026-01-08 11:00:31 -06:00
..
collect-fleetd-logs.sh Reorganize our it-and-security directory (#24278) 2024-12-09 13:42:47 -06:00
create-conditional-access-allow-file.sh Configuration for Entra conditional access demo (#31161) 2025-07-22 20:47:02 -05:00
execute-disable-fleet-desktop.sh Reorganize our it-and-security directory (#24278) 2024-12-09 13:42:47 -06:00
install-macos-compatibility-extension.sh Updated policies and scripts (#31030) 2025-07-17 21:34:23 -05:00
install-nudge.sh Adding configuration for Nudge testing (#31928) 2025-08-14 20:00:39 -05:00
install-santa-extension.sh Updated policies and scripts (#31030) 2025-07-17 21:34:23 -05:00
install-update-homebrew.sh Reorganize our it-and-security directory (#24278) 2024-12-09 13:42:47 -06:00
install-wine.sh Fix homebrew wine install (#32505) 2025-09-02 11:05:46 -04:00
mdm-migration.sh Reorganize our it-and-security directory (#24278) 2024-12-09 13:42:47 -06:00
migrate-slack-preferences.sh Update migrate-slack-preferences.sh (#36850) 2025-12-07 21:28:35 -06:00
nudge-postinstall.sh Added postinstall script to nudget-assets (#31976) 2025-08-15 12:57:36 -05:00
refetch-host.sh Updated script name (#30685) 2025-07-09 10:53:59 -05:00
remove-old-nudge.sh Reorganize our it-and-security directory (#24278) 2024-12-09 13:42:47 -06:00
santa-block-script.sh Adding santa for testing (#26586) 2025-02-25 14:11:03 -05:00
see-automatic-enrollment-profile.sh Reorganize our it-and-security directory (#24278) 2024-12-09 13:42:47 -06:00
set-lock-screen-message.sh Update set-lock-screen-message.sh (#32953) 2025-09-12 20:54:47 -05:00
system-maintenance.sh Reorganize our it-and-security directory (#24278) 2024-12-09 13:42:47 -06:00
uninstall-fleetd-macos.sh Uninstall fleetd scripts: "fleetd" (#29196) 2025-05-15 18:48:14 -04:00
uninstall-santa-extension.sh Add script to remove custom santa extension (#34828) 2025-10-27 22:03:56 -05:00
update-safari.sh Add automated Safari policy update and remediation (#35890) 2026-01-08 11:00:31 -06:00
user-enroll-entra-company-portal.sh Microsoft Compliance Partner backend changes (#29540) 2025-06-11 14:22:46 -03:00