This repository contains hooks for pre-commit that may be useful to Mac admins, client engineers, and other Apple-focused IT professionals.
To use these hooks, you first need to install pre-commit using the instructions here: https://pre-commit.com/#install
For any hook in this repo you wish to use, add the following to your pre-commit config:
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.16.2
hooks:
- id: check-plists
# - id: ...
After adding a hook to your pre-commit config, it's not a bad idea to run pre-commit autoupdate
to ensure you have the latest version of the hooks.
-
check-git-config-email
This hook checks to ensure the Git config email matches one of the specified domains:
args: ['--domains', 'pretendco.com', 'contoso.com', '--']
-
check-munkipkg-buildinfo
This hook checks MunkiPkg build-info files to ensure they are valid.
-
check-outset-scripts
This hook checks Outset scripts to ensure they're executable.
-
check-plists
This hook checks XML property list (plist) files for basic syntax errors. Does not modify or autoformat these files; see the
format-xml-plist
hook below if you want autoformatting. -
format-xml-plist
This hook will auto-format XML property list (plist) files to use tabs instead of spaces, and will alphabetically sort keys.
NOTE: This will remove any HTML-style comments
<!--like this-->
in your plist files, so convert those to<key>Comment</key>
format first.
-
check-autopkg-recipe-list
This hook checks AutoPkg recipe lists (in txt, plist, yaml, or json format) for common issues.
-
check-autopkg-recipes
This hook checks AutoPkg recipes to ensure they meet various requirements and conventions.
-
Optionally specify your preferred AutoPkg recipe and/or override prefix, if you wish to enforce them:
args: ['--override-prefix=com.yourcompany.autopkg.']
(default:local.
)
args: ['--recipe-prefix=com.github.yourusername.']
(default:com.github.
) -
Optionally specify the version of AutoPkg for which you want to ignore MinimumVersion mismatches with processors.
args: ['--ignore-min-vers-before=0.5.0']
(default:1.0.0
)
Specifying0.1.0
will not ignore any MinimumVersion mismatches. -
If you're a purist, you can also enable strict mode. This enforces recipe type conventions, all processor/MinimumVersion mismatches, forbids
<!-- -->
style comments, and ensures all processor input variables (arguments) are valid.
args: ['--strict']
(default: False)
-
-
forbid-autopkg-overrides
This hook prevents AutoPkg overrides from being added to the repo.
-
forbid-autopkg-trust-info
This hook prevents AutoPkg recipes with trust info from being added to the repo.
-
check-jamf-extension-attributes
This hook checks Jamf extension attributes for common issues. (Looks for EAs in a path containing jamf/extension_attributes or jss/extension_attributes.)
-
check-jamf-scripts
This hook checks Jamf scripts for common issues. (Looks for scripts in a path containing jamf/scripts or jss/scripts.)
-
check-jamf-profiles
This hook checks Jamf profiles for common issues. (Looks for profiles in a path containing jamf/profiles or jss/profiles.)
-
check-munki-pkgsinfo
This hook checks Munki pkginfo files to ensure they are valid.
-
Specify your preferred list of pkginfo catalogs, if you wish to enforce it, followed by
--
to signal the end of the list:args: ['--catalogs', 'testing', 'stable', '--']
-
Specify your preferred list of pkginfo categories, if you wish to enforce it, followed by
--
:args: ['--categories', 'Productivity', 'Design', 'Utilities', 'Web Browsers', '--']
-
Specify required pkginfo keys, followed by
--
:args: ['--required-keys', 'category', 'description', 'developer', 'name', 'version', '--']
(default: description, name) -
Specify an alternate munki repo location by passing the argument:
args: ['--munki-repo', './my_repo_location']
(default: ".") -
Choose to just warn on missing icons with a flag, note if no other issues exist this will allow pre-commit to pass without seeing the warnings:
args: ['--warn-on-missing-icons]
-
Add additional shebangs that are valid for your environment:
args: ['--valid-shebangs', '#!/bin/macadmin/python37', '#!/bin/macadmin/python42', '--']
-
-
check-munkiadmin-scripts
This hook ensures MunkiAdmin scripts are executable.
-
munki-makecatalogs
This hook runs the "makecatalogs" command to ensure all referenced packages are present and catalogs are up to date.
- Specify an alternate munki repo location by passing the argument:
args: ['--munki-repo', './my_repo_location']
(default: ".")
- Specify an alternate munki repo location by passing the argument:
When combining arguments that take lists (for example: --required-keys
, --catalogs
, and --categories
), only the last list needs to have a trailing --
. For example, if you use the check-munki-pkgsinfo hook with only the --catalogs
argument, your yaml config would look like this:
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.16.2
hooks:
- id: check-munki-pkgsinfo
args: ['--catalogs', 'testing', 'stable', '--']
But if you also use the --categories
argument, you would move the trailing --
to the end, after all the lists, like this:
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.16.2
hooks:
- id: check-munki-pkgsinfo
args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--']
The --
only serves as a signal to the hook that the list of arguments is complete, and is only needed for "list" type arguments.
If it looks better to your eye, feel free to use a multi-line list for long arguments:
- repo: https://github.com/homebysix/pre-commit-macadmin
rev: v1.16.2
hooks:
- id: check-munki-pkgsinfo
args: [
'--required-keys', 'description', 'name', 'developer', 'category', 'version',
'--catalogs', 'testing', 'stable',
'--categories', 'Communication', 'Design', 'Engineering', 'macOS', 'Printers',
'Productivity', 'Security', 'Utilities', 'Web Browsers',
'--']
If you find my hooks useful, you may also want to use one or more of the Python, Markdown, and Git-related hooks listed here: https://pre-commit.com/hooks.html
Specifically, here are a few I use for Mac admin work:
check-added-large-files
check-executables-have-shebangs
check-merge-conflict
check-yaml
detect-aws-credentials
detect-private-key
mixed-line-ending
no-commit-to-branch
trailing-whitespace