Skip to content

homebysix/pre-commit-macadmin

Repository files navigation

Pre-Commit Hooks for Mac Admins

This repository contains hooks for pre-commit that may be useful to Mac admins, client engineers, and other Apple-focused IT professionals.

Requirements

To use these hooks, you first need to install pre-commit using the instructions here: https://pre-commit.com/#install

Adding hooks to your pre-commit config

For any hook in this repo you wish to use, add the following to your pre-commit config:

-   repo: https://github.com/homebysix/pre-commit-macadmin
    rev: v1.0.5
    hooks:
    -   id: check-plists
    # -   id: ...

Hooks available

AutoPkg

  • check-autopkg-recipe-list

    This hook checks AutoPkg recipe lists (in txt, plist, yaml, or json format) for common issues.

  • check-autopkg-recipes

    This hook checks AutoPkg recipes to ensure they contain required top-level keys.

    • Specify your preferred AutoPkg recipe and/or override prefix, if you wish to enforce them:
      args: ['--override-prefix=com.yourcompany.autopkg.']
      (default: local.)
      args: ['--recipe-prefix=com.github.yourusername.']
      (default: com.github.)
  • forbid-autopkg-overrides

    This hook prevents AutoPkg overrides from being added to the repo.

  • forbid-autopkg-trust-info

    This hook prevents AutoPkg recipes with trust info from being added to the repo.

Jamf

  • check-jamf-extension-attributes

    This hook checks Jamf extension attributes for common issues. (Looks for EAs in a path containing jamf/extension_attributes or jss/extension_attributes.)

  • check-jamf-scripts

    This hook checks Jamf scripts for common issues. (Looks for scripts in a path containing jamf/scripts or jss/scripts.)

  • check-jamf-profiles

    This hook checks Jamf profiles for common issues. (Looks for profiles in a path containing jamf/profiles or jss/profiles.)

Munki

  • check-munki-pkgsinfo

    This hook checks Munki pkginfo files to ensure they are valid.

    • Specify your preferred list of pkginfo catalogs, if you wish to enforce it, followed by -- to signal the end of the list:
      args: ['--catalogs', 'testing', 'stable', '--']
    • Specify your preferred list of pkginfo categories, if you wish to enforce it, followed by --:
      args: ['--categories', 'Productivity', 'Design', 'Utilities', 'Web Browsers', '--']
    • Specify required pkginfo keys, followed by --:
      args: ['--required-keys', 'category', 'description', 'developer', 'name', 'version', '--']
      (default: description, name)
  • check-munkiadmin-scripts

    This hook ensures MunkiAdmin scripts are executable.

  • check-munkipkg-buildinfo

    This hook checks MunkiPkg build-info files to ensure they are valid.

  • munki-makecatalogs

    This hook runs the "makecatalogs" command to ensure all referenced packages are present and catalogs are up to date.

Outset

  • check-outset-scripts

    This hook checks Outset scripts to ensure they're executable.

General

  • check-plists

    This hook checks XML property list (plist) files for basic syntax errors.

Recommendations

If you find my hooks useful, you may also want to use one or more of the Python, Markdown, and Git-related hooks listed here: https://pre-commit.com/hooks.html

Specifically, here are a few I use for Mac admin work:

  • check-added-large-files
  • check-executables-have-shebangs
  • check-merge-conflict
  • check-yaml
  • detect-aws-credentials
  • detect-private-key
  • mixed-line-ending
  • no-commit-to-branch
  • trailing-whitespace