Merge pull request #87 from homebysix/dev

homebysix · web-flow · commit dc632a82196d · 2025-01-16T14:44:32.000-08:00
1.19.0 merge to main
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,25 @@ All notable changes to this project will be documented in this file. This projec
 
 Nothing yet.
 
+## [1.19.0] - 2025-01-16
+
+### Added
+
+- Added `--warn-on-missing-installer-items` flag that makes missing Munki install/uninstall items a warning instead of a failure. (#86, thanks to @haircut)
+- Apply the same checks to `uninstaller_item_location` that were previously applied to `installer_item_location`.
+- `check-autopkg-recipes` requires Munki recipe `pkginfo` dicts to contain at least `name` and `description`.
+- `check-autopkg-recipes` now validates that `uninstall_method` and `uninstall_script` are set appropriately in Munki recipes.
+
+### Changed
+
+- `check-autopkg-recipes` includes jamf-upload as an AutoPkg recipe type, and updated processors included in jamf/jamf-upload recipe convention.
+- `check-munki-pkgsinfo` requires a `version` key in addition to `name` and `description`.
+
+### Fixed
+
+- Bug fix in `check-munkiadmin-scripts` that prevented script names from processing correctly.
+- Bug fix in `check-munki-pkgsinfo` that prevented `--warn-on-duplicate-imports` flag from working correctly.
+
 ## [1.18.0] - 2025-01-04
 
 ### Added
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ For any hook in this repo you wish to use, add the following to your pre-commit
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.18.0
+    rev: v1.19.0
     hooks:
     -   id: check-plists
     # -   id: ...
@@ -120,7 +120,7 @@ After adding a hook to your pre-commit config, it's not a bad idea to run `pre-c
     - Choose to just warn if icons referenced in pkginfo files are missing (this will allow pre-commit checks to pass if no other issues exist):
         `args: ['--warn-on-missing-icons]`
 
-    - Choose to just warn if installer items (`installer_item_location`) referenced in pkginfo files are missing (this will allow pre-commit checks to pass if no other issues exist):
+    - Choose to just warn if installer/uninstaller items (`installer_item_location` or `uninstaller_item_location`) referenced in pkginfo files are missing (this will allow pre-commit checks to pass if no other issues exist):
         `args: ['--warn-on-missing-installer-items]`
 
     - Choose to just warn if pkg/pkginfo files with __1 (or similar) suffixes are detected (this will allow pre-commit checks to pass if no other issues exist):
@@ -147,7 +147,7 @@ When combining arguments that take lists (for example: `--required-keys`, `--cat
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.18.0
+    rev: v1.19.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--']
@@ -157,7 +157,7 @@ But if you also use the `--categories` argument, you would move the trailing `--
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.18.0
+    rev: v1.19.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--']
@@ -169,7 +169,7 @@ If it looks better to your eye, feel free to use a multi-line list for long argu
 
 ```yaml
 -   repo: https://github.com/homebysix/pre-commit-macadmin
-    rev: v1.18.0
+    rev: v1.19.0
     hooks:
     -   id: check-munki-pkgsinfo
         args: [
diff --git a/pre_commit_hooks/check_autopkg_recipes.py b/pre_commit_hooks/check_autopkg_recipes.py
@@ -16,6 +16,7 @@
     validate_pkginfo_key_types,
     validate_required_keys,
     validate_restart_action_key,
+    validate_uninstall_method,
 )
 
 
@@ -382,6 +383,34 @@ def validate_proc_type_conventions(process, filename):
 
     # For each processor type, this is the list of processors that
     # we only expect to see in that type. List order is unimportant.
+    # TODO: Simpler to check for `com.github.grahampugh.jamf-upload.processors/` prefix?
+    jamf_upload_procs = [
+        "com.github.grahampugh.jamf-upload.processors/JamfAccountUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfCategoryUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfClassicAPIObjectUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfComputerGroupDeleter",
+        "com.github.grahampugh.jamf-upload.processors/JamfComputerGroupUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfComputerProfileUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfDockItemUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfExtensionAttributeUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfIconUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfMacAppUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfMobileDeviceGroupUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfMobileDeviceProfileUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfPackageCleaner",
+        "com.github.grahampugh.jamf-upload.processors/JamfPackageRecalculator",
+        "com.github.grahampugh.jamf-upload.processors/JamfPackageUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfPatchChecker",
+        "com.github.grahampugh.jamf-upload.processors/JamfPatchUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfPkgMetadataUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfPolicyDeleter",
+        "com.github.grahampugh.jamf-upload.processors/JamfPolicyLogFlusher",
+        "com.github.grahampugh.jamf-upload.processors/JamfPolicyUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfScriptUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfSoftwareRestrictionUploader",
+        "com.github.grahampugh.jamf-upload.processors/JamfUploaderSlacker",
+        "com.github.grahampugh.jamf-upload.processors/JamfUploaderTeamsNotifier",
+    ]
     proc_type_conventions = {
         "download": [
             "SparkleUpdateInfoProvider",
@@ -405,30 +434,8 @@ def validate_proc_type_conventions(process, filename):
         # https://github.com/jssimporter/JSSImporter
         "jss": ["JSSImporter"],
         # https://github.com/grahampugh/jamf-upload
-        "jamf": [
-            "com.github.grahampugh.jamf-upload.processors/JamfAccountUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfCategoryUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfClassicAPIObjectUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfComputerGroupUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfComputerProfileUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfDockItemUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfExtensionAttributeUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfIconUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfMacAppUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfMobileDeviceGroupUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfMobileDeviceProfileUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfPackageCleaner",
-            "com.github.grahampugh.jamf-upload.processors/JamfPackageUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfPatchChecker",
-            "com.github.grahampugh.jamf-upload.processors/JamfPatchUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfPolicyDeleter",
-            "com.github.grahampugh.jamf-upload.processors/JamfPolicyLogFlusher",
-            "com.github.grahampugh.jamf-upload.processors/JamfPolicyUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfScriptUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfSoftwareRestrictionUploader",
-            "com.github.grahampugh.jamf-upload.processors/JamfUploaderSlacker",
-            "com.github.grahampugh.jamf-upload.processors/JamfUploaderTeamsNotifier",
-        ],
+        "jamf": jamf_upload_procs,
+        "jamf-upload": jamf_upload_procs,
         # https://github.com/autopkg/filewave
         "filewave": [
             "com.github.autopkg.filewave.FWTool/FileWaveImporter",
@@ -574,6 +581,7 @@ def main(argv=None):
         #     recipe_text = openfile.read()
 
         # Top level keys that all AutoPkg recipes should contain.
+        # TODO: Make required recipe keys configurable.
         required_keys = ["Identifier"]
         if not validate_required_keys(recipe, filename, required_keys):
             retval = 1
@@ -609,12 +617,30 @@ def main(argv=None):
         # If the Input key contains a pkginfo dict, make a best effort to validate its contents.
         input_key = recipe.get("Input", recipe.get("input", recipe.get("INPUT")))
         if input_key and "pkginfo" in input_key:
+
+            # Check for presence of required pkginfo keys.
+            # TODO: Make required pkginfo keys within a recipe configurable.
+            req_keys = ["name", "description"]
+            if not validate_required_keys(input_key["pkginfo"], filename, req_keys):
+                retval = 1
+
+            # Ensure pkginfo keys have expected types.
             if not validate_pkginfo_key_types(input_key["pkginfo"], filename):
                 retval = 1
+
+            # Validate RestartAction key.
             if not validate_restart_action_key(input_key["pkginfo"], filename):
                 retval = 1
+
+            # Validate uninstall method.
+            if not validate_uninstall_method(input_key["pkginfo"], filename):
+                retval = 1
+
+            # Check for deprecated pkginfo keys.
             if not detect_deprecated_keys(input_key["pkginfo"], filename):
                 retval = 1
+
+            # Check for common mistakes in key names.
             if not detect_typoed_keys(input_key["pkginfo"], filename):
                 retval = 1
 
diff --git a/pre_commit_hooks/check_munki_pkgsinfo.py b/pre_commit_hooks/check_munki_pkgsinfo.py
@@ -14,6 +14,7 @@
     validate_required_keys,
     validate_restart_action_key,
     validate_shebangs,
+    validate_uninstall_method,
 )
 
 
@@ -25,11 +26,12 @@ def build_argument_parser():
     )
     parser.add_argument("--categories", nargs="+", help="List of approved categories.")
     parser.add_argument("--catalogs", nargs="+", help="List of approved catalogs.")
+    default_req_keys = ["description", "name", "version"]
     parser.add_argument(
         "--required-keys",
         nargs="+",
-        default=["description", "name"],
-        help="List of required top-level keys.",
+        default=default_req_keys,
+        help=f"List of required top-level keys. Defaults to: {default_req_keys}",
     )
     parser.add_argument(
         "--require-pkg-blocking-apps",
@@ -38,7 +40,7 @@ def build_argument_parser():
     )
     parser.add_argument("filenames", nargs="*", help="Filenames to check.")
     parser.add_argument(
-        "--munki-repo", default=".", help="path to local munki repo defaults to '.'"
+        "--munki-repo", default=".", help="path to local munki repo. Defaults to '.'"
     )
     parser.add_argument(
         "--warn-on-missing-icons",
@@ -122,11 +124,15 @@ def main(argv=None):
         if not validate_restart_action_key(pkginfo, filename):
             retval = 1
 
+        # Validate uninstall method.
+        if not validate_uninstall_method(pkginfo, filename):
+            retval = 1
+
         # Check for deprecated pkginfo keys.
         if not detect_deprecated_keys(pkginfo, filename):
             retval = 1
 
-        # Check for common mistakes key names.
+        # Check for common mistakes in key names.
         if not detect_typoed_keys(pkginfo, filename):
             retval = 1
 
@@ -144,31 +150,6 @@ def main(argv=None):
                     print(f'{filename}: catalog "{catalog}" is not in approved list')
                     retval = 1
 
-        # Check for missing or case-conflicted installer items
-        if not _check_case_sensitive_path(
-            os.path.join(
-                args.munki_repo, "pkgs", pkginfo.get("installer_item_location", "")
-            )
-        ):
-            msg = "installer item does not exist or path is not case sensitive"
-            if args.warn_on_missing_installer_items:
-                print(f"{filename}: WARNING: {msg}")
-            else:
-                print(f"{filename}: {msg}")
-                retval = 1
-
-        # Check for pkg filenames showing signs of duplicate imports.
-        if pkginfo.get("installer_item_location", "").endswith(tuple(dupe_suffixes)):
-            installer_item_location = pkginfo["installer_item_location"]
-            msg = (
-                f"installer item '{installer_item_location}' may be a duplicate import"
-            )
-            if args.warn_on_missing_icons:
-                print(f"{filename}: WARNING: {msg}")
-            else:
-                print(f"{filename}: {msg}")
-                retval = 1
-
         # Checking for the absence of blocking_applications for pkg installers.
         # If a pkg doesn't require blocking_applications, use empty "<array/>" in pkginfo.
         if args.require_pkg_blocking_apps and all(
@@ -184,6 +165,34 @@ def main(argv=None):
             )
             retval = 1
 
+        # Begin checks that apply to both installers and uninstallers
+        for i_type in ("installer", "uninstaller"):
+
+            # Check for missing or case-conflicted installer or uninstaller items
+            if not _check_case_sensitive_path(
+                os.path.join(
+                    args.munki_repo, "pkgs", pkginfo.get(f"{i_type}_item_location", "")
+                )
+            ):
+                msg = f"{i_type} item does not exist or path is not case sensitive"
+                if args.warn_on_missing_installer_items:
+                    print(f"{filename}: WARNING: {msg}")
+                else:
+                    print(f"{filename}: {msg}")
+                    retval = 1
+
+            # Check for pkg filenames showing signs of duplicate imports.
+            if pkginfo.get(f"{i_type}_item_location", "").endswith(
+                tuple(dupe_suffixes)
+            ):
+                item_loc = pkginfo[f"{i_type}_item_location"]
+                msg = f"{i_type} item '{item_loc}' may be a duplicate import"
+                if args.warn_on_duplicate_imports:
+                    print(f"{filename}: WARNING: {msg}")
+                else:
+                    print(f"{filename}: {msg}")
+                    retval = 1
+
         # Ensure an icon exists for the item.
         if not any(
             (
@@ -201,21 +210,6 @@ def main(argv=None):
                 print(f"{filename}: {msg}")
                 retval = 1
 
-        # Ensure uninstall method is set correctly if uninstall_script exists.
-        uninst_method = pkginfo.get("uninstall_method")
-        if "uninstall_script" in pkginfo and uninst_method != "uninstall_script":
-            print(
-                f"{filename}: has an uninstall script, but the uninstall "
-                f'method is set to "{uninst_method}"'
-            )
-            retval = 1
-        elif "uninstall_script" not in pkginfo and uninst_method == "uninstall_script":
-            print(
-                f"{filename}: uninstall_method is set to uninstall_script, "
-                'but no uninstall script is present"'
-            )
-            retval = 1
-
         # Ensure all pkginfo scripts have a proper shebang.
         script_types = (
             "installcheck_script",
diff --git a/pre_commit_hooks/check_munkiadmin_scripts.py b/pre_commit_hooks/check_munkiadmin_scripts.py
@@ -32,7 +32,10 @@ def main(argv=None):
         prefixes = ["manifest", "pkginfo", "repository"]
         actions = ["custom", "postopen", "postsave", "presave"]
         ma_script_prefixes = [f"{p}-{a}" for p in prefixes for a in actions]
-        if not any(filename.startswith(prefix) for prefix in ma_script_prefixes):
+        if not any(
+            os.path.basename(filename).startswith(prefix)
+            for prefix in ma_script_prefixes
+        ):
             print(f"{filename}: does not start with a valid MunkiAdmin script prefix")
             retval = 1
 
diff --git a/pre_commit_hooks/util.py b/pre_commit_hooks/util.py
@@ -141,7 +141,7 @@ def detect_typoed_keys(input_dict, filename):
 
 
 def validate_restart_action_key(pkginfo, filename):
-    """Verifies that required_keys are present in pkginfo dictionary."""
+    """Verifies that the RestartAction key is set correctly."""
     passed = True
     allowed_values = (
         "RequireShutdown",
@@ -159,6 +159,25 @@ def validate_restart_action_key(pkginfo, filename):
     return passed
 
 
+def validate_uninstall_method(pkginfo, filename):
+    """Verifies that uninstall_method and uninstall_script is used appropriately."""
+    passed = True
+    uninst_method = pkginfo.get("uninstall_method")
+    if pkginfo.get("uninstall_script") and uninst_method != "uninstall_script":
+        print(
+            f"{filename}: has an uninstall script, but the uninstall "
+            f'method is set to "{uninst_method}"'
+        )
+        passed = False
+    elif not pkginfo.get("uninstall_script") and uninst_method == "uninstall_script":
+        print(
+            f"{filename}: uninstall_method is set to uninstall_script, "
+            'but no uninstall script is present"'
+        )
+        passed = False
+    return passed
+
+
 def validate_pkginfo_key_types(pkginfo, filename):
     """Validation of pkginfo key types.
 
diff --git a/setup.py b/setup.py
@@ -6,7 +6,7 @@
     name="pre-commit-macadmin",
     description="Pre-commit hooks for Mac admins, client engineers, and IT consultants.",
     url="https://github.com/homebysix/pre-commit-macadmin",
-    version="1.18.0",
+    version="1.19.0",
     author="Elliot Jordan",
     author_email="elliot@elliotjordan.com",
     packages=["pre_commit_hooks"],
