Skip to main content

Using GitHub as your source of truth for scripts

It can be difficult to manage code that lives in a web application. There’s a lack of version control, lack of change approval and collaboration and review are manual. Today’s session, led by Brad Schmidt and Brian LaShomb of fellow Minnesotan company Target, dove into a timely topic often on an IT administrator’s brain – getting their scripts under version control.

This is where GitHub, Jenkins and Git2JSS can help.

Jenkins
Schmidt and LaShomb use Jenkins as their CI tool at Target. One of the great things about Jenkins is chaining jobs together based on success or fail criteria. For instance, as LaShomb explained, Target’s AutoPKG workflow will run and if a package is created successfully, it will kick off a DP sync job that also resides in Jenkins. It will then also create a story in Jira for testing the application. If the job didn’t build successfully (i.e., no new package created) then the DP Sync and Jira job would not run.

Once implementing Jenkins, Schmidt and LaShomb then needed something to take their repository of scripts and get them into the Jamf Pro server. Jenkins can 'build' the GitHub repo, but they needed something to look through the repo and send each item to the Jamf Pro server. That’s where Git2JSS came in!

Git2JSS
At a high level, Git2JSS looks at the previous commit and the current commit for changes to scripts and extension attributes and uploads those changed resources to the Jamf Pro server using the REST API. Scripts and Git2JSS live in a repo in GitHub, a webhook calls a Jenkins workflow that pulls down the repo and uploads the changes (or all) scripts and extension attributes to Jamf Pro. A build notification is sent to Slack or can be set for email.

How Target manages version control:

Step 1: Fork the repo
Step 2: Make changes
Step 3: Submit pull request back to main repo
Step 4: Peer review and merge
Step 5: GitHub webhooks calls Jenkins and triggers the build
Step 6: Jenkins clones the repo, determines changed resources and submits them via an API call to the Jamf Pro REST API

As Schmidt noted, in order to implement the complete workflow, you will need to have API credentials, a Jenkins server with a build server running Python 3 and a GitHub account (Enterprise or Private Repo if you don't want all your scripts public).

Before wrapping up the session, they provided helpful resources to get started with Jenkins, Git2JSS as well as the Twin Cities MacAdmins group.