From 42b6744c2fc83678d967634ecfdc0aaebbccd0e9 Mon Sep 17 00:00:00 2001 From: Sam Geyskens Date: Tue, 29 Apr 2025 13:29:32 +0200 Subject: [PATCH] Voeg build script en workflows toe --- .github/workflows/build-packages.yml | 131 +++++++++++++++++++++++++++ app_template/app-meta.json | 14 +++ scripts/Build-And-UpdateReadme.ps1 | 93 +++++++++++++++++++ 3 files changed, 238 insertions(+) create mode 100644 .github/workflows/build-packages.yml create mode 100644 app_template/app-meta.json create mode 100644 scripts/Build-And-UpdateReadme.ps1 diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml new file mode 100644 index 0000000..80dafbe --- /dev/null +++ b/.github/workflows/build-packages.yml @@ -0,0 +1,131 @@ +name: Build & Release IntuneWin package + +on: + push: + paths: + - 'apps/**' + - 'scripts/Build-And-UpdateReadme.ps1' + - '.github/workflows/build-packages.yml' + workflow_dispatch: + +jobs: + build: + runs-on: windows-latest + defaults: + run: + shell: pwsh + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Zoek gewijzigde apps + id: appdir + run: | + $diff = git diff --name-only ${{ github.sha }} ${{ github.sha }}~1 + $apps = $diff | Select-String '^apps/([^/]+)/' | ForEach-Object { $_.Matches.Groups[1].Value } | Sort-Object -Unique + if (-not $apps) { Write-Error "Geen wijziging in apps gedetecteerd"; exit 1 } + "appname=$($apps[0])" | Out-File -Append $env:GITHUB_ENV + shell: pwsh + + - name: Build intunewin package + update README.md + id: build + run: | + $appdir = "apps/${{ steps.appdir.outputs.appname }}" + $result = .\scripts\Build-And-UpdateReadme.ps1 -AppPath $appdir -BuildIntuneWin + $outlines = ($result | Out-String) -split "`n" + foreach ($line in $outLines) { + if ($line -like "*::set-output*") { + $parts = $line -replace "::set-output name=", "" -split "::" + Write-Host "$($parts[0])=$($parts[1])" + "::set-output name=$($parts[0])::$($parts[1])" + } + } + + - name: Create or update GitHub release + id: create_release + uses: softprops/action-gh-release@v2 + with: + tag_name: '${{ steps.appdir.outputs.appname }}-v${{ steps.build.outputs.app_version }}' + name: '${{ steps.appdir.outputs.appname }} v${{ steps.build.outputs.app_version }}' + draft: false + prerelease: false + files: apps/${{ steps.appdir.outputs.appname }}/build/*.intunewin + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Update README.md met definitieve downloadlink + run: | + $appdir = "apps/${{ steps.appdir.outputs.appname }}" + $ver = "${{ steps.build.outputs.app_version }}" + $release_url = "https://github.com/${{ github.repository }}/releases/download/${{ steps.appdir.outputs.appname }}-v$ver/${{ steps.build.outputs.package_name }}" + # Lees bestaande REAMDE in, vervang de downloadregel + $readme = Get-Content "$appdir/README.md" -Raw + pattern = "(?ms)(\*\*Laatste intunewin package:\*\* ).*?(\r?\n)" + $newreadme = [regex]::Replace($readme, $pattern, "`$1`$release_url`$2") + Set-Content "$appdir/README.md" $newreadme -Encoding UTF8 + + - name: Commit en push gewijzigde README.md (indien aangepast) + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add apps/${{ steps.appdir.outputs.appname }}/README.md + git diff --cached --quiet || git commit -m "README.md: update downloadlink na release [skip ci]" + git push + + # Later te testen, momenteel niet in gebruik: Push naar intune omgeving + + # - name: Install IntuneWin32App module + # run: | + # Install-Module IntuneWin32App -Scope CurrentUser -Force -AllowClobber + + # - name: Deploy naar intune win32-app + # env: + # CLIENT_ID: ${{ secrets.INTUNE_CLIENT_ID }} + # TENANT_ID: ${{ secrets.INTUNE_TENANT_ID }} + # CLIENT_SECRET: ${{ secrets.INTUNE_CLIENT_SECRET }} + # run: | + # $ErrorActionPreference = "Stop" + # $appdir = "apps/${{ steps.appdir.outputs.appname }}" + # $metaPath = "$appdir/app-meta.json" + # $meta = Get-Content $metaPath | ConvertFrom-Json + + # $iconPath = if ($meta.icon) { Join-Path $appdir $meta.icon } else { $null } + # if ($iconPath -and -not (Test-Path $iconPath)) { $iconPath = $null } + + # # Authenticatie + # Import-Module IntuneWin32App + # $secureSecret = ConvertTo-SecureString $env:CLIENT_SECRET -AsPlainText -Force + # $creds = New-Object System.Management.Automation.PSCredential($env:CLIENT_ID, $secureSecret) + # Connect-MSGraph -ClientId $env:CLIENT_ID -TenantId $env:TENANT_ID -ClientSecret $env:CLIENT_SECRET + + # # Build detectie block + # $detection = $meta.detection + # $detectionRule = $null + # if ($null -ne $detection -and $detection.type -eq 'File') { + # $filePath = Split-Path $detection.path + # $fileName = Split-Path $detection.path -Leaf + # $detectionRule = @{ + # DetectionType = "File" + # Path = $filePath + # FileOrFolder = $fileName + # DetectionMethod = "Exists" + # } + # } + # # Add more logic here if you want to support other detection types (Registry, etc.) + + # # Deploy Win32 app + # $package = Get-ChildItem "$appdir/build" -Filter *.intunewin | Sort-Object LastWriteTime -Descending | Select-Object -First 1 + + # Add-IntuneWin32App ` + # -FilePath $package.FullName ` + # -DisplayName $meta.displayName ` + # -Description $meta.description ` + # -Publisher $meta.publisher ` + # -InstallCommandLine ("powershell.exe -ExecutionPolicy Bypass -File " + $meta.installScript) ` + # -UninstallCommandLine $meta.uninstallCommand ` + # -DetectionRule $detectionRule ` + # -Icon $iconPath ` + # -Force + + # Disconnect-MSIntuneGraph \ No newline at end of file diff --git a/app_template/app-meta.json b/app_template/app-meta.json new file mode 100644 index 0000000..f2faa94 --- /dev/null +++ b/app_template/app-meta.json @@ -0,0 +1,14 @@ +{ + "displayName": "VLC Player", + "publisher": "VideoLAN", + "instructions": "Wordt automatisch via Intune Win32 deployed met PSADT.", + "installScript": "install.ps1", + "uninstallCommand": "powershell.exe -ExecutionPolicy Bypass -File uninstall.ps1", + "detection": { + "type": "File", + "path": "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe", + "exists": true + }, + "description": "VLC Player voor Windows, uitgerold met PSADT.", + "icon": "icon.png" + } \ No newline at end of file diff --git a/scripts/Build-And-UpdateReadme.ps1 b/scripts/Build-And-UpdateReadme.ps1 new file mode 100644 index 0000000..814aae1 --- /dev/null +++ b/scripts/Build-And-UpdateReadme.ps1 @@ -0,0 +1,93 @@ +param( + [Parameter(Mandatory=$true)] + [string]$AppPath, + [string]$DownloadLink = "", + [switch]$BuildIntuneWin +) + +Write-Host "== Start Build-And-UpdateReadme.ps1 voor $AppPath ==" + +# 1. Lees meta.json uit +$metaPath = Join-Path $AppPath 'app-meta.json' +if (-not (Test-Path $metaPath)) { throw "meta.json niet gevonden ($metaPath)" } +$meta = Get-Content $metaPath | ConvertFrom-Json + +$displayName = $meta.displayName +$instructies = $meta.instructions +$publisher = $meta.publisher +$installScript = $meta.installScript +$uninstallCmd = $meta.uninstallCommand +$detection = $meta.detection +$icon = $meta.icon +$description = $meta.description + +# 2. Zoek een EXE/MSI in files/ +$exeOrMsi = Get-ChildItem -Path (Join-Path $AppPath 'files') -Include *.exe,*.msi -File | Select-Object -First 1 +if (-not $exeOrMsi) { + Write-Warning "Geen EXE of MSI gevonden in $AppPath\files" + $appVersion = "onbekend" +} else { + if ($exeOrMsi.Extension -ieq ".msi") { + $appVersion = (Get-ItemProperty $exeOrMsi.FullName).VersionInfo.ProductVersion + } else { + $appVersion = (Get-Item $exeOrMsi.FullName).VersionInfo.FileVersion + if (-not $appVersion) { $appVersion = (Get-Item $exeOrMsi.FullName).VersionInfo.ProductVersion } + } + if (-not $appVersion) { $appVersion = "onbekend" } +} + +# 3. (Optioneel) Build .intunewin bestand +if ($BuildIntuneWin) { + $intuneUtilPath = "$env:GITHUB_WORKSPACE/scripts/IntuneWinAppUtil.exe" + if (-not (Test-Path $intuneUtilPath)) { + Write-Host "Download de nieuwste IntuneWinAppUtil.exe" + Invoke-WebRequest -Uri "https://github.com/microsoft/Microsoft-Win32-Content-Prep-Tool/releases/latest/download/IntuneWinAppUtil.exe" -OutFile $intuneUtilPath + } + $outputFolder = Join-Path $AppPath 'build' + if (-not (Test-Path $outputFolder)) { New-Item -Path $outputFolder -ItemType Directory | Out-Null } + & $intuneUtilPath -c (Join-Path $AppPath 'files') -s $installScript -o $outputFolder + $packageName = "$($displayName.ToLower().Replace(' ', ''))-$appVersion.intunewin" + $srcIntunewin = Get-ChildItem -Path $outputFolder -Filter *.intunewin | Select-Object -Last 1 + if ($srcIntunewin) { + Rename-Item -Path $srcIntunewin.FullName -NewName $packageName -Force + } +} else { + $outputFolder = Join-Path $AppPath 'build' + $packageName = "$($displayName.ToLower().Replace(' ', ''))-$appVersion.intunewin" +} + +# 4. README.md genereren +$uninstText = if ($uninstallCmd) { "**Uninstall:** $uninstallCmd`n" } else { "" } +$detectText = if ($detection) { + "**Detectie:** type `${($detection.type)}` - pad `${($detection.path)}``n" +} else { "" } +$iconText = if (($icon) -and (Test-Path "$AppPath/$icon")) { + "![App logo]($icon)`n" +} else { "" } + +$readme = @" +# $displayName + +$iconText +**Versie:** $appVersion + +**Laatste intunewin package:** $DownloadLink + +**Uitgever:** $publisher +$uninstText$detectText +**Beschrijving:** $description + +## Installatie-instructies +$instructies + +## Changelog +- Versie $appVersion : automatische build door GitHub Actions op $(Get-Date -Format 'yyyy-MM-dd HH:mm') +"@ + +Set-Content -Path (Join-Path $AppPath 'README.md') -Value $readme -Encoding UTF8 + +Write-Host "::set-output name=app_version::$appVersion" +Write-Host "::set-output name=package_name::$packageName" +Write-Host "::set-output name=build_dir::$outputFolder" +Write-Host "::set-output name=app_name::$($displayName.ToLower().Replace(' ', ''))" +Write-Host "::set-output name=icon::$icon" \ No newline at end of file