-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathrotate-recovery-lock-manual.yml
More file actions
63 lines (54 loc) · 2.09 KB
/
Copy pathrotate-recovery-lock-manual.yml
File metadata and controls
63 lines (54 loc) · 2.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# Example workflow: call the published composite action from another repository
#
# Prerequisites:
# • Secrets: JAMF_CLIENT_ID, JAMF_CLIENT_SECRET
# • Variable: JAMF_URL (Settings → Secrets and variables → Actions → Variables)
name: Rotate Recovery Lock (Manual)
on:
workflow_dispatch:
inputs:
rotation-scope:
description: "🖥️ Rotation scope (Smart Group):"
type: string
default: "ELIGIBLE Recovery Lock Rotation"
clear:
description: "🧹 Clear passwords"
type: boolean
default: false
dry-run:
description: "🧪 Dry run"
type: boolean
default: true
show-passwords:
description: "🔐 Show passwords (dry run only)"
type: boolean
default: false
jobs:
rotate-recovery-lock:
name: Rotate Recovery Lock
runs-on: ubuntu-latest
timeout-minutes: 30
env:
JAMF_CLIENT_ID: ${{ secrets.JAMF_CLIENT_ID }}
JAMF_CLIENT_SECRET: ${{ secrets.JAMF_CLIENT_SECRET }}
steps:
- name: Run Jamf Recovery Lock Rotation
id: jamf_recovery_lock_rotation
uses: Inetum-Poland/jamf-recovery-lock-rotation@v1
with:
jamf_url: ${{ vars.JAMF_URL }}
# Optional: limit to a smart computer group name instead of all devices
rotation_scope: ${{ inputs.rotation-scope }}
clear_passwords: ${{ inputs.clear }}
# -----------------------------------------------------------------
# DRY RUN — uncomment to validate configuration without sending MDM commands
# -----------------------------------------------------------------
dry_run: ${{ inputs.dry-run }}
#
# Optional with dry_run: log generated passphrases (sensitive; use only for debugging)
show_passwords_in_dry_run: ${{ inputs.show-passwords }}
- name: Report counts
shell: bash
run: |
echo "rotated_count=${{ steps.jamf_recovery_lock_rotation.outputs.rotated_count }}"
echo "failed_count=${{ steps.jamf_recovery_lock_rotation.outputs.failed_count }}"