This repository contains hooks for pre-commit that may be useful to Mac admins, client engineers, and other Apple-focused IT professionals.
To use these hooks, you first need to install pre-commit using the instructions here:
For any hook in this repo you wish to use, add the following to your pre-commit config:
- repo:
rev: v1.19.0
- id: check-plists
# - id: ...
After adding a hook to your pre-commit config, it's not a bad idea to run pre-commit autoupdate
to ensure you have the latest version of the hooks.
This hook checks to ensure the Git config email matches one of the specified domains:
args: ['--domains', '', '', '--']
This hook checks MunkiPkg build-info files to ensure they are valid.
This hook checks Outset scripts to ensure they're executable.
This hook checks XML property list (plist) files for basic syntax errors. Does not modify or autoformat these files; see the
hook below if you want autoformatting. -
This hook will auto-format XML property list (plist) files to use tabs instead of spaces, and will alphabetically sort keys.
NOTE: This will remove any HTML-style comments
<!--like this-->
in your plist files, so convert those to<key>Comment</key>
format first.
This hook checks AutoPkg recipe lists (in txt, plist, yaml, or json format) for common issues.
This hook checks AutoPkg recipes to ensure they meet various requirements and conventions.
Optionally specify your preferred AutoPkg recipe and/or override prefix, if you wish to enforce them:
args: ['--override-prefix=com.yourcompany.autopkg.']
)args: ['--recipe-prefix=com.github.yourusername.']
) -
Optionally specify the version of AutoPkg for which you want to ignore MinimumVersion mismatches with processors.
args: ['--ignore-min-vers-before=0.5.0']
) Specifying0.1.0
will not ignore any MinimumVersion mismatches. -
If you're a purist, you can also enable strict mode. This enforces recipe type conventions, all processor/MinimumVersion mismatches, forbids
<!-- -->
style comments, and ensures all processor input variables (arguments) are valid.args: ['--strict']
(default: False)
This hook prevents AutoPkg overrides from being added to the repo.
This hook prevents AutoPkg recipes with trust info from being added to the repo.
This hook checks Jamf extension attributes for common issues. (Looks for EAs in a path containing jamf/extension_attributes or jss/extension_attributes.)
This hook checks Jamf scripts for common issues. (Looks for scripts in a path containing jamf/scripts or jss/scripts.)
This hook checks Jamf profiles for common issues. (Looks for profiles in a path containing jamf/profiles or jss/profiles.)
This hook checks Munki pkginfo files to ensure they are valid.
Specify your preferred list of pkginfo catalogs, if you wish to enforce it, followed by
to signal the end of the list:args: ['--catalogs', 'testing', 'stable', '--']
Specify your preferred list of pkginfo categories, if you wish to enforce it, followed by
:args: ['--categories', 'Productivity', 'Design', 'Utilities', 'Web Browsers', '--']
Specify required pkginfo keys, followed by
:args: ['--required-keys', 'category', 'description', 'developer', 'name', 'version', '--']
(default: description, name) -
Specify an alternate munki repo location by passing the argument:
args: ['--munki-repo', './my_repo_location']
(default: ".") -
Choose to just warn if icons referenced in pkginfo files are missing (this will allow pre-commit checks to pass if no other issues exist):
args: ['--warn-on-missing-icons]
Choose to just warn if installer/uninstaller items (
) referenced in pkginfo files are missing (this will allow pre-commit checks to pass if no other issues exist):args: ['--warn-on-missing-installer-items]
Choose to just warn if pkg/pkginfo files with __1 (or similar) suffixes are detected (this will allow pre-commit checks to pass if no other issues exist):
args: ['--warn-on-duplicate-imports]
Add additional shebangs that are valid for your environment:
args: ['--valid-shebangs', '#!/bin/macadmin/python37', '#!/bin/macadmin/python42', '--']
This hook ensures MunkiAdmin scripts are executable.
This hook runs the "makecatalogs" command to ensure all referenced packages are present and catalogs are up to date.
- Specify an alternate munki repo location by passing the argument:
args: ['--munki-repo', './my_repo_location']
(default: ".")
- Specify an alternate munki repo location by passing the argument:
When combining arguments that take lists (for example: --required-keys
, --catalogs
, and --categories
), only the last list needs to have a trailing --
. For example, if you use the check-munki-pkgsinfo hook with only the --catalogs
argument, your yaml config would look like this:
- repo:
rev: v1.19.0
- id: check-munki-pkgsinfo
args: ['--catalogs', 'testing', 'stable', '--']
But if you also use the --categories
argument, you would move the trailing --
to the end, after all the lists, like this:
- repo:
rev: v1.19.0
- id: check-munki-pkgsinfo
args: ['--catalogs', 'testing', 'stable', '--categories', 'Design', 'Engineering', 'Web Browsers', '--']
The --
only serves as a signal to the hook that the list of arguments is complete, and is only needed for "list" type arguments.
If it looks better to your eye, feel free to use a multi-line list for long arguments:
- repo:
rev: v1.19.0
- id: check-munki-pkgsinfo
args: [
'--required-keys', 'description', 'name', 'developer', 'category', 'version',
'--catalogs', 'testing', 'stable',
'--categories', 'Communication', 'Design', 'Engineering', 'macOS', 'Printers',
'Productivity', 'Security', 'Utilities', 'Web Browsers',
If you find my hooks useful, you may also want to use one or more of the Python, Markdown, and Git-related hooks listed here:
Specifically, here are a few I use for Mac admin work: