Use AutoPkg to package GitHub repositories with no binary assets

Posted on by Matthew Warren

GitHub is a popular channel for software distribution, and AutoPkg simplifies the task of packaging GitHub-released apps. AutoPkg's GitHubReleasesInfoProvider processor is the standard method for identifying the latest version of software released using GitHub's Releases feature, but it has one key requirement - a binary asset must be attached to the release.

However, not all software adheres to this convention. Some repositories might only contain simple shell scripts or other non-binary assets.

To work around this requirement of GitHubReleasesInfoProvider, you can use AutoPkg's URLTextSearcher and URLDownloader processors to download the release in the form of a zip archive.

Every GitHub release automatically provides compressed archives of repository contents in both zip and tar formats. You can access the URLs of these archives via GitHub's REST API at the following endpoint:

https://api.github.com/repos/{OWNER}/{REPOSITORY}/releases/latest

The JSON response contains a key called "zipball_url" which points to the zip archive:

{
  ...
  "zipball_url": "https://api.github.com/repos/{OWNER}/{REPOSITORY}/zipball/v1.0.0"
  ...
}

Extracting this URL is straighforward using the URLTextSearcher processor and the regular expression zipball_url\": \"(.*)\". Once extracted, you can download the archive using the URLDownloader processor.

With an archive of the repository downloaded, you can proceed with additional processors as needed to package the repository contents.

Example

Consider an example repository that contains a shell script named example.sh, and your goal is to create an installer package that places an executable copy of this script in the default path. Below is a complete example recipe process:

Process:
  - Processor: URLTextSearcher
    Arguments:
      url: https://api.github.com/repos/{OWNER}/{REPOSITORY}/releases/latest
      re_pattern: "zipball_url\": \"(.*)\""
      result_output_var_name: "zipball_url"
      request_headers:
        Accept: application/vnd.github+json
        X-GitHub-Api-Version: "2022-11-28"

  - Processor: URLDownloader
    Arguments:
      url: "%zipball_url%"
      filename: "%NAME%.zip"

  - Processor: Unarchiver
    Arguments:
      archive_path: "%RECIPE_CACHE_DIR%/downloads/%NAME%.zip"

  - Processor: PkgRootCreator
    Arguments:
      pkgdirs: {}
      pkgroot: "%RECIPE_CACHE_DIR%/scripts"

  - Processor: PkgRootCreator
    Arguments:
      pkgdirs:
        usr: "0755"
        usr/local: "0755"
        usr/local/bin: "0755"
      pkgroot: "%RECIPE_CACHE_DIR%/pkgroot"

  - Processor: Copier
    Arguments:
      destination_path: "%RECIPE_CACHE_DIR%/pkgroot/usr/local/bin/example"
      overwrite: true
      source_path: "%RECIPE_CACHE_DIR%/%NAME%/*/example.sh"

  - Processor: FileCreator
    Arguments:
      file_path: "%RECIPE_CACHE_DIR%/scripts/postinstall"
      file_mode: "0755"
      file_content: |
        #!/bin/bash
        /bin/chmod +x /usr/local/bin/example

  - Processor: PkgCreator
    Arguments:
      pkg_request:
        pkgname: "%NAME%"
        pkgdir: "%RECIPE_CACHE_DIR%"
        id: "org.macblog.githubexample"
        options: purge_ds_store
        scripts: scripts
        version: "1.0.0"
        chown:
          - path: usr
            user: root
            group: admin

First, the recipe will locate the latest release of the target repository and its associated zipball_url using URLTextSearcher. Next, it will download the archive using URLDownloader.

Following that, the recipe will extract the archive and create a root directory for building an installer package. It will then copy the target shell script example.sh from the extracted repository contents to the package root directory at the required location (e.g., /usr/local/bin/example). Finally, a postinstall script is created to ensure that the file is executable after installation, and everything is packaged into a .pkg.

Authentication for private repos

This recipe pattern is also handy for accessing releases without assets in private repositories. To do this, you'll need to create a personal access token and set the GITHUB_TOKEN environment variable as described here. Then, simply add an Authorization header using Bearer authentication to the URLTextSearcher and URLDownloader processors as follows:

- Processor: URLTextSearcher
  Arguments:
    url: https://api.github.com/repos/{OWNER}/{REPOSITORY}/releases/latest
    re_pattern: "zipball_url\": \"(.*)\""
    result_output_var_name: "zipball_url"
    request_headers:
      Accept: application/vnd.github+json
      X-GitHub-Api-Version: "2022-11-28"
      Authorization: "Bearer %GITHUB_TOKEN%"

- Processor: URLDownloader
  Arguments:
    url: "%zipball_url%"
    filename: "%NAME%.zip"
    request_headers:
      Authorization: "Bearer %GITHUB_TOKEN%"

This approach keeps your options open for packaging a variety of GitHub releases, whether they include binary assets or not.

Questions or comments?

Discuss this post on GitHub Discussions ➫.

Previously, on MacBlog...

Manage and enforce custom Login and Background items in macOS Ventura
Posted 2022-10-24
How to enable and enforce your custom scripts in macOS Ventura using the new service management Configuration Profile payload.
How to sign scripts and other custom code
Posted 2022-10-04
Instructions on code signing the scripts, LaunchAgents, LaunchDaemons and other custom code you deploy to your endpoints.
How to examine the network traffic of MDM enrollment during Setup Assistant
Posted 2022-05-28
Advice on enabling the root account and running tcpdump during macOS Setup Assistant to record network traffic during initial MDM enrollment.
Slides and video for the 'Solving problems with custom AutoPkg processors' session at the University of Utah Mac Admin Meeting
Posted 2022-05-20
I gave a presentation about my DatetimeOutputter and AppIconExtractor processors at the May 2022 session of the University of Utah Mac Admin Meeting.
Output the Date and Time in AutoPkg Recipes
Posted 2022-03-01
An AutoPkg processor to utput the current date and time, and optionally output future or past dates and times for use in other processors.
Dynamically Add Dock Items with the Jamf Binary
Posted 2022-02-13
A quick trick to programmatically add an icon to a user's Dock.
Automatically Export and Generate App Icons in AutoPkg Recipes
Posted 2022-01-31
AppIconExtractor examines an app and exports its icon as a PNG image file (reading the CFBundleIconFile property from an app's Info.plist and saving that image as a PNG file. Additionally, AppIconExtractor can create icon variations by compositing a secondary image on top of the app's icon.
Stopping an AutoPkg Recipe if VirusTotal Detects Malware
Posted 2021-12-14
How to stop an AutoPkg run – and avoid uploading a potentially compromised package to your infrastructure – if VirusTotal detects malware.
Using JXA in Jamf Pro Scripts and Extension Attributes
Posted 2021-11-18
Quick advice on using JavaScript for Automation (JXA) in both Scripts and Extension Attributes within Jamf Pro.
How to Parse JSON on the macOS Command Line Without External Tools Using JavaScript for Automation
Posted 2021-11-14, last updated 2021-11-24
One way to parse JSON on the macOS command line, using only native tooling without external dependencies like jq or similar.
How to Disable iCloud Private Relay in macOS Monterey
Posted 2021-10-27
Learn how to disable iCloud Private Relay in macOS using a Configuration Profile.
Getting the currently logged-in user's ID (UID) for launchctl
Posted 2021-03-15
A reliable method to determine the logged-in user's user ID (UID) for use with launchctl.
Renaming Computers via Snipe-IT using Jamf Pro
Posted 2021-01-13
How to integrate Jamf Pro with Snipe-IT to set the computer hostname to match your inventory management system.
Don't disable accessibility options during Setup Assistant
Posted 2020-11-27
You really shouldn't skip the new 'Accessibility' pane in macOS Setup Assistant.
Sending Autopkg and JSSImporter Notifications to Google Hangouts Chat
Posted 2019-04-29
Two AutoPkg processors to send you the results of an AutoPkg run in Google Chat.
Helping Your Users Reset TCC Privacy Policy Decisions
Posted 2018-09-10
How to set up a Self Service utility to help your users reset their Privacy decisions.
Signing Configuration Profiles
Posted 2018-08-03
The definitive guide – I think? – to signing your Configuration Profiles.
Express Setup, Location Services, Time Zone, and High Sierra
Posted 2018-02-04, last updated 2022-07-06
Explaining the correct combination of Setup Assistant screens to skip for an optimal user experience.
Automatically Renaming Computers from a Google Sheet with Jamf Pro
Posted 2018-01-30
How to automatically rename computers based on values in a Google Sheet.
Wait, is my Mac Up to Date?
Posted 2018-01-08, last updated 2022-06-05
Methods to help your users self serve their macOS update needs.
Integrating DetectX Swift with Jamf Pro for Scheduled Malware Scanning
Posted 2017-12-12, last updated 2020-03-13
Automatically run DetectX Swift and report the results to your Jamf Pro instance.
Creating a Naming Scheme for Jamf Pro
Posted 2017-12-06
Name items in your Jamf Pro instance consistenty as a favor to your colleagues and your future self.
How to Manage Only FileVault Recovery Key Escrow with Jamf Pro
Posted 2017-09-14
How to properly create a Configuration Profile to manage FileVault Recovery Key Escrow for Mac OS X 10.13 and above.