Merge branch 'main' into dependabot/github_actions/actions/setup-pyth…

…on-5

.devcontainer/Dockerfile

@@ -26,7 +26,7 @@ RUN sudo pip3 install --upgrade setuptools wheel build
 
 # setup autopkg:
 RUN cd /tmp && git clone https://github.com/autopkg/autopkg.git
-RUN cd /tmp/autopkg && sudo pip3 install --requirement gh_actions_requirements.txt
+RUN cd /tmp/autopkg && sudo pip3 --disable-pip-version-check --no-cache-dir install --requirement gh_actions_requirements.txt
 
 # [Optional] If your pip requirements rarely change, uncomment this section to add them to the image.
 # COPY requirements.txt /tmp/pip-tmp/

.github/dependabot.yml

@@ -1,3 +1,4 @@
+# Set update schedule for GitHub Actions
 version: 2
 
 # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
@@ -7,3 +8,6 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    # Add assignees
+    assignees:
+      - "jgstew"

.github/workflows/AutoPkgReleaseMSI.yaml

@@ -40,7 +40,7 @@ jobs:
       - name: Add msbuild to PATH
         # https://github.com/microsoft/setup-msbuild
         if: runner.os == 'Windows'
-        uses: microsoft/setup-msbuild@v1.3
+        uses: microsoft/setup-msbuild@v2
 
       - name: Set token
         # required for githubreleaseinfoprovider in github actions
@@ -90,7 +90,7 @@ jobs:
         if: runner.os == 'Windows'
         # https://github.com/actions/upload-artifact
         # TODO: get artifact path dynamically
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: autopkg.msi
           path: C:\Users\runneradmin\Library\AutoPkg\Cache\com.github.jgstew.msibuild.AutoPkg\autopkg.msi

.github/workflows/AutoPkgReleaseNupkg.yaml

@@ -27,6 +27,7 @@ jobs:
 
       - uses: actions/checkout@v4
 
+      # TODO: switch to using https://github.com/autopkg/setup-autopkg-actions
       - name: setup-autopkg local action
         uses: ./.github/actions/setup-autopkg
 
@@ -49,7 +50,7 @@ jobs:
         run: choco install autopkg -s "$env:USERPROFILE\Library\AutoPkg\Cache\com.github.jgstew.nupkg.AutoPkg\nupkgs\" --pre --no-progress --yes --force --verbose
 
       - name: test autopkg chocolately install
-        run: autopkg run -v Test-Recipes/AutopkgCore.test.recipe.yaml
+        run: autopkg run -vv Test-Recipes/AutopkgCore.test.recipe.yaml
 
       - name: Get Choco log contents if failure occurs
         if: ${{ failure() }}

.github/workflows/Test_Changed_Recipes.yaml

@@ -20,7 +20,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v39
+        uses: tj-actions/changed-files@v44
         with:
           files: "**.recipe.yaml"
           # Ignore windows only recipes:
@@ -43,6 +43,10 @@ jobs:
         if: steps.changed-files.outputs.any_changed == 'true'
         run: pip install --requirement requirements.txt
 
+      - name: Install prereq
+        if: steps.changed-files.outputs.any_changed == 'true'
+        run: sudo apt-get install msitools -y
+
       - name: run recipe autopkg
         if: steps.changed-files.outputs.any_changed == 'true'
         run: python autopkg/Code/autopkg run -vv --recipe-list TestRecipesAction.txt

.github/workflows/codeql-analysis.yaml

@@ -37,7 +37,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -48,7 +48,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       #  Command-line programs to run using the OS shell.
       #    https://git.io/JvXDl
@@ -62,4 +62,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/pre-commit.yaml

@@ -12,6 +12,6 @@ jobs:
           # requites to grab the history of the PR
           fetch-depth: 0
       - uses: actions/setup-python@v5
-      - uses: pre-commit/[email protected].0
+      - uses: pre-commit/[email protected].1
         with:
           extra_args: --color=always --from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}

.pre-commit-config.yaml

@@ -13,7 +13,7 @@ repos:
       - id: check-autopkg-recipes
         args: ["--recipe-prefix=com.github.jgstew.", "--strict", "--"]
         exclude: ".*.test.recipe.yaml"
-      - id: forbid-autopkg-overrides
+      # - id: forbid-autopkg-overrides
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.5.0
     hooks:

.templates/.partials/TitlePrefix.mustache

@@ -0,0 +1 @@
+{{^install_only}}{{^patch}}Install/{{/patch}}Update{{/install_only}}{{#install_only}}Install{{/install_only}}:

ConnectWise/ScreenConnect-Win-Install_Update.bes.mustache

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<{{TypeTaskOrFixlet}}{{^TypeTaskOrFixlet}}Task{{/TypeTaskOrFixlet}}>
+		<Title>{{^patch}}Install/{{/patch}}Update: {{DisplayName}} v{{version}} - Windows{{#64BitOnly}} (x64){{/64BitOnly}}</Title>
+		<Description><![CDATA[
+This task will download and install "{{DisplayName}} v{{version}}" package onto selected endpoints <br><br><b>Run Command As:</b> System User<br><br><b>Download Size:</b> {{DownloadSize}}
+{{^patch}}{{#icon_base64}}<br/><br/><b>Icon:</b><br/><img style="display:block; width:256px;" src="data:{{icon_type}}{{^icon_type}}image/png{{/icon_type}};base64,{{icon_base64}}" />{{/icon_base64}}{{/patch}}
+		]]></Description>
+		<Relevance>windows of operating system</Relevance>
+		{{#64BitOnly}}
+		<Relevance><![CDATA[x64 of operating system]]></Relevance>
+		{{/64BitOnly}}
+		{{#patch}}{{#DisplayName}}
+		<Relevance><![CDATA[ exists keys whose(value "DisplayName" of it as string starts with "{{DisplayName}}") of keys "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registries; x64 registries) ]]></Relevance>
+		{{/DisplayName}}{{/patch}}
+		<Relevance><![CDATA[not exists (it as string as version) whose(it >= "{{version}}") of values "DisplayVersion" of keys whose(value "DisplayName" of it as string starts with "{{DisplayName}}") of keys "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registries; x64 registries)]]></Relevance>
+		<Category></Category>
+		<DownloadSize>{{DownloadSize}}{{^DownloadSize}}0{{/DownloadSize}}</DownloadSize>
+		<Source>{{DisplayName}}</Source>
+		<SourceID></SourceID>
+		<SourceReleaseDate>{{SourceReleaseDate}}</SourceReleaseDate>
+		<SourceSeverity></SourceSeverity>
+		<CVENames></CVENames>
+		<SANSID></SANSID>
+		<MIMEField>
+			<Name>action-ui-metadata</Name>
+			<Value>{ {{#version}}"version":"{{version}}",{{/version}}"size":{{DownloadSize}}{{^DownloadSize}}0{{/DownloadSize}}{{^patch}}{{#icon_base64}},"icon":"data:{{icon_type}}{{^icon_type}}image/png{{/icon_type}};base64,{{icon_base64}}"{{/icon_base64}}{{/patch}} }</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>{{x-fixlet-modification-time}}</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<DefaultAction ID="Action1">
+			<Description>
+				<PreLink>Click </PreLink>
+				<Link>here</Link>
+				<PostLink> to deploy {{DisplayName}} v{{version}}.</PostLink>
+			</Description>
+			<ActionScript MIMEType="application/x-Fixlet-Windows-Shell"><![CDATA[
+// Download:
+{{{prefetch}}}
+
+// Install:
+override wait
+hidden=true
+completion=job
+wait msiexec.exe /i __Download\{{{file_name}}} /qn /norestart
+]]></ActionScript>
+      		<SuccessCriteria Option="OriginalRelevance"></SuccessCriteria>
+		</DefaultAction>
+	</{{TypeTaskOrFixlet}}{{^TypeTaskOrFixlet}}Task{{/TypeTaskOrFixlet}}>
+</BES>

ConnectWise/ScreenConnect-Win.bigfix.recipe.yaml

@@ -0,0 +1,38 @@
+---
+Description: Generates a BigFix Task for ScreenConnect
+Identifier: com.github.jgstew.bigfix.ScreenConnect-Win
+Input:
+  NAME: ScreenConnect-Win
+  DisplayName: ScreenConnect
+  # 64BitOnly: TRUE
+MinimumVersion: "2.3"
+ParentRecipe: com.github.jgstew.download.ScreenConnect-Win
+Process:
+  - Processor: com.github.jgstew.SharedProcessors/BigFixPrefetchItem
+
+  - Processor: com.github.jgstew.SharedProcessors/BigFixSetupTemplateDictionary
+
+  - Processor: com.github.jgstew.SharedProcessors/TemplateDictionaryAppendInput
+
+  - Processor: com.github.jgstew.SharedProcessors/ContentFromTemplate
+    Arguments:
+      # use UNIX style paths so this works on Windows and non-Windows:
+      template_file_path: ./ConnectWise/ScreenConnect-Win-Install_Update.bes.mustache
+      content_file_pathname: "%RECIPE_CACHE_DIR%/%NAME%-InstallUpdate.bes"
+
+  - Processor: com.github.jgstew.SharedProcessors/BESImport
+
+  - Processor: com.github.jgstew.SharedProcessors/BigFixActioner
+
+  # create update(patch) only content:
+  - Processor: com.github.jgstew.SharedProcessors/TemplateDictionaryAppend
+    Arguments:
+      append_key: "patch"
+      append_value: true
+
+  - Processor: com.github.jgstew.SharedProcessors/ContentFromTemplate
+    Arguments:
+      # template_file_path: "./%VendorFolder%/%NAME%-Win-Install_Update.bes.mustache"
+      content_file_pathname: "%RECIPE_CACHE_DIR%/%NAME%-Update.bes"
+
+  - Processor: com.github.jgstew.SharedProcessors/BESImport

ConnectWise/ScreenConnect-Win.download.recipe.yaml

@@ -0,0 +1,33 @@
+---
+Description: Downloads the latest ScreenConnect
+Identifier: com.github.jgstew.download.ScreenConnect-Win
+Input:
+  NAME: ScreenConnect-Win
+  DisplayName: ScreenConnect
+MinimumVersion: "2.3"
+Process:
+  # get all versions found in this JSON doc:
+  - Processor: URLTextSearcher
+    Arguments:
+      url: https://screenconnect.connectwise.com/download
+      re_pattern: "(?P<url>https://.+?.cloudfront.net/ScreenConnect_.+?_Release.msi)"
+
+  - Processor: URLDownloaderPython
+    Arguments:
+      filename: ScreenConnect_Release.msi
+      download_version: ""
+      COMPUTE_HASHES: True
+
+  - Processor: EndOfCheckPhase
+
+  # Get apparent SourceReleaseDate from MSI metadata:
+  - Processor: com.github.jgstew.SharedProcessors/FileMsiGetInfoOLE
+
+  # Get version number from MSI ProductVersion:
+  - Processor: com.github.jgstew.SharedProcessors/FileMsiGetProperty
+
+  # verify version is set correctly, at least major.minor:
+  - Processor: com.github.jgstew.SharedProcessors/TextSearcher
+    Arguments:
+      input_string: "%version%"
+      re_pattern: '^\d+\.\d+'

DataDog/DataDogAgent-Win-Install_Update.bes.mustache

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<{{TypeTaskOrFixlet}}{{^TypeTaskOrFixlet}}Task{{/TypeTaskOrFixlet}}>
+		<Title>{{^patch}}Install/{{/patch}}Update: {{DisplayName}} v{{version}} - Windows{{#64BitOnly}} (x64){{/64BitOnly}}</Title>
+		<Description><![CDATA[
+This task will download and install "{{DisplayName}} v{{version}}" package onto selected endpoints <br><br><b>Run Command As:</b> System User<br><br><b>Download Size:</b> {{DownloadSize}}
+{{^patch}}{{#icon_base64}}<br/><br/><b>Icon:</b><br/><img style="display:block; width:256px;" src="data:{{icon_type}}{{^icon_type}}image/png{{/icon_type}};base64,{{icon_base64}}" />{{/icon_base64}}{{/patch}}
+		]]></Description>
+		<Relevance>windows of operating system</Relevance>
+		{{#64BitOnly}}
+		<Relevance><![CDATA[x64 of operating system]]></Relevance>
+		{{/64BitOnly}}
+		<Relevance><![CDATA[ not exists login accounts whose(it does not end with "\ddagentuser") of services "datadogagent" ]]></Relevance>
+		{{#patch}}{{#DisplayName}}
+		<Relevance><![CDATA[ exists keys whose(value "DisplayName" of it as string starts with "{{DisplayName}}") of keys "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registries; x64 registries) ]]></Relevance>
+		{{/DisplayName}}{{/patch}}
+		<Relevance><![CDATA[
+not exists (it as string as version) whose(it >= "{{version}}") of values "DisplayVersion" of keys whose(value "DisplayName" of it as string starts with "{{DisplayName}}") of keys "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registries; x64 registries)
+		]]></Relevance>
+		<Category></Category>
+		<DownloadSize>{{DownloadSize}}{{^DownloadSize}}0{{/DownloadSize}}</DownloadSize>
+		<Source>{{DisplayName}}</Source>
+		<SourceID></SourceID>
+		<SourceReleaseDate>{{SourceReleaseDate}}</SourceReleaseDate>
+		<SourceSeverity></SourceSeverity>
+		<CVENames></CVENames>
+		<SANSID></SANSID>
+		<MIMEField>
+			<Name>action-ui-metadata</Name>
+			<Value>{ {{#version}}"version":"{{version}}",{{/version}}"size":{{DownloadSize}}{{^DownloadSize}}0{{/DownloadSize}}{{^patch}}{{#icon_base64}},"icon":"data:{{icon_type}}{{^icon_type}}image/png{{/icon_type}};base64,{{icon_base64}}"{{/icon_base64}}{{/patch}} }</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>{{x-fixlet-modification-time}}</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<DefaultAction ID="Action1">
+			<Description>
+				<PreLink>Click </PreLink>
+				<Link>here</Link>
+				<PostLink> to deploy {{DisplayName}} v{{version}}.</PostLink>
+			</Description>
+			<ActionScript MIMEType="application/x-Fixlet-Windows-Shell"><![CDATA[
+// Download:
+{{{prefetch}}}
+
+// Install:
+override wait
+hidden=true
+completion=job
+wait msiexec.exe /i __Download\{{{file_name}}} /qn /norestart
+]]></ActionScript>
+      		<SuccessCriteria Option="OriginalRelevance"></SuccessCriteria>
+		</DefaultAction>
+	</{{TypeTaskOrFixlet}}{{^TypeTaskOrFixlet}}Task{{/TypeTaskOrFixlet}}>
+</BES>

DataDog/DataDogAgent-Win.bigfix.recipe.yaml

@@ -0,0 +1,38 @@
+---
+Description: Generates a BigFix Task for the latest DataDog Agent
+Identifier: com.github.jgstew.bigfix.DataDog-Win
+Input:
+  NAME: DataDogAgent-Win
+  DisplayName: Datadog Agent
+  64BitOnly: TRUE
+MinimumVersion: "2.3"
+ParentRecipe: com.github.jgstew.download.DataDog-Agent-Win
+Process:
+  - Processor: com.github.jgstew.SharedProcessors/BigFixPrefetchItem
+
+  - Processor: com.github.jgstew.SharedProcessors/BigFixSetupTemplateDictionary
+    # Arguments:
+    #   template_version: "%version_maximum%"
+
+  - Processor: com.github.jgstew.SharedProcessors/TemplateDictionaryAppendInput
+
+  - Processor: com.github.jgstew.SharedProcessors/ContentFromTemplate
+    Arguments:
+      # use UNIX style paths so this works on Windows and non-Windows:
+      template_file_path: ./DataDog/DataDogAgent-Win-Install_Update.bes.mustache
+      content_file_pathname: "%RECIPE_CACHE_DIR%/%NAME%-InstallUpdate.bes"
+
+  - Processor: com.github.jgstew.SharedProcessors/BESImport
+
+  - Processor: com.github.jgstew.SharedProcessors/BigFixActioner
+
+  # create update(patch) only content:
+  - Processor: com.github.jgstew.SharedProcessors/TemplateDictionaryAppend
+    Arguments:
+      append_key: "patch"
+      append_value: true
+
+  - Processor: com.github.jgstew.SharedProcessors/ContentFromTemplate
+    Arguments:
+      # template_file_path: "./%VendorFolder%/%NAME%-Win-Install_Update.bes.mustache"
+      content_file_pathname: "%RECIPE_CACHE_DIR%/%NAME%-Update.bes"

DataDog/DataDogAgent-Win.download.recipe.yaml

@@ -0,0 +1,38 @@
+---
+Description: Downloads the latest DataDog Agent for Windows
+Identifier: com.github.jgstew.download.DataDog-Agent-Win
+Input:
+  NAME: DataDog-Agent-Win
+  DisplayName: Datadog Agent
+MinimumVersion: "2.3"
+Process:
+  # get all versions found in this JSON doc:
+  - Processor: com.github.jgstew.SharedProcessors/URLTextSearcherArray
+    Arguments:
+      url: https://ddagent-windows-stable.s3.amazonaws.com/installers_v2.json
+      re_pattern: '(\d+\.\d+\.\d+)-'
+
+  # get the maximum version:
+  - Processor: com.github.jgstew.SharedProcessors/VersionMaximumArray
+
+  - Processor: URLDownloaderPython
+    Arguments:
+      # %version_maximum%
+      url: https://s3.amazonaws.com/ddagent-windows-stable/ddagent-cli-%version_maximum%.msi
+      filename: datadog-agent-x86_64.msi
+      download_version: ""
+      COMPUTE_HASHES: True
+
+  - Processor: EndOfCheckPhase
+
+  # Get apparent SourceReleaseDate from MSI metadata:
+  - Processor: com.github.jgstew.SharedProcessors/FileMsiGetInfoOLE
+
+  # Get version number from MSI ProductVersion:
+  - Processor: com.github.jgstew.SharedProcessors/FileMsiGetProperty
+
+  # verify version is set correctly, at least major.minor:
+  - Processor: com.github.jgstew.SharedProcessors/TextSearcher
+    Arguments:
+      input_string: "%version%"
+      re_pattern: '^\d+\.\d+'

GitForWindows/GitForWindows-Win64.download.recipe.yaml

@@ -10,6 +10,4 @@ Process:
       github_repo: git-for-windows/git
       asset_regex: Git-.*-64-bit.exe
   - Processor: URLDownloaderPython
-    Arguments:
-      download_version: "%version%"
   - Processor: EndOfCheckPhase