Transition Nudge to Fleet-maintained app

[allenhouchins]

Replace the previous manual Nudge install flow with fleet-managed configuration: add policies and label entries for Nudge, add an assets-only policy, and add a fleet_maintained software slug. Updated it-and-security/fleets/workstations.yml to reference nudge-installed.yml, install-nudge-assets.yml and the new nudge/darwin software slug (moved from the old nudge software entry). Added label for Macs with Nudge installed (bundle id com.github.macadmins.Nudge). Added policy it-and-security/lib/macos/policies/install-nudge-assets.yml and it-and-security/lib/macos/policies/nudge-installed.yml, and added a patch policy entry to patch-fleet-maintained-apps.yml for keeping Nudge up to date. Removed the legacy combined install-nudge.yml policy and the install-nudge.sh script since installation is now handled via the fleet-maintained app.

Summary by CodeRabbit

• Refactor
  • Modernized the Nudge application installation and management infrastructure to improve compliance tracking and automated patching capabilities. The underlying installation mechanism has been updated for better system integration while maintaining the same functionality for end users.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[Copilot]

Copilot wasn't able to review any files in this pull request.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 138fbfc5-b91f-42e5-9ac6-05dc8603b399

📥 Commits

Reviewing files that changed from the base of the PR and between 6af2dec and fdc70f3.

📒 Files selected for processing (7)

• it-and-security/fleets/workstations.yml
• it-and-security/lib/all/labels/macs-with-fleet-maintained-apps-installed.yml
• it-and-security/lib/macos/policies/install-nudge-assets.yml
• it-and-security/lib/macos/policies/install-nudge.yml
• it-and-security/lib/macos/policies/nudge-installed.yml
• it-and-security/lib/macos/policies/patch-fleet-maintained-apps.yml
• it-and-security/lib/macos/scripts/install-nudge.sh

---

Walkthrough

This pull request transitions the Nudge macOS application from a traditional software package-based installation model to Fleet's fleet-maintained apps mechanism. The change removes the custom installation script (install-nudge.sh) and the policy that handled both installation and configuration validation (install-nudge.yml). It introduces a new fleet-maintained app entry (nudge/darwin) configured with setup experience enabled but self-service disabled, along with new policy definitions for installation verification and patching. A dynamic label is added to identify hosts with Nudge installed by querying for the bundle identifier com.github.macadmins.Nudge. The application maintains its critical status and setup experience configuration within the new framework.

Possibly related PRs

• Update patch-fleet-maintained-apps.yml #43618: Modifies the same patch policy file to add fleet-maintained app patch policy entries for macOS applications.
• Add fleet apps, labels, and patch policies #43473: Implements the same pattern of adding fleet-maintained macOS app entries with corresponding dynamic labels and compliance policies.
• Update workstations.yml #43620: Modifies the fleet-maintained apps declarations in the same workstations configuration file.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch allenhouchins-nudge-transition-to-fma

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}