-
Notifications
You must be signed in to change notification settings - Fork 0
GitHub Actions
Iru Control provides two reusable workflows which can be leveraged to manage a iructl repository within
GitHub. This allows storing custom profiles and scripts in a shared space where the team can centrally review and deploy
changes.
Important
When using these workflows, the iructl <resource> push commands should not be used locally. It's a good idea to limit
team member API keys to read-only.
For an overview of reusable workflows for GitHub Actions see the documentation.
The iructl-pull workflow pulls changes from your Iru tenant to your GitHub repository. By default, this works in the
same way as if you ran the iructl <resource> pull --all --clean commands for each resource for a local repository. New
resources are created, changed resources are updated, and deleted resources are removed. If there are conflicting
changes on any resource, a Slack notification is sent using your configured webhook so that you can resolve them. The
default behavior is configurable using the input options described below.
The workflow is intended to be run on a schedule to ensure any changes made in your Iru tenant's UI are updated in your GitHub repository.
| Name | Required | Default | Description |
|---|---|---|---|
| debug | false | false | Enable debug logging to the GitHub Action run log |
| force | false | false | Enable --force mode to overwrite conflicting changes in GitHub repository |
| clean | false | true | Enable --clean mode to remove resources from your GitHub repository |
Important
Do not add secrets directly to your workflow. Instead, add them to your repository's GitHub Actions secrets and pass them using the secrets context (as shown below).
| Name | Required | Description |
|---|---|---|
| iructl_tenant | true | Your Iru tenant's API URL (https://subdomain.api.iru.com) |
| iructl_token | true | Your Iru tenant API token (see Token Permissions) |
| slack_webhook_url | false | A Slack webhook URL for sending notifications |
name: IRUCTL Pull Runner
on:
schedule:
- cron: '0 0/6 * * *'
jobs:
pull-from-iru:
uses: kandji-inc/iructl/.github/workflows/iructl-pull.yml
secrets:
iructl_tenant: ${{ secrets.IRUCTL_TENANT }}
iructl_token: ${{ secrets.IRUCTL_TOKEN }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}The iructl-push workflow pushes changes from your GitHub repository to your Iru tenant. By default, this works in the
same way as if you ran the iructl <resource> push --all --force --clean commands for each resource in a local repository.
New resources are created, changed resources are updated, and deleted resources are removed. Of course, The default
behavior is configurable using the input options described below.
One important difference from the iructl-pull workflow is that by default any conflicting changes between your GitHub
repository and Iru are silently overwritten. This behavior assumes that whenever you merge changes into your
deployment branch on GitHub (i.e., main), the GitHub state is the desired state. If you would like to change this
behavior, set the force input variable to false.
The workflow is intended to be run whenever you push changes to your deployment branch to ensure any changes made in GitHub are reflected in your Iru tenant.
| Name | Required | Default | Description |
|---|---|---|---|
| debug | false | false | Enable debug logging to the GitHub Action run log |
| force | false | true | Enable --force mode to overwrite conflicting changes in GitHub repository |
| clean | false | true | Enable --clean mode to remove resources from your GitHub repository |
Important
Do not add secrets directly to your workflow. Instead, add them to your repository's GitHub Actions secrets and pass them using the secrets context (as shown below).
| Name | Required | Description |
|---|---|---|
| iructl_tenant | true | Your Iru tenant's API URL (https://subdomain.api.iru.com) |
| iructl_token | true | Your Iru tenant API token (see Token Permissions) |
| slack_webhook_url | false | A Slack webhook URL for sending notifications |
name: IRUCTL Push Runner
on:
push:
branches:
- 'main'
jobs:
push-to-iru:
uses: kandji-inc/iructl/.github/workflows/iructl-push.yml
secrets:
iructl_tenant: ${{ secrets.IRUCTL_TENANT }}
iructl_token: ${{ secrets.IRUCTL_TOKEN }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
Getting Started
Working with Resources
- Populating Your Local Repository
- Editing Resources
- Self Service
- Pushing and Syncing
- Listing and Showing Resources
- Deleting Resources
- Blueprint Assignment
Reference
Python API Client