Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Backup an Intune tenant with IntuneCD
name: Backup Intune config
# Controls when the action will run.
on:
workflow_dispatch:
push:
paths:
- '.github/workflows/intune-backup.yml'
tags-ignore:
- '*'
schedule:
# Run the Intune configuration backup every day at 1am
- cron: '0 1 * * *'
# Add variables to the repo as secrets
env:
TENANT_NAME: ${{ secrets.TENANT_NAME }}
CLIENT_ID: ${{ secrets.CLIENT_ID }}
CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
jobs:
backup:
runs-on: ubuntu-latest
outputs:
output1: ${{ steps.commit.outputs.changes_detected }}
steps:
- uses: actions/checkout@v3
with:
ref: main
token: ${{ secrets.PAT }}
- name: Remove existing prod-backup directory
shell: bash
run: |
rm -f -r -v "$GITHUB_WORKSPACE/prod-backup"
# Install IntuneCD
# https://github.com/almenscorner/IntuneCD
- name: Install IntuneCD
id: install
shell: bash
run: |
pip3 install IntuneCD
# Backup the latest configuration, using the current directory - $GITHUB_WORKSPACE
- name: Backup Intune configuration
id: backup
shell: bash
run: |
mkdir -p "$GITHUB_WORKSPACE/prod-backup"
IntuneCD-startbackup \
--mode=1 \
--output=json \
--path="$GITHUB_WORKSPACE/prod-backup"
#--localauth=./auth.json
#--exclude=assignments
- name: Get date
shell: bash
id: get-date
run: |
DATEF=`date +%Y.%m.%d`
echo "::set-output name=date::$DATEF"
# Import GPG key so that we can sign the commit
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPGKEY }}
passphrase: ${{ secrets.GPGPASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
git_config_global: true
git_tag_gpgsign: true
git_push_gpgsign: false
git_committer_name: ${{ secrets.COMMIT_NAME }}
git_committer_email: ${{ secrets.COMMIT_EMAIL }}
- name: Commit config updates
id: commit
uses: stefanzweifel/git-auto-commit-action@v4
continue-on-error: true
with:
commit_message: "Intune config backup ${{steps.get-date.outputs.date}}"
commit_user_name: ${{ secrets.COMMIT_NAME }}
commit_user_email: ${{ secrets.COMMIT_EMAIL }}
- name: "No config changes detected"
if: steps.commit.outputs.changes_detected == 'false'
run: echo "No config changes detected."
# Create markdown documentation
- name: Generate markdown document
if: steps.commit.outputs.changes_detected == 'true'
id: create-doc
shell: bash
run: |
INTRO="Endpoint Manager backup and documentation generated at $GITHUB_REPOSITORY <img align=\"right\" width=\"96\" height=\"96\" src=\"./logo.png\">"
IntuneCD-startdocumentation \
--path="$GITHUB_WORKSPACE/prod-backup" \
--outpath="$GITHUB_WORKSPACE/prod-as-built.md" \
--tenantname=$TENANT_NAME \
--intro="$INTRO" \
#--split=Y
- name: Commit as-built markdown document
id: commit-doc
uses: stefanzweifel/git-auto-commit-action@v4
continue-on-error: true
with:
commit_message: "MEM config as-built ${{steps.get-date.outputs.date}}"
commit_user_name: ${{ secrets.COMMIT_NAME }}
commit_user_email: ${{ secrets.COMMIT_EMAIL }}
# Push tag
- name: Push tag
if: steps.commit-doc.outputs.changes_detected == 'true'
shell: bash
run: |
DATEF=`date +%Y.%m.%d`
git tag -a "v$DATEF" -m "Microsoft Endpoint Manager configuration snapshot $DATEF"
git push origin "v$DATEF"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment