wipash/intune_backup_workflow.yaml

## intune_backup_workflow.yaml
name: Intune Config Backup

# Controls when the workflow will run
on:
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

  # Runs daily at 2pm UTC
  schedule:
    - cron: "0 14 * * *"

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  backup-intune-config:
    name: Backup Intune Config
    # The type of runner that the job will run on
    runs-on: windows-latest

    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3
        with:
          path: ./intune-backup

      # Check out IntuneManagement tool
      - uses: actions/checkout@v3
        with:
          repository: Micke-K/IntuneManagement
          path: ./IntuneManagement
          ref: 3.5.0

      - name: Clean out existing config
        run: |
          if (Test-Path "./intune-backup/My Company Name" -PathType Container) {
            Remove-Item "./intune-backup/My Company Name" -Force -Recurse
          }

      - name: Run IntuneManagement export to temp location
        env:
          AAD_TENANT_ID: ${{ secrets.aad_tenant_id }}
          AAD_APP_ID: ${{ secrets.aad_app_id }}
          AAD_APP_SECRET: ${{ secrets.aad_app_secret }}
        run: ./IntuneManagement/Start-IntuneManagement.ps1 -Silent -SilentBatchFile "./intune-backup/ExportSettings.json" -JsonSettings -JsonFile "./intune-backup/settings.json" -TenantId "$env:AAD_TENANT_ID" -AppId "$env:AAD_APP_ID" -Secret "$env:AAD_APP_SECRET"
        shell: powershell

      # Use JQ to sort keys, and remove keys that change on every sync
      - name: Run jq on output
        run: |
          Invoke-WebRequest -Uri https://github.com/stedolan/jq/releases/download/jq-1.6/jq-win64.exe -OutFile "./jq.exe"
          Get-ChildItem "./intune-backup-temp" -File -Recurse | ForEach-Object {
              $NewPath = $_.FullName -replace "intune-backup-temp", "intune-backup"
              $NewPathParent = $NewPath | Split-Path -Parent
              [System.IO.Directory]::CreateDirectory($NewPathParent) | Out-Null

              if ($_.Name -like "*.json") {
                  Get-Content -LiteralPath $_ | ./jq.exe --sort-keys 'del(.. | .lastModifiedDateTime?, .onPremisesLastSyncDateTime?, .""lastModifiedDateTime@odata.type"""?)' | Out-File -Encoding UTF8 -LiteralPath $NewPath -Force
              } elseif ($_.Name -like "*.ps1") {
                  Get-Content -LiteralPath $_ | Out-File -Encoding UTF8 -LiteralPath $NewPath -Force
              } else {
                  Move-Item -LiteralPath $_ -Destination $NewPath
              }
          }

      # Commit changes
      - uses: EndBug/add-and-commit@v9
        with:
          message: Update Intune configuration
          default_author: github_actions
          cwd: "./intune-backup"
	name: Intune Config Backup

	# Controls when the workflow will run
	on:
	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:

	# Runs daily at 2pm UTC
	schedule:
	- cron: "0 14 * * *"

	# A workflow run is made up of one or more jobs that can run sequentially or in parallel
	jobs:
	backup-intune-config:
	name: Backup Intune Config
	# The type of runner that the job will run on
	runs-on: windows-latest

	steps:
	# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
	- uses: actions/checkout@v3
	with:
	path: ./intune-backup

	# Check out IntuneManagement tool
	- uses: actions/checkout@v3
	with:
	repository: Micke-K/IntuneManagement
	path: ./IntuneManagement
	ref: 3.5.0

	- name: Clean out existing config
	run: \|
	if (Test-Path "./intune-backup/My Company Name" -PathType Container) {
	Remove-Item "./intune-backup/My Company Name" -Force -Recurse
	}

	- name: Run IntuneManagement export to temp location
	env:
	AAD_TENANT_ID: ${{ secrets.aad_tenant_id }}
	AAD_APP_ID: ${{ secrets.aad_app_id }}
	AAD_APP_SECRET: ${{ secrets.aad_app_secret }}
	run: ./IntuneManagement/Start-IntuneManagement.ps1 -Silent -SilentBatchFile "./intune-backup/ExportSettings.json" -JsonSettings -JsonFile "./intune-backup/settings.json" -TenantId "$env:AAD_TENANT_ID" -AppId "$env:AAD_APP_ID" -Secret "$env:AAD_APP_SECRET"
	shell: powershell

	# Use JQ to sort keys, and remove keys that change on every sync
	- name: Run jq on output
	run: \|
	Invoke-WebRequest -Uri https://github.com/stedolan/jq/releases/download/jq-1.6/jq-win64.exe -OutFile "./jq.exe"
	Get-ChildItem "./intune-backup-temp" -File -Recurse \| ForEach-Object {
	$NewPath = $_.FullName -replace "intune-backup-temp", "intune-backup"
	$NewPathParent = $NewPath \| Split-Path -Parent
	[System.IO.Directory]::CreateDirectory($NewPathParent) \| Out-Null

	if ($_.Name -like "*.json") {
	Get-Content -LiteralPath $_ \| ./jq.exe --sort-keys 'del(.. \| .lastModifiedDateTime?, .onPremisesLastSyncDateTime?, .""lastModifiedDateTime@odata.type"""?)' \| Out-File -Encoding UTF8 -LiteralPath $NewPath -Force
	} elseif ($_.Name -like "*.ps1") {
	Get-Content -LiteralPath $_ \| Out-File -Encoding UTF8 -LiteralPath $NewPath -Force
	} else {
	Move-Item -LiteralPath $_ -Destination $NewPath
	}
	}

	# Commit changes
	- uses: EndBug/add-and-commit@v9
	with:
	message: Update Intune configuration
	default_author: github_actions
	cwd: "./intune-backup"