merge

Author: bowatts

.eslintrc 2.json

@@ -0,0 +1,17 @@
+{
+  "extends": "next/core-web-vitals",
+  "rules": {
+    "@next/next/no-img-element": "off",
+    "@next/next/no-page-custom-font": "off",
+    "jsx-a11y/alt-text": "off",
+    "react/display-name": "off",
+    "react/no-children-prop": "off",
+    "react/no-unescaped-entities": "off",
+    "react/jsx-max-props-per-line": [
+      0,
+      {
+        "maximum": 10
+      }
+    ]
+  }
+}

.github/ISSUE_TEMPLATE/config 2.yml

@@ -0,0 +1,9 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Reports
+    url: https://github.com/KelvinTegelaar/CIPP/security/advisories
+    about: Please report security vulnerabilities here.
+  - name: Community Discord
+    url: https://discord.gg/cyberdrain
+    about: Join our discord community here.
+    

.github/workflows/auto_comments 2.yml

@@ -0,0 +1,83 @@
+name: "Handle Comment Commands"
+
+on:
+  issue_comment:
+    types:
+      - created
+
+jobs:
+  handle_comment:
+    runs-on: ubuntu-latest
+    # We need permissions to modify issue comments.
+    # 'issues: write' is required for deleting comments.
+    permissions:
+      issues: write
+
+    steps:
+      # 1) If the comment includes '!notasponsor', delete it using GitHub Script
+      - name: Delete !notasponsor comment
+        if: contains(github.event.comment.body, '!notasponsor')
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            await github.rest.issues.deleteComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: context.payload.comment.id
+            });
+
+      # 2) Post a sponsor-specific reply
+      - name: Reply to !notasponsor
+        if: contains(github.event.comment.body, '!notasponsor')
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          body: |
+            Hello,
+
+            Thank you for your interest in improving CIPP! 
+            To keep our development process focused and manageable, **feature requests are limited to paying users**. This policy helps us prioritize improvements that directly benefit those actively supporting CIPP and ensures we can sustain our development and support.
+
+            When a sponsor makes a feature request, their support covers training, development, documentation, and security checks. Allowing non-sponsor requests could lead to a backlog that slows down updates and stretches resources thin, ultimately affecting the quality and sustainability of CIPP.
+
+            While we’ve closed this request, we appreciate your input. You’re always welcome to participate in ongoing discussions or contribute to open issues. If you are a developer, feel free to open a PR that includes your feature request or comment "**I’d like to work on this!**" to assign the issue to yourself.
+
+            **Did you get this notification in error?** Reply with a screenshot of your sponsorship payment and we’ll reopen the issue.
+
+            _Thank you for understanding,_  
+            **The CIPP Team**
+
+      # 3) If the comment includes '!support', classify as a support request
+      - name: Reply to !support
+        if: contains(github.event.comment.body, '!support')
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          body: |
+            Hello,
+
+            Thank you for reaching out! This report has been classified as a **support request** rather than a bug or feature request. To keep our development process focused, support requests are limited to paying users. This policy allows us to prioritize resources for those actively supporting CIPP, helping us maintain high-quality development and support.
+
+            Sponsors can contact our helpdesk directly via email for assistance with any issues or questions. For non-sponsor support, please refer to our documentation and community discussions—many questions have been answered there.
+
+            **Did you get this notification in error?** Reply with a screenshot of your sponsorship payment, and we’ll gladly reopen the request.
+
+            _Thank you for your understanding,_  
+            **The CIPP Team**
+
+      # 4) If the comment includes '!incomplete', note the bug or feature request is incomplete
+      - name: Reply to !incomplete
+        if: contains(github.event.comment.body, '!incomplete')
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          issue-number: ${{ github.event.issue.number }}
+          body: |
+            Hello,
+
+            Thank you for your submission! It appears this **bug report or feature request is incomplete**. We need a clear description, steps to reproduce (for bugs), or a comprehensive overview of the requested feature.
+
+            Please submit a new request with all the necessary details. Without sufficient information, it’s difficult for contributors to triage or implement solutions.
+
+            _Thank you!_  
+            **The CIPP Team**

.github/workflows/cipp_dev_build 2.yml

@@ -0,0 +1,56 @@
+name: CIPP Frontend Dev Build
+
+on:
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+jobs:
+  build:
+    if: github.event.repository.fork == false
+    name: Build and Upload CIPP Frontend
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the repository
+      - name: Checkout Code
+        uses: actions/checkout@v4.2.2
+
+      # Set up Node.js
+      - name: Get Node version
+        id: get_node_version
+        run: |
+          node_raw_version=$(node -p "require('./package.json').engines.node")
+          node_sanitized_version=$(echo $node_raw_version | sed -E 's/[^0-9.]+//g')
+          echo "node_version=$node_sanitized_version" >> $GITHUB_OUTPUT
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4.2.0
+        with:
+          node-version: ${{ steps.get_node_version.outputs.node_version }}
+
+      # Install dependencies
+      - name: Install Dependencies
+        run: yarn install
+
+      # Build the project
+      - name: Build Project
+        run: npm run build
+
+      # Create ZIP File in a New Source Directory
+      - name: Prepare and Zip Build Files
+        run: |
+          mkdir -p build
+          cp staticwebapp.config.json out/
+          zip -r build/dev.zip out
+
+      # Upload to Azure Blob Storage
+      - name: Azure Blob Upload
+        uses: LanceMcCarthy/Action-AzureBlobUpload@v3.3.1
+        with:
+          connection_string: ${{ secrets.AZURE_CONNECTION_STRING }}
+          container_name: cipp
+          source_folder: build/
+          destination_folder: /
+          delete_if_exists: true

.github/workflows/cipp_frontend_build 2.yml

@@ -0,0 +1,56 @@
+name: CIPP Frontend Build
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build:
+    if: github.event.repository.fork == false
+    name: Build and Upload CIPP Frontend
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the repository
+      - name: Checkout Code
+        uses: actions/checkout@v4.2.2
+
+      # Set up Node.js
+      - name: Get Node version
+        id: get_node_version
+        run: |
+          node_raw_version=$(node -p "require('./package.json').engines.node")
+          node_sanitized_version=$(echo $node_raw_version | sed -E 's/[^0-9.]+//g')
+          echo "node_version=$node_sanitized_version" >> $GITHUB_OUTPUT
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4.2.0
+        with:
+          node-version: ${{ steps.get_node_version.outputs.node_version }}
+
+      # Install dependencies
+      - name: Install Dependencies
+        run: yarn install
+
+      # Build the project
+      - name: Build Project
+        run: npm run build
+
+      # Create ZIP File in a New Source Directory
+      - name: Prepare and Zip Build Files
+        run: |
+          mkdir -p build
+          cp staticwebapp.config.json out/
+          zip -r build/latest.zip out
+
+      # Upload to Azure Blob Storage
+      - name: Azure Blob Upload
+        uses: LanceMcCarthy/Action-AzureBlobUpload@v3.3.1
+        with:
+          connection_string: ${{ secrets.AZURE_CONNECTION_STRING }}
+          container_name: cipp
+          source_folder: build/
+          destination_folder: /
+          delete_if_exists: true

.github/workflows/pr_check 2.yml

@@ -0,0 +1,62 @@
+name: PR Branch Check
+
+on:
+  # Using pull_request_target instead of pull_request for secure handling of fork PRs
+  pull_request_target:
+    # Only run on these PR events
+    types: [opened, synchronize, reopened]
+    # Only check PRs targeting these branches
+    branches:
+      - main
+      - master
+
+permissions:
+  pull-requests: write
+  issues: write
+
+jobs:
+  check-branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check and Comment on PR
+        # Only process fork PRs with specific branch conditions
+        # Must be a fork AND (source is main/master OR target is main/master)
+        if: |
+          github.event.pull_request.head.repo.fork == true && 
+          ((github.event.pull_request.head.ref == 'main' || github.event.pull_request.head.ref == 'master') ||
+          (github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master'))
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            let message = '';
+
+            message += '🔄 If you are attempting to update your CIPP repo please follow the instructions at: https://docs.cipp.app/setup/self-hosting-guide/updating. Are you a sponsor? Contact the helpdesk for direct assistance with updating to the latest version.';
+            message += '\n\n';
+
+            // Check if PR is targeting main/master
+            if (context.payload.pull_request.base.ref === 'main' || context.payload.pull_request.base.ref === 'master') {
+              message += '⚠️ PRs cannot target the main branch directly. If you are attempting to contribute code please PR to the dev branch.\n\n';
+            }
+
+            // Check if PR is from a fork's main/master branch
+            if (context.payload.pull_request.head.repo.fork && 
+                (context.payload.pull_request.head.ref === 'main' || context.payload.pull_request.head.ref === 'master')) {
+              message += '⚠️ This PR cannot be merged because it originates from your fork\'s main/master branch. If you are attempting to contribute code please PR from your dev branch or another non-main/master branch.\n\n';
+            }
+
+            message += '🔒 This PR will now be automatically closed due to the above rules.';
+            
+            // Post the comment
+            await github.rest.issues.createComment({
+              ...context.repo,
+              issue_number: context.issue.number,
+              body: message
+            });
+            
+            // Close the PR
+            await github.rest.pulls.update({
+              ...context.repo,
+              pull_number: context.issue.number,
+              state: 'closed'
+            });

.vscode/settings 2.json

@@ -0,0 +1 @@
+{}

Tools/Start-CippDevInstallation 2.ps1

@@ -0,0 +1,32 @@
+$Path = (Get-Item $PSScriptRoot).Parent.Parent.FullName
+
+if (-not((Get-Command npm -ErrorAction SilentlyContinue) -or (Get-Command yarn -ErrorAction SilentlyContinue))) {
+  throw 'npm or yarn is required to install the CIPP development environment.'
+}
+
+if (-not(Get-Command yarn -ErrorAction SilentlyContinue)) {
+  Write-Host 'Installing Yarn'
+  npm install --global yarn
+}
+
+if (-not(Get-Command azurite -ErrorAction SilentlyContinue)) {
+  Write-Host 'Installing Azurite'
+  yarn global add 'azurite'
+}
+
+if (-not(Get-Command swa -ErrorAction SilentlyContinue)) {
+  Write-Host 'Installing @azure/static-web-apps-cli'
+  yarn global add '@azure/static-web-apps-cli'
+}
+
+if (-not(Get-Command func -ErrorAction SilentlyContinue)) {
+  Write-Host 'Installing Azure Functions Core Tools'
+  yarn global add 'azure-functions-core-tools@4'
+}
+
+if (-not(yarn global list | Select-String -Pattern 'next')) {
+  Write-Host 'Installing Next.js'
+  yarn global add 'next'
+}
+
+yarn install --cwd (Join-Path $Path "CIPP") --network-timeout 500000

Tools/Update intune Templates 2.ps1

@@ -0,0 +1,31 @@
+Import-Module Microsoft.Graph
+Connect-MgGraph -Scopes 'DeviceManagementConfiguration.Read.All', 'DeviceManagementServiceConfig.Read.All'
+$i = 0
+$settingsUrl = "https://graph.microsoft.com/beta/deviceManagement/configurationSettings?`$top=999&`$skip=$i"
+$Settings = do {
+    $settingsResponse = Invoke-MgGraphRequest -Method Get -Uri $settingsUrl
+    Write-Host "Getting settings from $i to $($i + 999): $settingsUrl"
+    if ($null -ne $settingsResponse.value) {
+        foreach ($setting in $settingsResponse.value) {
+           
+            $options = if ($setting.options -ne $null) {
+                $setting.options | ForEach-Object {
+                    [pscustomobject]@{
+                        id          = $_.itemId
+                        displayName = $_.displayName
+                        description = $_.description
+                    }
+                }
+            } 
+
+            [pscustomobject]@{
+                id          = $setting.id
+                displayName = $setting.displayName
+                options     = $options
+            }
+        }
+    }
+    $i += 999
+    $settingsUrl = "https://graph.microsoft.com/beta/deviceManagement/configurationSettings?`$top=999&`$skip=$i"
+    Write-Host "last setting is $($settingsResponse.value[-1].id)"
+} while ($null -ne $settingsResponse.value.id)

cspell 2.json

@@ -0,0 +1,31 @@
+{
+    "version": "0.2",
+    "ignorePaths": [],
+    "dictionaryDefinitions": [],
+    "dictionaries": [],
+    "words": [
+      "CIPP",
+      "CIPP-API",
+      "Entra",
+      "Intune",
+      "GDAP",
+      "OBEE",
+      "AITM",
+      "Passwordless",
+      "Yubikey",
+      "Sherweb",
+      "Autotask",
+      "Datto",
+      "Syncro",
+      "ImmyBot",
+      "Choco",
+    ],
+    "ignoreWords": [
+      "CIPPAPI",
+      "locationcipp",
+      "TNEF",
+      "winmail",
+      "PSTN",
+    ],
+    "import": []
+}