Install software and run setup script when Macs boot

[dherder]

Goal

User story
As a Client Platform Engineer (aka IT admin),
I want to block the end user's screen while installing software and running a script after the end user completes macOS Setup Assistant
so that I can enforce required configuration before the end user can click around on their desktop.

Auto-install productivity apps when Macs boot.

Context

• Product designer: @randy-fleet

Changes

Product

• UI changes: Figma
• Changes to paid features or tiers: Only available in Fleet Premium. It's covered by Zero-touch setup in pricing table.
• Permissions changes: PR is here
• Fleet's agent (fleetd) changes: No changes
• Activity changes: DONE: @marko-lisica: Check if we shipped any activity feed changes. If not, let's file a follow up feature request (FR) to add those. FR is here: Add activities when user add setup experience software and script to a team #23907
• Other reference documentation changes: Covered by YAML and REST API PRs
• Once shipped, requester has been notified
• Once shipped, dogfooding issue has been filed
  • Issue is here: https://github.com/fleetdm/confidential/issues/8790

Engineering

• WIP specs: main...george-temp
• YAML changes: PR is here
• REST API changes: [API changes] Install software and run setup script when Macs boot #23685
• Feature guide changes: Add the new features to this guide: https://fleetdm.com/guides/macos-setup-experience#macos-setup-assistant
• Database schema migrations: TODO
• Load testing: TODO

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

• Requires load testing: NO
• Risk level: High
• Risk description: It's important to test there are no regressions against existing ADE or setup experience workflows

Manual testing steps

UI changes to the setup experience page -

• Empty State
• Ordered list
• Copy changes
• screenshot

Adding software -

• Listed in ascending order
• Test search tool
• Test bulk selection
• Test clear selection
• Test Show selected software button once completed
• Test VPP, FMA, and Custom Apps
• Test that other file types (.deb, .rpm, .exe, .msi) cannot be uploaded

Uploading scripts -

• Test all errors
• Test deleting a script

End to End testing -

• Test VPP apps install
• Test FMA apps install
• Test Custom apps install
• Test scripts run
• Test different teams and “no team”
• Ensure forced encryption workflow succeeds
• Ensure forced OS updates workflow succeeds

Ensure all other setup experience items work and there’s no regression -

• End User Authentication
• Bootstrap
• Setup Assistant
• Ensure standard ADE workflow still functions without software or script installs
• Ensure workflow still functions with Manual release enabled
• Ensure workflow still functions with Manual release disabled
• Test with and without a bootstrap package

Activity Feeds -

• Global
• Host details page

GitOps -

• CLI changes

Other -

• Ensure free version doesn’t see the option for setup experience
• Test deleting software from main catalog that’s being used for Setup Assistant (Ensure you see restriction modal)

End User (host UI) -

• Swift Dialogue
• Custom logo
• Verify copy
• Confirm pending, failed, installed statuses
• Verify percentage bar
• Verify Close button

Testing notes

Confirmation

1. Engineer (@____): Added comment to user story confirming successful completion of QA.
2. QA (@PezHub ): Added comment to user story confirming successful completion of QA.

[noahtalerman]

Hey @dherder heads up, I updated the issue to user story format and moved your original issue description here for safekeeping:

Problem

As an IT admin, I have the option to use several different tools to provide an amazing end user experience when my end user first opens their macOS laptop on provisioning. Some of these tools are open source (DEPNotify, SwiftDialog) and some are commercially available (Kandji liftoff). Instead of having to configure a separate tool, I would like to leverage the Fleet Desktop to handle the onboarding experience of my end users.

[dherder]

@noahtalerman the new description for this issue doesn't match what the original intent (or the title) describes.

[noahtalerman]

the new description for this issue doesn't match what the original intent (or the title) describes.

Hey @dherder I think you saw a temporary placeholder. How does the user story look now?

[PezHub]

QA Notes:

UI testing is complete as is GitOps workflow. Performed some end-to-end testing while pairing with Jahziel using his local config to get Setup Experience to run on the host. Since this feature requires a new version of Fleetd, I will wait for 1.35 to move from edge to stable so that I can test again in both my local instance and dogfood.

*All unreleased bugs have been resolved as of this comment

[PezHub]

Completed end to end testing and things are looking good. Comprehensive QA checlist is above in the description.

[noahtalerman]

Hey @zayhanlon this user story shipped in 4.59.

Leaving the user story open until we update the pricing page and file a follow up feature request for activity feed (audit log) changes.

[noahtalerman]

TODO: @marko-lisica: See if there's a spot that makes sense to call out this feature on the pricing page. Does it deserve it's own row?

TODO: @marko-lisica: Check if we shipped any activity feed changes. If not, let's file a follow up feature request to add those.

Hey @marko-lisica, just giving you a ping! as a reminder for these TODOs

[noahtalerman]

TODO: @marko-lisica: See if there's a spot that makes sense to call out this feature on the pricing page. Does it deserve it's own row?

TODO: @marko-lisica: Check if we shipped any activity feed changes. If not, let's file a follow up feature request to add those.

Hey @marko-lisica can you please prioritize these TODOs that we can close this user story? Thanks!

[marko-lisica]

Thanks for the ping @noahtalerman. I just checked and we have Zero-touch setup row in pricing table. I think that covers this, and it's linked to MDM setup experience guide which mentions software and scripts.

[marko-lisica]

Changes to paid features or tiers: Only available in Fleet Premium. It's covered by Zero-touch setup in pricing table.

@noahtalerman I updated "Changes to paid features", since I think it's already covered by "Zero-touch" row. Could you let me know if you think it's not enough?

Activity changes: TODO: @marko-lisica: Check if we shipped any activity feed changes. If not, let's file a follow up feature request to add those.

Regarding activities, I checked and we didn't specify any activity. I filed FR: #23907.

[noahtalerman]

I just checked and we have Zero-touch setup row in pricing table. I think that covers this, and it's linked to MDM setup experience guide which mentions software and scripts.

Nice! Agreed "Zero-touch" covers this.

I checked and we didn't specify any activity. I filed FR: #23907.

Thanks! Linked to this FR in the issue description.

Closing this story.

[fleet-release]

In the cloud city,
Macs boot, apps auto-install,
Workflows streamlined, calm.