IntuneGetIntuneGet
/Docs

GitHub Setup

Configure the GitHub Actions packaging pipeline that downloads apps from Winget and uploads them to Intune.

Overview

IntuneGet uses GitHub Actions to:

  1. Download applications from Winget
  2. Package them as .intunewin files using IntuneWinAppUtil.exe
  3. Upload the packaged app to Microsoft Intune
  4. Report status back to the web application

Windows Runner Required

The workflow runs on a Windows runner because IntuneWinAppUtil.exe is a Windows-only tool.

Fork Setup

1

Fork the Repository

  1. Go to github.com/ugurkocde/IntuneGet
  2. Click Fork in the top right
  3. Select your account/organization
  4. Wait for the fork to complete
2

Configure Repository Secrets

Navigate to your forked repository and add secrets:

Settings > Secrets and variables > Actions > New repository secret

Secret NameDescriptionHow to Get
AZURE_CLIENT_IDAzure AD Application IDFrom Azure AD app registration
AZURE_CLIENT_SECRETAzure AD Client SecretFrom Azure AD app registration
CALLBACK_SECRETWebhook verification secretGenerate with openssl rand -hex 16

Secret Must Match

The CALLBACK_SECRET must be the same value in both GitHub Secrets and your web app's environment variables.

3

Enable GitHub Actions

GitHub disables workflows in forks by default. Enable them:

  1. Go to the Actions tab in your fork
  2. Click I understand my workflows, go ahead and enable them
4

Create Personal Access Token

Create a PAT that allows IntuneGet to trigger workflows:

  1. Go to github.com/settings/tokens
  2. Click Generate new token (classic)
  3. Set a descriptive name: IntuneGet Pipeline
  4. Select scopes:
    • repo (Full control of private repositories)
    • workflow (Update GitHub Action workflows)
  5. Click Generate token
  6. Copy the token immediately

For enhanced security, use a fine-grained token:

  • Repository access: Select your fork only
  • Permissions:
    • Actions: Read and write
    • Contents: Read

Update Your Environment

In your IntuneGet deployment, update these environment variables to point to your fork:

bash|.env.local
GITHUB_OWNER=your-github-username
GITHUB_REPO=IntuneGet
GITHUB_PAT=ghp_your-personal-access-token
CALLBACK_SECRET=same-secret-as-in-github

How the Pipeline Works

Workflow Inputs

When triggered, the workflow receives:

InputDescription
app_idWinget package identifier
deployment_idUnique deployment tracking ID
tenant_idTarget Microsoft 365 tenant
callback_urlURL to report status back

Workflow Steps

  1. Download App: Uses Winget to download the installer
  2. Package: Runs IntuneWinAppUtil.exe to create .intunewin file
  3. Authenticate: Gets access token for Intune API
  4. Upload: Uploads package to customer's Intune tenant
  5. Report: Calls callback URL with status

Testing the Pipeline

Test the pipeline manually before integrating:

  1. Go to Actions in your fork
  2. Select the Package Intunewin workflow
  3. Click Run workflow
  4. Fill in test values:
    • app_id: Microsoft.VisualStudioCode
    • deployment_id: test-123
    • tenant_id: Your test tenant
    • callback_url: Your deployment URL + /api/callback
  5. Click Run workflow

Cost Considerations

GitHub Actions Usage

  • Public repos: Free
  • Private repos: 2,000 minutes/month free, then $0.008/minute for Windows runners

Each packaging job typically takes 2-5 minutes.

Self-Hosted Runner (Optional)

For enterprises wanting to use their own infrastructure:

  • Windows 10/11 or Windows Server 2019+
  • PowerShell 5.1+
  • At least 4GB RAM
  • 20GB+ free disk space
  • Internet access
  1. In your repository, go to Settings > Actions > Runners
  2. Click New self-hosted runner
  3. Select Windows and follow the instructions

Update the workflow to use your runner:

yaml
jobs:
  package:
    runs-on: self-hosted  # Changed from windows-latest

Common Issues

Workflow not triggering

  • Verify PAT has correct scopes (repo + workflow)
  • Check workflow is enabled in the Actions tab
  • Verify GITHUB_OWNER and GITHUB_REPO are correct

IntuneWinAppUtil fails

  • Check app ID is valid in Winget
  • Verify the app has a supported installer type
  • Check runner has enough disk space

Callback fails

  • Verify CALLBACK_SECRET matches in both places
  • Check NEXT_PUBLIC_URL is accessible from GitHub
  • Review callback endpoint logs

Next Steps

GitHub pipeline is configured! Now choose your deployment method.

Deploy with DockerDeploy to Vercel