Form to Wipe — GitHub Actions Deployment
This guide covers the GitHub Actions implementation of Form to Wipe. Every wipe request is a Pull Request. Branch protection rules enforce that the requestor cannot merge their own PR. When an approver merges it, the workflow executes the erase command and posts results as a PR comment. The entire history lives in git — permanent, searchable, and tamper-evident. No infrastructure required.
How It Works
1. Requestor opens an Issue using the Wipe Request template
2. Requestor creates a branch and PR referencing the issue
3. A teammate (not the requestor) reviews and merges the PR
4. GitHub Actions runs: parses the PR body, resolves device IDs, sends erase commands
5. Results are posted as a PR comment
6. The merged PR is your audit log
Prerequisites
- GitHub repository (public or private with Actions minutes)
- Jamf Platform API OAuth2 client with erase privileges (see Form to Wipe)
- A designated approver team in your GitHub organization
Setup
Step 1 — Fork or Clone the Repo
git clone https://github.com/YOUR_ORG/FTW-Form-to-Wipe.git
cd FTW-Form-to-Wipe
Or copy the github-workflow/ directory contents to your own repo root.
Step 2 — Repository Secrets
Go to Settings → Secrets and variables → Actions → New repository secret and add:
| Secret | Value |
|---|---|
JAMF_CLIENT_ID |
Your Jamf Platform API client ID |
JAMF_CLIENT_SECRET |
Your Jamf Platform API client secret |
JAMF_TOKEN_URL |
Token endpoint, e.g. https://YOUR_INSTANCE.jamfcloud.com/api/oauth/token |
JAMF_REGION |
us, eu, or apac — determines the API Gateway URL prefix |
GitHub secrets are never logged or exposed in workflow output. The token retrieved at runtime is masked via add-mask.
Step 3 — Branch Protection Rules
This is the most critical step. Branch protection is what enforces that no one can approve their own wipe request.
Go to Settings → Branches → Add branch protection rule
Branch name pattern:
main(or your default branch)Enable the following settings:
Setting Required Require a pull request before merging ✅ Require approvals — set to 1 ✅ Dismiss stale reviews when new commits are pushed ✅ Require review from Code Owners Recommended Restrict who can dismiss pull request reviews Recommended Do not allow bypassing the above settings ✅ Critical
"Do not allow bypassing" prevents repository admins from merging their own requests. Without this setting, admins can bypass approval entirely.
Step 4 — CODEOWNERS (Recommended)
Create .github/CODEOWNERS to require review from a specific team for any file in the requests/ directory:
# .github/CODEOWNERS
requests/ @your-org/jamf-admins
This means any PR touching requests/ automatically requires a review from the jamf-admins team. Team members still cannot approve their own PRs.
Step 5 — Create the Requests Directory
mkdir requests
echo "# Wipe Requests\n\nMerged PRs in this directory represent executed device wipes." > requests/README.md
git add requests/
git commit -m "Add requests directory"
git push
The workflow triggers on pull_request → closed events for any PR that touches requests/**.md.
Submitting a Wipe Request
As a requestor
Open an Issue using the Device Wipe Request template. Fill out all fields exactly as labeled. Note the issue number (e.g.
#42).Create a branch:
git checkout -b wipe/issue-42-device-wipeCreate the request file:
cat > requests/wipe-$(date +%Y%m%d-%H%M%S).md << 'EOF' **Tenant Name:** Production **Tenant ID:** aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee **Device Type:** computer **Device IDs:** 42,87 **Reason:** Employee offboarding — devices not returned **Find My PIN:** EOF git add requests/ git commit -m "Wipe request for devices 42, 87 - fixes #42" git push -u origin wipe/issue-42-device-wipeOpen a Pull Request — title:
Device Wipe Request — fixes #42. Request review from a teammate.
As an approver
- Review the PR — verify the device IDs and reason are legitimate
- Confirm you are not the PR author (GitHub enforces this, but verify)
- Approve and Merge using a merge commit (not squash, not rebase — merge commit preserves the full history)
- The workflow runs automatically on merge
- Check the PR comments for results
Audit Trail
Every merged wipe request PR is a permanent audit record containing:
| Field | Source |
|---|---|
| Who requested | PR author |
| Who approved | Merged by |
| Which devices | PR body / request file |
| Which tenant | PR body |
| When approved | Merge timestamp |
| Outcome | Workflow PR comment |
To search past wipes:
# List all merged wipe PRs by label
gh pr list --label wipe-request --state merged
# Search by device ID
gh pr list --state merged --search "device 42"
Security Considerations
- Jamf Platform API credentials live as repository secrets — never in workflow code or request bodies
- Branch protection prevents self-approval at the platform level
CODEOWNERSensures only designated admins can approve wipe requests- The workflow validates requestor ≠ approver at runtime as a second check
- Workflow result comments are appended to the PR and cannot be altered after the fact
- The
requests/directory accumulates a permanent, immutable record of every wipe executed
Limitations vs. n8n
| Feature | GitHub Actions | n8n |
|---|---|---|
| Interface | GitHub Issue + PR | Slack modal |
| Real-time approval UX | ⚠️ Async PR review | ✅ Slack DM |
| Approval timeout | ❌ Manual close | ✅ Configurable |
| Audit trail | ✅ Git history (immutable) | Slack channel |
| Infrastructure required | None | n8n instance |
| Multi-tenant | ✅ Per request file | ✅ Per dropdown |
| Cost | Free (public) / Actions minutes | n8n license |