We install via self service, but maybe our workflow would help you.
We take the .app and create a package of it by dragging into composer.
There's a post install script that runs that I think I got from Rich Trouton's blog
#!/bin/sh
# Accept EULA so there is no prompt
if [[ -e "/Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild" ]]; then
/Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild -license accept
fi
# Install Mobile Device Package so there is no prompt
if [[ -e "/Applications/Xcode.app/Contents/Resources/Packages/MobileDevice.pkg" ]]; then
/usr/sbin/installer -dumplog -verbose -pkg "/Applications/Xcode.app/Contents/Resources/Packages/MobileDevice.pkg" -target /
fi
if [[ -e "/Applications/Xcode.app/Contents/Resources/Packages/MobileDeviceDevelopment.pkg" ]]; then
/usr/sbin/installer -dumplog -verbose -pkg "/Applications/Xcode.app/Contents/Resources/Packages/MobileDeviceDevelopment.pkg" -target /
fi
exit 0
Then, via smart group, anyone who gets xcode gets this ran once per computer via policy
Run Unix command '/usr/sbin/DevToolsSecurity –enable'
and running ongoing at login for computers with xcode (wouldn't need to be ongoing if you weren't deploying to shared computer/labs)
#! /bin/sh
loginUsername="$3"
dseditgroup -o edit -a $3 -t user _developer
exit 0
