PowerShell and Git

I’ve been tasked with encouraging the IT team to start using git to store all of their code. We have maybe 1000 scripts altogether, but as far as I can tell only two users regularly check their code into the repos that we have already set up.

One of the challenges I’m hitting is that it’s a lot easier to write an IT infrastructure script from the server it’s intended to be run on. Desktops don’t always have all the necessary resources and because we employ separate administrative accounts, the accounts on our desktops don’t generally have permission to do all that much anyway. Accordingly, most development happens on servers rather than in the git repos that we’ve already made available, and that means it’s incumbent on the engineers to remember to copy their code back to the repo and commit the changes. I’m as guilty as anyone - I find that I only get around to checking my code in every few months, which makes every commit a mess.

These scripts tend to live in any of ~50 locations (UNC directories, directories on servers’ local drives, and NFS drives for the Unix scripts. The UNC directories in particular tend to have 60±character pathnames that are a pain to remember and more of a pain to type.

I’m trying to come up with a way to do as much development as possible locally, then have a simple process to commit the change and copy the script to the correct location.

What I’m thinking right now is to create an invoke-pipeline command that every imports as part of their profile. The syntax would be something like invoke-pipeline -Script ./myscript.ps1 -Env ‘Dev’ -Commit . And the script would parse myscript.ps1 for a comment block (formatted as JSON, I’m thinking) that contains the target folders for each environment, something like:

<#
{
    "!!PIPELINE!!": {
        "Tests": [{
            "GetUserJACC": ".\\myscript.ps1 -GetUser",
            "GetGroupJACC": ".\\myscript.ps1 -GetGroup",
            "GetGroupNonAD": ".\\myscript.ps1 -GetGroupNonAD",
            "GetSystem": ".\\myscript.ps1 -GetSystem",
            "CreateTicket": ".\\myscript.ps1 -CreateTicket"
        }],
        "Target": [{
            "Dev": \\\\UNC\\Long\\share\\name\\dev\\myscript.ps1,
            "UAT": \\\\UNC\\Long\\share\\name\\uat\\myscript.ps1,
            "Prod": \\\\UNC\\Different\long\\share\\name\\myscript.ps1
        }]
    }
}
#>

Once the comment block is detected and validated, the script would commit to the local branch, execute the pester tests, and if those succeed it would copy the file to the appropriate directory.

This requires a little extra up-front work for the developer but much less effort going forward, and it's all wrapped up in a single module so if we ever need to extend (e.g. tie into CI/CD or add a security linter step) that can be accommodated.  

Am I on the right track here or do I just tell my team to suck it up, learn the git commands, remember the target directory paths and carry on?

Many thanks.