ruhdevops · ruhdevops · Mar 22, 2026 · Mar 22, 2026
diff --git a/cleanup-old-workflows.ps1 b/cleanup-old-workflows.ps1
@@ -1,4 +1,5 @@
-# Files to remove (relative to repo root)
+[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '')]
+# Files to remove (relative to repo root)
 $filesToDelete = @(
     ".github\workflows\create-powershell-ci.ps1",
     ".github\workflows\download-cert.yml",
@@ -7,9 +8,9 @@ $filesToDelete = @(
 
 foreach ($file in $filesToDelete) {
     # Expand wildcard if any
-    $matches = Get-ChildItem -Path $file -ErrorAction SilentlyContinue
-    if ($matches) {
-        foreach ($match in $matches) {
+    $foundFiles = Get-ChildItem -Path $file -ErrorAction SilentlyContinue
+    if ($foundFiles) {
+        foreach ($match in $foundFiles) {
             $answer = Read-Host "Do you want to delete '$($match.FullName)'? (Y/N)"
             if ($answer -eq 'Y') {
                 Remove-Item -Path $match.FullName -Force

diff --git a/create-download-cert.ps1 b/create-download-cert.ps1
@@ -1,48 +1,45 @@
-# Workflow folder
+[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingWriteHost', '')]
+# Workflow folder
 $workflowDir = ".github\workflows"
 if (-not (Test-Path $workflowDir)) {
     New-Item -ItemType Directory -Path $workflowDir -Force | Out-Null
 }
 
-# download-cert.yml content
+# 1. download-cert.yml
 $downloadCertYaml = @'
-name: Download TLS Certificate
+name: Download Certificate
 
 on:
-  push:
-    branches: [ main ]
   workflow_dispatch:
+    inputs:
+      certUrl:
+        description: 'URL of the certificate to download'
+        required: true
+      certName:
+        description: 'Name for the downloaded certificate'
+        required: true
 
 jobs:
   download:
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+      - name: Download Certificate
+        run: |
+          curl -L "${{ github.event.inputs.certUrl }}" -o "${{ github.event.inputs.certName }}"
+          echo "Certificate downloaded: ${{ github.event.inputs.certName }}"
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
         with:
-          node-version: '20'
-
-      - name: Download TLS Certificate
-        shell: pwsh
-        run: |
-          $certPath = ".\bin\checkScripts\download_ca_cert.pem"
-          if (Test-Path $certPath) {
-              $timestamp = Get-Date -Format yyyyMMddHHmmss
-              Rename-Item $certPath "$certPath.$timestamp.bak"
-              Write-Host "Existing certificate backed up."
-          }
-          node .\bin\checkScripts\runDownloadCert.js github.com
+          name: ${{ github.event.inputs.certName }}
+          path: ${{ github.event.inputs.certName }}
 '@
 
-# Save download-cert.yml
 $downloadCertFile = Join-Path $workflowDir "download-cert.yml"
 $downloadCertYaml | Set-Content -Path $downloadCertFile -Force
 Write-Host "$downloadCertFile created successfully."
 
-# Optionally, create powershell-ci.yml (minimal version)
+# 2. powershell-ci.yml
 $powershellCiYaml = @'
 name: PowerShell CI
 
@@ -54,37 +51,52 @@ on:
   workflow_dispatch:
 
 jobs:
-  lint-and-test:
-    runs-on: windows-latest
+  powershell-ci:
+    name: PowerShell CI (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
     steps:
-      - name: Checkout repo
+      - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Install PSScriptAnalyzer
+      - name: Install Modules
         shell: pwsh
-        run: Install-Module PSScriptAnalyzer -Force -Scope CurrentUser
+        run: |
+          Set-PSRepository PSGallery -InstallationPolicy Trusted
+          Install-Module PSScriptAnalyzer -Force -Scope CurrentUser
+          Install-Module Pester -Force -Scope CurrentUser -SkipPublisherCheck
 
-      - name: Run PSScriptAnalyzer
+      - name: Run PSScriptAnalyzer (Security Scan)
         shell: pwsh
         run: |
-          $results = Invoke-ScriptAnalyzer -Path . -Recurse -Severity Error,Warning
+          $results = Invoke-ScriptAnalyzer -Path . -Recurse -Severity Error,Warning |
+                     Where-Object { $_.RuleName -like "*Security*" }
+
           if ($results) {
               $results | Format-Table
-              throw "PSScriptAnalyzer found issues"
+              Write-Host "::error title=Security Scan [Run #$($env:GITHUB_RUN_NUMBER)]::Potential security issues found in PowerShell scripts."
+              throw "Security issues detected by PSScriptAnalyzer"
+          } else {
+              Write-Host "::notice title=Security Scan [Run #$($env:GITHUB_RUN_NUMBER)]::No common security issues found."
           }
 
-      - name: Install Pester
-        shell: pwsh
-        run: Install-Module Pester -Force -Scope CurrentUser -SkipPublisherCheck
-
       - name: Run Pester Tests
         shell: pwsh
         run: |
           if (Test-Path ./tests) {
-              Import-Module Pester
-              Invoke-Pester -Path ./tests -Verbose
+              $results = Invoke-Pester -Path ./tests -PassThru
+              if ($results.FailedCount -gt 0) {
+                  Write-Host "::error title=Pester Tests [Run #$($env:GITHUB_RUN_NUMBER)]::$($results.FailedCount) tests failed."
+                  throw "Pester tests failed."
+              } else {
+                  Write-Host "::notice title=Pester Tests [Run #$($env:GITHUB_RUN_NUMBER)]::All tests passed successfully."
+              }
           } else {
-              Write-Host "No Pester tests found."
+              Write-Host "::notice title=Pester Tests [Run #$($env:GITHUB_RUN_NUMBER)]::No Pester tests found in ./tests."
           }
 '@
 

diff --git a/scripts/fetch-profile.ps1 b/scripts/fetch-profile.ps1
@@ -8,17 +8,17 @@ Write-Host "🔍 Fetching GitHub profile for: $Username..." -ForegroundColor Cya
 
 try {
     $uri = "https://api.github.com/users/$Username"
-    $profile = Invoke-RestMethod -Uri $uri -Method Get
+    $githubProfile = Invoke-RestMethod -Uri $uri -Method Get
 
     Write-Host "`n👤 Profile Information:" -ForegroundColor Green
     Write-Host "---------------------------"
-    Write-Host "Login:      $($profile.login)"
-    Write-Host "Name:       $($profile.name)"
-    Write-Host "Bio:        $($profile.bio)"
-    Write-Host "Repos:      $($profile.public_repos)"
-    Write-Host "Followers:  $($profile.followers)"
-    Write-Host "Following:  $($profile.following)"
-    Write-Host "URL:        $($profile.html_url)"
+    Write-Host "Login:      $($githubProfile.login)"
+    Write-Host "Name:       $($githubProfile.name)"
+    Write-Host "Bio:        $($githubProfile.bio)"
+    Write-Host "Repos:      $($githubProfile.public_repos)"
+    Write-Host "Followers:  $($githubProfile.followers)"
+    Write-Host "Following:  $($githubProfile.following)"
+    Write-Host "URL:        $($githubProfile.html_url)"
     Write-Host "---------------------------"
 } catch {
     Write-Host "❌ Error: Could not fetch profile for '$Username'. Details: $($_.Exception.Message)" -ForegroundColor Red

diff --git a/tests/Project.Tests.ps1 b/tests/Project.Tests.ps1
@@ -1,4 +1,4 @@
-Describe "System Automation Hub Structure" {
+Describe "System Automation Hub Structure" {
     It "Should have the main entry point (start-automation.ps1)" {
         Test-Path "./start-automation.ps1" | Should -Be $true
     }
@@ -14,19 +14,17 @@ Describe "System Automation Hub Structure" {
 
 Describe "PowerShell Script Syntax Verification" {
     Context "Checking all .ps1 files" {
-        $psFiles = Get-ChildItem -Path . -Include *.ps1 -Recurse
+        $psFiles = Get-ChildItem -Path $PSScriptRoot/.. -Include *.ps1 -Recurse
 
-        foreach ($file in $psFiles) {
-            It "Should have valid syntax for $($file.Name)" {
-                $errors = $null
-                $tokens = $null
-                # Use the built-in Parser to verify syntax without external module dependencies
-                [System.Management.Automation.Language.Parser]::ParseFile($file.FullName, [ref]$tokens, [ref]$errors) | Out-Null
+        It "Should have valid syntax for <Name>" -ForEach $psFiles {
+            $errors = $null
+            $tokens = $null
+            # Use the built-in Parser to verify syntax without external module dependencies
+            [System.Management.Automation.Language.Parser]::ParseFile($_.FullName, [ref]$tokens, [ref]$errors) | Out-Null
 
-                if ($errors) {
-                    $errorMessages = $errors | ForEach-Object { "$($_.Message) at line $($_.Extent.StartLineNumber):$($_.Extent.StartColumnNumber)" }
-                    throw "Syntax errors found in $($file.Name):`n$($errorMessages -join "`n")"
-                }
+            if ($errors) {
+                $errorMessages = $errors | ForEach-Object { "$($_.Message) at line $($_.Extent.StartLineNumber):$($_.Extent.StartColumnNumber)" }
+                throw "Syntax errors found in $($_.Name):`n$($errorMessages -join "`n")"
             }
         }
     }

diff --git a/webhooks/listener.ps1 b/webhooks/listener.ps1
@@ -1,4 +1,4 @@
-[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingWriteHost", "")]
+[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingWriteHost", "")]
 # =============================================
 # System Automation Hub - Webhook Listener
 # =============================================