-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Call-Setup-GH-Latest.ps1
189 lines (147 loc) · 7.44 KB
/
Call-Setup-GH-Latest.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
#Call Latest Setup.ps1 using GitHub API instead of a webscript
# function Get-GitHubPAT {
# $secretsFile = Join-Path -Path $PSScriptRoot -ChildPath "secrets.GitHub.ps1"
# if (Test-Path $secretsFile) {
# $secrets = Import-PowerShellDataFile -Path $secretsFile
# if ($secrets.ContainsKey('GitHubPAT') -and $secrets['GitHubPAT']) {
# # Decrypt the secure string
# return (ConvertTo-SecureString $secrets['GitHubPAT'] -AsPlainText -Force)
# }
# }
# # Prompt the user to enter the PAT if not found
# $PAT = Read-Host -Prompt "Enter your GitHub Personal Access Token (PAT)" -AsSecureString
# # Encrypt and save the PAT to the secrets.GitHub.ps1 file for future use
# $securePat = $PAT | ConvertFrom-SecureString
# $secrets = @{
# GitHubPAT = $securePat
# }
# $secrets | Export-PowerShellDataFile -Path $secretsFile -Force
# return $PAT
# }
function Write-GitHubAPIWebScriptLog {
param (
[string]$Message,
[string]$Level = "INFO"
)
# Get the PowerShell call stack to determine the actual calling function
$callStack = Get-PSCallStack
$callerFunction = if ($callStack.Count -ge 2) { $callStack[1].Command } else { '<Unknown>' }
# Prepare the formatted message with the actual calling function information
$formattedMessage = "[$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')] [$Level] [$callerFunction] $Message"
# Display the log message based on the log level using Write-Host
switch ($Level.ToUpper()) {
"DEBUG" { Write-Host $formattedMessage -ForegroundColor DarkGray }
"INFO" { Write-Host $formattedMessage -ForegroundColor Green }
"NOTICE" { Write-Host $formattedMessage -ForegroundColor Cyan }
"WARNING" { Write-Host $formattedMessage -ForegroundColor Yellow }
"ERROR" { Write-Host $formattedMessage -ForegroundColor Red }
"CRITICAL" { Write-Host $formattedMessage -ForegroundColor Magenta }
default { Write-Host $formattedMessage -ForegroundColor White }
}
# Append to log file
$logFilePath = [System.IO.Path]::Combine($env:TEMP, 'setupAADMigration.log')
$formattedMessage | Out-File -FilePath $logFilePath -Append -Encoding utf8
}
function Authenticate-GitHubAPI {
<#
.SYNOPSIS
Authenticates with GitHub API using a token provided by the user or from a secrets file.
.DESCRIPTION
This function allows the user to authenticate with GitHub API by either entering a GitHub token manually or using a token from a secrets file located in the `$PSScriptRoot`.
.PARAMETER ApiUrl
The base URL for GitHub API, typically "https://api.github.com".
.EXAMPLE
Authenticate-GitHubAPI -ApiUrl "https://api.github.com"
Prompts the user to choose between entering the GitHub token manually or using the token from the secrets file.
.NOTES
This function directly interacts with the GitHub API using the token.
#>
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]$ApiUrl = "https://api.github.com"
)
begin {
Write-GitHubAPIWebScriptLog -Message "Starting Authenticate-GitHubAPI function" -Level 'INFO'
}
process {
try {
Write-GitHubAPIWebScriptLog -Message "Authenticating with GitHub API..." -Level 'INFO'
# Define the secrets file path
$secretsFilePath = Join-Path -Path $PSScriptRoot -ChildPath "secrets.GitHub.ps1"
if (-not (Test-Path -Path $secretsFilePath)) {
# If the secrets file does not exist, prompt the user to enter the token
Write-Warning "Secrets file not found. Please enter your GitHub token."
$secureToken = Read-Host "Enter your GitHub token" -AsSecureString
# Store the token securely in the secrets.GitHub.ps1 file
$secretsContent = @{
GitHubToken = $secureToken | ConvertFrom-SecureString
}
$secretsContent | Export-Clixml -Path $secretsFilePath
Write-GitHubAPIWebScriptLog -Message "GitHub token has been saved securely to $secretsFilePath." -Level 'INFO'
}
else {
# If the secrets file exists, import it
$secrets = Import-Clixml -Path $secretsFilePath
$secureToken = $secrets.GitHubToken | ConvertTo-SecureString
if (-not $secureToken) {
$errorMessage = "GitHub token not found in the secrets file."
Write-GitHubAPIWebScriptLog -Message $errorMessage -Level 'ERROR'
throw $errorMessage
}
Write-GitHubAPIWebScriptLog -Message "Using GitHub token from secrets file for authentication." -Level 'INFO'
}
# Convert secure string back to plain text for GitHub API authentication
$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureToken)
$token = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ptr)
# Check authentication by calling GitHub API
$headers = @{
Authorization = "token $token"
Accept = "application/vnd.github.v3+json"
'User-Agent' = 'PowerShell'
}
$authResponse = Invoke-RestMethod -Uri "$ApiUrl/user" -Headers $headers -Method Get
if ($authResponse -and $authResponse.login) {
Write-GitHubAPIWebScriptLog -Message "Successfully authenticated as $($authResponse.login)" -Level 'INFO'
}
else {
$errorMessage = "Failed to authenticate with GitHub API. Please check the token and try again."
Write-GitHubAPIWebScriptLog -Message $errorMessage -Level 'ERROR'
throw $errorMessage
}
}
catch {
Write-GitHubAPIWebScriptLog -Message "An error occurred during GitHub API authentication: $($_.Exception.Message)" -Level 'ERROR'
throw $_
}
}
end {
Write-GitHubAPIWebScriptLog -Message "Authenticate-GitHubAPI function execution completed." -Level 'INFO'
}
}
$owner = "aollivierre"
$repo = "IntuneDeviceMigration"
$path = "Setup.ps1"
# Authenticate and retrieve the GitHub token
Authenticate-GitHubAPI -ApiUrl "https://api.github.com"
# Assuming the token is now stored securely and retrieved in the session, we use it
$secretsFilePath = Join-Path -Path $PSScriptRoot -ChildPath "secrets.GitHub.ps1"
$secrets = Import-Clixml -Path $secretsFilePath
$secureToken = $secrets.GitHubToken | ConvertTo-SecureString
# Convert secure string back to plain text for the API call
$ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureToken)
$token = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ptr)
$apiUrl = "https://api.github.com/repos/$owner/$repo/contents/$path"
$headers = @{
Authorization = "token $token"
Accept = "application/vnd.github.v3.raw"
'User-Agent' = 'PowerShell'
}
$scriptContent = Invoke-RestMethod -Uri $apiUrl -Headers $headers
$localScriptPath = "$env:TEMP\Setup.ps1"
[System.IO.File]::WriteAllText($localScriptPath, $scriptContent)
# Now execute the downloaded script
Write-GitHubAPIWebScriptLog -Message "calling Setup.PS1 from Call-Setup-GH-Latest.ps1" -Level 'INFO'
& $localScriptPath