TierModel CI/CD Pipelines
Overview
The TierModel project includes comprehensive CI/CD pipelines for both GitHub Actions and Azure DevOps. These pipelines provide automated testing, linting, security analysis, and artifact publishing to ensure code quality and reliability.
Pipeline Features
๐งช Testing & Quality Assurance
- Multi-version PowerShell testing (5.1 and 7.4)
- Comprehensive test coverage with Pester
- Code coverage reporting with JaCoCo format
- PowerShell linting with PSScriptAnalyzer
- Module validation and import testing
๐ Security Analysis
- Security-focused linting rules
- Fail-on-critical-issues configuration
- Sensitive data detection validation
- Best practices enforcement
๐ฆ Build & Packaging
- Module manifest validation
- Automated packaging with metadata
- Artifact publishing for releases
- Documentation generation with PlatyPS
๐ Drift Detection & Monitoring
- Scheduled drift detection (daily at 2 AM UTC)
- Drift report artifacts for trend analysis
- Current state snapshots for comparison
- Error handling and reporting
GitHub Actions Pipeline
Location: .github/workflows/ci.yml
Trigger Configuration
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
schedule:
# Daily drift detection at 2 AM UTC
- cron: '0 2 * * *'
Jobs Overview
1. Linting (lint)
- Runs PSScriptAnalyzer with comprehensive rule set
- Checks Error, Warning, and Information severity levels
- Publishes results as CSV artifacts
- Fails build on Error-level issues
2. Testing (test)
- Matrix strategy: PowerShell 7.4 and 5.1
- Runs Pester tests with detailed output
- Generates code coverage reports
- Publishes test results in JUnit format
3. Packaging (package)
- Validates module manifest and structure
- Tests module import functionality
- Creates deployable module package
- Includes build metadata and Git information
4. Security Analysis (security)
- Runs security-focused PSScriptAnalyzer rules
- Checks for credential handling issues
- Validates use of secure coding practices
- Fails build on critical security violations
5. Drift Detection (drift)
- Runs on schedule and main branch pushes
- Tests drift detection against sample configurations
- Captures current state snapshots
- Publishes drift reports as artifacts
6. Documentation (docs)
- Generates markdown help with PlatyPS
- Creates external help files
- Publishes documentation artifacts
- Runs only on main branch pushes
Artifact Outputs
| Artifact | Content | Retention |
|---|---|---|
scriptanalyzer-results |
Linting results CSV | 30 days |
test-results-ps7.4 |
Test results and coverage | 30 days |
test-results-ps5.1 |
Test results and coverage | 30 days |
TierModel-Module |
Packaged module files | 90 days |
security-analysis |
Security scan results | 30 days |
drift-detection-reports |
Drift analysis JSON files | 30 days |
TierModel-Documentation |
Generated help files | 90 days |
Usage Example
# Fork and clone the repository
git clone https://github.com/yourusername/TierModel.git
cd TierModel
# Create feature branch
git checkout -b feature/new-functionality
# Make changes and commit
git add .
git commit -m "Add new functionality"
# Push to trigger CI pipeline
git push origin feature/new-functionality
# Create pull request - CI runs automatically
Azure DevOps Pipeline
Location: .azuredevops/azure-pipelines.yml
Trigger Configuration
trigger:
branches:
include: [main, develop]
paths:
include: [TierModel/*, .azuredevops/*]
pr:
branches:
include: [main, develop]
schedules:
- cron: "0 2 * * *"
branches:
include: [main]
Stages Overview
Stage 1: Lint
- Job:
ScriptAnalyzer - PSScriptAnalyzer execution with all severity levels
- Results published as pipeline artifacts
- Build fails on Error-level issues
Stage 2: Test
- Job:
PesterTests(Matrix: PowerShell 7.x, 5.1) - Pester test execution with code coverage
- Test results published to Azure DevOps Test Plans
- Coverage reports in JaCoCo format
Stage 3: Package
- Job:
ValidateAndPackage - Module manifest validation
- Module import testing
- Package creation with build metadata
- Artifact publishing for deployment
Stage 4: Security
- Job:
SecurityScan - Security-focused PSScriptAnalyzer rules
- Critical issue detection and build failure
- Security results as pipeline artifacts
Stage 5: Drift Detection
- Job:
DriftAnalysis - Scheduled and main branch execution
- Drift detection against test configurations
- State snapshots and error handling
- Comprehensive reporting artifacts
Stage 6: Documentation
- Job:
GenerateDocs - PlatyPS documentation generation
- Main branch only execution
- Documentation artifact publishing
Pipeline Variables
variables:
POWERSHELL_TELEMETRY_OPTOUT: 1
ModulePath: 'TierModel/Modules/TierModel'
Artifact Outputs
| Artifact | Content | Description |
|---|---|---|
ScriptAnalyzer-Results |
Linting CSV | Code quality analysis |
TierModel-Module |
Module package | Deployable module files |
Security-Analysis |
Security CSV | Security scan results |
Drift-Detection-Reports |
JSON reports | Drift analysis data |
TierModel-Documentation |
Markdown docs | Generated help files |
Local CI Testing
Prerequisites
# Install required modules
Set-PSRepository PSGallery -InstallationPolicy Trusted
Install-Module -Name PSScriptAnalyzer -Force
Install-Module -Name Pester -Force -MinimumVersion 5.0.0
Install-Module -Name PlatyPS -Force
Run Linting Locally
# Navigate to project root
cd C:\Path\To\TierModel
# Run PSScriptAnalyzer
$results = Invoke-ScriptAnalyzer -Path "TierModel/Modules/TierModel" -Recurse -Severity @('Error', 'Warning', 'Information')
# Display results
$results | Format-Table Severity, RuleName, ScriptName, Line, Message -AutoSize
# Check for errors (CI fails on errors)
$errors = $results | Where-Object { $_.Severity -eq 'Error' }
if ($errors.Count -gt 0) {
Write-Error "Found $($errors.Count) error(s)"
}
Run Tests Locally
# Configure Pester
$config = New-PesterConfiguration
$config.Run.Path = "TierModel/tests"
$config.Output.Verbosity = 'Detailed'
$config.TestResult.Enabled = $true
$config.CodeCoverage.Enabled = $true
$config.CodeCoverage.Path = "TierModel/Modules/TierModel/*.psm1"
# Execute tests
$result = Invoke-Pester -Configuration $config
# Display summary
Write-Host "Tests: $($result.PassedCount) passed, $($result.FailedCount) failed"
Run Security Analysis
# Security-focused rules
$securityRules = @(
'PSAvoidUsingPlainTextForPassword'
'PSAvoidUsingUserNameAndPasswordParams'
'PSUsePSCredentialType'
'PSAvoidGlobalVars'
'PSUseShouldProcessForStateChangingFunctions'
)
$securityResults = Invoke-ScriptAnalyzer -Path "TierModel/Modules/TierModel" -Recurse -IncludeRule $securityRules
if ($securityResults) {
$securityResults | Format-Table Severity, RuleName, Message -AutoSize
$criticalIssues = $securityResults | Where-Object { $_.Severity -eq 'Error' }
if ($criticalIssues.Count -gt 0) {
Write-Error "Found $($criticalIssues.Count) critical security issue(s)"
}
} else {
Write-Host "No security issues found" -ForegroundColor Green
}
Configuration Management
Customizing Pipelines
GitHub Actions Customization
Edit .github/workflows/ci.yml:
# Modify PowerShell versions
strategy:
matrix:
powershell-version: ['7.4', '5.1', '7.2'] # Add 7.2
# Change artifact retention
retention-days: 60 # Increase from 30 days
# Add custom test parameters
- name: Run Custom Tests
run: |
Invoke-Pester -Path "Tests/Custom" -Tag "Integration"
Azure DevOps Customization
Edit .azuredevops/azure-pipelines.yml:
# Add custom variables
variables:
CustomTestPath: 'Tests/Custom'
ArtifactRetention: 60
# Modify agent pool
pool:
name: 'Custom-Pool' # Use custom agent pool
vmImage: 'windows-2022' # Or specific VM image
Environment-Specific Configuration
Development Environment
# Disable drift detection on feature branches
if: github.ref != 'refs/heads/main' && github.event_name != 'schedule'
Production Environment
# Enable additional security scans
- name: Production Security Scan
if: github.ref == 'refs/heads/main'
run: |
# Additional security validation with strict rules
$securityResults = Invoke-ScriptAnalyzer -Path "TierModel/Modules/TierModel" -Recurse -Severity Error
if ($securityResults) { exit 1 }
Monitoring & Alerts
GitHub Actions Monitoring
Workflow Status Badges


Notification Configuration
# Add Slack notifications
- name: Notify Slack
if: failure()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
Azure DevOps Monitoring
Service Hooks
Configure service hooks in Azure DevOps: - Build completed: Send to Teams/Slack - Build failed: Send email notification - Security issues: Create work item
Dashboard Configuration
Create Azure DevOps dashboard widgets:
- Build success rate
- Test pass rate
- Code coverage trends
- Security scan results
Troubleshooting
Common Issues
PowerShell Version Conflicts
# Check PowerShell version in CI
Write-Host "PowerShell version: $($PSVersionTable.PSVersion)"
Write-Host "Edition: $($PSVersionTable.PSEdition)"
Module Import Failures
# Verbose module import for debugging
Import-Module "./TierModel.psm1" -Force -Verbose
Get-Module TierModel -ListAvailable
Test Failures in CI
# Enable verbose test output
- name: Run Tests with Debug
run: |
$VerbosePreference = 'Continue'
$DebugPreference = 'Continue'
Invoke-Pester -Path "Tests/" -Output Detailed
Artifact Upload Issues
# Check artifact paths exist
- name: Debug Artifacts
run: |
Get-ChildItem -Path "." -Recurse -Filter "*.xml" | Select-Object FullName
Test-Path "./test-results.xml"
Performance Optimization
Parallel Testing
# GitHub Actions parallel jobs by test tags
strategy:
matrix:
test-tag: [Unit, Integration, Audit, Deploy]
steps:
- name: Run Tagged Tests
run: |
$config = New-PesterConfiguration
$config.Run.Path = "TierModel/tests"
$config.Filter.Tag = "${{ matrix.test-tag }}"
Invoke-Pester -Configuration $config
Caching Dependencies
# Cache PowerShell modules
- name: Cache PowerShell Modules
uses: actions/cache@v3
with:
path: ~/.local/share/powershell/Modules
key: ${{ runner.os }}-psmodules-${{ hashFiles('**/dependencies.json') }}
Best Practices
Pipeline Design
- Fail fast: Run linting before tests
- Parallel execution: Independent jobs run simultaneously
- Artifact management: Appropriate retention periods
- Security first: Security scans in every pipeline
Code Quality
- Consistent formatting: Use PSScriptAnalyzer formatting rules
- Test coverage: Maintain > 80% code coverage
- Security validation: Regular security rule updates
- Documentation: Keep pipeline docs updated
Deployment Strategy
- Branch protection: Require CI success for main branch
- Review requirements: Mandate code reviews for PRs
- Staged deployment: Dev โ Test โ Prod progression
- Rollback capability: Maintain deployment artifacts
Monitoring & Alerting
- Proactive monitoring: Set up failure notifications
- Trend analysis: Track metrics over time
- Performance tracking: Monitor pipeline execution time
- Security alerts: Immediate notification of security issues
Summary
The TierModel CI/CD pipelines provide comprehensive testing, security analysis, and artifact management for reliable deployments. All tests are passing, code coverage exceeds targets, and security validation is integrated throughout the pipeline.
For additional documentation, see:
- Test Coverage Roadmap: tests/TestCoverageRoadmap.md (in repository)
- Quick Deployment Guide
- Detailed Deployment Guide
- Deployment Methodology