From 2d2d4f0c849ff43ad3bc8cd6ddc1ff9f45293a34 Mon Sep 17 00:00:00 2001 From: Frank Tovar Date: Mon, 2 Feb 2026 16:50:55 +0100 Subject: [PATCH] Prompt secrets and improve WinRM guidance in deploy script --- scripts/deploy-ftp.ps1 | 76 ++++++++++++++++++++++++++++++++---------- 1 file changed, 59 insertions(+), 17 deletions(-) diff --git a/scripts/deploy-ftp.ps1 b/scripts/deploy-ftp.ps1 index c967050..8ec40ec 100644 --- a/scripts/deploy-ftp.ps1 +++ b/scripts/deploy-ftp.ps1 @@ -1,21 +1,20 @@ -# Hard-coded deploy settings. Fill these in before running. -$FtpHost = "ftp.example.com" -$FtpUser = "deploy-user" -$FtpPassword = "deploy-password" -$RemoteDir = "/httpdocs" +# Hard-coded deploy settings. Fill these in before running. +$FtpHost = "xTr1m.com" +$FtpUser = "xTr1m" +$FtpPassword = $null # prompted at runtime +$RemoteDir = "/httpdocs/picknplay" $ProjectPath = "..\\GameList.csproj" $Configuration = "Release" $Runtime = "win-x64" $PublishDir = "..\\artifacts\\publish" $SelfContained = $false -$WinScpPath = "WinSCP.com" - -# Optional: recycle IIS app pool via WinRM instead of RDP. Set $RecycleAppPool = $false to skip. +$WinScpPath = "C:\\Users\\frank\\AppData\\Local\\Programs\\WinSCP\\WinSCP.com" $RecycleAppPool = $true -$AppPoolName = "DefaultAppPool" -$WinRmComputer = "your-server-hostname" -$WinRmCredentialUser = "DOMAIN\\deploy-user" -$WinRmCredentialPass = "P@ssw0rd!" +$AppPoolName = "xTr1m.com(domain)(4.0)(pool)" +$WinRmComputer = "xTr1m.com" +$WinRmCredentialUser = "win-eisvr3h3qra\\Administrator" +$WinRmCredentialPass = $null # prompted at runtime +$UseWinRmHttps = $true # set false if using HTTP + TrustedHosts <#! .SYNOPSIS @@ -48,12 +47,46 @@ function Assert-Tool { Assert-Tool "dotnet" Assert-Tool $WinScpPath +function Read-PlainOrPrompt([string]$Value, [string]$Prompt, [switch]$Secure) { + if ($Value) { return $Value } + if ($Secure) { + $secure = Read-Host -AsSecureString $Prompt + return [Runtime.InteropServices.Marshal]::PtrToStringUni( + [Runtime.InteropServices.Marshal]::SecureStringToBSTR($secure) + ) + } + return Read-Host $Prompt +} + +$FtpPassword = Read-PlainOrPrompt $FtpPassword "FTP password" +$WinRmCredentialPass = Read-PlainOrPrompt $WinRmCredentialPass "WinRM password" -Secure + Write-Host "1) Publishing..." -ForegroundColor Cyan New-Item -ItemType Directory -Force -Path $PublishDir | Out-Null $publishArgs = @("publish", $ProjectPath, "-c", $Configuration, "-r", $Runtime, "-o", $PublishDir) if (-not $SelfContained) { $publishArgs += "--self-contained=false" } dotnet @publishArgs +if ($RecycleAppPool) { + Write-Host "2) Stopping IIS app pool via WinRM..." -ForegroundColor Cyan + $sec = ConvertTo-SecureString $WinRmCredentialPass -AsPlainText -Force + $cred = New-Object pscredential($WinRmCredentialUser, $sec) + $invokeParams = @{ + ComputerName = $WinRmComputer + Credential = $cred + ScriptBlock = { + Import-Module WebAdministration + Stop-WebAppPool -Name $using:AppPoolName -ErrorAction SilentlyContinue + } + } + if ($UseWinRmHttps) { $invokeParams["UseSSL"] = $true } + try { + Invoke-Command @invokeParams + } catch { + Write-Warning "WinRM stop failed: $($_.Exception.Message)`nIf not on domain/Kerberos, enable HTTPS WinRM or add TrustedHosts (winrm set winrm/config/client '@{TrustedHosts=\"\"\"$WinRmComputer\"\"\"}'), or set `$RecycleAppPool = $false`." + } +} + Write-Host "2) Syncing via WinSCP (FTP mirror with delete)..." -ForegroundColor Cyan $tempScript = New-TemporaryFile @" @@ -70,13 +103,22 @@ exit Remove-Item $tempScript -ErrorAction SilentlyContinue if ($RecycleAppPool) { - Write-Host "3) Recycling IIS app pool via WinRM..." -ForegroundColor Cyan + Write-Host "4) Starting IIS app pool via WinRM..." -ForegroundColor Cyan $sec = ConvertTo-SecureString $WinRmCredentialPass -AsPlainText -Force $cred = New-Object pscredential($WinRmCredentialUser, $sec) - Invoke-Command -ComputerName $WinRmComputer -Credential $cred -ScriptBlock { - Import-Module WebAdministration - Stop-WebAppPool -Name $using:AppPoolName -ErrorAction SilentlyContinue - Start-WebAppPool -Name $using:AppPoolName + $invokeParams = @{ + ComputerName = $WinRmComputer + Credential = $cred + ScriptBlock = { + Import-Module WebAdministration + Start-WebAppPool -Name $using:AppPoolName + } + } + if ($UseWinRmHttps) { $invokeParams["UseSSL"] = $true } + try { + Invoke-Command @invokeParams + } catch { + Write-Warning "WinRM start failed: $($_.Exception.Message)`nIf not on domain/Kerberos, enable HTTPS WinRM or add TrustedHosts, or set `$RecycleAppPool = $false`." } }