Prompt secrets and improve WinRM guidance in deploy script

2026-02-02 16:50:55 +01:00
parent 7bc6bb2a3d
commit 2d2d4f0c84
1 changed files with 59 additions and 17 deletions
--- a/scripts/deploy-ftp.ps1
+++ b/scripts/deploy-ftp.ps1
@@ -1,21 +1,20 @@
-# Hard-coded deploy settings. Fill these in before running.
-$FtpHost       = "ftp.example.com"
-$FtpUser       = "deploy-user"
-$FtpPassword   = "deploy-password"
-$RemoteDir     = "/httpdocs"
+# Hard-coded deploy settings. Fill these in before running.
+$FtpHost       = "xTr1m.com"
+$FtpUser       = "xTr1m"
+$FtpPassword   = $null  # prompted at runtime
+$RemoteDir     = "/httpdocs/picknplay"
 $ProjectPath   = "..\\GameList.csproj"
 $Configuration = "Release"
 $Runtime       = "win-x64"
 $PublishDir    = "..\\artifacts\\publish"
 $SelfContained = $false
-$WinScpPath    = "WinSCP.com"
-
-# Optional: recycle IIS app pool via WinRM instead of RDP. Set $RecycleAppPool = $false to skip.
+$WinScpPath    = "C:\\Users\\frank\\AppData\\Local\\Programs\\WinSCP\\WinSCP.com"
 $RecycleAppPool      = $true
-$AppPoolName         = "DefaultAppPool"
-$WinRmComputer       = "your-server-hostname"
-$WinRmCredentialUser = "DOMAIN\\deploy-user"
-$WinRmCredentialPass = "P@ssw0rd!"
+$AppPoolName         = "xTr1m.com(domain)(4.0)(pool)"
+$WinRmComputer       = "xTr1m.com"
+$WinRmCredentialUser = "win-eisvr3h3qra\\Administrator"
+$WinRmCredentialPass = $null  # prompted at runtime
+$UseWinRmHttps       = $true   # set false if using HTTP + TrustedHosts

 <#!
 .SYNOPSIS
@@ -48,12 +47,46 @@ function Assert-Tool {
 Assert-Tool "dotnet"
 Assert-Tool $WinScpPath

+function Read-PlainOrPrompt([string]$Value, [string]$Prompt, [switch]$Secure) {
+    if ($Value) { return $Value }
+    if ($Secure) {
+        $secure = Read-Host -AsSecureString $Prompt
+        return [Runtime.InteropServices.Marshal]::PtrToStringUni(
+            [Runtime.InteropServices.Marshal]::SecureStringToBSTR($secure)
+        )
+    }
+    return Read-Host $Prompt
+}
+
+$FtpPassword        = Read-PlainOrPrompt $FtpPassword "FTP password"
+$WinRmCredentialPass = Read-PlainOrPrompt $WinRmCredentialPass "WinRM password" -Secure
+
 Write-Host "1) Publishing..." -ForegroundColor Cyan
 New-Item -ItemType Directory -Force -Path $PublishDir | Out-Null
 $publishArgs = @("publish", $ProjectPath, "-c", $Configuration, "-r", $Runtime, "-o", $PublishDir)
 if (-not $SelfContained) { $publishArgs += "--self-contained=false" }
 dotnet @publishArgs

+if ($RecycleAppPool) {
+    Write-Host "2) Stopping IIS app pool via WinRM..." -ForegroundColor Cyan
+    $sec = ConvertTo-SecureString $WinRmCredentialPass -AsPlainText -Force
+    $cred = New-Object pscredential($WinRmCredentialUser, $sec)
+    $invokeParams = @{
+        ComputerName = $WinRmComputer
+        Credential   = $cred
+        ScriptBlock  = {
+            Import-Module WebAdministration
+            Stop-WebAppPool -Name $using:AppPoolName -ErrorAction SilentlyContinue
+        }
+    }
+    if ($UseWinRmHttps) { $invokeParams["UseSSL"] = $true }
+    try {
+        Invoke-Command @invokeParams
+    } catch {
+        Write-Warning "WinRM stop failed: $($_.Exception.Message)`nIf not on domain/Kerberos, enable HTTPS WinRM or add TrustedHosts (winrm set winrm/config/client '@{TrustedHosts=\"\"\"$WinRmComputer\"\"\"}'), or set `$RecycleAppPool = $false`."
+    }
+}
+
 Write-Host "2) Syncing via WinSCP (FTP mirror with delete)..." -ForegroundColor Cyan
 $tempScript = New-TemporaryFile
@"
@@ -70,13 +103,22 @@ exit
 Remove-Item $tempScript -ErrorAction SilentlyContinue

 if ($RecycleAppPool) {
-    Write-Host "3) Recycling IIS app pool via WinRM..." -ForegroundColor Cyan
+    Write-Host "4) Starting IIS app pool via WinRM..." -ForegroundColor Cyan
    $sec = ConvertTo-SecureString $WinRmCredentialPass -AsPlainText -Force
    $cred = New-Object pscredential($WinRmCredentialUser, $sec)
-    Invoke-Command -ComputerName $WinRmComputer -Credential $cred -ScriptBlock {
-        Import-Module WebAdministration
-        Stop-WebAppPool -Name $using:AppPoolName -ErrorAction SilentlyContinue
-        Start-WebAppPool -Name $using:AppPoolName
+    $invokeParams = @{
+        ComputerName = $WinRmComputer
+        Credential   = $cred
+        ScriptBlock  = {
+            Import-Module WebAdministration
+            Start-WebAppPool -Name $using:AppPoolName
+        }
+    }
+    if ($UseWinRmHttps) { $invokeParams["UseSSL"] = $true }
+    try {
+        Invoke-Command @invokeParams
+    } catch {
+        Write-Warning "WinRM start failed: $($_.Exception.Message)`nIf not on domain/Kerberos, enable HTTPS WinRM or add TrustedHosts, or set `$RecycleAppPool = $false`."
    }
 }