ruhdevops · ruhdevops · Mar 10, 2026 · Mar 10, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -3,17 +3,13 @@ name: CodeQL Analysis
 on:
   push:
     branches: [main]
-
   pull_request:
     branches: [main]
-
   schedule:
-    - cron: '0 0 * * 1' # Every Monday at midnight
-
+    - cron: '0 0 * * 1'
   workflow_dispatch:
 
 jobs:
-
   analyze:
     name: CodeQL Security Scan
     runs-on: ubuntu-latest
@@ -44,41 +40,3 @@ jobs:
         uses: github/codeql-action/analyze@v3
         with:
           category: ${{ matrix.language }}
-
-
-  analyze-powershell:
-    name: PowerShell Security Scan
-    runs-on: ubuntu-latest
-
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    timeout-minutes: 20
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Install PSScriptAnalyzer
-        shell: pwsh
-        run: |
-          Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module PSScriptAnalyzer -Force -Scope CurrentUser
-
-      - name: Run PowerShell Security Scan
-        shell: pwsh
-        run: |
-          # Run PSScriptAnalyzer recursively on the repository
-          $results = Invoke-ScriptAnalyzer -Path . -Recurse -Severity Error,Warning |
-                     Where-Object { $_.RuleName -like "*Security*" }
-
-          if ($results) {
-              $results | Format-Table
-              Write-Host "::error title=Security Scan::Potential security issues found in PowerShell scripts."
-              throw "Security issues detected by PSScriptAnalyzer"
-          }
-          else {
-              Write-Host "::notice title=Security Scan::No common security issues found in PowerShell scripts."
-          }
diff --git a/.github/workflows/download-cert.yml b/.github/workflows/download-cert.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '20'
 
@@ -28,4 +28,10 @@ jobs:
               Rename-Item $certPath "$certPath.$timestamp.bak"
               Write-Host "Existing certificate backed up."
           }
-          node .\bin\checkScripts\runDownloadCert.js github.com
+          node .\bin\checkScripts\runDownloadCert.js github.com
+          if (Test-Path $certPath) {
+              Write-Host "::notice title=Download TLS Certificate [Run #$($env:GITHUB_RUN_NUMBER)]::Certificate downloaded and verified successfully."
+          } else {
+              Write-Host "::error title=Download TLS Certificate [Run #$($env:GITHUB_RUN_NUMBER)]::Failed to download certificate."
+              throw "Failed to download certificate."
+          }
diff --git a/.github/workflows/powershell-ci.yml b/.github/workflows/powershell-ci.yml
@@ -1,4 +1,4 @@
-name: PowerShell Security Scan
+name: PowerShell CI
 
 on:
   push:
@@ -8,28 +8,54 @@ on:
   workflow_dispatch:
 
 jobs:
-  security-scan:
-    runs-on: windows-latest
+  powershell-ci:
+    name: PowerShell CI (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Install PSScriptAnalyzer
+      - name: Set up PowerShell
+        if: runner.os != 'Windows'
+        uses: microsoft/setup-powershell@v3
+
+      - name: Install Modules
         shell: pwsh
         run: |
           Set-PSRepository PSGallery -InstallationPolicy Trusted
           Install-Module PSScriptAnalyzer -Force -Scope CurrentUser
+          Install-Module Pester -Force -Scope CurrentUser -SkipPublisherCheck
 
-      - name: Run Security Scan
+      - name: Run PSScriptAnalyzer (Security Scan)
         shell: pwsh
         run: |
           $results = Invoke-ScriptAnalyzer -Path . -Recurse -Severity Error,Warning |
                      Where-Object { $_.RuleName -like "*Security*" }
 
           if ($results) {
               $results | Format-Table
-              Write-Host "::error title=Security Scan::Potential security issues found."
+              Write-Host "::error title=Security Scan [Run #$($env:GITHUB_RUN_NUMBER)]::Potential security issues found in PowerShell scripts."
               throw "Security issues detected by PSScriptAnalyzer"
           } else {
-              Write-Host "::notice title=Security Scan::No common security issues found."
+              Write-Host "::notice title=Security Scan [Run #$($env:GITHUB_RUN_NUMBER)]::No common security issues found."
+          }
+
+      - name: Run Pester Tests
+        shell: pwsh
+        run: |
+          if (Test-Path ./tests) {
+              $results = Invoke-Pester -Path ./tests -PassThru
+              if ($results.FailedCount -gt 0) {
+                  Write-Host "::error title=Pester Tests [Run #$($env:GITHUB_RUN_NUMBER)]::$($results.FailedCount) tests failed."
+                  throw "Pester tests failed."
+              } else {
+                  Write-Host "::notice title=Pester Tests [Run #$($env:GITHUB_RUN_NUMBER)]::All tests passed successfully."
+              }
+          } else {
+              Write-Host "::notice title=Pester Tests [Run #$($env:GITHUB_RUN_NUMBER)]::No Pester tests found in ./tests."
           }
diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml