• Ash K.

Run a PowerShell Script from a Private GitHub Repo

Okay, so Azure Automation is great. But sometimes you might just need to run your PowerShell locally. So how do we execute quality control and versioning for scripts that have to execute on local resources? You bet your a5h that I have a solution for you.

Let's use a script from a private GitHub repo that only our most trusted admins get to access! But wait.... doesn't my quality control break when I have to download the script from GitHub and add it to my server for my scheduled task? Yes. Your quality control just bit the big one. But guess what?

You can run a PowerShell script from a private GitHub repo using the GitHub API. Your script will always be up to date, no server logins necessary.

So, how do we do this? Let's get into it.

This process has some pre-requisites before we can get to coding:

1. Create a GitHub private repo

2. Create a personal access token for your GitHub account

3. You'll need to add at least one PowerShell file to your private repo

Alright, now that we've set up our access, and uploaded the script we want to use, let's write our code for calling the PowerShell locally.

First let's build our URI. We'll need some information to do this:

1. User access token ($Token)

2. Username for the access token ($Username)

3. The Repo name ($Repo)

4. The File name ($Filename)

Once we do this, here's how our URI will look:

Next, let's build our header:

So far, your script should look something like this:

All that's left to do is submit our request. But since this particular endpoint doesn't return any contents or response codes unless the request fails, we'll want to do some error handling for the most common scenario: bad user input.

There's several ways to test URIs and URLs in Powershell, but they don't work very well for this particular situation. So we'll want to use the trusty Try-Catch method, with some Write-Hosts to inform the user (or the log) of what's going on.

Here's how I did it:

You can always add other exceptions to following "Catch" blocks if you find some more errors you'd like to handle. You might want to handle authentication errors or endpoint timeouts, but I'll leave that up to you.

Let's put it all together. Here's how your script should look:

Good work! You're ready to start calling your PowerShell scripts from your private GitHub repo. Before you start running this code on your servers or other local resources, read some few points of caution.

Danger Zone

  • Never run code that you don't trust and control

  • Controlling access to your private repo means controlling access to your code

  • Parameter prompts on the target script will not be passed to the HTTP invocation, but do not sacrifice credential encryption for simplicity.

  • NEVER run code that you don't trust and control

You can find this script, and more on my GitHub.


©2019 by KickA5h Admin

All code provided on this website is done so with the confidence that you know never to execute untrusted code in your environment.