Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 93 additions & 0 deletions .github/workflows/pester.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
# This is the SPSTrust CI Pester workflow to run tests on pull requests

name: SPSTrust CI Pester Tests

on:
pull_request:
branches:
- main
paths:
- 'src/**'
- 'tests/**'
- 'PSScriptAnalyzerSettings.psd1'

# The "Publish Test Results" step creates a check run, which requires write
# access to checks. The default GITHUB_TOKEN is read-only on repositories
# created with the modern default, so grant the minimum needed here.
permissions:
contents: read
checks: write
pull-requests: write

jobs:
test:
name: Run Pester Tests
runs-on: windows-latest

steps:
- name: Checkout code
uses: actions/checkout@v7

- name: Install Pester
shell: pwsh
run: |
Install-Module -Name Pester -MinimumVersion 5.3.0 -Force -SkipPublisherCheck -Scope CurrentUser
Import-Module Pester

- name: Run Pester Tests
shell: pwsh
run: |
$config = New-PesterConfiguration
$config.Run.Path = './tests'
$config.Run.Exit = $true
$config.TestResult.Enabled = $true
$config.TestResult.OutputPath = './test-results.xml'
$config.Output.Verbosity = 'Detailed'

Invoke-Pester -Configuration $config

- name: Upload test results
uses: actions/upload-artifact@v7
if: always()
with:
name: test-results
path: test-results.xml

- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action/composite@v2
if: always()
continue-on-error: true
with:
files: |
test-results.xml
check_name: Pester Test Results

code-quality:
name: Code Quality Check
runs-on: windows-latest

steps:
- name: Checkout code
uses: actions/checkout@v7

- name: Install PSScriptAnalyzer
shell: pwsh
run: |
Install-Module -Name PSScriptAnalyzer -Force -SkipPublisherCheck -Scope CurrentUser

- name: Run PSScriptAnalyzer
shell: pwsh
run: |
# Analyze our own code only: the entry script and the SPSTrust.Common module.
$results = @()
$results += Invoke-ScriptAnalyzer -Path ./src/SPSTrust.ps1 -Settings ./PSScriptAnalyzerSettings.psd1
$results += Invoke-ScriptAnalyzer -Path ./src/Modules/SPSTrust.Common -Recurse -Settings ./PSScriptAnalyzerSettings.psd1

if ($results) {
$results | Format-Table -AutoSize
Write-Error "PSScriptAnalyzer found issues"
exit 1
}
else {
Write-Host "No issues found by PSScriptAnalyzer"
}
17 changes: 12 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
# This is a basic workflow to help you get started with Actions
# This is the SPSTrust CI Release workflow to create a release from a tag push.
# Triggered by pushing a v* tag (e.g. v2.0.0). It packages the *contents* of the
# src/ folder into a ZIP (so the archive extracts straight to SPSTrust.ps1 and
# Modules/, with no src/ wrapper) and publishes a GitHub Release using
# RELEASE-NOTES.md as the body.

name: SPSTrust CI Release

Expand All @@ -8,24 +12,27 @@ on:
tags:
- "v*" # Push events to matching v*, i.e. v1.0, v20.15.10

permissions:
contents: write

jobs:
build:
runs-on: ubuntu-latest
steps:
# Checkout code
- name: Checkout code
id: checkout_code
uses: actions/checkout@v4
uses: actions/checkout@v7
# Create a ZIP file with project name and tag version
- name: Create ZIP file of scripts
- name: Create ZIP file of src contents
run: |
zip_name="SPSTrust-${{ github.ref_name }}.zip"
zip -r $zip_name scripts/
( cd src && zip -r "../$zip_name" . )
shell: bash
# Create Release with tag version
- name: Create GitHub Release
id: create_release
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/wiki.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@v7
with:
repository: ${{github.repository}}
path: ${{github.repository}}

- name: Checkout Wiki
uses: actions/checkout@v4
uses: actions/checkout@v7
with:
repository: ${{github.repository}}.wiki
path: ${{github.repository}}.wiki
Expand Down
46 changes: 46 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,52 @@
The format is based on and uses the types of changes according to [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [2.0.0] - 2026-07-10

### Added

- `src/Modules/SPSTrust.Common` module (single source of truth for the version via
`ModuleVersion`), split into:
- `Public/` — the 16 trust functions plus `Get-SPSServer` and a generic
`Clear-SPSLogFolder`.
- `Private/` — `Invoke-SPSCommand` (CredSSP remoting helper), hidden from callers.
- `SPSTrust.Common.psm1` loader and `SPSTrust.Common.psd1` manifest.
- `-LogRetentionDays` parameter (default 180, `0` disables pruning); transcript logs are
now rotated at the end of each run via `Clear-SPSLogFolder`.
- `src/Config/CONTOSO-PROD.example.psd1` example configuration.
- Pester test suite under `tests/` and `PSScriptAnalyzerSettings.psd1`.
- `.github/workflows/pester.yml` running the Pester suite and a PSScriptAnalyzer
code-quality job on pull requests.
- Wiki: `_Sidebar.md` navigation and `Release-Process.md`.

### Changed

- **BREAKING**: repository layout moved from `scripts/` to `src/`. Release archives now
extract straight to `SPSTrust.ps1` and `Modules/` (no `scripts/` wrapper).
- **BREAKING**: configuration format changed from JSON to a PowerShell data file
(`.psd1`). `-ConfigFile` now validates a `*.psd1` path and is loaded with
`Import-PowerShellDataFile`.
- The script version is now sourced from the `SPSTrust.Common` manifest instead of a
hard-coded string.
- `release.yml`: bump `actions/checkout@v4` → `@v7` and `softprops/action-gh-release@v2`
→ `@v3`; package the contents of `src/`; add explicit `permissions: contents: write`.
- `wiki.yml`: bump `actions/checkout@v4` → `@v7`.
- README trimmed to defer to the wiki; removed the inaccurate "class-based resources"
wording.
- Wiki pages (Home, Getting-Started, Configuration, Usage) rewritten for the new layout
and `.psd1` configuration.

### Fixed

- Wiki `Usage` examples referenced `.\SPSWeather.ps1` instead of `SPSTrust.ps1`, and the
`-CleanServices` example omitted the mandatory `-FarmAccount`.

### Removed

- `scripts/` folder and the monolithic `sps.util.psm1` / `util.psm1` modules (replaced by
`SPSTrust.Common`).
- Unused `Clear-SPSLog` helper (superseded by `Clear-SPSLogFolder`).

## [1.0.0] - 2023-11-05

### Added
Expand Down
15 changes: 15 additions & 0 deletions PSScriptAnalyzerSettings.psd1
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
@{
# Settings consumed by Invoke-ScriptAnalyzer in CI and the local lint task.
#
# PSUseShouldProcessForStateChangingFunctions is excluded because the public
# Set-*/New-*/Remove-*/Publish-* functions are thin wrappers that marshal a
# script block to a remote farm through Invoke-SPSCommand (CredSSP). Their
# create/remove behaviour is already driven explicitly by an -Ensure parameter,
# and the destructive path is gated at the entry-script level by the
# -CleanServices switch. Adding SupportsShouldProcess/ShouldProcess plumbing to
# each remoting wrapper would add no real safety and is inconsistent with the
# rest of the SPS* toolkit. The rule is therefore excluded project-wide.
ExcludeRules = @(
'PSUseShouldProcessForStateChangingFunctions'
)
}
38 changes: 22 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,34 +3,40 @@
![Latest release date](https://img.shields.io/github/release-date/luigilink/SPSTrust.svg?style=flat)
![Total downloads](https://img.shields.io/github/downloads/luigilink/SPSTrust/total.svg?style=flat)
![Issues opened](https://img.shields.io/github/issues/luigilink/SPSTrust.svg?style=flat)
[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](code_of_conduct.md)
[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](CODE_OF_CONDUCT.md)

## Description

SPSTrust is a PowerShell script tool to configure trust Farm in your SharePoint environment. The script follows the documentation: [Share service applications across farms in SharePoint Server](https://learn.microsoft.com/en-us/sharepoint/administration/share-service-applications-across-farms).
SPSTrust is a PowerShell script tool to configure trust relationships between SharePoint
Server farms — exchanging STS/ROOT certificates, publishing service applications, granting
Topology and published service-application permissions, and connecting service application
proxies across farms.

It's compatible with all supported versions for SharePoint OnPremises (2016 to Subscription Edition).
It follows the Microsoft guidance [Share service applications across farms in SharePoint Server](https://learn.microsoft.com/en-us/sharepoint/administration/share-service-applications-across-farms)
and is compatible with all supported on-premises versions (SharePoint Server 2016 to
Subscription Edition).

[Download the latest release, Click here!](https://github.com/luigilink/SPSTrust/releases/latest)
[Download the latest release here!](https://github.com/luigilink/SPSTrust/releases/latest)

## Requirements

### Windows Management Framework 5.0
- PowerShell 5.1 or later
- CredSSP configured between the servers
- Administrative privileges on the SharePoint servers
- The **same** farm service account used across all farms being trusted

Required because this module now implements class-based resources.
Class-based resources can only work on computers with Windows
Management Framework 5.0 or above.
The preferred version is PowerShell 5.1 or higher, which ships with Windows 10 or Windows Server 2016.
This is discussed further on the [SPSTrust Wiki Getting-Started](https://github.com/luigilink/SPSTrust/wiki/Getting-Started)

## CredSSP

Impersonation is handled using the `Invoke-Command` cmdlet in PowerShell, together with the creation of a "remote" session via `New-PSSession`. In the SPSTrust script, we authenticate as the InstallAccount and specify CredSSP as the authentication mechanism. This is explained further in the [SPSTrust Wiki Getting-Started](https://github.com/luigilink/SPSTrust/wiki/Getting-Started)
See the [Getting Started](https://github.com/luigilink/SPSTrust/wiki/Getting-Started) wiki page for details.

## Documentation

For detailed usage, configuration, and getting started information, visit the [SPSTrust Wiki](https://github.com/luigilink/SPSTrust/wiki)
For usage, configuration, and getting-started information, visit the
[SPSTrust Wiki](https://github.com/luigilink/SPSTrust/wiki):

- [Getting Started](https://github.com/luigilink/SPSTrust/wiki/Getting-Started)
- [Configuration](https://github.com/luigilink/SPSTrust/wiki/Configuration)
- [Usage](https://github.com/luigilink/SPSTrust/wiki/Usage)
- [Release Process](https://github.com/luigilink/SPSTrust/wiki/Release-Process)

## Changelog

A full list of changes in each version can be found in the [change log](CHANGELOG.md)
A full list of changes in each version can be found in the [change log](CHANGELOG.md).
57 changes: 27 additions & 30 deletions RELEASE-NOTES.md
Original file line number Diff line number Diff line change
@@ -1,39 +1,36 @@
# SPSTrust - Release Notes

## [1.0.0] - 2023-11-05
## [2.0.0] - 2026-07-10

> [!IMPORTANT]
> This is a major release with breaking changes. The package layout moved from
> `scripts/` to `src/`, and the configuration format changed from JSON to a PowerShell
> data file (`.psd1`). Convert your JSON configuration to the equivalent `.psd1` hashtable
> (see the [Configuration](https://github.com/luigilink/SPSTrust/wiki/Configuration) wiki
> page) before upgrading.

### Added

- Add RELEASE-NOTES.md file
- Add CHANGELOG.md file
- Add CONTRIBUTING.md file
- Add release.yml file
- Add scripts folder with first version of SPSTrust
- README.md
- Add code_of_conduct.md badge
- Add CODE_OF_CONDUCT.md file
- Add Issue Templates files:
- 1_bug_report.yml
- 2_feature_request.yml
- 3_documentation_request.yml
- 4_improvement_request.yml
- config.yml
- Wiki Documentation in repository - Add :
- wiki/Home.md
- wiki/Getting-Started.md
- wiki/Configuration.md
- wiki/Usage.md
- .github/workflows/wiki.yml
- New reusable `SPSTrust.Common` module (Public/Private layout, manifest-driven version).
- `-LogRetentionDays` parameter with automatic transcript log rotation.
- Example `.psd1` configuration, Pester test suite, PSScriptAnalyzer settings, and a
Pester CI workflow.
- Wiki sidebar and Release Process page.

### Changed

- SPSTrust.ps1:
- Update parameter description
- Add [ValidateScript({ Test-Path $_ -and $_ -like '*.json' })] in ConfigFile parameter
- Add missing comments
- Add CleanServices :
- Publish the service application section
- Permissions on Application Discovery and Load Balancing Service Application
- Permission to a published service application for a consuming farm
- **BREAKING**: `scripts/` → `src/`; release archives extract to `SPSTrust.ps1` + `Modules/`.
- **BREAKING**: configuration is now a `.psd1` data file loaded with `Import-PowerShellDataFile`.
- Script version sourced from the module manifest.
- Workflows bumped (`checkout@v7`, `action-gh-release@v3`); README trimmed to defer to the wiki.

### Fixed

- Wiki `Usage` examples (wrong script name and a missing mandatory `-FarmAccount`).

### Removed

- `scripts/` folder, the monolithic `sps.util.psm1` / `util.psm1` modules, and the unused
`Clear-SPSLog` helper.

A full list of changes in each version can be found in the [change log](CHANGELOG.md)
A full list of changes in each version can be found in the [change log](CHANGELOG.md).
39 changes: 0 additions & 39 deletions scripts/Config/CONTOSO-PROD.json

This file was deleted.

Loading
Loading