What is the 'best practice' GIT setup for a Prod / Dev environment?

Product: PowerShell Universal
Version: 4.1.8

Good Morning all, hope everyone is having a good day!

I am trying to setup git sync between a production and dev instance using the PSU in-built sync but all the documentation focuses only on Github / Remote repos.

What I am trying to do is setup a production instance that pushes certain configs back to the dev instance (Ignoring things like auth.ps1 etc) as well as allowing me to push changes from the dev instance to the production instance manually.

Currently the production and dev instances are not ‘linked’ at all (This is another aspect of the documentation that confuses me. It mentions “attaching an instance to the database” but nowhere does it tell you how to do that as far as I can find.). At the moment I’m manually making any changes in my dev instance to make it match the production instance and then manually copying any changes back from dev to production and re-configuring all the paths, variables, creds, etc etc.

How is this designed to be used so we can have a dev instance that can push changes to a production instance as well as pull certain configs from production? Are we expected to do what I mentioned above and manually copy / edit the code between the two instances?

I guess to sum it up, ignoring what is being asked for now, how are we MEANT to be utilizing this feature properly?

Any advice would be greatly appreciated!

I’m not sure how things are meant to be done, but I can try to detail what I do, which does require a remote Git repository. For starters, as I said in the PowerShell Discord on this topic, I don’t use Git sync with the database.

The Git Setup

  1. Create a Git repository containing the contents of the $env:ProgramData\UniversalAutomation\Repository folder.
  2. Create a new branch from main called dev.
  3. Host that repository on a web service accessible to the PSU server (I use CodeCommit, but GitHub would be much easier).
  4. Install Git on the PSU server, because this method requires an external Git client.
  5. Configure Git credentials:
    1. Umm… I forgot how I did this, and I didn’t document it. I’m probably doing something weird, because it’s CodeCommit.
    2. This should help you, though: https://docs.powershelluniversal.com/config/git#setting-credentials
  6. Add $env:ProgramData\UniversalAutomation\Repository as a safe folder in your Git configuration:
    git config --global --add safe.directory "$env:ProgramData/UniversalAutomation/Repository"

PSU Git Settings

  1. Configure Git Settings as follows:
    • Remote: <path to my remote repository>
    • Branch: main
    • Sync Behavior: One-Way
    • Sync Interval: 10
    • Use External Git Client: True
    • Mode: Automatic
    • Bundle Git Repository in Database: False
  2. Configure it the same in your dev environment:

Generalize the environment

To create variables I can use in places like authentication.ps1, I borrowed this trick from @mikedhanson Setup environment-specific variables in PSUHeader

For secrets, I use the PSUSecretStore vault for those variables in my variables.ps1 file like this:
New-PSUVariable -Name "MyApiKey" -Vault "PSUSecretStore" -Type "System.String"
Then I set the secrets through the web UI. This kind of sucks when you’re destroying the environment frequently.

Caveats, etc.

  • The biggie: Your web UI basically becomes read-only. I think the only things you can change through the UI are Git settings and secret values.

  • You and anyone else working on PSU kind of have to learn how to use Git. It’s a great tool to have in your toolbelt, but it’s not simple.

  • I don’t like working with a dev and main branch, but you might not have to. For me, it’s the only way I could come up with to put a “review gate” before deploying to production without the overhead of a release pipeline. In my case, changes to main have to be approved in CodeCommit. If you don’t have that same need, you can configure Git settings in your production environment for Manual synchronization. Then you can use a trunk-based development strategy, and only sync production after you have things working in dev.

  • Sometimes, variables created in the PSUHeader region get duplicated (unless that’s been fixed recently).

  • In the future, I might switch to pulling secrets from our external secret store so I don’t have to reset them in PSU when I rebuild the environment.

I know that’s not exactly what you’re askin for, but that’s how I’m doing a dev environment.

5 Likes