What is the 'best practice' GIT setup for a Prod / Dev environment?

I’m not sure how things are meant to be done, but I can try to detail what I do, which does require a remote Git repository. For starters, as I said in the PowerShell Discord on this topic, I don’t use Git sync with the database.

The Git Setup

  1. Create a Git repository containing the contents of the $env:ProgramData\UniversalAutomation\Repository folder.
  2. Create a new branch from main called dev.
  3. Host that repository on a web service accessible to the PSU server (I use CodeCommit, but GitHub would be much easier).
  4. Install Git on the PSU server, because this method requires an external Git client.
  5. Configure Git credentials:
    1. Umm… I forgot how I did this, and I didn’t document it. I’m probably doing something weird, because it’s CodeCommit.
    2. This should help you, though: https://docs.powershelluniversal.com/config/git#setting-credentials
  6. Add $env:ProgramData\UniversalAutomation\Repository as a safe folder in your Git configuration:
    git config --global --add safe.directory "$env:ProgramData/UniversalAutomation/Repository"

PSU Git Settings

  1. Configure Git Settings as follows:
    • Remote: <path to my remote repository>
    • Branch: main
    • Sync Behavior: One-Way
    • Sync Interval: 10
    • Use External Git Client: True
    • Mode: Automatic
    • Bundle Git Repository in Database: False
  2. Configure it the same in your dev environment:

Generalize the environment

To create variables I can use in places like authentication.ps1, I borrowed this trick from @mikedhanson Setup environment-specific variables in PSUHeader

For secrets, I use the PSUSecretStore vault for those variables in my variables.ps1 file like this:
New-PSUVariable -Name "MyApiKey" -Vault "PSUSecretStore" -Type "System.String"
Then I set the secrets through the web UI. This kind of sucks when you’re destroying the environment frequently.

Caveats, etc.

  • The biggie: Your web UI basically becomes read-only. I think the only things you can change through the UI are Git settings and secret values.

  • You and anyone else working on PSU kind of have to learn how to use Git. It’s a great tool to have in your toolbelt, but it’s not simple.

  • I don’t like working with a dev and main branch, but you might not have to. For me, it’s the only way I could come up with to put a “review gate” before deploying to production without the overhead of a release pipeline. In my case, changes to main have to be approved in CodeCommit. If you don’t have that same need, you can configure Git settings in your production environment for Manual synchronization. Then you can use a trunk-based development strategy, and only sync production after you have things working in dev.

  • Sometimes, variables created in the PSUHeader region get duplicated (unless that’s been fixed recently).

  • In the future, I might switch to pulling secrets from our external secret store so I don’t have to reset them in PSU when I rebuild the environment.

I know that’s not exactly what you’re askin for, but that’s how I’m doing a dev environment.

6 Likes