refactor(scripts): replace raw GITHUB_OUTPUT with Set-CIOutput in Package-Extension (#391)

WilliamBerryiii · web-flow · commit 74a30bb2dc13 · 2026-02-03T11:02:24.000-08:00
# Pull Request ## Description Refactors `Package-Extension.ps1` to use the existing `CIHelpers` module instead of raw `GITHUB_OUTPUT` file writes. This change: - Replaces 4-line conditional block with 3 `Set-CIOutput` calls - Provides consistent CI output handling across GitHub Actions and Azure DevOps - Adds automatic escaping for special characters via `CIHelpers` module - Removes platform-specific conditional logic from the script The `CIHelpers.psm1` module handles injection prevention by escaping `%`, `\r`, `\n`, `::`, `[`, `]`, and `;` characters in output values. ## Related Issue(s) Fixes #350 ## Type of Change Select all that apply: **Code & Documentation:** - [ ] Bug fix (non-breaking change fixing an issue) - [ ] New feature (non-breaking change adding functionality) - [ ] Breaking change (fix or feature causing existing functionality to change) - [ ] Documentation update **Infrastructure & Configuration:** - [ ] GitHub Actions workflow - [ ] Linting configuration (markdown, PowerShell, etc.) - [ ] Security configuration - [ ] DevContainer configuration - [ ] Dependency update **AI Artifacts:** - [ ] Reviewed contribution with `prompt-builder` agent and addressed all feedback - [ ] Copilot instructions (`.github/instructions/*.instructions.md`) - [ ] Copilot prompt (`.github/prompts/*.prompt.md`) - [ ] Copilot agent (`.github/agents/*.agent.md`) **Other:** - [x] Script/automation (`.ps1`, `.sh`, `.py`) - [ ] Other (please describe): ## Testing - **PSScriptAnalyzer**: 38 files analyzed, all passed - **Pester Tests**: 42 tests passed (includes CIHelpers.Tests.ps1 injection prevention tests) - **Manual Verification**: Confirmed `Set-CIOutput` correctly outputs values for `version`, `vsix-file`, and `pre-release` ## Checklist ### Required Checks - [x] Documentation is updated (if applicable) - [x] Files follow existing naming conventions - [x] Changes are backwards compatible (if applicable) - [ ] Tests added for new functionality (if applicable) ### Required Automated Checks The following validation commands must pass before merging: - [x] Markdown linting: `npm run lint:md` - [x] Spell checking: `npm run spell-check` - [x] Frontmatter validation: `npm run lint:frontmatter` - [x] Link validation: `npm run lint:md-links` - [x] PowerShell analysis: `npm run lint:ps` ## Security Considerations - [x] This PR does not contain any sensitive or NDA information - [x] Any new dependencies have been reviewed for security issues - [x] Security-related scripts follow the principle of least privilege **Security Analysis:** The refactoring improves security by leveraging `CIHelpers` module's built-in escaping functions: - `ConvertTo-GitHubActionsEscaped`: Escapes `%`, `\r`, `\n`, `::` to prevent workflow command injection - `ConvertTo-AzureDevOpsEscaped`: Escapes `%`, `\r`, `\n`, `[`, `]`, `;` to prevent logging command injection Test coverage for injection prevention exists in `CIHelpers.Tests.ps1` (lines 192-209 for Azure DevOps, lines 340-400 for GitHub Actions). ## Additional Notes - The `$PreRelease.IsPresent` boolean auto-converts to `"True"/"False"` string, matching original behavior - The `CIHelpers` module was already imported at line 73 of `Package-Extension.ps1` - `Set-CIOutput` is a no-op when not running in CI environments (both `$env:GITHUB_OUTPUT` and `$env:TF_BUILD` are absent)
diff --git a/scripts/extension/Package-Extension.ps1 b/scripts/extension/Package-Extension.ps1
@@ -535,11 +535,9 @@ function Invoke-PackageExtension {
         Write-Host "   Version: $packageVersion" -ForegroundColor Cyan
 
         # Output for CI/CD consumption
-        if ($env:GITHUB_OUTPUT) {
-            "version=$packageVersion" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8
-            "vsix-file=$($vsixFile.Name)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8
-            "pre-release=$($PreRelease.IsPresent)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding utf8
-        }
+        Set-CIOutput -Name 'version' -Value $packageVersion
+        Set-CIOutput -Name 'vsix-file' -Value $vsixFile.Name
+        Set-CIOutput -Name 'pre-release' -Value $PreRelease.IsPresent
 
         Write-Host ""
         Write-Host "🎉 Done!" -ForegroundColor Green
diff --git a/scripts/tests/extension/Package-Extension.Tests.ps1 b/scripts/tests/extension/Package-Extension.Tests.ps1
@@ -4,6 +4,8 @@
 
 BeforeAll {
     . $PSScriptRoot/../../extension/Package-Extension.ps1
+    Import-Module "$PSScriptRoot/../Mocks/GitMocks.psm1" -Force
+    Import-Module "$PSScriptRoot/../../lib/Modules/CIHelpers.psm1" -Force
 }
 
 Describe 'Test-VsceAvailable' {
@@ -460,3 +462,143 @@ Describe 'Invoke-PackageExtension' {
         $result.ErrorMessage | Should -Match 'vsce package command failed|The term'
     }
 }
+
+Describe 'CI Integration - Package-Extension' {
+    BeforeAll {
+        $script:testRoot = Join-Path ([System.IO.Path]::GetTempPath()) "ci-int-test-$([guid]::NewGuid().ToString('N').Substring(0,8))"
+        $script:extDir = Join-Path $script:testRoot 'extension'
+        $script:repoRoot = Join-Path $script:testRoot 'repo'
+    }
+
+    AfterAll {
+        if (Test-Path $script:testRoot) {
+            Remove-Item -Path $script:testRoot -Recurse -Force -ErrorAction SilentlyContinue
+        }
+    }
+
+    Context 'GitHub Actions environment' {
+        BeforeEach {
+            Initialize-MockGitHubEnvironment
+            New-Item -Path $script:extDir -ItemType Directory -Force | Out-Null
+            New-Item -Path $script:repoRoot -ItemType Directory -Force | Out-Null
+            New-Item -Path (Join-Path $script:repoRoot '.github') -ItemType Directory -Force | Out-Null
+            New-Item -Path (Join-Path $script:repoRoot 'scripts/dev-tools') -ItemType Directory -Force | Out-Null
+            New-Item -Path (Join-Path $script:repoRoot 'docs/templates') -ItemType Directory -Force | Out-Null
+
+            $manifest = @{
+                name      = 'test-ext'
+                version   = '1.0.0'
+                publisher = 'test'
+                engines   = @{ vscode = '^1.80.0' }
+            }
+            $manifest | ConvertTo-Json | Set-Content (Join-Path $script:extDir 'package.json')
+        }
+
+        AfterEach {
+            Clear-MockGitHubEnvironment
+            if (Test-Path $script:testRoot) {
+                Remove-Item -Path $script:testRoot -Recurse -Force -ErrorAction SilentlyContinue
+            }
+        }
+
+        It 'Sets version output variable on successful package' {
+            Mock Test-VsceAvailable { return @{ IsAvailable = $true; CommandType = 'vsce'; Command = 'vsce' } }
+            Mock Get-VscePackageCommand { return @{ Executable = 'echo'; Arguments = @('mocked') } }
+
+            $vsixPath = Join-Path $script:extDir 'test-ext-1.0.0.vsix'
+            Set-Content -Path $vsixPath -Value 'fake-vsix'
+
+            $null = Invoke-PackageExtension -ExtensionDirectory $script:extDir -RepoRoot $script:repoRoot
+
+            $outputContent = Get-Content $env:GITHUB_OUTPUT -Raw
+            $outputContent | Should -Match 'version=1\.0\.0'
+        }
+
+        It 'Sets vsix-file output variable on successful package' {
+            Mock Test-VsceAvailable { return @{ IsAvailable = $true; CommandType = 'vsce'; Command = 'vsce' } }
+            Mock Get-VscePackageCommand { return @{ Executable = 'echo'; Arguments = @('mocked') } }
+
+            $vsixPath = Join-Path $script:extDir 'test-ext-1.0.0.vsix'
+            Set-Content -Path $vsixPath -Value 'fake-vsix'
+
+            $null = Invoke-PackageExtension -ExtensionDirectory $script:extDir -RepoRoot $script:repoRoot
+
+            $outputContent = Get-Content $env:GITHUB_OUTPUT -Raw
+            $outputContent | Should -Match 'vsix-file=test-ext-1\.0\.0\.vsix'
+        }
+
+        It 'Sets pre-release output variable when PreRelease specified' {
+            Mock Test-VsceAvailable { return @{ IsAvailable = $true; CommandType = 'vsce'; Command = 'vsce' } }
+            Mock Get-VscePackageCommand { return @{ Executable = 'echo'; Arguments = @('mocked') } }
+
+            $vsixPath = Join-Path $script:extDir 'test-ext-1.0.0.vsix'
+            Set-Content -Path $vsixPath -Value 'fake-vsix'
+
+            $null = Invoke-PackageExtension -ExtensionDirectory $script:extDir -RepoRoot $script:repoRoot -PreRelease
+
+            $outputContent = Get-Content $env:GITHUB_OUTPUT -Raw
+            $outputContent | Should -Match 'pre-release=True'
+        }
+
+        It 'Sets pre-release output variable to false when PreRelease not specified' {
+            Mock Test-VsceAvailable { return @{ IsAvailable = $true; CommandType = 'vsce'; Command = 'vsce' } }
+            Mock Get-VscePackageCommand { return @{ Executable = 'echo'; Arguments = @('mocked') } }
+
+            $vsixPath = Join-Path $script:extDir 'test-ext-1.0.0.vsix'
+            Set-Content -Path $vsixPath -Value 'fake-vsix'
+
+            $null = Invoke-PackageExtension -ExtensionDirectory $script:extDir -RepoRoot $script:repoRoot
+
+            $outputContent = Get-Content $env:GITHUB_OUTPUT -Raw
+            $outputContent | Should -Match 'pre-release=False'
+        }
+
+        It 'Returns failure result when vsce command fails' {
+            Mock Test-VsceAvailable { return @{ IsAvailable = $true; CommandType = 'vsce'; Command = 'vsce' } }
+            Mock Get-VscePackageCommand { return @{ Executable = 'pwsh'; Arguments = @('-Command', 'exit 1') } }
+
+            $result = Invoke-PackageExtension -ExtensionDirectory $script:extDir -RepoRoot $script:repoRoot
+
+            $result.Success | Should -BeFalse
+            $result.ErrorMessage | Should -Match 'vsce package command failed'
+        }
+    }
+
+    Context 'Local environment' {
+        BeforeEach {
+            Clear-MockGitHubEnvironment
+
+            New-Item -Path $script:extDir -ItemType Directory -Force | Out-Null
+            New-Item -Path $script:repoRoot -ItemType Directory -Force | Out-Null
+            New-Item -Path (Join-Path $script:repoRoot '.github') -ItemType Directory -Force | Out-Null
+            New-Item -Path (Join-Path $script:repoRoot 'scripts/dev-tools') -ItemType Directory -Force | Out-Null
+            New-Item -Path (Join-Path $script:repoRoot 'docs/templates') -ItemType Directory -Force | Out-Null
+
+            $manifest = @{
+                name      = 'test-ext'
+                version   = '1.0.0'
+                publisher = 'test'
+                engines   = @{ vscode = '^1.80.0' }
+            }
+            $manifest | ConvertTo-Json | Set-Content (Join-Path $script:extDir 'package.json')
+        }
+
+        AfterEach {
+            if (Test-Path $script:testRoot) {
+                Remove-Item -Path $script:testRoot -Recurse -Force -ErrorAction SilentlyContinue
+            }
+        }
+
+        It 'Completes without error when not in CI environment' {
+            Mock Test-VsceAvailable { return @{ IsAvailable = $true; CommandType = 'vsce'; Command = 'vsce' } }
+            Mock Get-VscePackageCommand { return @{ Executable = 'echo'; Arguments = @('mocked') } }
+
+            $vsixPath = Join-Path $script:extDir 'test-ext-1.0.0.vsix'
+            Set-Content -Path $vsixPath -Value 'fake-vsix'
+
+            $result = Invoke-PackageExtension -ExtensionDirectory $script:extDir -RepoRoot $script:repoRoot
+
+            $result.Success | Should -BeTrue
+        }
+    }
+}
