feat(scripts): extract embedded PowerShell from workflows into testable scripts

[WilliamBerryiii]

Description

Extract embedded PowerShell from two GitHub Actions workflows into standalone, testable scripts as a pilot for the workflow-embedded testing pattern (issue #736). Both workflows retain their step structure with thin wrapper calls replacing inline code. The extracted scripts follow a Core-function + script-guard architecture using $MyInvocation.InvocationName -ne '.' for dot-source testability, adopt CIHelpers.psm1 for injection-safe CI output, and include comprehensive Pester test suites achieving 100% code coverage across 37 tests.

Extracted Scripts

Get-ChangedTestFiles.ps1 (extracted from pester-tests.yml) runs git diff --name-only against the base branch, resolves corresponding .Tests.ps1 files across scripts/tests/ and skill directories, includes directly changed tests, and deduplicates. Returns a [PSCustomObject] with HasChanges, TestPaths, and ChangedFiles.

Find-CollectionManifests.ps1 (extracted from extension-package.yml) discovers *.collection.yml manifests, filters by maturity and release channel (deprecated always excluded, experimental excluded for Stable), and returns a [PSCustomObject] with MatrixJson, MatrixItems, and Skipped. Requires the PowerShell-Yaml module.

Workflow Modifications

pester-tests.yml had ~63 lines of embedded PowerShell removed and replaced with a single-line call to Get-ChangedTestFiles.ps1. extension-package.yml had ~41 lines removed and replaced with a call to Find-CollectionManifests.ps1.

Test Coverage

37 total Pester tests (16 + 21) validate both scripts with isolated GUID-based temp directories. Coverage configuration in pester.config.ps1 was updated to include scripts/tests/ in the coverage directory list.

Related Issue(s)

Related to #736

Type of Change

Select all that apply:

Code & Documentation:

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Infrastructure & Configuration:

• GitHub Actions workflow
• Linting configuration (markdown, PowerShell, etc.)
• Security configuration
• DevContainer configuration
• Dependency update

AI Artifacts:

• Reviewed contribution with prompt-builder agent and addressed all feedback
• Copilot instructions (.github/instructions/*.instructions.md)
• Copilot prompt (.github/prompts/*.prompt.md)
• Copilot agent (.github/agents/*.agent.md)
• Copilot skill (.github/skills/*/SKILL.md)

Other:

• Script/automation (.ps1, .sh, .py)
• Other (please describe):

Testing

All extracted scripts are fully tested with Pester 5.7.1:

• Get-ChangedTestFiles.Tests.ps1: 16 tests covering empty diff, matching test resolution, missing test handling, directly changed test inclusion, skill directory discovery (depth 1 and 2), missing skills directory, deduplication, git diff failure, and script guard CI integration
• Find-CollectionManifests.Tests.ps1: 21 tests covering single/multiple manifest discovery, deprecated/experimental filtering, channel-specific behavior, skipped collection tracking with reasons, missing name/maturity field defaults, valid JSON output, and script guard CI execution
• All tests use isolated GUID-based temp directories with cleanup
• 100% code coverage achieved on both scripts
• Validated via npm run test:ps with pester-summary.json confirming 37/37 pass

Checklist

Required Checks

• Documentation is updated (if applicable)
• Files follow existing naming conventions
• Changes are backwards compatible (if applicable)
• Tests added for new functionality (if applicable)

Required Automated Checks

The following validation commands must pass before merging:

• Markdown linting: npm run lint:md
• Spell checking: npm run spell-check
• Frontmatter validation: npm run lint:frontmatter
• Skill structure validation: npm run validate:skills
• Link validation: npm run lint:md-links
• PowerShell analysis: npm run lint:ps
• Plugin freshness: npm run plugin:generate

Security Considerations

• This PR does not contain any sensitive or NDA information
• Any new dependencies have been reviewed for security issues
• Security-related scripts follow the principle of least privilege

Additional Notes

This is a pilot for the workflow-embedded PowerShell testing pattern. The Core-function + script-guard architecture enables unit testing of CI logic without executing CI side effects. If validated, this pattern can be applied to other workflows with embedded PowerShell.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.68%. Comparing base (780cf22) to head (7948261).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #738      +/-   ##
==========================================
+ Coverage   86.59%   86.68%   +0.09%     
==========================================
  Files          25       26       +1     
  Lines        4893     4936      +43     
==========================================
+ Hits         4237     4279      +42     
- Misses        656      657       +1     

Flag	Coverage Δ
pester	86.68% <100.00%> (+0.09%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
scripts/extension/Find-CollectionManifests.ps1	100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[katriendg]

Really good idea, extracting out and testability. Me like!