2021 Jan 4

Copy Files from Bitbucket to DFS

You might have a magic opportunity to delegate some stuff to the First Line, Junior colleagues etc., also you may need to automate it for yourself. In my current company we are using the on-premise Bitbucket for the VPN repositories, as regardless of the year (2020-2021) you are still expected to have the VPN, and git is a good tool to monitor activities and changes. Also, we are having the DFS servers for people to share their files.

This script has been tested working with Windows, there is nothing hard to use it with some GNU/Linux distributions. Actually, the first (test) version of the script was using the aliases like cp and cd, but if you want to be fully compliant with the guidelines and make VS Code happy you should use the native PowerShell ones.

Some prerequisites:

  1. You should create the DFS share (the howto is coming)
  2. You should create a user in AD and grant it the RW access to that share. It's a good practice to have RW access for your normal account as well, but leave read-only for the L1
  3. You need to grant read access to the repository for this user. Read is enough to clone the repo, we don't need to have any changes made by this account.
  4. You need to install Git for Windows on the machine you are using for this task

Also, I will replace our Butbucket and DFS links with $bitbucket and $dfs respectively, but will leave the last part, which point to the particular directories and to the particular git file.

Get-ChildItem -Path "\\$dfs\L1Support\VPN_QRCodes" -Recurse | Foreach-object { Remove-item -Recurse -path $_.FullName }
Set-Location C:\git
git clone ssh://git@bitbucketdomain.tld:7999/vpnrepo/vpn.git 2> $null
Robocopy .\vpn\public\ \\hiq.local\Shares\L1Support\VPN_QRCodes *.png
Remove-Item C:\git\vpn -Force -Recurse

This script is scheduled for every night, and is rather straightforward. Line 1 is used to remove the content of the folder VPN_QRCodes, if you use just Remove-Item you will end up with deletion of the original folder, and next time the script will try to copy there, but you will just get a file with this name, but no QR codes inside a folder (which is what we need). Line 2 is required to be run from anywhere, as it goes to one and the same location. It is less necessary, but as it is still the local machine, is good to go there and execute the rest of the commands from a dedicated place. This directory should exist.

Line 3 is used to connect to the Bitbucket with the profile DFSCopy (the specified name) and to download the repository locally. I like doing that on the server, as it runs mostly 24/7. Also, you need to run the command manually to store credentials. Alternatively, you can provide the password after the username and colon (like DFSCopy:4XXFy#dy6hYyUz$), but that is not secure (and that is not our password - it was just randomly generated for the example). Line 4 is used to copy just png files (the format of our QR codes) to the remote location on the server. It runs for about 5 seconds at night, so no one is accessing the share nor repository. Line 5 just removes the folder vpn (the one we clone from Bitbucket), then the script stops.

Just to add, it's rather important to keep QR codes and actual VPN keys separately to avoid any breaches.

I can see one possible failure as well: it deletes the files firstly, and then copies the new ones to the file server, so if something is wrong either with DFS or Bitbucket we might end with an empty folder, but if something is really wrong, QR codes will not be one of your high-priority problems.