Build scripts does not work when dev client is in constrained mode (AppLocker)

[johlju]

Problem description

Certain commands are not allowed to run on clients that has been locked down with AppLocker, where PowerShell is running in constrained mode.

Verbose logs

InvalidOperation: C:\Users\johlju\source\Sampler\build.ps1:468
Line |
 468 |  …         if ($MyInvocation.BoundParameters.ContainsKey($cmdParameter)) …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Cannot invoke method. Method invocation is supported only on core types in this language mode.

InvalidOperation: C:\Users\johlju\source\Sampler\Resolve-Dependency.ps1:291
Line |
 291 |      if ($PSBoundParameters.ContainsKey('MinimumPSDependVersion'))
     |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Cannot invoke method. Method invocation is supported only on core types in this language mode.

How to reproduce

Run build.ps1 on a machine that has been locked down in constrained mode.

Expected behavior

Being able to run in constrained mode.

Current behavior

Fails to run in constrained mode

Suggested solution

Suggested solution will be added as comments and a PR if it is possible to change the code to allow it to run. Might not be possible since the pipeline is dependent on other modules.

Operating system the target node is running

Windows 10

PowerShell version and build the target node is running

PowerShell 7.2.1

Module version used

From `main` branch.

[johlju]

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/build.ps1#L159

Needs to change to:

if (-not ($PSBoundParameters.Keys -contains 'BuildInfo'))

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/build.ps1#L251

Needs to change to:

elseif ($BuildInfo.Keys -contains 'BuiltModuleSubDirectory')

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/build.ps1#L272

Needs to change to:

if ($BuildInfo.Keys -contains 'ModuleBuildTasks')

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/build.ps1#L436

Needs to change to:

if ($AutoRestore -or -not ($PSBoundParameters.Keys -contains 'Tasks') -or $Tasks -contains 'build')

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/build.ps1#L468

Needs to change to:

if ($MyInvocation.BoundParameters.Keys -contains $cmdParameter)

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/build.ps1#L499

Needs to change to:

if ($PSBoundParameters.Keys -contains 'ResolveDependency')

[johlju]

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/Resolve-Dependency.ps1#L139

Needs to change to:

if (-not ($PSBoundParameters.Keys -contains $parameterName) -and ($resolveDependencyDefaults.Keys -contains $parameterName))

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/Resolve-Dependency.ps1#L291

Needs to change to:

if ($PSBoundParameters.Keys -contains 'MinimumPSDependVersion')

https://github.com/gaelcolas/Sampler/blob/d19ef072498ac9df81a3839b0b7a502a066f2235/Resolve-Dependency.ps1#L360

Needs to change to:

if ($PSBoundParameters.Keys -contains 'MinimumPSDependVersion')

[johlju]

It is not possible to work around with code. The build scripts can be worked around, but then it fails on dependent modules as I thought.