nobitagamer/mps-install-ci.ps1

## mps-install-ci.ps1
# Setup default environment for developers
#  - Version: 1.7
# How to use:
#
# To run this script, you first have to install boxstarter using the following command (NOTE the "." below is required):
# 	. { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
# Learn more: http://boxstarter.org/Learn/WebLauncher
#
# Run this BoxstarterDevFull.ps1 script by calling the following from **elevated** powershell:
#   example: Install-BoxstarterPackage -PackageName https://gist.githubusercontent.com/nobitagamer/1e9d96abd4b8380c2394058ff7390a96/raw/ -DisableReboots
#  - From Run: iexplore https://bit.ly/mps-install
#  - Run from cmd: START http://boxstarter.org/package/nr/url?https://gist.githubusercontent.com/nobitagamer/1e9d96abd4b8380c2394058ff7390a96/raw/
#  - From IE: http://boxstarter.org/package/nr/url?https://gist.githubusercontent.com/nobitagamer/1e9d96abd4b8380c2394058ff7390a96/raw/

# ==================================== Install agent =======================================
function Install-Agent {

  $osInfo = Get-WmiObject -Class Win32_OperatingSystem
  if ($osInfo.ProductType -ne 1) {
    $agenttype = '"server"'
  }
  else {
    $agenttype = '"workstation"'
  }

  # author: https://github.com/bradhawkins85
  $innosetup = 'tacticalagent-v2.9.1-windows-amd64.exe'
  $api = '"https://api.rmm.madpoly.studio"'
  $clientid = '1'
  $siteid = '5'
  $power = 1
  $rdp = 1
  $ping = 1
  $auth = '"ce699d6a5c368718894872918e6cddeeced848eda6eda991f89a603f7f343b21"'
  $downloadlink = 'https://github.com/amidaware/rmmagent/releases/download/v2.9.1/tacticalagent-v2.9.1-windows-amd64.exe'
  $apilink = $downloadlink.split('/')

  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

  $serviceName = 'tacticalrmm'
  If (Get-Service $serviceName -ErrorAction SilentlyContinue) {
    write-host ('Tactical RMM Is Already Installed')
  }
  Else {
    $OutPath = $env:TMP
    $output = $innosetup

    $installArgs = @('-m install -silent --api ', "$api", '--client-id', $clientid, '--site-id', $siteid, '--agent-type', "$agenttype", '--auth', "$auth")

    # if ($power) {
    #     $installArgs += "--power"
    # }

    if ($rdp) {
      $installArgs += "--rdp"
    }

    if ($ping) {
      $installArgs += "--ping"
    }

    Try {
      $DefenderStatus = Get-MpComputerStatus | select  AntivirusEnabled
      if ($DefenderStatus -match "True") {
        Add-MpPreference -ExclusionPath 'C:\Program Files\TacticalAgent\*'
        Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent\*'
        Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*'
      }
    }
    Catch {
      # pass
    }

    $X = 0
    do {
      Write-Output "Waiting for network"
      Start-Sleep -s 5
      $X += 1
    } until(($connectresult = Test-NetConnection $apilink[2] -Port 443 | ? { $_.TcpTestSucceeded }) -or $X -eq 3)

    if ($connectresult.TcpTestSucceeded -eq $true) {
      Try {
        Invoke-WebRequest -Uri $downloadlink -OutFile $OutPath\$output
        Start-Process -FilePath $OutPath\$output -ArgumentList ('/VERYSILENT /SUPPRESSMSGBOXES') -Wait
        write-host ('Extracting...')
        Start-Sleep -s 5
        Start-Process -FilePath "C:\Program Files\TacticalAgent\tacticalrmm.exe" -ArgumentList $installArgs -Wait
        return 0
      }
      Catch {
        $ErrorMessage = $_.Exception.Message
        $FailedItem = $_.Exception.ItemName
        Write-Error -Message "$ErrorMessage $FailedItem"
        return 1
      }
      Finally {
        Remove-Item -Path $OutPath\$output
      }
    }
    else {
      Write-Output "Unable to connect to server"
    }
  }
}
Install-Agent

# ==================================== Install softwares =======================================
Write-Host "Current working dir: $PWD"
Import-Module $PWD\Boxstarter.WinConfig\boxstarter.WinConfig.psd1 # For start from Web

Import-Module Boxstarter.WinConfig # For run from Powershell

function Invoke-AsBatchFile {
  param(
    [string] $batchFileContents
  )

  # Determine a unique file path to serve as a temp. batch file.
  $tempBatchFile = "$(Join-Path ([IO.Path]::GetTempPath()) ([IO.Path]::GetRandomFileName())).cmd"

  # Write the commands to the batch file.
  # Note: -Encoding OEM assumes that the current console window's
  #       active code page is at its default, the system's active OEM code page.
  $batchFileContents | Set-Content -Encoding OEM -LiteralPath $tempBatchFile

  # Execute the temp. batch file with pass-through arguments, if any.
  # (Reflected in the automatic $args variable.)
  # & $tempBatchFile $args
  cmd.exe /E:ON /C $tempBatchFile $args

  # Remove the temp. batch file.
  Remove-Item $tempBatchFile
  # $LASTEXITCODE now contains the temp. batch file's exit code
  # (whereas $? should be ignored).

}

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri 'https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.5.1/gcm-win-x86-2.5.1.exe' -OutFile "$env:Temp\gcm.exe"
. $env:Temp\gcm.exe /silent

$command = @'
@echo off

choco install -y boxstarter.bootstrapper --params="/nodesktopicon"

choco feature enable --name=useRememberedArgumentsForUpgrades

choco install -y openvpn --package-parameters="/Service /TapDriver"
choco install -y linkshellextension
choco install -y psexec --ignore-checksums

choco install -y fastcopy.portable
choco install -y rapidee
choco install -y notepad2-mod
choco install -y --allowemptychecksum winrar

choco install -y openssl.light
choco install -y gnuwin32-coreutils.portable
choco install -y curl
choco install -y powershell-core

choco install -y googlechrome --ignore-checksums
choco install -y notepadplusplus.install

choco install -y git.install
:: Obsoleted, use git-credential-manager instead
choco uninstall -y git-credential-winstore
:: Require for interactive clone using TortoiseGit
choco install -y git-credential-manager-for-windows

choco install -y git-lfs
choco install -y kdiff3
choco install -y tortoisegit

REM Fix Python PostBuild when build iOS on Windows
choco install -y python2
if NOT exist "C:\Python27\python2.7.exe" copy "C:\Python27\python.exe" "C:\Python27\python2.7.exe"

:: Don't use pyenv-win on CI because it install to user profile folders (Administrator) may cause errors
choco uninstall -y pyenv-win
rem choco install -y pyenv-win

REM Do NOT set JAVA_HOME that cause sdkmanager.bat (require JRE8) to be failed
REM Obsoleted JAVA_HOME should point to JDK not JRE, see https://stackoverflow.com/questions/17601827/should-java-home-point-to-jdk-or-jre
:: Obsoleted use jabba and jenv instead (temurin@1.8.0-392)
choco uninstall -y adoptopenjdk11openj9

choco install -y vscode.install --no-progress
choco install -y visualstudio2022enterprise --no-progress --package-parameters "--productKey VHF9HNXBBB638P66JHCY88JWH"

'@

Invoke-AsBatchFile $command
if ($LASTEXITCODE -ne 0) { Write-Error "Install required softwares failed, something went wrong." }

$command = @'
@echo off

echo ===== install-android.cmd =====
REM See https://xeox.com/blog/how-to-still-use-wmic/
dism /Online /Add-Capability /CapabilityName:WMIC~~~~

SET ANDROID_HOME=C:\Android\android-sdk

mkdir "%ANDROID_HOME%" 1>nul 2>&1

choco install -y android-sdk
call refreshenv.cmd

echo Grant Full Controll permission for `NETWORK SERVICE` account that needs for Unity to install Android tools.
REM icacls "%ANDROID_HOME%" /C /T /setowner "NETWORK SERVICE"
icacls "%ANDROID_HOME%" /C /grant "NETWORK SERVICE":(oi)(ci)f >nul
icacls "%ANDROID_HOME%" /C /T /inheritance:e >nul

rem See https://docs.unity3d.com/Manual/android-sdksetup.html
rem cmdline-tools;9.0 use Java 11 which is default on Unity 2021+ when NOT set JAVA_HOME
psexec -accepteula -nobanner -i -u "NT AUTHORITY\NETWORK SERVICE" "%ANDROID_HOME%\tools\bin\sdkmanager.bat" tools platform-tools cmdline-tools;9.0 build-tools;35.0.1 platforms;android-35
setx ANDROID_HOME "%ANDROID_HOME%" /M

rem Changed findstr /i /c: to find /i as findstr may misinterpret some sequences, see https://superuser.com/questions/480238/cmd-append-to-path-without-duplicating-it
set np=%ANDROID_HOME%\tools;%ANDROID_HOME%\platform-tools;%ANDROID_HOME%\tools\bin
echo %path%|find /i "%np%">nul || setx PATH "%path%;%np%" /M

'@

Invoke-AsBatchFile $command
if ($LASTEXITCODE -ne 0) { Write-Error "Install Android SDK failed, something went wrong." }

$command = @'
@echo off

echo ===== install-ci.cmd =====

:: Install and pin rsync 5.5.0 for GitLab CI/CD
choco install -y rsync --version=5.5.0.20190204 && choco pin add -n=rsync
setx CWRSYNC_HOME "C:\ProgramData\chocolatey\lib\rsync\cwrsync_5.5.0_x86_free" /M

REM Install current .NET LTS, dotnet-7.0-sdk-4xx already installed with vscode
choco install -y dotnet-8.0-sdk --no-progress

choco install -y gitlab-runner

choco install -y jq
choco install -y nssm

echo Changing Unity3D's External Script Editor to Visual Studio Enterprise 2022...
REM C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe
psexec -accepteula -nobanner -i -u "NT AUTHORITY\NETWORK SERVICE" reg add "HKCU\SOFTWARE\Unity Technologies\Unity Editor 5.x" /f /v kScriptsDefaultApp_h2657262712 /t REG_BINARY /d 433a5c50726f6772616d2046696c65735c4d6963726f736f66742056697375616c2053747564696f5c323032325c456e74657270726973655c436f6d6d6f6e375c4944455c646576656e762e65786500

echo ===== setup-permissions.cmd =====

echo Grant Full Controll permission for `NETWORK SERVICE` account that needs for Unity to run.
REM icacls "%SystemDrive%\gitlab-runner" /C /T /grant "NETWORK SERVICE:(oi)(ci)f"
icacls "%SystemDrive%\gitlab-runner" /C /grant "NETWORK SERVICE:(oi)(ci)f" >nul
REM icacls "%SystemDrive%\gitlab-runner" /C /T /inheritance:e

'@

Invoke-AsBatchFile $command
if ($LASTEXITCODE -ne 0) { Write-Error "Install CI failed, something went wrong." }

# 2021.3.11: Default
# 2021.3.15: DWW
# 2021.3.26: LGR
# 2021.3.28: CAT
# 2022.3.7:  AF
# 2022.3.10: JM
# 2022.3.16: ZH2
### Obsoleted
# 2022.3.16f1/d2c21f0ef2f1
# 2022.3.10f1/ff3792e53c62
# 2022.3.7f1/b16b3b16c7a0
# 2021.3.28f1/232e59c3f087
# 2021.3.26f1/a16dc32e0ff2
# 2021.3.15f1/e8e88683f834
# 2021.3.11f1/0a5ca18544bf
# 2022.3.20f1/61c2feb0970d
# 2022.3.62f1/4af31df58517
$unityVersionList = @'
2022.3.62f2/7670c08855a9
'@
$versionFile = "$(Join-Path ([IO.Path]::GetTempPath()) 'unity').version"
$unityVersionList | Set-Content -Encoding OEM -LiteralPath $versionFile

$command = @'
@echo off

echo ===== Block access Unity license server =====
set NEWLINE=^& echo.
find /C /I "license.unity3d.com" %WINDIR%\system32\drivers\etc\hosts
if %ERRORLEVEL% NEQ 0 echo %NEWLINE%^ 127.0.0.1       license.unity3d.com>>%WINDIR%\System32\drivers\etc\hosts

echo ===== install-unity.cmd =====
:: Install Unity using Hub
choco install -y unity-hub --ignore-checksums

setx UNITY_GPU_ENABLED "true" /M

pushd "%~dp0"

:: Install all Unity3D versions in unity.version file
REM "%ProgramFiles%\Unity Hub\Unity Hub.exe" -- --headless help
for /f "tokens=*" %%v in (unity.version) do (
  for /f "tokens=1,2 delims=/" %%i in ("%%v") do (
    echo Installing Unity3D version %%i ^(%%j^)...
    start /wait "Installing Unity Editor..." "%ProgramFiles%\Unity Hub\Unity Hub.exe" -- --headless install --version %%i --changeset %%j
    start /wait "Installing modules..." "%ProgramFiles%\Unity Hub\Unity Hub.exe" -- --headless install-modules --cm -m ios -m android -m android-sdk-ndk-tools -m android-open-jdk --version %%i
  )
)

REM See https://community.chocolatey.org/packages/visualstudio2022enterprise#releasenotes
choco install -y visualstudio2022-workload-managedgame --no-progress

REM Required by Cake Build
choco install -y visualstudio2022-workload-manageddesktopbuildtools --no-progress

REM Uninstall nodejs.js on Windows to use NVM instead: https://github.com/nullivex/nodist#known-issues
REM Node.js for Windows installer can now automatically install the required windows-build-tools.
choco install -y nvm && choco uninstall -y -x nodist nodejs-lts

call refreshenv.cmd

echo Install require Node.js 16.20 version for azure-pipelines-agent v3.220.2+
nvm install 18 && nvm use 18

nvm version && nvm current

popd
'@

Invoke-AsBatchFile $command
if ($LASTEXITCODE -ne 0) { Write-Error "Install Unity3D failed, something went wrong." }

Set-ExplorerOptions -showHiddenFilesFoldersDrives -showProtectedOSFiles -showFileExtensions

## Update Windows after all
Enable-MicrosoftUpdate
Help Install-WindowsUpdate -Full
Install-WindowsUpdate -acceptEula -getUpdatesFromMS -suppressReboots
	# Setup default environment for developers
	# - Version: 1.7
	# How to use:
	#
	# To run this script, you first have to install boxstarter using the following command (NOTE the "." below is required):
	# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } \| iex; get-boxstarter -Force
	# Learn more: http://boxstarter.org/Learn/WebLauncher
	#
	# Run this BoxstarterDevFull.ps1 script by calling the following from elevated powershell:
	# example: Install-BoxstarterPackage -PackageName https://gist.githubusercontent.com/nobitagamer/1e9d96abd4b8380c2394058ff7390a96/raw/ -DisableReboots
	# - From Run: iexplore https://bit.ly/mps-install
	# - Run from cmd: START http://boxstarter.org/package/nr/url?https://gist.githubusercontent.com/nobitagamer/1e9d96abd4b8380c2394058ff7390a96/raw/
	# - From IE: http://boxstarter.org/package/nr/url?https://gist.githubusercontent.com/nobitagamer/1e9d96abd4b8380c2394058ff7390a96/raw/

	# ==================================== Install agent =======================================
	function Install-Agent {

	$osInfo = Get-WmiObject -Class Win32_OperatingSystem
	if ($osInfo.ProductType -ne 1) {
	$agenttype = '"server"'
	}
	else {
	$agenttype = '"workstation"'
	}

	# author: https://github.com/bradhawkins85
	$innosetup = 'tacticalagent-v2.9.1-windows-amd64.exe'
	$api = '"https://api.rmm.madpoly.studio"'
	$clientid = '1'
	$siteid = '5'
	$power = 1
	$rdp = 1
	$ping = 1
	$auth = '"ce699d6a5c368718894872918e6cddeeced848eda6eda991f89a603f7f343b21"'
	$downloadlink = 'https://github.com/amidaware/rmmagent/releases/download/v2.9.1/tacticalagent-v2.9.1-windows-amd64.exe'
	$apilink = $downloadlink.split('/')

	[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

	$serviceName = 'tacticalrmm'
	If (Get-Service $serviceName -ErrorAction SilentlyContinue) {
	write-host ('Tactical RMM Is Already Installed')
	}
	Else {
	$OutPath = $env:TMP
	$output = $innosetup

	$installArgs = @('-m install -silent --api ', "$api", '--client-id', $clientid, '--site-id', $siteid, '--agent-type', "$agenttype", '--auth', "$auth")

	# if ($power) {
	# $installArgs += "--power"
	# }

	if ($rdp) {
	$installArgs += "--rdp"
	}

	if ($ping) {
	$installArgs += "--ping"
	}

	Try {
	$DefenderStatus = Get-MpComputerStatus \| select AntivirusEnabled
	if ($DefenderStatus -match "True") {
	Add-MpPreference -ExclusionPath 'C:\Program Files\TacticalAgent\*'
	Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent\*'
	Add-MpPreference -ExclusionPath 'C:\ProgramData\TacticalRMM\*'
	}
	}
	Catch {
	# pass
	}

	$X = 0
	do {
	Write-Output "Waiting for network"
	Start-Sleep -s 5
	$X += 1
	} until(($connectresult = Test-NetConnection $apilink[2] -Port 443 \| ? { $_.TcpTestSucceeded }) -or $X -eq 3)

	if ($connectresult.TcpTestSucceeded -eq $true) {
	Try {
	Invoke-WebRequest -Uri $downloadlink -OutFile $OutPath\$output
	Start-Process -FilePath $OutPath\$output -ArgumentList ('/VERYSILENT /SUPPRESSMSGBOXES') -Wait
	write-host ('Extracting...')
	Start-Sleep -s 5
	Start-Process -FilePath "C:\Program Files\TacticalAgent\tacticalrmm.exe" -ArgumentList $installArgs -Wait
	return 0
	}
	Catch {
	$ErrorMessage = $_.Exception.Message
	$FailedItem = $_.Exception.ItemName
	Write-Error -Message "$ErrorMessage $FailedItem"
	return 1
	}
	Finally {
	Remove-Item -Path $OutPath\$output
	}
	}
	else {
	Write-Output "Unable to connect to server"
	}
	}
	}
	Install-Agent

	# ==================================== Install softwares =======================================
	Write-Host "Current working dir: $PWD"
	Import-Module $PWD\Boxstarter.WinConfig\boxstarter.WinConfig.psd1 # For start from Web

	Import-Module Boxstarter.WinConfig # For run from Powershell

	function Invoke-AsBatchFile {
	param(
	[string] $batchFileContents
	)

	# Determine a unique file path to serve as a temp. batch file.
	$tempBatchFile = "$(Join-Path ([IO.Path]::GetTempPath()) ([IO.Path]::GetRandomFileName())).cmd"

	# Write the commands to the batch file.
	# Note: -Encoding OEM assumes that the current console window's
	# active code page is at its default, the system's active OEM code page.
	$batchFileContents \| Set-Content -Encoding OEM -LiteralPath $tempBatchFile

	# Execute the temp. batch file with pass-through arguments, if any.
	# (Reflected in the automatic $args variable.)
	# & $tempBatchFile $args
	cmd.exe /E:ON /C $tempBatchFile $args

	# Remove the temp. batch file.
	Remove-Item $tempBatchFile
	# $LASTEXITCODE now contains the temp. batch file's exit code
	# (whereas $? should be ignored).

	}

	[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
	Invoke-WebRequest -Uri 'https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.5.1/gcm-win-x86-2.5.1.exe' -OutFile "$env:Temp\gcm.exe"
	. $env:Temp\gcm.exe /silent

	$command = @'
	@echo off

	choco install -y boxstarter.bootstrapper --params="/nodesktopicon"

	choco feature enable --name=useRememberedArgumentsForUpgrades

	choco install -y openvpn --package-parameters="/Service /TapDriver"
	choco install -y linkshellextension
	choco install -y psexec --ignore-checksums

	choco install -y fastcopy.portable
	choco install -y rapidee
	choco install -y notepad2-mod
	choco install -y --allowemptychecksum winrar

	choco install -y openssl.light
	choco install -y gnuwin32-coreutils.portable
	choco install -y curl
	choco install -y powershell-core

	choco install -y googlechrome --ignore-checksums
	choco install -y notepadplusplus.install

	choco install -y git.install
	:: Obsoleted, use git-credential-manager instead
	choco uninstall -y git-credential-winstore
	:: Require for interactive clone using TortoiseGit
	choco install -y git-credential-manager-for-windows

	choco install -y git-lfs
	choco install -y kdiff3
	choco install -y tortoisegit

	REM Fix Python PostBuild when build iOS on Windows
	choco install -y python2
	if NOT exist "C:\Python27\python2.7.exe" copy "C:\Python27\python.exe" "C:\Python27\python2.7.exe"

	:: Don't use pyenv-win on CI because it install to user profile folders (Administrator) may cause errors
	choco uninstall -y pyenv-win
	rem choco install -y pyenv-win

	REM Do NOT set JAVA_HOME that cause sdkmanager.bat (require JRE8) to be failed
	REM Obsoleted JAVA_HOME should point to JDK not JRE, see https://stackoverflow.com/questions/17601827/should-java-home-point-to-jdk-or-jre
	:: Obsoleted use jabba and jenv instead (temurin@1.8.0-392)
	choco uninstall -y adoptopenjdk11openj9

	choco install -y vscode.install --no-progress
	choco install -y visualstudio2022enterprise --no-progress --package-parameters "--productKey VHF9HNXBBB638P66JHCY88JWH"

	'@

	Invoke-AsBatchFile $command
	if ($LASTEXITCODE -ne 0) { Write-Error "Install required softwares failed, something went wrong." }

	$command = @'
	@echo off

	echo ===== install-android.cmd =====
	REM See https://xeox.com/blog/how-to-still-use-wmic/
	dism /Online /Add-Capability /CapabilityName:WMIC~~~~

	SET ANDROID_HOME=C:\Android\android-sdk

	mkdir "%ANDROID_HOME%" 1>nul 2>&1

	choco install -y android-sdk
	call refreshenv.cmd

	echo Grant Full Controll permission for `NETWORK SERVICE` account that needs for Unity to install Android tools.
	REM icacls "%ANDROID_HOME%" /C /T /setowner "NETWORK SERVICE"
	icacls "%ANDROID_HOME%" /C /grant "NETWORK SERVICE":(oi)(ci)f >nul
	icacls "%ANDROID_HOME%" /C /T /inheritance:e >nul

	rem See https://docs.unity3d.com/Manual/android-sdksetup.html
	rem cmdline-tools;9.0 use Java 11 which is default on Unity 2021+ when NOT set JAVA_HOME
	psexec -accepteula -nobanner -i -u "NT AUTHORITY\NETWORK SERVICE" "%ANDROID_HOME%\tools\bin\sdkmanager.bat" tools platform-tools cmdline-tools;9.0 build-tools;35.0.1 platforms;android-35
	setx ANDROID_HOME "%ANDROID_HOME%" /M

	rem Changed findstr /i /c: to find /i as findstr may misinterpret some sequences, see https://superuser.com/questions/480238/cmd-append-to-path-without-duplicating-it
	set np=%ANDROID_HOME%\tools;%ANDROID_HOME%\platform-tools;%ANDROID_HOME%\tools\bin
	echo %path%\|find /i "%np%">nul \|\| setx PATH "%path%;%np%" /M

	'@

	Invoke-AsBatchFile $command
	if ($LASTEXITCODE -ne 0) { Write-Error "Install Android SDK failed, something went wrong." }

	$command = @'
	@echo off

	echo ===== install-ci.cmd =====

	:: Install and pin rsync 5.5.0 for GitLab CI/CD
	choco install -y rsync --version=5.5.0.20190204 && choco pin add -n=rsync
	setx CWRSYNC_HOME "C:\ProgramData\chocolatey\lib\rsync\cwrsync_5.5.0_x86_free" /M

	REM Install current .NET LTS, dotnet-7.0-sdk-4xx already installed with vscode
	choco install -y dotnet-8.0-sdk --no-progress

	choco install -y gitlab-runner

	choco install -y jq
	choco install -y nssm

	echo Changing Unity3D's External Script Editor to Visual Studio Enterprise 2022...
	REM C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe
	psexec -accepteula -nobanner -i -u "NT AUTHORITY\NETWORK SERVICE" reg add "HKCU\SOFTWARE\Unity Technologies\Unity Editor 5.x" /f /v kScriptsDefaultApp_h2657262712 /t REG_BINARY /d 433a5c50726f6772616d2046696c65735c4d6963726f736f66742056697375616c2053747564696f5c323032325c456e74657270726973655c436f6d6d6f6e375c4944455c646576656e762e65786500

	echo ===== setup-permissions.cmd =====

	echo Grant Full Controll permission for `NETWORK SERVICE` account that needs for Unity to run.
	REM icacls "%SystemDrive%\gitlab-runner" /C /T /grant "NETWORK SERVICE:(oi)(ci)f"
	icacls "%SystemDrive%\gitlab-runner" /C /grant "NETWORK SERVICE:(oi)(ci)f" >nul
	REM icacls "%SystemDrive%\gitlab-runner" /C /T /inheritance:e

	'@

	Invoke-AsBatchFile $command
	if ($LASTEXITCODE -ne 0) { Write-Error "Install CI failed, something went wrong." }

	# 2021.3.11: Default
	# 2021.3.15: DWW
	# 2021.3.26: LGR
	# 2021.3.28: CAT
	# 2022.3.7: AF
	# 2022.3.10: JM
	# 2022.3.16: ZH2
	### Obsoleted
	# 2022.3.16f1/d2c21f0ef2f1
	# 2022.3.10f1/ff3792e53c62
	# 2022.3.7f1/b16b3b16c7a0
	# 2021.3.28f1/232e59c3f087
	# 2021.3.26f1/a16dc32e0ff2
	# 2021.3.15f1/e8e88683f834
	# 2021.3.11f1/0a5ca18544bf
	# 2022.3.20f1/61c2feb0970d
	# 2022.3.62f1/4af31df58517
	$unityVersionList = @'
	2022.3.62f2/7670c08855a9
	'@
	$versionFile = "$(Join-Path ([IO.Path]::GetTempPath()) 'unity').version"
	$unityVersionList \| Set-Content -Encoding OEM -LiteralPath $versionFile

	$command = @'
	@echo off

	echo ===== Block access Unity license server =====
	set NEWLINE=^& echo.
	find /C /I "license.unity3d.com" %WINDIR%\system32\drivers\etc\hosts
	if %ERRORLEVEL% NEQ 0 echo %NEWLINE%^ 127.0.0.1 license.unity3d.com>>%WINDIR%\System32\drivers\etc\hosts

	echo ===== install-unity.cmd =====
	:: Install Unity using Hub
	choco install -y unity-hub --ignore-checksums

	setx UNITY_GPU_ENABLED "true" /M

	pushd "%~dp0"

	:: Install all Unity3D versions in unity.version file
	REM "%ProgramFiles%\Unity Hub\Unity Hub.exe" -- --headless help
	for /f "tokens=*" %%v in (unity.version) do (
	for /f "tokens=1,2 delims=/" %%i in ("%%v") do (
	echo Installing Unity3D version %%i ^(%%j^)...
	start /wait "Installing Unity Editor..." "%ProgramFiles%\Unity Hub\Unity Hub.exe" -- --headless install --version %%i --changeset %%j
	start /wait "Installing modules..." "%ProgramFiles%\Unity Hub\Unity Hub.exe" -- --headless install-modules --cm -m ios -m android -m android-sdk-ndk-tools -m android-open-jdk --version %%i
	)
	)

	REM See https://community.chocolatey.org/packages/visualstudio2022enterprise#releasenotes
	choco install -y visualstudio2022-workload-managedgame --no-progress

	REM Required by Cake Build
	choco install -y visualstudio2022-workload-manageddesktopbuildtools --no-progress

	REM Uninstall nodejs.js on Windows to use NVM instead: https://github.com/nullivex/nodist#known-issues
	REM Node.js for Windows installer can now automatically install the required windows-build-tools.
	choco install -y nvm && choco uninstall -y -x nodist nodejs-lts

	call refreshenv.cmd

	echo Install require Node.js 16.20 version for azure-pipelines-agent v3.220.2+
	nvm install 18 && nvm use 18

	nvm version && nvm current

	popd
	'@

	Invoke-AsBatchFile $command
	if ($LASTEXITCODE -ne 0) { Write-Error "Install Unity3D failed, something went wrong." }

	Set-ExplorerOptions -showHiddenFilesFoldersDrives -showProtectedOSFiles -showFileExtensions

	## Update Windows after all
	Enable-MicrosoftUpdate
	Help Install-WindowsUpdate -Full
	Install-WindowsUpdate -acceptEula -getUpdatesFromMS -suppressReboots
No results found