Workflow: fallback detect ISO drive; Wrappers: fully neutralize ExecutionPolicy/admin blocks and malformed if variants

.github/scripts/run-coremaker-automated.ps1

@@ -41,11 +41,21 @@ $scriptContent = Get-Content $scriptPath -Raw -ErrorAction Stop
 # Fix missing $ScratchDisk variable (should be $mainOSDrive)
 $scriptContent = $scriptContent -replace '\$ScratchDisk', '$mainOSDrive'
 
-# Disable admin restart check by commenting out the exit
-$scriptContent = $scriptContent -replace 'if \(!\s*\$myWindowsPrincipal\.IsInRole\(\$adminRole\)\)', 'if ($false -and !$myWindowsPrincipal.IsInRole($adminRole))  # Disabled for GitHub Actions'
+# Robustly disable admin restart check by replacing the entire if-block with a no-op
+$adminBlockPattern = 'if\s*\(\s*!\s*\$myWindowsPrincipal\.IsInRole\(\$adminRole\)\s*\)\s*\{[\s\S]*?\}'
+$scriptContent = [regex]::Replace($scriptContent, $adminBlockPattern, 'if ($false) { }')
+# Also handle any previously injected pattern without braces
+$scriptContent = $scriptContent -replace 'if \(\$false -and \s*!\s*\$myWindowsPrincipal\.IsInRole\(\$adminRole\)\s*\)', 'if ($false)'
 
-# Disable execution policy check by commenting out the exit
-$scriptContent = $scriptContent -replace 'if \(\(Get-ExecutionPolicy\) -eq ''Restricted''\)', 'if ($false -and (Get-ExecutionPolicy) -eq ''Restricted'')  # Disabled for GitHub Actions'
+# Robustly disable execution policy check by replacing the entire if-block with a no-op
+$execPolicyBlockPattern = 'if\s*\([^\)]*Get-ExecutionPolicy[^\)]*\)\s*\{[\s\S]*?\}'
+$scriptContent = [regex]::Replace($scriptContent, $execPolicyBlockPattern, 'if ($false) { }')
+# Handle one-line or previously injected variants without braces
+$scriptContent = $scriptContent -replace 'if \([^\)]*Get-Execution-?Policy[^\)]*\)', 'if ($false)'
+$scriptContent = $scriptContent -replace 'if \(\$false -and[^\)]*Get-Execution-?Policy[^\)]*\)', 'if ($false)'
+
+# Final safety: convert any "if ($false -and <anything>) {<maybe missing>" into a proper no-op block
+$scriptContent = [regex]::Replace($scriptContent, 'if\s*\(\s*\$false\s*-and[\s\S]*?\)', 'if ($false) { }')
 
 # Add error checking after oscdimg command to verify ISO was created
 # Match the oscdimg command line ending with tiny11.iso

.github/scripts/run-maker-automated.ps1

@@ -42,11 +42,21 @@ $ISODriveLetter = $ISODrive -replace ':', ''
 # Read the script content to modify it for automation
 $scriptContent = Get-Content $scriptPath -Raw -ErrorAction Stop
 
-# Disable admin restart check by commenting out the exit
-$scriptContent = $scriptContent -replace 'if \(!\s*\$myWindowsPrincipal\.IsInRole\(\$adminRole\)\)', 'if ($false -and !$myWindowsPrincipal.IsInRole($adminRole))  # Disabled for GitHub Actions'
+# Robustly disable admin restart check by replacing the entire if-block with a no-op
+$adminBlockPattern = 'if\s*\(\s*!\s*\$myWindowsPrincipal\.IsInRole\(\$adminRole\)\s*\)\s*\{[\s\S]*?\}'
+$scriptContent = [regex]::Replace($scriptContent, $adminBlockPattern, 'if ($false) { }')
+# Also handle any previously injected pattern without braces
+$scriptContent = $scriptContent -replace 'if \(\$false -and \s*!\s*\$myWindowsPrincipal\.IsInRole\(\$adminRole\)\s*\)', 'if ($false)'
 
-# Disable execution policy check by commenting out the exit
-$scriptContent = $scriptContent -replace 'if \(\(Get-ExecutionPolicy\) -eq ''Restricted''\)', 'if ($false -and (Get-ExecutionPolicy) -eq ''Restricted'')  # Disabled for GitHub Actions'
+# Robustly disable execution policy check by replacing the entire if-block with a no-op
+$execPolicyBlockPattern = 'if\s*\([^\)]*Get-ExecutionPolicy[^\)]*\)\s*\{[\s\S]*?\}'
+$scriptContent = [regex]::Replace($scriptContent, $execPolicyBlockPattern, 'if ($false) { }')
+# Handle one-line or previously injected variants without braces
+$scriptContent = $scriptContent -replace 'if \([^\)]*Get-Execution-?Policy[^\)]*\)', 'if ($false)'
+$scriptContent = $scriptContent -replace 'if \(\$false -and[^\)]*Get-Execution-?Policy[^\)]*\)', 'if ($false)'
+
+# Final safety: convert any "if ($false -and <anything>) {<maybe missing>" into a proper no-op block
+$scriptContent = [regex]::Replace($scriptContent, 'if\s*\(\s*\$false\s*-and[\s\S]*?\)', 'if ($false) { }')
 
 # Add error checking after oscdimg command to verify ISO was created
 # Match the oscdimg command line ending with tiny11.iso

.github/workflows/build-tiny11.yml

@@ -239,6 +239,21 @@ jobs:
           }
           
           Write-Host "Script Root: $scriptRoot"
+
+          # Fallback: if ISO_DRIVE is empty, re-detect by scanning non-system drives for Windows setup files
+          if (-not $isoDrive -or $isoDrive -eq "") {
+            Write-Host "ISO_DRIVE env not found, re-detecting drive letter..."
+            $systemDrive = $env:SystemDrive -replace ':',''
+            $letters = Get-Volume | Where-Object { $_.DriveLetter -ne $null -and $_.DriveLetter -ne $systemDrive } | Select-Object -ExpandProperty DriveLetter
+            foreach ($letter in $letters) {
+              if (Test-Path "$letter`:\sources\boot.wim" -or Test-Path "$letter`:\sources\install.wim" -or Test-Path "$letter`:\sources\install.esd") {
+                $isoDrive = $letter
+                Write-Host "Detected ISO drive: $isoDrive"
+                break
+              }
+            }
+            if (-not $isoDrive) { Write-Error "Failed to detect ISO drive letter"; exit 1 }
+          }
           
           # Set execution policy
           Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
@@ -264,9 +279,7 @@ jobs:
           try {
               if ("$scriptType" -eq "tiny11maker") {
                   Write-Host "Using tiny11maker with parameters and automation"
-                  $wrapperParams = @{
-                      ISODrive = "$isoDrive`:"
-                  }
+                  $wrapperParams = @{ ISODrive = "$isoDrive`:" }
                   # ScratchDrive not provided - script will use script root automatically
                   & $makerWrapper @wrapperParams
                   $exitCode = $LASTEXITCODE