✨ Fix certificate export and improve SFA certificate management workflow

.github/copilot-instructions.md

@@ -71,3 +71,28 @@ gh issue edit 84 --add-label "documentation" --add-assignee "J-MaFf"
 ```
 
 Note: Use `gh issue edit` for both issues and pull requests. Replace `<PR_NUMBER>` with the PR number and `<USERNAME>` with the GitHub username. Labels must exist in the repository; check available labels with `gh label list`.
+
+## Project-Specific Conventions
+
+### SFA Certificate Management Scripts
+The `/Scripts/SFA/` directory contains the integrated certificate distribution system:
+
+**Workflow:**
+1. **Export-UserCertificates.ps1** - Extracts certificates from Windows Certificate Store
+2. **Publish-SFACertificates.ps1** - Distributes certificates to 24+ branch servers with pre-flight connectivity checks
+3. **Move-ExpiredUserCertificates.ps1** - Archives expired certificates automatically
+
+**Key Features:**
+- Pre-flight connectivity check integrated into Publish-SFACertificates.ps1
+- User confirmation prompts for partially accessible branches
+- Deduplication: skips certificates already present on remote servers
+- Automatic cleanup of expired certificates
+- Timestamped reports and CSV exports
+
+**When Making Changes:**
+- Update both script help documentation and requirements.md file
+- Test connectivity handling and user prompts
+- Verify report generation accuracy
+- Update README.html to reflect workflow changes
+- Use `refactor:` commits when integrating diagnostic tools (e.g., Test-BranchMappings)
+- Use `feat:` commits for new connectivity/workflow improvements

.github/workflows/pester-tests.yml

@@ -0,0 +1,109 @@
+name: Pester Tests
+
+on:
+  push:
+    branches:
+      - main
+      - testing
+      - test/**
+    paths:
+      - "Scripts/**"
+      - "Tests/**"
+      - "Modules/**"
+      - ".github/workflows/pester-tests.yml"
+  pull_request:
+    branches:
+      - main
+      - testing
+    paths:
+      - "Scripts/**"
+      - "Tests/**"
+      - "Modules/**"
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: Run Pester Tests
+    runs-on: [self-hosted, linux]
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Install PowerShell Core
+        run: |
+          if ! command -v pwsh &> /dev/null; then
+            sudo snap install powershell --classic
+          fi
+
+      - name: Verify PowerShell Version
+        shell: pwsh
+        run: $PSVersionTable.PSVersion
+
+      - name: Install Pester
+        shell: pwsh
+        run: |
+          $ProgressPreference = 'SilentlyContinue'
+          Install-Module -Name Pester -RequiredVersion 5.7.1 -Force -SkipPublisherCheck
+          Get-Module -Name Pester -ListAvailable
+
+      - name: Run All Tests
+        shell: pwsh
+        run: |
+          $testPath = 'Tests/'
+          $resultsFile = 'test-results.xml'
+
+          # Get all test files except integration tests
+          $testFiles = @(Get-ChildItem -Path $testPath -Include '*.Tests.ps1' -Recurse |
+            Where-Object { $_.FullName -notmatch '(Integration|Network)' })
+
+          $pesterConfig = @{
+            Path = $testFiles
+            OutputFile = $resultsFile
+            OutputFormat = 'NUnitXml'
+            ExcludeTag = @('IntegrationNotImplemented')
+            PassThru = $true
+            WarningAction = 'SilentlyContinue'
+          }
+
+          $results = Invoke-Pester @pesterConfig
+
+          Write-Host "`n========== Test Summary ==========" -ForegroundColor Cyan
+          Write-Host "Total Tests: $($results.FailedCount + $results.PassedCount)"
+          Write-Host "Passed: $($results.PassedCount)" -ForegroundColor Green
+          Write-Host "Failed: $($results.FailedCount)" -ForegroundColor $(if ($results.FailedCount -gt 0) { 'Red' } else { 'Green' })
+          Write-Host "=================================" -ForegroundColor Cyan
+
+          if ($results.FailedCount -gt 0) {
+            exit 1
+          }
+
+      - name: Upload Test Results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: pester-test-results
+          path: test-results.xml
+          retention-days: 30
+
+      - name: Publish Test Report
+        if: always()
+        uses: EnricoMi/publish-unit-test-result-action/linux@v2
+        with:
+          files: test-results.xml
+          check_name: Test Results (PowerShell)
+          comment_mode: always
+
+  test-summary:
+    name: Complete Test Suite Summary
+    runs-on: ubuntu-latest
+    needs: test
+    if: always()
+    steps:
+      - name: Check Test Results
+        run: |
+          if [ "${{ needs.test.result }}" == "failure" ]; then
+            echo "❌ Tests failed - Build cannot proceed"
+            exit 1
+          else
+            echo "✅ All tests passed successfully"
+          fi