Windows-SysAdmin-ProSuite/.github/workflows/vbscript-syntax-validation.yml at cb41014cbfdf3d0d5dc8308836db26329503baa3 · brazilianscriptguy/Windows-SysAdmin-ProSuite · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: VBScript Syntax Validation

on:
  push:
    branches: [main, develop]
    paths:
      - '**/*.vbs'
      - '**/*.hta'
  pull_request:
    branches: [main, develop]
    paths:
      - '**/*.vbs'
      - '**/*.hta'
  workflow_dispatch:

jobs:
  vbscript-syntax-check:
    name: 🔍 VBScript Lint with Line Detection
    runs-on: ubuntu-latest

    permissions:
      contents: read
      security-events: write

    steps:
      - name: 📦 Checkout repository (short path to avoid filename issues)
        uses: actions/checkout@v4
        with:
          path: repo

      - name: 🍷 Setup Wine
        run: |
          sudo apt-get update
          sudo apt-get install -y wine64
          WINEDEBUG=-all wineboot --init

      - name: 🔎 Locate .vbs and .hta Files
        working-directory: ./repo
        run: |
          find . -type f \( -iname "*.vbs" -o -iname "*.hta" \) > vbscript-files.txt
          cat vbscript-files.txt || echo "No .vbs or .hta files found."

      - name: 🧪 VBScript Syntax Validation with SARIF
        working-directory: ./repo
        shell: bash
        run: |
          set -u

          # SARIF header
          cat > vbscript-results.sarif <<'SARIF'
          {
            "version": "2.1.0",
            "runs": [
              {
                "tool": {
                  "driver": {
                    "name": "VBScript Syntax Check",
                    "informationUri": "https://learn.microsoft.com/en-us/previous-versions//d1wf56tt(v=vs.85)",
                    "rules": []
                  }
                },
                "results": [
          SARIF

          # Markdown summary header
          echo "| File | Line | Message |" > vbscript-summary.md
          echo "|------|------|---------|" >> vbscript-summary.md

          exit_code=0
          first=true
          error_found=false

          # Optional: fail fast on first error (set to true to stop early)
          FAIL_FAST=false

          while IFS= read -r file; do
            [[ -z "$file" ]] && continue
            echo "🔍 Checking: $file"

            # Skip HTML-based HTA files
            if [[ "$file" == *.hta ]]; then
              if grep -iqE '^\s*<(html|!doctype)' "$file"; then
                echo "::notice file=$file::Skipped HTA (HTML content)"
                continue
              fi
              if ! grep -iq '<script[^>]*language=["'"'"'"]vbscript["'"'"'"]' "$file"; then
                echo "::notice file=$file::Skipped HTA (no VBScript block)"
                continue
              fi
            fi

            tmp_err="$(mktemp)"
            # //B = batch mode (better exit codes). Keep nologo.
            if ! WINEDEBUG=-all wine cscript.exe //nologo //B "$file" 2> "$tmp_err"; then
              [[ "$first" == false ]] && echo "," >> vbscript-results.sarif
              first=false
              error_found=true

              # Best-effort line detection (fallback to 1)
              match_line="$(grep -inE "error|erro" "$tmp_err" | head -n 1 || true)"
              line_number="$(echo "$match_line" | cut -d: -f1 || true)"
              message="$(echo "$match_line" | cut -d: -f2- | sed 's/"/'\''/g' || true)"

              if [[ -z "${line_number:-}" ]]; then
                line_number=1
              fi
              if [[ -z "${message:-}" ]]; then
                message="Syntax error in VBScript"
              fi

              echo "::error file=$file,line=$line_number::${message}"
              echo "| \`$file\` | $line_number | $message |" >> vbscript-summary.md

              # SARIF result object
              cat >> vbscript-results.sarif <<SARIF
                  {
                    "level": "error",
                    "message": { "text": "${message}" },
                    "locations": [
                      {
                        "physicalLocation": {
                          "artifactLocation": { "uri": "${file#./}" },
                          "region": { "startLine": ${line_number} }
                        }
                      }
                    ]
                  }
          SARIF

              exit_code=1

              if [[ "$FAIL_FAST" == "true" ]]; then
                rm -f "$tmp_err"
                break
              fi
            fi

            rm -f "$tmp_err"
          done < vbscript-files.txt

          # Close SARIF
          cat >> vbscript-results.sarif <<'SARIF'
                ]
              }
            ]
          }
          SARIF

          if [[ "$error_found" == false ]]; then
            echo "| ✅ No syntax errors found. | - | - |" >> vbscript-summary.md
          fi

          exit $exit_code

      - name: 📁 Upload SARIF Artifact
        uses: actions/upload-artifact@v4
        with:
          name: vbscript-lint-sarif
          path: repo/vbscript-results.sarif

      - name: 📝 Upload Markdown Summary
        uses: actions/upload-artifact@v4
        with:
          name: vbscript-lint-summary
          path: repo/vbscript-summary.md

      - name: 🛰️ Upload SARIF to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: repo/vbscript-results.sarif