Skip to content

Commit 247083e

Browse files
brazilianscriptguybrazilianscriptguy
authored
Update psscriptanalyzer-check.yml
Signed-off-by: LUIZ HAMILTON ROBERTO DA SILVA <[email protected]>
1 parent d88688b commit 247083e

1 file changed

Lines changed: 83 additions & 103 deletions

File tree

.github/workflows/psscriptanalyzer-check.yml

Lines changed: 83 additions & 103 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,12 @@ name: Analyze PowerShell Scripts
22

33
on:
44
push:
5-
branches:
6-
- main
7-
- develop
5+
branches: [ main, develop ]
86
paths:
97
- '**/*.ps1'
108
- '.psscriptanalyzer'
119
pull_request:
12-
branches:
13-
- main
14-
- develop
10+
branches: [ main, develop ]
1511
paths:
1612
- '**/*.ps1'
1713
- '.psscriptanalyzer'
@@ -31,117 +27,102 @@ jobs:
3127
- name: 📦 Checkout Repository
3228
uses: actions/[email protected]
3329

34-
- name: 🕵️ Debug Repository Contents
35-
shell: bash
36-
run: |
37-
echo "Current directory: $(pwd)"
38-
echo "Listing all files in repository:"
39-
find . -type f
40-
echo "Checking for PowerShell scripts:"
41-
find . -type f -name "*.ps1" || echo "No .ps1 files found"
42-
43-
- name: 🔎 Run PSScriptAnalyzer and Export SARIF
30+
- name: 🔍 Run PSScriptAnalyzer and Generate SARIF
4431
shell: pwsh
4532
run: |
4633
$ErrorActionPreference = 'Stop'
47-
try {
48-
Write-Output "Installing PSScriptAnalyzer"
49-
Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser -MinimumVersion 1.22.0
50-
Write-Output "PSScriptAnalyzer version: $(Get-Module -ListAvailable PSScriptAnalyzer | Select-Object -ExpandProperty Version)"
51-
$htPSA = @{
52-
Path = '.'
53-
Recurse = $true
54-
Severity = @('Error', 'Warning')
55-
IncludeRule = @(
56-
'PSAvoidUsingCmdletAliases',
57-
'PSUseShouldProcessForStateChangingFunctions',
58-
'PSAvoidUsingWriteHost',
59-
'PSUseConsistentIndentation',
60-
'PSUseConsistentWhitespace'
61-
)
62-
Settings = @{
63-
Rules = @{
64-
PSUseConsistentIndentation = @{
65-
Enable = $true
66-
IndentationSize = 4
67-
PipelineIndentation = 'IncreaseIndentationForFirstPipeline'
68-
}
69-
PSUseConsistentWhitespace = @{
70-
Enable = $true
71-
CheckInnerBrace = $true
72-
CheckOpenBrace = $true
73-
CheckOpenParen = $true
74-
CheckOperator = $true
75-
CheckSeparator = $true
76-
}
34+
35+
# Install PSScriptAnalyzer
36+
Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser -MinimumVersion 1.22.0
37+
$analyzerVersion = (Get-Module -ListAvailable PSScriptAnalyzer | Select-Object -First 1 -ExpandProperty Version)
38+
39+
# Define analyzer settings
40+
$htPSA = @{
41+
Path = '.'
42+
Recurse = $true
43+
Severity = @('Error', 'Warning')
44+
IncludeRule = @(
45+
'PSAvoidUsingCmdletAliases',
46+
'PSUseShouldProcessForStateChangingFunctions',
47+
'PSAvoidUsingWriteHost',
48+
'PSUseConsistentIndentation',
49+
'PSUseConsistentWhitespace'
50+
)
51+
Settings = @{
52+
Rules = @{
53+
PSUseConsistentIndentation = @{
54+
Enable = $true
55+
IndentationSize = 4
56+
PipelineIndentation = 'IncreaseIndentationForFirstPipeline'
57+
}
58+
PSUseConsistentWhitespace = @{
59+
Enable = $true
60+
CheckInnerBrace = $true
61+
CheckOpenBrace = $true
62+
CheckOpenParen = $true
63+
CheckOperator = $true
64+
CheckSeparator = $true
7765
}
7866
}
7967
}
80-
Write-Output "Running PSScriptAnalyzer on path: $(Get-Location)"
81-
$results = Invoke-ScriptAnalyzer @htPSA
82-
$sarifFile = "./psscriptanalyzer-results.sarif"
83-
if ($results) {
84-
Write-Output "Found $($results.Count) issues"
85-
# Attempt to use ConvertTo-SARIF if available
86-
if (Get-Command ConvertTo-SARIF -ErrorAction SilentlyContinue) {
87-
$results | ConvertTo-SARIF -FilePath $sarifFile
88-
Write-Output "SARIF file generated using ConvertTo-SARIF: $sarifFile"
89-
} else {
90-
Write-Output "ConvertTo-SARIF not available, generating basic SARIF"
91-
$sarifResults = $results | ForEach-Object {
92-
@{
93-
ruleId = $_.RuleName
94-
level = $_.Severity
95-
message = @{ text = $_.Message }
96-
locations = @(
97-
@{
98-
physicalLocation = @{
99-
artifactLocation = @{ uri = $_.ScriptPath }
100-
region = @{
101-
startLine = $_.Line
102-
startColumn = $_.Column
103-
}
104-
}
105-
}
106-
)
107-
}
68+
}
69+
70+
$results = Invoke-ScriptAnalyzer @htPSA
71+
$sarifFile = "./psscriptanalyzer-results.sarif"
72+
73+
if ($results) {
74+
# Try using ConvertTo-SARIF if available
75+
if (Get-Command ConvertTo-SARIF -ErrorAction SilentlyContinue) {
76+
$results | ConvertTo-SARIF -FilePath $sarifFile
77+
} else {
78+
# Manual SARIF generation
79+
$sarifResults = $results | ForEach-Object {
80+
$level = switch ($_.Severity.ToLowerInvariant()) {
81+
'error' { 'error' }
82+
'warning' { 'warning' }
83+
'information' { 'note' }
84+
default { 'note' }
10885
}
109-
$sarif = @{
110-
version = "2.1.0"
111-
runs = @(
86+
87+
@{
88+
ruleId = $_.RuleName
89+
level = $level
90+
message = @{ text = $_.Message }
91+
locations = @(
11292
@{
113-
tool = @{ driver = @{ name = "PSScriptAnalyzer"; version = "$(Get-Module -ListAvailable PSScriptAnalyzer | Select-Object -ExpandProperty Version)" } }
114-
results = $sarifResults
93+
physicalLocation = @{
94+
artifactLocation = @{ uri = $_.ScriptPath }
95+
region = @{
96+
startLine = $_.Line
97+
startColumn = $_.Column
98+
}
99+
}
115100
}
116101
)
117102
}
118-
$sarif | ConvertTo-Json -Depth 10 | Out-File -FilePath $sarifFile -Encoding utf8
119-
Write-Output "SARIF file generated manually: $sarifFile"
120103
}
121-
} else {
122-
Write-Output "No issues found or no scripts analyzed"
123-
'{"version": "2.1.0", "runs": []}' | Out-File -FilePath $sarifFile -Encoding utf8
124-
Write-Output "Empty SARIF file generated: $sarifFile"
104+
105+
$sarif = @{
106+
version = "2.1.0"
107+
runs = @(
108+
@{
109+
tool = @{
110+
driver = @{
111+
name = "PSScriptAnalyzer"
112+
version = "$analyzerVersion"
113+
}
114+
}
115+
results = $sarifResults
116+
}
117+
)
118+
}
119+
120+
$sarif | ConvertTo-Json -Depth 10 | Out-File -FilePath $sarifFile -Encoding utf8
125121
}
126-
} catch {
127-
Write-Error "PSScriptAnalyzer failed: $_"
128-
exit 1
122+
} else {
123+
'{"version": "2.1.0", "runs": []}' | Out-File -FilePath $sarifFile -Encoding utf8
129124
}
130125
131-
- name: 🕵️ Debug SARIF File Existence
132-
shell: bash
133-
run: |
134-
echo "Current directory: $(pwd)"
135-
echo "Listing files:"
136-
ls -la
137-
if [ -f "./psscriptanalyzer-results.sarif" ]; then
138-
echo "SARIF file exists"
139-
cat ./psscriptanalyzer-results.sarif
140-
else
141-
echo "SARIF file not found"
142-
exit 1
143-
fi
144-
145126
- name: 📊 Upload Analysis Results
146127
if: always()
147128
uses: actions/upload-artifact@v4
@@ -155,5 +136,4 @@ jobs:
155136
uses: github/codeql-action/upload-sarif@v3
156137
with:
157138
sarif_file: ./psscriptanalyzer-results.sarif
158-
checkout_path: ${{ github.workspace }}
159139
wait-for-processing: true

0 commit comments

Comments
 (0)