🩹 [Patch]: Default to built-in Invoke-ScriptAnalyzer settings (#19)

This pull request introduces improved handling of the settings file for
the ScriptAnalyzer GitHub Action, adds a new test scenario for default
settings, and updates CI workflows and documentation to reflect these
changes. The main goals are to make the settings file optional, clarify
precedence, and ensure robust testing and reporting.

**Key changes:**

Settings file handling and usage:

* The action now treats the settings file as optional; if not provided
or not found, it falls back to ScriptAnalyzer defaults. Settings file
precedence is clarified and documented, and code is updated to handle
missing files gracefully without throwing errors. (`scripts/main.ps1`
[[1]](diffhunk://#diff-dc2e5a659836b1b73abb03421c567f5018c2755677c4a0aa764cb26117b68011L5-L15)
`scripts/tests/PSScriptAnalyzer/PSScriptAnalyzer.Tests.ps1`
[[2]](diffhunk://#diff-506030604c5eac4d6d266aa14f0e8cf3a8121425c1f579406e3a003d5b091ac9L14-R32)
[[3]](diffhunk://#diff-506030604c5eac4d6d266aa14f0e8cf3a8121425c1f579406e3a003d5b091ac9R76-R87)
[[4]](diffhunk://#diff-506030604c5eac4d6d266aa14f0e8cf3a8121425c1f579406e3a003d5b091ac9L91-R122)
`README.md`
[[5]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L91-R125)

Continuous Integration workflow improvements:

* All `actions/checkout` steps in workflow files now set
`persist-credentials: false` for improved security and consistency.
(`.github/workflows/Action-Test.yml`
[[1]](diffhunk://#diff-a12ae5c885b0673c0ff6f70c2670886907590d624626e07da4c52e01aeaf56a4R29-R30)
[[2]](diffhunk://#diff-a12ae5c885b0673c0ff6f70c2670886907590d624626e07da4c52e01aeaf56a4R54-R55)
[[3]](diffhunk://#diff-a12ae5c885b0673c0ff6f70c2670886907590d624626e07da4c52e01aeaf56a4R80-R81)
[[4]](diffhunk://#diff-a12ae5c885b0673c0ff6f70c2670886907590d624626e07da4c52e01aeaf56a4R133-R134)
[[5]](diffhunk://#diff-a12ae5c885b0673c0ff6f70c2670886907590d624626e07da4c52e01aeaf56a4R155-R179)
`.github/workflows/Auto-Release.yml`
[[6]](diffhunk://#diff-d3f6900ee5159d4bc4ba6d893e2dd8443c2691b0490d7351cffbd7a37ed8d95aR30-R31)
`.github/workflows/Linter.yml`
[[7]](diffhunk://#diff-482e65806ed9e4a7320f14964764086b91fed4a28d12e4efde1776472e147e79R24)

* A new test job, `ActionTestSrcWithManifestDefault`, is added to verify
the action's behavior when no settings file is present (i.e., default
settings are used). The workflow aggregation and environment variable
naming are updated for clarity and maintainability.
(`.github/workflows/Action-Test.yml`
[[1]](diffhunk://#diff-a12ae5c885b0673c0ff6f70c2670886907590d624626e07da4c52e01aeaf56a4R98-R123)
[[2]](diffhunk://#diff-a12ae5c885b0673c0ff6f70c2670886907590d624626e07da4c52e01aeaf56a4R155-R179)
`tests/Get-AggregatedStatus.ps1`
[[3]](diffhunk://#diff-dc50f3891fd8a2d62df15437f55b45ed09c908756bd8bfdc11fd71826abda1b7L23-R92)

Documentation and configuration updates:

* The README is updated to clearly explain settings file precedence and
provide usage examples for all scenarios (custom, default, and none).
(`README.md`
[README.mdL91-R125](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L91-R125))

* Linter workflow configuration is updated to include new validation
options and disables certain Biome and zizmor validations for clarity.
(`.github/workflows/Linter.yml`
[.github/workflows/Linter.ymlR34-R36](diffhunk://#diff-482e65806ed9e4a7320f14964764086b91fed4a28d12e4efde1776472e147e79R34-R36))

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: MariusStorhaug

.github/workflows/Action-Test.yml

@@ -26,6 +26,8 @@ jobs:
     steps:
       - name: Checkout repo
         uses: actions/checkout@v5
+        with:
+          persist-credentials: false
 
       - name: Action-Test
         uses: ./
@@ -49,6 +51,8 @@ jobs:
     steps:
       - name: Checkout repo
         uses: actions/checkout@v5
+        with:
+          persist-credentials: false
 
       - name: Action-Test
         uses: ./
@@ -73,6 +77,8 @@ jobs:
     steps:
       - name: Checkout repo
         uses: actions/checkout@v5
+        with:
+          persist-credentials: false
 
       - name: Action-Test
         uses: ./
@@ -89,6 +95,32 @@ jobs:
           Write-Host "Outcome: ${{ steps.action-test.outcome }}"
           Write-Host "Conclusion: ${{ steps.action-test.conclusion }}"
 
+  ActionTestSrcWithManifestDefault:
+    name: Action-Test - [Src-WithManifest-Default]
+    runs-on: ubuntu-latest
+    outputs:
+      Outcome: ${{ steps.action-test.outcome }}
+      Conclusion: ${{ steps.action-test.conclusion }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Action-Test
+        uses: ./
+        continue-on-error: true
+        id: action-test
+        with:
+          Path: src
+          WorkingDirectory: tests/srcWithManifestTestRepo
+
+      - name: Status
+        shell: pwsh
+        run: |
+          Write-Host "Outcome: ${{ steps.action-test.outcome }}"
+          Write-Host "Conclusion: ${{ steps.action-test.conclusion }}"
+
   ActionTestOutputs:
     name: Action-Test - [outputs]
     runs-on: ubuntu-latest
@@ -98,6 +130,8 @@ jobs:
     steps:
       - name: Checkout repo
         uses: actions/checkout@v5
+        with:
+          persist-credentials: false
 
       - name: Action-Test
         uses: ./
@@ -118,25 +152,28 @@ jobs:
       - ActionTestSrcSourceCode
       - ActionTestSrcCustom
       - ActionTestSrcWithManifest
+      - ActionTestSrcWithManifestDefault
       - ActionTestOutputs
     if: always()
     runs-on: ubuntu-latest
     env:
-      ActionTestSrcSourceCodeOutcome: ${{ needs.ActionTestSrcSourceCode.outputs.Outcome }}
-      ActionTestSrcSourceCodeConclusion: ${{ needs.ActionTestSrcSourceCode.outputs.Conclusion }}
-      ActionTestSrcCustomOutcome: ${{ needs.ActionTestSrcCustom.outputs.Outcome }}
-      ActionTestSrcCustomConclusion: ${{ needs.ActionTestSrcCustom.outputs.Conclusion }}
-      ActionTestSrcWithManifestOutcome: ${{ needs.ActionTestSrcWithManifest.outputs.Outcome }}
-      ActionTestSrcWithManifestConclusion: ${{ needs.ActionTestSrcWithManifest.outputs.Conclusion }}
-      ActionTestOutputsOutcome: ${{ needs.ActionTestOutputs.outputs.Outcome }}
-      ActionTestOutputsConclusion: ${{ needs.ActionTestOutputs.outputs.Conclusion }}
+      SourceCodeOutcome: ${{ needs.ActionTestSrcSourceCode.outputs.Outcome }}
+      SourceCodeConclusion: ${{ needs.ActionTestSrcSourceCode.outputs.Conclusion }}
+      CustomOutcome: ${{ needs.ActionTestSrcCustom.outputs.Outcome }}
+      CustomConclusion: ${{ needs.ActionTestSrcCustom.outputs.Conclusion }}
+      WithManifestOutcome: ${{ needs.ActionTestSrcWithManifest.outputs.Outcome }}
+      WithManifestConclusion: ${{ needs.ActionTestSrcWithManifest.outputs.Conclusion }}
+      WithManifestDefaultOutcome: ${{ needs.ActionTestSrcWithManifestDefault.outputs.Outcome }}
+      WithManifestDefaultConclusion: ${{ needs.ActionTestSrcWithManifestDefault.outputs.Conclusion }}
+      OutputsOutcome: ${{ needs.ActionTestOutputs.outputs.Outcome }}
+      OutputsConclusion: ${{ needs.ActionTestOutputs.outputs.Conclusion }}
     steps:
       - name: Checkout repo
         uses: actions/checkout@v5
+        with:
+          persist-credentials: false
 
       - name: Aggregated Status
         uses: PSModule/Github-Script@v1
         with:
-          Script: |
-            # Aggregated Status
-            tests/Get-AggregatedStatus.ps1
+          Script: tests/Get-AggregatedStatus.ps1

.github/workflows/Auto-Release.yml

@@ -27,6 +27,8 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@v5
+        with:
+          persist-credentials: false
 
       - name: Auto-Release
         uses: PSModule/Auto-Release@v1

.github/workflows/Linter.yml

@@ -21,6 +21,7 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v5
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       - name: Lint code base
@@ -30,4 +31,7 @@ jobs:
           VALIDATE_JSON_PRETTIER: false
           VALIDATE_MARKDOWN_PRETTIER: false
           VALIDATE_YAML_PRETTIER: false
+          VALIDATE_BIOME_FORMAT: false
+          VALIDATE_BIOME_LINT: false
+          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
           FILTER_REGEX_EXCLUDE: '.*Set-PSModuleTest\.ps1$'

README.md

@@ -88,16 +88,41 @@ The action provides the following outputs:
    Choose a path for your code to test into the `Path` input. This can be a
    directory or a file.
 
-2. **Configure settings file**
+2. **Configure settings file (Optional)**
    Create a custom settings file to customize the analysis. The settings file is
    a hashtable that defines the rules to include, exclude, or customize. The
    settings file is in the format of a `.psd1` file.
 
-   By default, the action looks for a settings file at:
-   `.github/linters/.powershell-psscriptanalyzer.psd1`
+   **Settings File Precedence:**
 
-   You can override this by setting the `SettingsFilePath` input to point to your
-   custom settings file.
+   The action determines which settings to use in the following order:
+
+   1. **Custom Path**: If you provide a `SettingsFilePath` input, the action uses that file.
+   2. **Default Action Path**: If no `SettingsFilePath` is provided, the action looks for a settings file at:
+      `.github/linters/.powershell-psscriptanalyzer.psd1`
+   3. **PSScriptAnalyzer Defaults**: If no settings file is found in either location, the action uses
+      the default settings from the `Invoke-ScriptAnalyzer` cmdlet (all built-in rules with default severity).
+
+   **Example configurations:**
+
+   ```yaml
+   # Use a custom settings file
+   - uses: PSModule/Invoke-ScriptAnalyzer@v2
+     with:
+       Path: src
+       SettingsFilePath: config/custom-rules.psd1
+
+   # Use the default action path (.github/linters/.powershell-psscriptanalyzer.psd1)
+   - uses: PSModule/Invoke-ScriptAnalyzer@v2
+     with:
+       Path: src
+
+   # Use PSScriptAnalyzer defaults (no settings file)
+   - uses: PSModule/Invoke-ScriptAnalyzer@v2
+     with:
+       Path: src
+       SettingsFilePath: ''  # Explicitly skip settings file
+   ```
 
    For more info on how to create a settings file, see the [Settings Documentation](./Settings.md) file.
 

scripts/main.ps1

@@ -2,17 +2,25 @@
 $testPath = Resolve-Path -Path "$PSScriptRoot/tests/PSScriptAnalyzer" | Select-Object -ExpandProperty Path
 $path = [string]::IsNullOrEmpty($env:PSMODULE_INVOKE_SCRIPTANALYZER_INPUT_Path) ? '.' : $env:PSMODULE_INVOKE_SCRIPTANALYZER_INPUT_Path
 $codePath = Resolve-Path -Path $path | Select-Object -ExpandProperty Path
-$settingsFilePath = Resolve-Path -Path $env:PSMODULE_INVOKE_SCRIPTANALYZER_INPUT_SettingsFilePath | Select-Object -ExpandProperty Path
+
+# Try to resolve the settings file path, but allow it to be null if not found
+[string]$settingsFilePath = ''
+if (-not [string]::IsNullOrEmpty($env:PSMODULE_INVOKE_SCRIPTANALYZER_INPUT_SettingsFilePath)) {
+    try {
+        $settingsFilePath = Resolve-Path -Path $env:PSMODULE_INVOKE_SCRIPTANALYZER_INPUT_SettingsFilePath -ErrorAction Stop |
+            Select-Object -ExpandProperty Path
+        Write-Information "Using settings file: $settingsFilePath"
+    } catch {
+        Write-Warning "Settings file not found at path: $($env:PSMODULE_INVOKE_SCRIPTANALYZER_INPUT_SettingsFilePath). Using default settings."
+    }
+}
 
 [pscustomobject]@{
     CodePath         = $codePath
     TestPath         = $testPath
     SettingsFilePath = $settingsFilePath
 } | Format-List | Out-String
 
-if (!(Test-Path -Path $settingsFilePath)) {
-    throw "Settings file not found at path: $settingsFilePath"
-}
 Set-GitHubOutput -Name CodePath -Value $codePath
 Set-GitHubOutput -Name TestPath -Value $testPath
 Set-GitHubOutput -Name SettingsFilePath -Value $settingsFilePath

scripts/tests/PSScriptAnalyzer/PSScriptAnalyzer.Tests.ps1

@@ -11,17 +11,25 @@
     Justification = 'Write-Host is used for log output.'
 )]
 [CmdLetBinding()]
-Param(
+param(
     [Parameter(Mandatory)]
     [string] $Path,
 
-    [Parameter(Mandatory)]
+    [Parameter()]
     [string] $SettingsFilePath
 )
 
 BeforeDiscovery {
-    LogGroup "PSScriptAnalyzer tests using settings file [$SettingsFilePath]" {
-        $settings = Import-PowerShellDataFile -Path $SettingsFilePath
+    $hasSettingsFile = -not [string]::IsNullOrEmpty($SettingsFilePath)
+    $settingsDescription = $hasSettingsFile ? "settings file [$SettingsFilePath]" : 'default settings'
+
+    LogGroup "PSScriptAnalyzer tests using $settingsDescription" {
+        if ($hasSettingsFile) {
+            $settings = Import-PowerShellDataFile -Path $SettingsFilePath
+        } else {
+            $settings = @{}
+        }
+
         $rules = [Collections.Generic.List[System.Collections.Specialized.OrderedDictionary]]::new()
         $ruleObjects = Get-ScriptAnalyzerRule -Verbose:$false | Sort-Object -Property Severity, CommonName
         $Severeties = $ruleObjects | Select-Object -ExpandProperty Severity -Unique
@@ -65,13 +73,18 @@ BeforeDiscovery {
 
 Describe 'PSScriptAnalyzer' {
     BeforeAll {
-        $relativeSettingsFilePath = if ($SettingsFilePath.StartsWith($PSScriptRoot)) {
-            $SettingsFilePath.Replace($PSScriptRoot, 'Action:').Trim('\').Trim('/')
-        } elseif ($SettingsFilePath.StartsWith($env:GITHUB_WORKSPACE)) {
-            $SettingsFilePath.Replace($env:GITHUB_WORKSPACE, 'Workspace:').Trim('\').Trim('/')
-        } else {
-            $SettingsFilePath
+        $hasSettingsFile = -not [string]::IsNullOrEmpty($SettingsFilePath)
+
+        if ($hasSettingsFile) {
+            $relativeSettingsFilePath = if ($SettingsFilePath.StartsWith($PSScriptRoot)) {
+                $SettingsFilePath.Replace($PSScriptRoot, 'Action:').Trim('\').Trim('/')
+            } elseif ($SettingsFilePath.StartsWith($env:GITHUB_WORKSPACE)) {
+                $SettingsFilePath.Replace($env:GITHUB_WORKSPACE, 'Workspace:').Trim('\').Trim('/')
+            } else {
+                $SettingsFilePath
+            }
         }
+
         $Path = Resolve-Path -Path $Path | Select-Object -ExpandProperty Path
         $relativePath = if ($Path.StartsWith($PSScriptRoot)) {
             $Path.Replace($PSScriptRoot, 'Action:').Trim('\').Trim('/').Replace('\', '/')
@@ -88,9 +101,25 @@ Describe 'PSScriptAnalyzer' {
             GITHUB_WORKSPACE         = $env:GITHUB_WORKSPACE
         }
 
-        LogGroup "Invoke-ScriptAnalyzer -Path [$relativePath] -Settings [$relativeSettingsFilePath]" {
-            $testResults = Invoke-ScriptAnalyzer -Path $Path -Settings $SettingsFilePath -Recurse -Verbose
+        $invokeParams = @{
+            Path    = $Path
+            Recurse = $true
+        }
+
+        if ($hasSettingsFile) {
+            $invokeParams['Settings'] = $SettingsFilePath
         }
+
+        $logMessage = if ($hasSettingsFile) {
+            "Invoke-ScriptAnalyzer -Path '$relativePath' -Recurse -Settings '$relativeSettingsFilePath'"
+        } else {
+            "Invoke-ScriptAnalyzer -Path '$relativePath' -Recurse (using default settings)"
+        }
+
+        LogGroup $logMessage {
+            $testResults = Invoke-ScriptAnalyzer @invokeParams
+        }
+
         LogGroup "TestResults [$($testResults.Count)]" {
             $testResults | Select-Object -Property * | Format-List | Out-String -Stream | ForEach-Object {
                 Write-Verbose $_ -Verbose