PSItems/.github/workflows/powershell.yml at master · eizedev/PSItems · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Static analysis via PSScriptAnalyzer with SARIF results
# Action: https://github.com/microsoft/psscriptanalyzer-action (v1.1)

name: PSScriptAnalyzer

on:
  push:
    branches: [ "master" ]
  pull_request:
    branches: [ "master" ]
  schedule:
    - cron: "38 14 * * 2"  # Weekly, Tue 14:38 UTC

permissions:
  contents: read

jobs:
  analyze:
    name: PSScriptAnalyzer
    runs-on: ubuntu-latest
    permissions:
      contents: read              # checkout code
      security-events: write      # upload SARIF to code scanning

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Run PSScriptAnalyzer
        uses: microsoft/psscriptanalyzer-action@v1.1
        with:
          # Prefer POSIX-style paths for cross-OS; the action accepts both . and .\
          path: .
          recurse: true
          ignorePattern: "tests"
          includeDefaultRules: true
          # Example exclude rule; keep quoting style required by the action's parser
          excludeRule: '"PSUseToExportFieldsInManifest"'
          settings: "tests/ScriptAnalyzerSettings.psd1"
          output: results.sarif

      - name: Upload SARIF results file
        uses: github/codeql-action/upload-sarif@v4
        with:
          sarif_file: results.sarif