Skip to content

Add type pre-condition to selectors and suppression groups #2702 #1479

Add type pre-condition to selectors and suppression groups #2702

Add type pre-condition to selectors and suppression groups #2702 #1479

Workflow file for this run

#
# CI Pipeline
#
# NOTES:
# This workflow builds and tests PSRule components.
# During this process linting and analysis tools are used to ensure code quality.
# You can read more about these linting tools and configuration options here:
# PSRule - https://aka.ms/ps-rule and https://github.com/Microsoft/PSRule.Rules.MSFT.OSS
# CodeQL - https://codeql.github.com/docs/codeql-overview/about-codeql/
# DevSkim - https://github.com/microsoft/DevSkim-Action and https://github.com/Microsoft/DevSkim
name: Build
on:
push:
branches: [main, 'release/*']
pull_request:
branches: [main, 'release/*']
schedule:
- cron: '24 22 * * 0' # At 10:24 PM, on Sunday each week
workflow_dispatch: {}
env:
DOTNET_NOLOGO: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
permissions: {}
jobs:
build_module:
name: Build module
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: global.json
- name: Install dependencies
shell: pwsh
timeout-minutes: 3
run: ./scripts/pipeline-deps.ps1
- name: Build module
shell: pwsh
timeout-minutes: 5
run: Invoke-Build -Configuration Release -AssertStyle GitHubActions
- name: Lint .NET
shell: pwsh
timeout-minutes: 5
run: dotnet format --verify-no-changes
- name: Upload module
uses: actions/upload-artifact@v4
with:
name: Module
path: ./out/modules/PSRule/*
retention-days: 3
if-no-files-found: error
- name: Upload PSRule Results
uses: actions/upload-artifact@v4
if: always()
with:
name: Results-PSRule
path: ./reports/ps-rule*.xml
retention-days: 3
if-no-files-found: error
test_module:
name: 🧪 Test module (${{ matrix.rid }}-${{ matrix.shell }})
runs-on: ${{ matrix.os }}
needs: build_module
permissions:
contents: read
strategy:
# Get full test results from all platforms.
fail-fast: false
matrix:
os: ['ubuntu-latest']
rid: ['linux-x64']
shell: ['pwsh']
include:
- os: windows-latest
rid: win-x64
shell: pwsh
- os: windows-latest
rid: win-x64
shell: powershell
- os: ubuntu-latest
rid: linux-x64
shell: pwsh
- os: ubuntu-latest
rid: linux-musl-x64
shell: pwsh
- os: macos-latest
rid: osx-x64
shell: pwsh
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: global.json
- if: ${{ matrix.shell == 'pwsh' }}
name: Install dependencies (PowerShell)
shell: pwsh
timeout-minutes: 3
run: ./scripts/pipeline-deps.ps1
- if: ${{ matrix.shell == 'powershell' }}
name: Install dependencies (Windows PowerShell)
shell: powershell
timeout-minutes: 3
run: ./scripts/pipeline-deps.ps1
- name: Download module
uses: actions/download-artifact@v4
with:
name: Module
path: ./out/modules/PSRule
- if: ${{ matrix.shell == 'pwsh' }}
name: Test module (PowerShell)
shell: pwsh
timeout-minutes: 15
run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions
- if: ${{ matrix.shell == 'powershell' }}
name: Test module (Windows PowerShell)
shell: powershell
timeout-minutes: 30
run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions
build_extension:
name: Build extension
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: global.json
- name: Install dependencies
timeout-minutes: 3
run: |
npm install --global @vscode/vsce --force
npm install
dotnet restore
- name: Build extension
timeout-minutes: 3
run: |
mkdir -p out/package/
npm run package -- 0.0.1
- name: Upload extension
uses: actions/upload-artifact@v4
with:
name: Extension
path: out/package/vscode-ps-rule-*.vsix
retention-days: 3
if-no-files-found: error
test_extension:
name: 🧪 Test extension (${{ matrix.os }})
runs-on: ${{ matrix.os }}
needs: build_extension
permissions:
contents: read
strategy:
# Get full test results from all platforms.
fail-fast: false
matrix:
os:
- ubuntu-latest
- windows-latest
- macos-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: global.json
- name: Install dependencies
timeout-minutes: 3
run: |
npm install
- name: Configure environment
if: ${{ matrix.os == 'ubuntu-latest' }}
run: |
/usr/bin/Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 &
echo ">>> Started xvfb"
- name: Run tests
timeout-minutes: 5
run: |
npm test
env:
DISPLAY: ':99.0'
build_docs:
name: Build docs
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
architecture: 'x64'
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install wheel
python3 -m pip install -r requirements-docs.txt
- name: Build site
run: mkdocs build
env:
MKDOCS_GIT_COMMITTERS_APIKEY: ${{ secrets.GITHUB_TOKEN }}
# ------------------
# Run analysis tools
# ------------------
oss:
name: 🔍 Analyze with PSRule
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run PSRule analysis
uses: microsoft/[email protected]
with:
modules: PSRule.Rules.MSFT.OSS
prerelease: true
outputFormat: Sarif
outputPath: reports/ps-rule-results.sarif
option: ps-rule-ci.yaml
- name: Upload results to security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: reports/ps-rule-results.sarif
- name: Upload results
uses: actions/upload-artifact@v4
if: always()
with:
name: PSRule-Sarif
path: reports/ps-rule-results.sarif
retention-days: 1
if-no-files-found: error
devskim:
name: 🔍 Analyze with DevSkim
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run DevSkim scanner
uses: microsoft/DevSkim-Action@v1
with:
directory-to-scan: .
- name: Upload results to security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: devskim-results.sarif
- name: Upload results
uses: actions/upload-artifact@v4
if: always()
with:
name: DevSkim-Sarif
path: devskim-results.sarif
retention-days: 1
if-no-files-found: error
codeql:
name: 🔍 Analyze with CodeQL
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: 'csharp'
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
id: codeql-analyze
- name: Upload results
uses: actions/upload-artifact@v4
if: always()
with:
name: CodeQL-Sarif
path: ${{ steps.codeql-analyze.outputs.sarif-output }}
retention-days: 1
if-no-files-found: error