Update Synchronize-ADForestDCs.ps1 #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Analyze PowerShell Scripts | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| paths: | |
| - '**/*.ps1' | |
| - '.psscriptanalyzer' | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| paths: | |
| - '**/*.ps1' | |
| - '.psscriptanalyzer' | |
| workflow_dispatch: | |
| jobs: | |
| psscriptanalyzer: | |
| name: PowerShell Code Quality Check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write | |
| contents: read | |
| security-events: write | |
| statuses: write | |
| steps: | |
| - name: 📦 Checkout Repository | |
| uses: actions/checkout@v4.2.2 | |
| - name: 🕵️ Debug Repository Contents | |
| shell: bash | |
| run: | | |
| echo "Current directory: $(pwd)" | |
| echo "GitHub workspace: ${{ github.workspace }}" | |
| echo "Listing all files in repository:" | |
| find . -type f | |
| echo "Checking for PowerShell scripts:" | |
| if find . -type f -name "*.ps1" | grep .; then | |
| echo "PowerShell scripts found" | |
| else | |
| echo "No PowerShell scripts found" | |
| fi | |
| - name: 🔎 Run PSScriptAnalyzer and Export SARIF | |
| shell: pwsh | |
| run: | | |
| $ErrorActionPreference = 'Stop' | |
| $sarifFile = Join-Path $env:GITHUB_WORKSPACE "psscriptanalyzer-results.sarif" | |
| Write-Output "Target SARIF file path: $sarifFile" | |
| Write-Output "Checking PowerShell version:" | |
| $PSVersionTable | Format-Table -AutoSize | Out-String | Write-Output | |
| try { | |
| Write-Output "Installing PSScriptAnalyzer" | |
| Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser -MinimumVersion 1.22.0 -ErrorAction Stop | |
| $version = (Get-Module -ListAvailable PSScriptAnalyzer)[0].Version.ToString() | |
| Write-Output "PSScriptAnalyzer version: $version" | |
| $scriptFiles = Get-ChildItem -Path . -Recurse -Include *.ps1 | |
| if ($scriptFiles) { | |
| Write-Output "Found $($scriptFiles.Count) PowerShell scripts" | |
| $htPSA = @{ | |
| Path = '.' | |
| Recurse = $true | |
| Severity = @('Error', 'Warning') | |
| IncludeRule = @( | |
| 'PSAvoidUsingCmdletAliases', | |
| 'PSUseShouldProcessForStateChangingFunctions', | |
| 'PSAvoidUsingWriteHost', | |
| 'PSUseConsistentIndentation', | |
| 'PSUseConsistentWhitespace' | |
| ) | |
| Settings = @{ | |
| Rules = @{ | |
| PSUseConsistentIndentation = @{ | |
| Enable = $true | |
| IndentationSize = 4 | |
| PipelineIndentation = 'IncreaseIndentationForFirstPipeline' | |
| } | |
| PSUseConsistentWhitespace = @{ | |
| Enable = $true | |
| CheckInnerBrace = $true | |
| CheckOpenBrace = $true | |
| CheckOpenParen = $true | |
| CheckOperator = $true | |
| CheckSeparator = $true | |
| } | |
| } | |
| } | |
| } | |
| Write-Output "Running PSScriptAnalyzer on path: $(Get-Location)" | |
| $results = Invoke-ScriptAnalyzer @htPSA | |
| if ($results) { | |
| Write-Output "Found $($results.Count) issues" | |
| $sarifResults = $results | ForEach-Object { | |
| @{ | |
| ruleId = $_.RuleName | |
| level = $_.Severity.ToString().ToLower() | |
| message = @{ text = $_.Message } | |
| locations = @( | |
| @{ | |
| physicalLocation = @{ | |
| artifactLocation = @{ | |
| uri = $_.ScriptPath.Replace("$env:GITHUB_WORKSPACE/", '') | |
| } | |
| region = @{ | |
| startLine = $_.Line | |
| startColumn = $_.Column | |
| } | |
| } | |
| } | |
| ) | |
| } | |
| } | |
| $sarif = @{ | |
| '$schema' = 'http://json.schemastore.org/sarif-2.1.0' | |
| version = '2.1.0' | |
| runs = @( | |
| @{ | |
| tool = @{ | |
| driver = @{ | |
| name = 'PSScriptAnalyzer' | |
| version = $version | |
| } | |
| } | |
| results = $sarifResults | |
| } | |
| ) | |
| } | |
| $sarif | ConvertTo-Json -Depth 10 | Out-File -FilePath $sarifFile -Encoding utf8 | |
| Write-Output "SARIF file generated: $sarifFile" | |
| } else { | |
| Write-Output "No issues found" | |
| '{"$schema": "http://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": []}' | Out-File -FilePath $sarifFile -Encoding utf8 | |
| Write-Output "Empty SARIF file generated: $sarifFile" | |
| } | |
| } else { | |
| Write-Output "No PowerShell scripts found in repository" | |
| '{"$schema": "http://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": []}' | Out-File -FilePath $sarifFile -Encoding utf8 | |
| Write-Output "Empty SARIF file generated: $sarifFile" | |
| } | |
| } catch { | |
| Write-Error "PSScriptAnalyzer failed: $_" | |
| exit 1 | |
| } | |
| - name: 🕵️ Debug SARIF File Existence | |
| shell: bash | |
| run: | | |
| echo "Current directory: $(pwd)" | |
| echo "Listing files:" | |
| ls -la | |
| if [ -f "${{ github.workspace }}/psscriptanalyzer-results.sarif" ]; then | |
| echo "SARIF file exists" | |
| cat "${{ github.workspace }}/psscriptanalyzer-results.sarif" | |
| else | |
| echo "SARIF file not found at ${{ github.workspace }}/psscriptanalyzer-results.sarif" | |
| exit 1 | |
| fi | |
| - name: 📊 Upload Analysis Results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: psscriptanalyzer-results | |
| path: ${{ github.workspace }}/psscriptanalyzer-results.sarif | |
| retention-days: 7 | |
| - name: 📤 Upload SARIF to GitHub | |
| if: always() | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ github.workspace }}/psscriptanalyzer-results.sarif | |
| checkout_path: ${{ github.workspace }} | |
| wait-for-processing: true |