Update Inventory-ADGroups-their-Members.ps1 #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Analyze PowerShell Scripts | |
| on: | |
| push: | |
| branches: [main, develop] | |
| paths: ['**/*.ps1', '.psscriptanalyzer'] | |
| pull_request: | |
| branches: [main, develop] | |
| paths: ['**/*.ps1', '.psscriptanalyzer'] | |
| workflow_dispatch: | |
| jobs: | |
| psscriptanalyzer: | |
| name: 🧪 PowerShell Code Quality Check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write | |
| contents: write | |
| security-events: write | |
| statuses: write | |
| steps: | |
| - name: 📦 Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: 🕒 Capture Metadata | |
| id: metadata | |
| shell: bash | |
| run: | | |
| echo "timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_OUTPUT | |
| echo "commit_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| echo "commit_msg<<EOF" >> $GITHUB_OUTPUT | |
| git log -1 --pretty=%B >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: 🔍 Check for PowerShell Files | |
| id: check-ps1 | |
| shell: bash | |
| run: | | |
| count=$(find . -type f -name "*.ps1" | wc -l) | |
| echo "Found $count PowerShell script(s)." | |
| echo "count=$count" >> $GITHUB_OUTPUT | |
| if [ "$count" -eq 0 ]; then | |
| echo "No .ps1 files to analyze. Skipping." | |
| exit 0 | |
| fi | |
| - name: 🛠️ Auto-Fix Indentation and Whitespace | |
| shell: pwsh | |
| run: | | |
| $ErrorActionPreference = 'Stop' | |
| if (-not (Get-Module -ListAvailable -Name PSScriptAnalyzer)) { | |
| Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser -RequiredVersion 1.24.0 | |
| } | |
| $htPSA = @{ | |
| Path = '.' | |
| Recurse = $true | |
| Fix = $true | |
| IncludeRule = @('PSUseConsistentIndentation', 'PSUseConsistentWhitespace') | |
| Settings = @{ | |
| Rules = @{ | |
| PSUseConsistentIndentation = @{ | |
| Enable = $true | |
| IndentationSize = 4 | |
| PipelineIndentation = 'IncreaseIndentationForFirstPipeline' | |
| } | |
| PSUseConsistentWhitespace = @{ | |
| Enable = $true | |
| CheckInnerBrace = $true | |
| CheckOpenBrace = $true | |
| CheckOpenParen = $true | |
| CheckOperator = $true | |
| CheckSeparator = $true | |
| } | |
| } | |
| } | |
| } | |
| Invoke-ScriptAnalyzer @htPSA | |
| Write-Output "Auto-fix completed for indentation and whitespace." | |
| - name: 📝 Commit Auto-Fixed Files | |
| if: github.event_name == 'push' | |
| shell: bash | |
| run: | | |
| git config user.name "GitHub Action" | |
| git config user.email "action@github.com" | |
| git add . | |
| git diff --cached --quiet || git commit -m "Auto-fix PSScriptAnalyzer indentation and whitespace issues" | |
| git push | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: 🔎 Run PSScriptAnalyzer and Export SARIF | |
| shell: pwsh | |
| run: | | |
| $ErrorActionPreference = 'Stop' | |
| $sarifFile = Join-Path $env:GITHUB_WORKSPACE "psscriptanalyzer-results.sarif" | |
| if (-not (Get-Module -ListAvailable -Name PSScriptAnalyzer)) { | |
| Install-Module -Name PSScriptAnalyzer -Force -Scope CurrentUser -RequiredVersion 1.24.0 | |
| } | |
| $version = (Get-Module -ListAvailable PSScriptAnalyzer)[0].Version.ToString() | |
| Write-Output "PSScriptAnalyzer version: $version" | |
| $htPSA = @{ | |
| Path = '.' | |
| Recurse = $true | |
| Severity = @('Error', 'Warning') | |
| IncludeRule = @( | |
| 'PSAvoidUsingCmdletAliases', | |
| 'PSUseShouldProcessForStateChangingFunctions', | |
| 'PSAvoidUsingWriteHost', | |
| 'PSUseConsistentIndentation', | |
| 'PSUseConsistentWhitespace' | |
| ) | |
| Settings = @{ | |
| Rules = @{ | |
| PSUseConsistentIndentation = @{ | |
| Enable = $true | |
| IndentationSize = 4 | |
| PipelineIndentation = 'IncreaseIndentationForFirstPipeline' | |
| } | |
| PSUseConsistentWhitespace = @{ | |
| Enable = $true | |
| CheckInnerBrace = $true | |
| CheckOpenBrace = $true | |
| CheckOpenParen = $true | |
| CheckOperator = $true | |
| CheckSeparator = $true | |
| } | |
| } | |
| } | |
| } | |
| $results = Invoke-ScriptAnalyzer @htPSA | |
| if ($results | Where-Object { $_.Severity -eq 'Error' }) { | |
| Write-Error "PSScriptAnalyzer found errors" | |
| exit 1 | |
| } | |
| if ($results) { | |
| Write-Output "Found $($results.Count) issue(s)." | |
| $sarifResults = $results | ForEach-Object { | |
| @{ | |
| ruleId = $_.RuleName | |
| level = $_.Severity.ToString().ToLower() | |
| message = @{ text = $_.Message } | |
| locations = @( | |
| @{ | |
| physicalLocation = @{ | |
| artifactLocation = @{ uri = $_.ScriptPath.Replace("$env:GITHUB_WORKSPACE/", '') } | |
| region = @{ startLine = $_.Line; startColumn = $_.Column } | |
| } | |
| } | |
| ) | |
| } | |
| } | |
| $sarif = @{ | |
| '$schema' = 'http://json.schemastore.org/sarif-2.1.0' | |
| version = '2.1.0' | |
| runs = @(@{ tool = @{ driver = @{ name = 'PSScriptAnalyzer'; version = $version } }; results = $sarifResults }) | |
| } | |
| $sarif | ConvertTo-Json -Depth 10 | Out-File -FilePath $sarifFile -Encoding utf8 | |
| } else { | |
| '{"$schema": "http://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": []}' | Out-File -FilePath $sarifFile -Encoding utf8 | |
| } | |
| - name: 📊 Upload Analysis Results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: psscriptanalyzer-results | |
| path: ${{ github.workspace }}/psscriptanalyzer-results.sarif | |
| retention-days: 30 | |
| - name: 📄 Upload SARIF to GitHub | |
| if: always() | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ github.workspace }}/psscriptanalyzer-results.sarif | |
| checkout_path: ${{ github.workspace }} | |
| wait-for-processing: true | |
| - name: 📅 Generate Markdown Summary | |
| if: always() | |
| shell: pwsh | |
| run: | | |
| $summaryPath = Join-Path $env:GITHUB_WORKSPACE "psscriptanalyzer-summary.md" | |
| $sarifPath = Join-Path $env:GITHUB_WORKSPACE "psscriptanalyzer-results.sarif" | |
| $timestamp = '${{ steps.metadata.outputs.timestamp }}' | |
| $commit = '${{ steps.metadata.outputs.commit_sha }}' | |
| $commitMsg = '${{ steps.metadata.outputs.commit_msg }}' | |
| $repo = "${{ github.repository }}" | |
| $summaryLines = @() | |
| $summaryLines += "### 🧪 PowerShell Lint Summary" | |
| $summaryLines += "- 🕒 **Timestamp:** $timestamp" | |
| $summaryLines += "- 🔗 **Commit:** [$commit](https://github.com/$repo/commit/$commit)" | |
| $summaryLines += "- 📝 **Message:** $commitMsg" | |
| $summaryLines += "- 📦 **Repository:** [$repo](https://github.com/$repo)" | |
| $summaryLines += "" | |
| if (Test-Path $sarifPath) { | |
| $sarif = Get-Content $sarifPath -Raw | ConvertFrom-Json | |
| $issues = $sarif.runs[0].results | |
| if ($issues.Count -gt 0) { | |
| $summaryLines += "**Detected $($issues.Count) issue(s):**" | |
| foreach ($i in $issues | Select-Object -First 10) { | |
| $file = $i.locations[0].physicalLocation.artifactLocation.uri | |
| $line = $i.locations[0].physicalLocation.region.startLine | |
| $link = "https://github.com/$repo/blob/$commit/$file#L$line" | |
| $summaryLines += "- [$($i.level)] `$($i.ruleId)`: $($i.message.text) ([file]($link))" | |
| } | |
| } else { | |
| $summaryLines += "✅ No issues found." | |
| } | |
| } else { | |
| $summaryLines += "❗ SARIF results not found." | |
| } | |
| $summary = $summaryLines -join "`n" | |
| $summary | Out-File -FilePath $env:GITHUB_STEP_SUMMARY -Encoding utf8 | |
| $summary | Out-File -FilePath $summaryPath -Encoding utf8 | |
| - name: 🗂️ Upload Markdown Summary Artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: psscriptanalyzer-markdown-summary | |
| path: ${{ github.workspace }}/psscriptanalyzer-summary.md | |
| retention-days: 30 |