-
Notifications
You must be signed in to change notification settings - Fork 0
156 lines (142 loc) · 4.6 KB
/
powershell.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: PowerShell
on:
push:
branches: [ "main" ]
paths-ignore:
- 'docs/**'
- 'Changelog.md'
- 'README.md'
pull_request:
branches: [ "main" ]
permissions:
contents: read
jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
- name: Run PSScriptAnalyzer
uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
with:
# Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options.
# The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules.
path: .\src
recurse: true
# Include your own basic security rules. Removing this option will run all the rules
includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"'
output: results.sarif
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
- uses: dotnet/nbgv@1801854259a50d987aaa03b99b28cebf49faa779
id: nbgv
- name: Build
shell: pwsh
run: ./build.ps1 build ${{ steps.nbgv.outputs.VersionMajor }} ${{ steps.nbgv.outputs.VersionMinor }} ${{ steps.nbgv.outputs.BuildNumber }} ${{ steps.nbgv.outputs.VersionRevision }} ${{ steps.nbgv.outputs.PrereleaseVersionNoLeadingHyphen }}
- name: Store build output
uses: actions/upload-artifact@v4
with:
name: build
path: |
publish
retention-days: 1
#test7:
# permissions:
# contents: read # for actions/checkout to fetch code
# actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
# name: Test PowerShell 7
# needs: Build
# runs-on: ubuntu-latest
# container:
# image: mcr.microsoft.com/powershell:${{ matrix.pwshv }}-ubuntu-22.04
# strategy:
# matrix:
# pwshv: ['7.3','7.4']
#
# steps:
# - uses: actions/checkout@v4
#
# - name: Download build output
# uses: actions/download-artifact@v4
# with:
# name: build
# path: publish
#
# - name: Install Utils
# shell: pwsh
# run: |
# apt-get update
# apt-get install curl jq -y
#
# - uses: testspace-com/setup-testspace@v1
# with:
# domain: ${{github.repository_owner}}
#
# - name: Test
# shell: pwsh
# run: ./build.ps1 test
#
# - name: Publish Results to Testspace
# run: testspace "[v${{ matrix.pwshv }}]testResults.xml"
#
# if: always()
# test5:
# permissions:
# contents: read # for actions/checkout to fetch code
# actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
# name: Test PowerShell 5
# needs: Build
# runs-on: windows-latest
# steps:
# - uses: actions/checkout@v4
# with:
# fetch-depth: 0
#
# - name: Download build output
# uses: actions/download-artifact@v4
# with:
# name: build
# path: publish
#
# - uses: testspace-com/setup-testspace@v1
# with:
# domain: ${{github.repository_owner}}
#
# - name: Test
# shell: powershell
# run: ./build.ps1 test
#
# - name: Publish Results to Testspace
# run: testspace "[v5.1]testResults.xml"
# if: always()
publish:
permissions:
contents: read # for actions/checkout to fetch code
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Publish
needs: [build]
runs-on: ubuntu-latest
container:
image: mcr.microsoft.com/dotnet/sdk:8.0
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Download build output
uses: actions/download-artifact@v4
with:
name: build
path: publish
- name: Publish
shell: pwsh
run: ./build.ps1 publish
env:
PSPublishApiKey: ${{ secrets.NUGETAPIKEY }}