Build #236
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # CI Pipeline | |
| # | |
| # NOTES: | |
| # This workflow builds and tests module updates. | |
| name: Build | |
| on: | |
| push: | |
| branches: [ main, 'release/*' ] | |
| pull_request: | |
| branches: [ main, 'release/*' ] | |
| schedule: | |
| - cron: '26 21 * * 0' # At 09:26 PM, on Sunday each week | |
| workflow_dispatch: {} | |
| env: | |
| DOTNET_NOLOGO: true | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| permissions: {} | |
| jobs: | |
| build_module: | |
| name: Build module | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| with: | |
| global-json-file: global.json | |
| - name: Install dependencies | |
| shell: pwsh | |
| timeout-minutes: 3 | |
| run: ./scripts/pipeline-deps.ps1 | |
| - name: Build module | |
| shell: pwsh | |
| timeout-minutes: 5 | |
| run: Invoke-Build -Configuration Release -AssertStyle GitHubActions | |
| - name: Upload module | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: Module | |
| path: ./out/modules/PSRule.Rules.Azure/* | |
| retention-days: 3 | |
| if-no-files-found: error | |
| # - name: Upload Test Results | |
| # uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| # if: always() | |
| # with: | |
| # name: Module.DotNet.TestResults | |
| # path: ./reports/*.trx | |
| # retention-days: 3 | |
| # if-no-files-found: error | |
| - name: Upload PSRule Results | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: always() | |
| with: | |
| name: Results-PSRule | |
| path: ./reports/ps-rule*.xml | |
| retention-days: 3 | |
| if-no-files-found: error | |
| test_module: | |
| name: 🧪 Test module (${{ matrix.rid }}-${{ matrix.shell }}) | |
| runs-on: ${{ matrix.os }} | |
| needs: build_module | |
| permissions: | |
| contents: read | |
| strategy: | |
| # Get full test results from all platforms. | |
| fail-fast: false | |
| matrix: | |
| os: [ 'ubuntu-latest' ] | |
| rid: [ 'linux-x64' ] | |
| shell: [ 'pwsh' ] | |
| include: | |
| - os: windows-latest | |
| rid: win-x64 | |
| shell: pwsh | |
| - os: windows-latest | |
| rid: win-x64 | |
| shell: powershell | |
| - os: ubuntu-latest | |
| rid: linux-x64 | |
| shell: pwsh | |
| - os: ubuntu-latest | |
| rid: linux-musl-x64 | |
| shell: pwsh | |
| - os: macos-latest | |
| rid: osx-x64 | |
| shell: pwsh | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| with: | |
| global-json-file: global.json | |
| - if: ${{ matrix.shell == 'pwsh' }} | |
| name: Install dependencies (PowerShell) | |
| shell: pwsh | |
| timeout-minutes: 3 | |
| run: ./scripts/pipeline-deps.ps1 | |
| - if: ${{ matrix.shell == 'powershell' }} | |
| name: Install dependencies (Windows PowerShell) | |
| shell: powershell | |
| timeout-minutes: 3 | |
| run: ./scripts/pipeline-deps.ps1 | |
| - name: Download module | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: Module | |
| path: ./out/modules/PSRule.Rules.Azure | |
| - if: ${{ matrix.shell == 'pwsh' }} | |
| name: Test module (PowerShell) | |
| shell: pwsh | |
| timeout-minutes: 15 | |
| run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions | |
| - if: ${{ matrix.shell == 'powershell' }} | |
| name: Test module (Windows PowerShell) | |
| shell: powershell | |
| timeout-minutes: 30 | |
| run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions | |
| build_docs: | |
| name: Build docs | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 | |
| with: | |
| global-json-file: global.json | |
| - name: Install dependencies | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| python3 -m pip install wheel | |
| python3 -m pip install -r requirements-docs.txt | |
| - name: Build docs | |
| run: | | |
| Install-Module InvokeBuild -MinimumVersion 5.4.0 -Scope CurrentUser -Force | |
| Invoke-Build BuildDocs | |
| shell: pwsh | |
| - name: Build site | |
| run: mkdocs build | |
| env: | |
| MKDOCS_GIT_COMMITTERS_APIKEY: ${{ secrets.GITHUB_TOKEN }} | |
| # ------------------ | |
| # Run analysis tools | |
| # ------------------ | |
| oss: | |
| name: 🔍 Analyze with PSRule | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - name: Run PSRule analysis | |
| uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0 | |
| with: | |
| modules: PSRule.Rules.MSFT.OSS | |
| prerelease: true | |
| outputFormat: Sarif | |
| outputPath: reports/ps-rule-results.sarif | |
| - name: Upload results to security tab | |
| uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 | |
| if: always() | |
| with: | |
| sarif_file: reports/ps-rule-results.sarif | |
| - name: Upload results | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: always() | |
| with: | |
| name: PSRule-Sarif | |
| path: reports/ps-rule-results.sarif | |
| retention-days: 1 | |
| if-no-files-found: error | |
| devskim: | |
| name: 🔍 Analyze with DevSkim | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - name: Run DevSkim scanner | |
| uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16 | |
| with: | |
| directory-to-scan: . | |
| - name: Upload results to security tab | |
| uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 | |
| if: always() | |
| with: | |
| sarif_file: devskim-results.sarif | |
| - name: Upload results | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: always() | |
| with: | |
| name: DevSkim-Sarif | |
| path: devskim-results.sarif | |
| retention-days: 1 | |
| if-no-files-found: error | |
| codeql: | |
| name: 🔍 Analyze with CodeQL | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 | |
| with: | |
| languages: 'csharp' | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 | |
| id: codeql-analyze | |
| - name: Upload results | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: always() | |
| with: | |
| name: CodeQL-Sarif | |
| path: ${{ steps.codeql-analyze.outputs.sarif-output }} | |
| retention-days: 1 | |
| if-no-files-found: error |