PSScriptModule/.github/workflows/ci.yml at main · WarehouseFinds/PSScriptModule · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: CI
run-name: "${{ github.event.repository.name }} | CI | ${{ github.run_id }} | ${{ github.event_name }}"
permissions: read-all

on:
  workflow_dispatch:
  push:
    branches:
      - main
    paths:
      - 'src/**'
      - 'tests/**'
      - '*.ps1'
      - '*.psd1'

  pull_request:
    branches:
      - main
      - 'release/**'
      - 'hotfix/**'
    paths:
      - 'src/**'
      - 'tests/**'
      - '.github/**/*'
      - '*.ps1'
      - '*.psd1'

jobs:
  changes:
    name: Label Changes
    runs-on: [ubuntu-latest]
    if: github.event_name == 'pull_request'
    permissions:
      contents: read
      pull-requests: write
    steps:
    - name: Labeler
      id: labeler
      uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b #v6.0.1

  dependencies:
    name: Dependencies
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      module-list: ${{ steps.resolve.outputs.module-list }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          repository: ${{ github.repository }}
      - name: Resolve dependencies
        id: resolve
        uses: ./.github/actions/ps-resolve-dependencies

  unit-tests:
    name: Unit Tests
    needs: [dependencies]
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest, macos-latest]
    permissions:
      contents: read
      issues: write
      pull-requests: write
      checks: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: Run Pester Unit Tests
        uses: ./.github/actions/ps-unit-tests
        with:
          module-list: ${{ needs.dependencies.outputs.module-list }}

  static-code-analysis:
    name: Static Code Analysis
    needs: [dependencies]
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      pull-requests: write
      checks: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: Run PSScriptAnalyzer
        uses: ./.github/actions/ps-static-code-analysis
        with:
          module-list: ${{ needs.dependencies.outputs.module-list }}

  code-injection:
    name: Code Injection
    needs: [dependencies]
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      pull-requests: write
      checks: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: Run InjectionHunter
        uses: ./.github/actions/ps-code-injection
        with:
          module-list: ${{ needs.dependencies.outputs.module-list }}

  build:
    name: Build
    needs: [dependencies, unit-tests, static-code-analysis, code-injection]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    outputs:
      release-version: ${{ steps.build.outputs.release-version }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          repository: ${{ github.repository }}
          fetch-depth: 0
      - name: Build Module
        id: build
        uses: ./.github/actions/ps-build
        with:
          release-type: 'Debug'
          module-list: ${{ needs.dependencies.outputs.module-list }}
      - name: Run Integration Tests
        uses: ./.github/actions/ps-integration-tests