Add support for declaring required capabilities #2707 (#2708) #469
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# CI Pipeline | |
# | |
# NOTES: | |
# This workflow builds and tests PSRule components. | |
# During this process linting and analysis tools are used to ensure code quality. | |
# You can read more about these linting tools and configuration options here: | |
# PSRule - https://aka.ms/ps-rule and https://github.com/Microsoft/PSRule.Rules.MSFT.OSS | |
# CodeQL - https://codeql.github.com/docs/codeql-overview/about-codeql/ | |
# DevSkim - https://github.com/microsoft/DevSkim-Action and https://github.com/Microsoft/DevSkim | |
name: Build | |
on: | |
push: | |
branches: [main, 'release/*'] | |
pull_request: | |
branches: [main, 'release/*'] | |
schedule: | |
- cron: '24 22 * * 0' # At 10:24 PM, on Sunday each week | |
workflow_dispatch: {} | |
env: | |
DOTNET_NOLOGO: true | |
DOTNET_CLI_TELEMETRY_OPTOUT: true | |
permissions: {} | |
jobs: | |
build_module: | |
name: Build module | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup .NET | |
uses: actions/setup-dotnet@v4 | |
with: | |
global-json-file: global.json | |
- name: Install dependencies | |
shell: pwsh | |
timeout-minutes: 3 | |
run: ./scripts/pipeline-deps.ps1 | |
- name: Build module | |
shell: pwsh | |
timeout-minutes: 5 | |
run: Invoke-Build -Configuration Release -AssertStyle GitHubActions | |
- name: Lint .NET | |
shell: pwsh | |
timeout-minutes: 5 | |
run: dotnet format --verify-no-changes | |
- name: Upload module | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Module | |
path: ./out/modules/PSRule/* | |
retention-days: 3 | |
if-no-files-found: error | |
- name: Upload PSRule Results | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: Results-PSRule | |
path: ./reports/ps-rule*.xml | |
retention-days: 3 | |
if-no-files-found: error | |
test_module: | |
name: 🧪 Test module (${{ matrix.rid }}-${{ matrix.shell }}) | |
runs-on: ${{ matrix.os }} | |
needs: build_module | |
permissions: | |
contents: read | |
strategy: | |
# Get full test results from all platforms. | |
fail-fast: false | |
matrix: | |
os: ['ubuntu-latest'] | |
rid: ['linux-x64'] | |
shell: ['pwsh'] | |
include: | |
- os: windows-latest | |
rid: win-x64 | |
shell: pwsh | |
- os: windows-latest | |
rid: win-x64 | |
shell: powershell | |
- os: ubuntu-latest | |
rid: linux-x64 | |
shell: pwsh | |
- os: ubuntu-latest | |
rid: linux-musl-x64 | |
shell: pwsh | |
- os: macos-latest | |
rid: osx-x64 | |
shell: pwsh | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup .NET | |
uses: actions/setup-dotnet@v4 | |
with: | |
global-json-file: global.json | |
- if: ${{ matrix.shell == 'pwsh' }} | |
name: Install dependencies (PowerShell) | |
shell: pwsh | |
timeout-minutes: 3 | |
run: ./scripts/pipeline-deps.ps1 | |
- if: ${{ matrix.shell == 'powershell' }} | |
name: Install dependencies (Windows PowerShell) | |
shell: powershell | |
timeout-minutes: 3 | |
run: ./scripts/pipeline-deps.ps1 | |
- name: Download module | |
uses: actions/download-artifact@v4 | |
with: | |
name: Module | |
path: ./out/modules/PSRule | |
- if: ${{ matrix.shell == 'pwsh' }} | |
name: Test module (PowerShell) | |
shell: pwsh | |
timeout-minutes: 15 | |
run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions | |
- if: ${{ matrix.shell == 'powershell' }} | |
name: Test module (Windows PowerShell) | |
shell: powershell | |
timeout-minutes: 30 | |
run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions | |
build_extension: | |
name: Build extension | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Setup .NET | |
uses: actions/setup-dotnet@v4 | |
with: | |
global-json-file: global.json | |
- name: Install dependencies | |
timeout-minutes: 3 | |
run: | | |
npm install --global @vscode/vsce --force | |
npm install | |
dotnet restore | |
- name: Build extension | |
timeout-minutes: 3 | |
run: | | |
mkdir -p out/package/ | |
npm run package -- 0.0.1 | |
- name: Upload extension | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Extension | |
path: out/package/vscode-ps-rule-*.vsix | |
retention-days: 3 | |
if-no-files-found: error | |
test_extension: | |
name: 🧪 Test extension (${{ matrix.os }}) | |
runs-on: ${{ matrix.os }} | |
needs: build_extension | |
permissions: | |
contents: read | |
strategy: | |
# Get full test results from all platforms. | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
- windows-latest | |
- macos-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Setup .NET | |
uses: actions/setup-dotnet@v4 | |
with: | |
global-json-file: global.json | |
- name: Install dependencies | |
timeout-minutes: 3 | |
run: | | |
npm install | |
- name: Configure environment | |
if: ${{ matrix.os == 'ubuntu-latest' }} | |
run: | | |
/usr/bin/Xvfb :99 -screen 0 1024x768x24 > /dev/null 2>&1 & | |
echo ">>> Started xvfb" | |
- name: Run tests | |
timeout-minutes: 5 | |
run: | | |
npm test | |
env: | |
DISPLAY: ':99.0' | |
build_docs: | |
name: Build docs | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
architecture: 'x64' | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
python3 -m pip install wheel | |
python3 -m pip install -r requirements-docs.txt | |
- name: Build site | |
run: mkdocs build | |
env: | |
MKDOCS_GIT_COMMITTERS_APIKEY: ${{ secrets.GITHUB_TOKEN }} | |
# ------------------ | |
# Run analysis tools | |
# ------------------ | |
oss: | |
name: 🔍 Analyze with PSRule | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run PSRule analysis | |
uses: microsoft/ps-rule@v2.9.0 | |
with: | |
modules: PSRule.Rules.MSFT.OSS | |
prerelease: true | |
outputFormat: Sarif | |
outputPath: reports/ps-rule-results.sarif | |
option: ps-rule-ci.yaml | |
- name: Upload results to security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
if: always() | |
with: | |
sarif_file: reports/ps-rule-results.sarif | |
- name: Upload results | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: PSRule-Sarif | |
path: reports/ps-rule-results.sarif | |
retention-days: 1 | |
if-no-files-found: error | |
devskim: | |
name: 🔍 Analyze with DevSkim | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run DevSkim scanner | |
uses: microsoft/DevSkim-Action@v1 | |
with: | |
directory-to-scan: . | |
- name: Upload results to security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
if: always() | |
with: | |
sarif_file: devskim-results.sarif | |
- name: Upload results | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: DevSkim-Sarif | |
path: devskim-results.sarif | |
retention-days: 1 | |
if-no-files-found: error | |
codeql: | |
name: 🔍 Analyze with CodeQL | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: 'csharp' | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
id: codeql-analyze | |
- name: Upload results | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: CodeQL-Sarif | |
path: ${{ steps.codeql-analyze.outputs.sarif-output }} | |
retention-days: 1 | |
if-no-files-found: error | |