-
Notifications
You must be signed in to change notification settings - Fork 0
134 lines (115 loc) · 4.01 KB
/
powershell.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: PowerShell
on:
push:
branches: [ "main" ]
paths-ignore:
- 'docs/**'
- 'Changelog.md'
- 'README.md'
- src/internal/Export-HelpToMd.ps1
pull_request:
branches: [ "main" ]
permissions:
contents: read
jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
- name: Run PSScriptAnalyzer
uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f
with:
# Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options.
# The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules.
path: .\src
recurse: true
# Include your own basic security rules. Removing this option will run all the rules
includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"'
output: results.sarif
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
- uses: dotnet/nbgv@1801854259a50d987aaa03b99b28cebf49faa779
id: nbgv
- name: Build
shell: pwsh
run: ./build.ps1 build ${{ steps.nbgv.outputs.VersionMajor }} ${{ steps.nbgv.outputs.VersionMinor }} ${{ steps.nbgv.outputs.BuildNumber }} ${{ steps.nbgv.outputs.VersionRevision }} ${{ steps.nbgv.outputs.PrereleaseVersionNoLeadingHyphen }}
- name: Store build output
uses: actions/upload-artifact@v3
with:
name: build
path: |
publish
retention-days: 1
test7:
permissions:
contents: read # for actions/checkout to fetch code
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Test PowerShell 7
needs: Build
runs-on: ubuntu-latest
container:
image: mcr.microsoft.com/powershell:${{ matrix.pwshv }}-ubuntu-22.04
strategy:
matrix:
pwshv: ['7.3','7.4']
steps:
- uses: actions/checkout@v4
- name: Download build output
uses: actions/download-artifact@v3
with:
name: build
path: publish
- name: Test
shell: pwsh
run: ./build.ps1 test
test5:
permissions:
contents: read # for actions/checkout to fetch code
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Test PowerShell 5
needs: Build
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download build output
uses: actions/download-artifact@v3
with:
name: build
path: publish
- name: Test
shell: powershell
run: ./build.ps1 test
publish:
permissions:
contents: read # for actions/checkout to fetch code
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Publish
needs: [test7, test5]
runs-on: ubuntu-latest
container:
image: mcr.microsoft.com/dotnet/sdk:8.0
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Download build output
uses: actions/download-artifact@v3
with:
name: build
path: publish
- name: Publish
shell: pwsh
run: ./build.ps1 publish
env:
PSPublishApiKey: ${{ secrets.NUGETAPIKEY }}