Build

Bump github/codeql-action from 4.31.11 to 4.32.0 #3620

Workflow file for this run

	#
	# CI Pipeline
	#

	# NOTES:
	# This workflow builds and tests module updates.

	name: Build
	on:
	push:
	branches: [ main, 'release/*' ]
	pull_request:
	branches: [ main, 'release/*' ]
	schedule:
	- cron: '26 21 * * 0' # At 09:26 PM, on Sunday each week
	workflow_dispatch: {}

	env:
	DOTNET_NOLOGO: true
	DOTNET_CLI_TELEMETRY_OPTOUT: true

	permissions: {}

	jobs:
	build_module:
	name: Build module
	runs-on: ubuntu-latest
	permissions:
	contents: read

	steps:

	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Setup .NET
	uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
	with:
	global-json-file: global.json

	- name: Install dependencies
	shell: pwsh
	timeout-minutes: 3
	run: ./scripts/pipeline-deps.ps1

	- name: Build module
	shell: pwsh
	timeout-minutes: 5
	run: Invoke-Build -Configuration Release -AssertStyle GitHubActions

	- name: Upload module
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: Module
	path: ./out/modules/PSRule.Rules.Azure/*
	retention-days: 3
	if-no-files-found: error

	# - name: Upload Test Results
	# uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	# if: always()
	# with:
	# name: Module.DotNet.TestResults
	# path: ./reports/*.trx
	# retention-days: 3
	# if-no-files-found: error

	- name: Upload PSRule Results
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	if: always()
	with:
	name: Results-PSRule
	path: ./reports/ps-rule*.xml
	retention-days: 3
	if-no-files-found: error

	test_module:
	name: 🧪 Test module (${{ matrix.rid }}-${{ matrix.shell }})
	runs-on: ${{ matrix.os }}
	needs: build_module
	permissions:
	contents: read

	strategy:
	# Get full test results from all platforms.
	fail-fast: false

	matrix:
	os: [ 'ubuntu-latest' ]
	rid: [ 'linux-x64' ]
	shell: [ 'pwsh' ]
	include:
	- os: windows-latest
	rid: win-x64
	shell: pwsh
	- os: windows-latest
	rid: win-x64
	shell: powershell
	- os: ubuntu-latest
	rid: linux-x64
	shell: pwsh
	- os: ubuntu-latest
	rid: linux-musl-x64
	shell: pwsh
	- os: macos-latest
	rid: osx-x64
	shell: pwsh

	steps:

	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Setup .NET
	uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
	with:
	global-json-file: global.json

	- if: ${{ matrix.shell == 'pwsh' }}
	name: Install dependencies (PowerShell)
	shell: pwsh
	timeout-minutes: 3
	run: ./scripts/pipeline-deps.ps1

	- if: ${{ matrix.shell == 'powershell' }}
	name: Install dependencies (Windows PowerShell)
	shell: powershell
	timeout-minutes: 3
	run: ./scripts/pipeline-deps.ps1

	- name: Download module
	uses: actions/download-artifact@v7
	with:
	name: Module
	path: ./out/modules/PSRule.Rules.Azure

	- if: ${{ matrix.shell == 'pwsh' }}
	name: Test module (PowerShell)
	shell: pwsh
	timeout-minutes: 15
	run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions

	- if: ${{ matrix.shell == 'powershell' }}
	name: Test module (Windows PowerShell)
	shell: powershell
	timeout-minutes: 30
	run: Invoke-Build TestModule -Configuration Release -AssertStyle GitHubActions

	build_docs:
	name: Build docs
	runs-on: ubuntu-latest
	permissions:
	contents: read

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	- name: Setup .NET
	uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
	with:
	global-json-file: global.json

	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip
	python3 -m pip install wheel
	python3 -m pip install -r requirements-docs.txt

	- name: Build docs
	run: \|
	Install-Module InvokeBuild -MinimumVersion 5.4.0 -Scope CurrentUser -Force
	Invoke-Build BuildDocs
	shell: pwsh

	- name: Build site
	run: mkdocs build
	env:
	MKDOCS_GIT_COMMITTERS_APIKEY: ${{ secrets.GITHUB_TOKEN }}

	# ------------------
	# Run analysis tools
	# ------------------
	oss:
	name: 🔍 Analyze with PSRule
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Run PSRule analysis
	uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
	with:
	modules: PSRule.Rules.MSFT.OSS
	prerelease: true
	outputFormat: Sarif
	outputPath: reports/ps-rule-results.sarif

	- name: Upload results to security tab
	uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
	if: always()
	with:
	sarif_file: reports/ps-rule-results.sarif

	- name: Upload results
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	if: always()
	with:
	name: PSRule-Sarif
	path: reports/ps-rule-results.sarif
	retention-days: 1
	if-no-files-found: error

	devskim:
	name: 🔍 Analyze with DevSkim
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Run DevSkim scanner
	uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16
	with:
	directory-to-scan: .

	- name: Upload results to security tab
	uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
	if: always()
	with:
	sarif_file: devskim-results.sarif

	- name: Upload results
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	if: always()
	with:
	name: DevSkim-Sarif
	path: devskim-results.sarif
	retention-days: 1
	if-no-files-found: error

	codeql:
	name: 🔍 Analyze with CodeQL
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Initialize CodeQL
	uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
	with:
	languages: 'csharp'

	- name: Autobuild
	uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
	id: codeql-analyze

	- name: Upload results
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	if: always()
	with:
	name: CodeQL-Sarif
	path: ${{ steps.codeql-analyze.outputs.sarif-output }}
	retention-days: 1
	if-no-files-found: error

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github/codeql-action from 4.31.11 to 4.32.0 #3620

Workflow file

Bump github/codeql-action from 4.31.11 to 4.32.0 #3620

Uh oh!

Workflow file for this run