Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: Lint and Audit

on:
push:
branches: [ main, master ]
pull_request:
branches: [ main, master ]

jobs:
lint:
name: PowerShell lint and audit
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4

- name: Install PSScriptAnalyzer
shell: pwsh
run: |
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module -Name PSScriptAnalyzer -Scope CurrentUser -Force

- name: Run Invoke-ScriptAnalyzer
shell: pwsh
run: |
Import-Module PSScriptAnalyzer
$results = Invoke-ScriptAnalyzer -Path ./PSToolkit.ps1 -Recurse
if ($results) {
Write-Host "PSScriptAnalyzer findings:" -ForegroundColor Yellow
$results | Format-Table -AutoSize
Comment on lines +27 to +30

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Fail lint job when ScriptAnalyzer reports violations

The lint workflow captures Invoke-ScriptAnalyzer output and prints it, but the step never sets a failing exit code when $results contains findings. As written, pull requests with lint errors will still pass CI because the job always exits successfully after the Write-Host calls. Consider returning a non‑zero exit (e.g., if ($results) { $results | Format-Table; exit 1 }) so lint violations actually block merges.

Useful? React with 👍 / 👎.

} else {
Write-Host "No lint findings detected." -ForegroundColor Green
}

- name: Simulated security audit
shell: pwsh
run: |
Write-Host "Security audit checklist:" -ForegroundColor Cyan
Write-Host " - Run Invoke-ScriptAnalyzer locally for remediation guidance."
Write-Host " - Enable repository secret scanning and code scanning tools."
Write-Host " - Validate maintenance commands (defrag, cleanmgr) with input sanitization before release."

- name: Test placeholder
shell: pwsh
run: |
Write-Host "No automated Pester tests are defined yet. Add tests under ./tests as they are developed."
44 changes: 15 additions & 29 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,32 +1,18 @@
# Windows system files
Thumbs.db
Desktop.ini

# PowerShell-related files
*.ps1~
*.psm1~
*.psd1~
# PSToolkit gitignore
Outputs/
Output/
*.log

# User-specific files
*.tmp
*.zip
*.cache
*.bak
*.swp

# VSCode or IDE settings (if using)
.vscode/
.idea/
*.code-workspace

# macOS system files (if transferred from Mac)
*.tmp
*.ps1~
*.ps1.tmp
.DS_Store

# Node/NPM or Python (if added later)
node_modules/
venv/
.env

# Archive files
*.zip
*.tar.gz
*.rar
Thumbs.db
# Pester test results
TestResults/
# PowerShell module artifacts
*.nupkg
*.psd1
*.psm1
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Changelog

All notable changes to this project will be documented in this file. The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and adheres to [Semantic Versioning](https://semver.org/).

## [0.1.0] - 2025-10-18
### Added
- Comprehensive repository audit documentation, including updated `README.md`, new `ROADMAP.md`, and security notes.
- `.github/workflows/lint.yml` workflow to run PSScriptAnalyzer linting and document simulated security checks.
- `docs/DEPENDENCY_OVERVIEW.md` describing repository structure and runtime dependencies.
- `.gitignore` tuned for PowerShell artifacts, logs, and generated outputs.
- Placeholder `tests/README.md` to guide future Pester test contributions.

### Changed
- Refreshed `README.md` to reflect current capabilities, installation steps, troubleshooting tips, and compliance guidance.
Loading