diff --git a/.github/workflows/PSScriptAnalyzer.yml b/.github/workflows/powershell.yml similarity index 76% rename from .github/workflows/PSScriptAnalyzer.yml rename to .github/workflows/powershell.yml index 60bdec1..2a1431e 100644 --- a/.github/workflows/PSScriptAnalyzer.yml +++ b/.github/workflows/powershell.yml @@ -10,9 +10,13 @@ name: PSScriptAnalyzer on: - workflow_dispatch: + push: + branches: [ "main", "release*" ] pull_request: - + branches: [ "main" ] + schedule: + - cron: '21 4 * * 0' + permissions: contents: read @@ -21,24 +25,23 @@ jobs: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status name: PSScriptAnalyzer runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Run PSScriptAnalyzer - uses: microsoft/psscriptanalyzer-action@v1.1 + uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f with: # Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options. # The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules. path: .\ - recurse: true - severity: 'Error' - # Include your own basic security rules. Removing this option will run all the rules - # includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"' + recurse: true + # Include your own basic security rules. Removing this option will run all the rules + includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"' output: results.sarif - + # Upload the SARIF file generated in the previous step - name: Upload SARIF results file uses: github/codeql-action/upload-sarif@v2