name: Validation on: push: branches: [windows] pull_request: branches: [windows] jobs: tests: name: Unit & Integration Tests runs-on: windows-latest steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: "1.24.6" - name: Install Pester run: | Install-Module -Name Pester -Force -SkipPublisherCheck -Scope CurrentUser shell: pwsh - name: Run PowerShell tests run: | Import-Module Pester $config = New-PesterConfiguration $config.Run.Path = "./tests" $config.Output.Verbosity = "Detailed" $config.Run.Exit = $true Invoke-Pester -Configuration $config shell: pwsh - name: Run Go tests run: | cd cmd/analyze go test -v ./... cd ../status go test -v ./... shell: pwsh build: name: Build runs-on: windows-latest steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: "1.24.6" - name: Build Go binaries run: | cd cmd/analyze go build -o analyze.exe . cd ../status go build -o status.exe . shell: pwsh - name: Verify binaries run: | if (Test-Path cmd/analyze/analyze.exe) { Write-Host "analyze.exe built successfully" } else { Write-Host "Failed to build analyze.exe" exit 1 } if (Test-Path cmd/status/status.exe) { Write-Host "status.exe built successfully" } else { Write-Host "Failed to build status.exe" exit 1 } shell: pwsh security: name: Security Checks runs-on: windows-latest steps: - uses: actions/checkout@v4 - name: Load core modules run: | . ./lib/core/base.ps1 . ./lib/core/file_ops.ps1 Write-Host "Core modules loaded successfully" shell: pwsh - name: Verify protected paths run: | . ./lib/core/base.ps1 . ./lib/core/file_ops.ps1 $protectedPaths = @( "C:\Windows", "C:\Windows\System32", "C:\Program Files", "C:\Program Files (x86)" ) foreach ($path in $protectedPaths) { if (-not (Test-ProtectedPath -Path $path)) { Write-Host "FAIL: $path should be protected!" -ForegroundColor Red exit 1 } Write-Host "OK: $path is protected" -ForegroundColor Green } shell: pwsh - name: Check for unsafe patterns run: | $hasIssues = $false # Check for raw Remove-Item without safety $unsafePatterns = Get-ChildItem -Path lib,bin -Recurse -Filter "*.ps1" | Select-String -Pattern "Remove-Item.*-Recurse.*-Force" | Where-Object { $_.Line -notmatch "Remove-SafeItem|function Remove-" } if ($unsafePatterns) { Write-Host "Warning: Potential unsafe Remove-Item usage found:" -ForegroundColor Yellow $unsafePatterns | ForEach-Object { Write-Host " $($_.Filename):$($_.LineNumber)" } } Write-Host "Security check completed" -ForegroundColor Green shell: pwsh - name: Check for secrets run: | $matches = Get-ChildItem -Path . -Recurse -Filter "*.ps1" | Select-String -Pattern "password|secret|api_key" -CaseSensitive:$false | Where-Object { $_.Line -notmatch "^\s*#" } if ($matches) { Write-Host "Review these lines for potential secrets:" -ForegroundColor Yellow $matches | ForEach-Object { Write-Host " $($_.Filename):$($_.LineNumber): $($_.Line.Trim())" } } Write-Host "Secret scan completed" -ForegroundColor Green shell: pwsh