mirror of
https://github.com/tw93/Mole.git
synced 2026-02-04 15:39:42 +00:00
81c3b97878
- Rewrite check.yml for Windows (PowerShell syntax check, Go linting) - Rewrite test.yml for Windows (Pester tests, Go tests, security checks) - Rewrite release.yml for Windows releases (W* tags, zip package) - Update update-contributors.yml to trigger on windows branch
143 lines
4.0 KiB
YAML
143 lines
4.0 KiB
YAML
name: Validation
|
|
|
|
on:
|
|
push:
|
|
branches: [windows]
|
|
pull_request:
|
|
branches: [windows]
|
|
|
|
jobs:
|
|
tests:
|
|
name: Unit & Integration Tests
|
|
runs-on: windows-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: "1.24.6"
|
|
|
|
- name: Install Pester
|
|
run: |
|
|
Install-Module -Name Pester -Force -SkipPublisherCheck -Scope CurrentUser
|
|
shell: pwsh
|
|
|
|
- name: Run PowerShell tests
|
|
run: |
|
|
Import-Module Pester
|
|
$config = New-PesterConfiguration
|
|
$config.Run.Path = "./tests"
|
|
$config.Output.Verbosity = "Detailed"
|
|
$config.Run.Exit = $true
|
|
Invoke-Pester -Configuration $config
|
|
shell: pwsh
|
|
|
|
- name: Run Go tests
|
|
run: |
|
|
cd cmd/analyze
|
|
go test -v ./...
|
|
cd ../status
|
|
go test -v ./...
|
|
shell: pwsh
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: windows-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: "1.24.6"
|
|
|
|
- name: Build Go binaries
|
|
run: |
|
|
cd cmd/analyze
|
|
go build -o analyze.exe .
|
|
cd ../status
|
|
go build -o status.exe .
|
|
shell: pwsh
|
|
|
|
- name: Verify binaries
|
|
run: |
|
|
if (Test-Path cmd/analyze/analyze.exe) {
|
|
Write-Host "analyze.exe built successfully"
|
|
} else {
|
|
Write-Host "Failed to build analyze.exe"
|
|
exit 1
|
|
}
|
|
if (Test-Path cmd/status/status.exe) {
|
|
Write-Host "status.exe built successfully"
|
|
} else {
|
|
Write-Host "Failed to build status.exe"
|
|
exit 1
|
|
}
|
|
shell: pwsh
|
|
|
|
security:
|
|
name: Security Checks
|
|
runs-on: windows-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Load core modules
|
|
run: |
|
|
. ./lib/core/base.ps1
|
|
. ./lib/core/file_ops.ps1
|
|
Write-Host "Core modules loaded successfully"
|
|
shell: pwsh
|
|
|
|
- name: Verify protected paths
|
|
run: |
|
|
. ./lib/core/base.ps1
|
|
. ./lib/core/file_ops.ps1
|
|
|
|
$protectedPaths = @(
|
|
"C:\Windows",
|
|
"C:\Windows\System32",
|
|
"C:\Program Files",
|
|
"C:\Program Files (x86)"
|
|
)
|
|
|
|
foreach ($path in $protectedPaths) {
|
|
if (-not (Test-ProtectedPath -Path $path)) {
|
|
Write-Host "FAIL: $path should be protected!" -ForegroundColor Red
|
|
exit 1
|
|
}
|
|
Write-Host "OK: $path is protected" -ForegroundColor Green
|
|
}
|
|
shell: pwsh
|
|
|
|
- name: Check for unsafe patterns
|
|
run: |
|
|
$hasIssues = $false
|
|
|
|
# Check for raw Remove-Item without safety
|
|
$unsafePatterns = Get-ChildItem -Path lib,bin -Recurse -Filter "*.ps1" |
|
|
Select-String -Pattern "Remove-Item.*-Recurse.*-Force" |
|
|
Where-Object { $_.Line -notmatch "Remove-SafeItem|function Remove-" }
|
|
|
|
if ($unsafePatterns) {
|
|
Write-Host "Warning: Potential unsafe Remove-Item usage found:" -ForegroundColor Yellow
|
|
$unsafePatterns | ForEach-Object { Write-Host " $($_.Filename):$($_.LineNumber)" }
|
|
}
|
|
|
|
Write-Host "Security check completed" -ForegroundColor Green
|
|
shell: pwsh
|
|
|
|
- name: Check for secrets
|
|
run: |
|
|
$matches = Get-ChildItem -Path . -Recurse -Filter "*.ps1" |
|
|
Select-String -Pattern "password|secret|api_key" -CaseSensitive:$false |
|
|
Where-Object { $_.Line -notmatch "^\s*#" }
|
|
|
|
if ($matches) {
|
|
Write-Host "Review these lines for potential secrets:" -ForegroundColor Yellow
|
|
$matches | ForEach-Object { Write-Host " $($_.Filename):$($_.LineNumber): $($_.Line.Trim())" }
|
|
}
|
|
|
|
Write-Host "Secret scan completed" -ForegroundColor Green
|
|
shell: pwsh
|