Releases: PSModule/Invoke-ScriptAnalyzer
Release list
v5.0.0
🌟 [Major]: Control PSScriptAnalyzer, Pester, and GitHub module versions (#32)
Bumps PSModule/Invoke-Pester from 4.2.4 to 5.1.0 and reworks the action's version inputs so callers can independently pin the three modules the action relies on — and guarantees the pinned versions are the ones actually installed and loaded.
Each module now follows the same convention used by its dedicated action, where the bare Version/Prerelease controls the namesake module:
| Input | Controls |
|---|---|
Version / Prerelease |
PSScriptAnalyzer (this action's namesake module) |
PesterVersion / PesterPrerelease |
Pester |
GitHubVersion / GitHubPrerelease |
GitHub module |
New: Version / Prerelease pin PSScriptAnalyzer
The action now provisions the PSScriptAnalyzer module itself instead of relying on whatever copy is preinstalled on the runner. It installs the requested version (NuGet version-range syntax, for example [1.0.0, 2.0.0); empty installs the latest), removes any other PSScriptAnalyzer version from the session, and imports the chosen version — so the analysis runs against exactly the version you selected.
New: PesterVersion / PesterPrerelease and GitHubVersion / GitHubPrerelease
Control the Pester module (the test runner) and the GitHub module (used to resolve paths and emit results) independently, both using NuGet version-range syntax.
Breaking Changes
Version and Prerelease changed meaning: they previously controlled the GitHub module; they now control PSScriptAnalyzer. Callers that pinned the GitHub module must switch to GitHubVersion / GitHubPrerelease.
Before:
- uses: PSModule/Invoke-ScriptAnalyzer@v1
with:
Version: '[1.2.0, 2.0.0)' # was the GitHub module
Prerelease: 'true'After:
- uses: PSModule/Invoke-ScriptAnalyzer@v2
with:
Version: '[1.0.0, 2.0.0)' # PSScriptAnalyzer
GitHubVersion: '[1.2.0, 2.0.0)' # GitHub module
PesterVersion: '[6.0.0, 7.0.0)' # PesterTechnical Details
action.yml:Version/Prerelease(PSScriptAnalyzer) added;PesterVersion/PesterPrereleaseandGitHubVersion/GitHubPrereleaseretained.src/Install-PSScriptAnalyzer.ps1(new): installs the requested PSScriptAnalyzer version (with PSGallery retry),Remove-Modules any loaded copy, thenImport-Module -RequiredVersion … -Globalfor the resolved version. Wired via the Invoke-Pester step'sPrescriptinput, so it runs in the same process as the analyzer run (Version/Prereleasepassed through as env).Invoke-Pesterstep bumped to v5.1.0 (SHA4ff33199141fdf22568990b6107fe3148ae93a1c): itsVersion/Prerelease(Pester) ←PesterVersion/PesterPrerelease; itsGitHubVersion/GitHubPrerelease←GitHubVersion/GitHubPrerelease.Get-TestPaths(GitHub-Script) step:Version/Prerelease←GitHubVersion/GitHubPrerelease.README.md: inputs table updated to document all six version inputs.
v4.1.4
Bump PSModule/GitHub-Script from 1.7.10 to 1.9.0 (#38)
Bumps PSModule/GitHub-Script from 1.7.10 to 1.9.0.
- Pin:
8083ec1f733f00357ee4d0db0c6056686e483bc0(# v1.9.0) - Release notes: https://github.com/PSModule/GitHub-Script/releases/tag/v1.9.0
Supersedes the existing Dependabot PR (which targeted 1.8.0) by bumping straight to the latest 1.9.0.
v4.1.3
Bump PSModule/Invoke-Pester from 4.2.3 to 4.2.4 (#30)
Bumps PSModule/Invoke-Pester from 4.2.3 to 4.2.4.
Release notes
Sourced from PSModule/Invoke-Pester's releases.
v4.2.4
Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#61)
Bumps actions/upload-artifact from 6.0.0 to 7.0.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
... (truncated)
Commits
abddf7bBump actions/upload-artifact from 6.0.0 to 7.0.0 (#61)3cdb795⚙️ [Maintenance]: Add afterall to codespell ignore words list (#60)ba25d5aBump super-linter/super-linter from 8.4.0 to 8.5.0 (#59)d1e3cbf⚙️ [Maintenance]: Update super-linter to v8.4.0 (#58)e4cb409⚙️ [Maintenance]: Align workflows across action repositories (#57)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
v4.1.2
🩹[Patch]: Workflow improvements (#24)
This release focuses on updating and improving the project's GitHub Actions workflows and configuration files. The main goals are to enhance security and reliability by pinning action versions, streamline release and dependency management, and clean up unused or redundant configuration files.
- Fixes #23
Workflow and Action Updates:
- Updated all uses of
actions/checkoutto reference a specific commit hash (de0fac2e4500dabe0009e67214ff5f5447ce83dd) for improved security and reproducibility across workflows. - Replaced unpinned or generic action versions with commit-pinned versions for
PSModule/GitHub-Script,super-linter/super-linter, andPSModule/Invoke-Pesterto ensure consistent behavior and improve security. - Updated the linter workflow to use a pinned version of
super-linterand added/adjusted validation environment variables.
Release and Dependency Management:
- Renamed
.github/workflows/Auto-Release.ymlto.github/workflows/Release.yml, updated the workflow name, and switched the trigger frompull_request_targettopull_requestfor better security. Also restricted the workflow to run only on changes toaction.ymlandsrc/**. - Replaced the use of
PSModule/Auto-ReleasewithPSModule/Release-GHRepositoryin the release workflow, and updated job names accordingly. - Changed the Dependabot update schedule from weekly to daily and added a cooldown period to manage update frequency.
Configuration Cleanup:
- Removed the
.github/linters/.jscpd.jsonfile and.github/release.yml, indicating a cleanup of unused or redundant configuration files.
Other Improvements:
- Fixed a typo in
README.mdfor clarity. - Updated script paths in
action.ymlfromscripts/tosrc/to reflect directory restructuring.
v4.1.1
Bump actions/checkout from 5 to 6 (#22)
Bumps actions/checkout from 5 to 6.
Release notes
Sourced from actions/checkout's releases.
v6.0.0
What's Changed
- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- v6-beta by
@ericsciplein actions/checkout#2298- update readme/changelog for v6 by
@ericsciplein actions/checkout#2311Full Changelog: actions/checkout@v5.0.0...v6.0.0
v6-beta
What's Changed
Updated persist-credentials to store the credentials under
$RUNNER_TEMPinstead of directly in the local git config.This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.
v5.0.1
What's Changed
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301Full Changelog: actions/checkout@v5...v5.0.1
Changelog
Sourced from actions/checkout's changelog.
Changelog
V6.0.0
- Persist creds to a separate file by
@ericsciplein actions/checkout#2286- Update README to include Node.js 24 support details and requirements by
@salmanmkcin actions/checkout#2248V5.0.1
- Port v6 cleanup to v5 by
@ericsciplein actions/checkout#2301V5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226V4.3.1
- Port v6 cleanup to v4 by
@ericsciplein actions/checkout#2305V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695
... (truncated)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d...
v4.1.0
🚀[Feature]: Add Notice_Mode input to control test completion notifications (#21)
This release introduces a new Notice_Mode input parameter to control when GitHub notices are displayed for test completion. By default, notices are now only shown on test failure, providing more flexibility in managing action output verbosity.
What's New
- New Input:
Notice_Mode- Controls when GitHub notices are displayed for test completion:Full: Show notices on both success and failure.Failed(default): Show notices only on failure.None: Disable notices entirely.
This provides more flexibility in managing action output verbosity.
Changes
- Updated
action.ymlto define the new input and pass it via environment variables. - Updated
README.mdwith input documentation.
v4.0.2
🩹 [Patch]: Encode all PowerShell files using UTF8 with BOM (#20)
Description
This pull request introduces a minor change to the Planets.ps1 files in both srcTestRepo and srcWithManifestTestRepo. The only difference is the addition of a Unicode Byte Order Mark (BOM) at the beginning of each file, which does not affect the functionality of the scripts.
- Added a Unicode BOM to the start of
Planets.ps1in bothtests/srcTestRepo/src/variables/public/andtests/srcWithManifestTestRepo/src/variables/public/for encoding consistency.
v4.0.1
🩹 [Patch]: Default to built-in Invoke-ScriptAnalyzer settings (#19)
This pull request introduces improved handling of the settings file for the ScriptAnalyzer GitHub Action, adds a new test scenario for default settings, and updates CI workflows and documentation to reflect these changes. The main goals are to make the settings file optional, clarify precedence, and ensure robust testing and reporting.
Key changes:
Settings file handling and usage:
- The action now treats the settings file as optional; if not provided or not found, it falls back to ScriptAnalyzer defaults. Settings file precedence is clarified and documented, and code is updated to handle missing files gracefully without throwing errors. (
scripts/main.ps1[1]scripts/tests/PSScriptAnalyzer/PSScriptAnalyzer.Tests.ps1[2] [3] [4]README.md[5]
Continuous Integration workflow improvements:
-
All
actions/checkoutsteps in workflow files now setpersist-credentials: falsefor improved security and consistency. (.github/workflows/Action-Test.yml[1] [2] [3] [4] [5].github/workflows/Auto-Release.yml[6].github/workflows/Linter.yml[7] -
A new test job,
ActionTestSrcWithManifestDefault, is added to verify the action's behavior when no settings file is present (i.e., default settings are used). The workflow aggregation and environment variable naming are updated for clarity and maintainability. (.github/workflows/Action-Test.yml[1] [2]tests/Get-AggregatedStatus.ps1[3]
Documentation and configuration updates:
-
The README is updated to clearly explain settings file precedence and provide usage examples for all scenarios (custom, default, and none). (
README.mdREADME.mdL91-R125) -
Linter workflow configuration is updated to include new validation options and disables certain Biome and zizmor validations for clarity. (
.github/workflows/Linter.yml.github/workflows/Linter.ymlR34-R36)
v4.0.0
🌟[Major]: Remove Settings with predefined settings (#18)
Description
This pull request simplifies the configuration of the script analyzer action by removing the Settings input (which previously allowed selecting between Module, SourceCode, or Custom modes) in favor of always using a SettingsFilePath. Documentation, workflow, and implementation are updated to reflect this streamlined approach. Additionally, a new example settings file for source code analysis is added for clarity.
Configuration and API Simplification:
- Removed the
Settingsinput fromaction.yml, the workflow, and environment variables, so users now always specify aSettingsFilePathfor analyzer configuration. The default settings file path is now.github/linters/.powershell-psscriptanalyzer.psd1. [1] [2] [3] [4] [5] [6] [7]
Documentation Updates:
- Updated
README.mdto remove references to the oldSettingsinput and predefined settings types, clarifying that users should provide a settings file viaSettingsFilePath. Usage instructions and examples are revised accordingly. [1] [2] [3]
Implementation Changes:
- Refactored
scripts/main.ps1to resolve only theSettingsFilePathand validate its existence, removing all logic related to theSettingsinput and its switch statement.
Test and Example Improvements:
- Added a new
tests/srcWithManifestTestRepo/tests/SourceCode.Settings.psd1file containing example analyzer rules for source code analysis.
v3.0.2
🩹 [Patch]: Update Dependabot configuration to include labels for GitHub Actions (#17)
Description
This pull request updates the Dependabot configuration to automatically add labels to pull requests related to GitHub Actions dependencies.
Dependabot configuration improvements:
.github/dependabot.yml: Addeddependenciesandgithub-actionslabels to GitHub Actions dependency update pull requests.