Add Analyze step for script analyzer. #148
Conversation
| @@ -26,6 +26,7 @@ | |||
| #> | |||
| function Test-PlasterManifest { | |||
| [CmdletBinding()] | |||
| [OutputType([System.Xml.XmlDocument])] | |||
| # 'Warning', 'Error', 'All', 'None' or 'Skip'. Invalid input will stop on all rules. | ||
| # 'Skip' will skip over the code analysis step all together. | ||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSUseDeclaredVarsMoreThanAssigments', '', Scope='*', Target='CodeAnalysisStop')] | ||
| $CodeAnalysisStop = 'Error' |
There was a problem hiding this comment.
Can we rename this to "ScriptAnalysisAction"? That would we similar to the VS Code Analysis ruleset where you can select the Action per rule. Ditto for SkipCodeAnalysisHost -> SkipScriptAnalysisHost. Just to keep it more in the "PowerShell vernacular".
There was a problem hiding this comment.
Of course! It's late for me so all my critical thinking goes out the window regarding variable names (that's a poor excuse, it's always like that).
| @@ -134,6 +134,41 @@ Task Sign -depends BuildImpl -requiredVariables SettingsPath, SignScripts { | |||
| } | |||
| } | |||
|
|
|||
| Task Analyze -depends Build -requiredVariables CodeAnalysisStop, OutDir { | |||
There was a problem hiding this comment.
I wonder if we should change the Test task to depend on the Analyze task instead of the Build task? IOW script analysis needs to pass first (assuming action set to error) before we are at a point where the Test task should run? And since, Publish depends on a successful Test that would mean that Publish would also require a successful Analyze task.
Another thought is that Analyze should be part of the Build task flow - perhaps between BuildImpl and Sign? You might want that if you set the Action to Error ie it is more a build failure so no point in signing files.
There was a problem hiding this comment.
OK, that's similar to what I've done in my own psake scripts before, so that's good to know. I'll do that.
| @@ -1,4 +1,4 @@ | |||
| <# | |||
| <# | |||
There was a problem hiding this comment.
What editor are you using? If it is VSCode I suggest you add the user setting: "files.trimTrailingWhitespace": true. It is a very nice setting for PowerShell work and would eliminate this "apparent" trailing whitespace change.
There was a problem hiding this comment.
Aha, thanks, good catch. Yeah, it is VSCode. I must have done this before on another machine because I could have sworn i'd done this.
There was a problem hiding this comment.
Ah, I did change the encoding of that file, as it was UTF-8, which generates the PSSA warning PSUseBOMForUnicodeEncodedFile. I can revert that if it causes an issue, but I couldn't find one in my testing.
There was a problem hiding this comment.
What did you change the encoding to? UTF-8 with BOM? Weird that PSSA would think the file was Unicode.
There was a problem hiding this comment.
I did, yes. I did a little investigation, it's the HELPERS art bit, the characters are non-ASCII code points.
There was a problem hiding this comment.
Ah. Can you replace those characters with this:
###############################################################################
# Helper functions
###############################################################################
And adjust the encoding. Then I think we'll be ready to accept this PR. Thanks!
There was a problem hiding this comment.
Oh, and if you want to do the merge, go for it. Just do it as a Squash and merge to clean up the commit history.
There was a problem hiding this comment.
Awesome, thanks for the help :)
| @@ -24,10 +24,13 @@ Please follow the scripting style of this file when adding new script. | |||
| General notes | |||
| #> | |||
| function Invoke-Plaster { | |||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSAvoidUsingWriteHost', '', Scope='Function')] | |||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSAvoidShouldContinueWithoutForce', '', Scope='Function', Target='CopyFileWithConflictDetection')] | |||
There was a problem hiding this comment.
I'm glad this particular PSSA bug was recently fixed. Well, I haven't had a chance to test the fix (not sure it is even shipping yet) but I saw the PR go by that purports to fix it. :-)
There was a problem hiding this comment.
Which bug/fix? I did notice that the suppression rule for PSAvoidUsingWriteHost didn't actually manage to suppress all the usages, which was a bit odd. Is that what you meant?
There was a problem hiding this comment.
Sorry, I wasn't very clear. This is the PR on PSSA I was referring to: PowerShell/PSScriptAnalyzer#625 I was running into this issue in Invoke-Plaster because I had several helper functions within begin that use $PSCmdlet.ShouldProcess.
There was a problem hiding this comment.
I see. I am testing with script analyzer 1.8.0 and it appears to resolve that issue without requiring suppression anymore, so those PSShouldProcess suppression statements can go at some point.
There was a problem hiding this comment.
As long as we are using 1.8.0 in the AppVeyor build, we should be able to remove these. Let me take a crack at it.
| @@ -1212,7 +1216,7 @@ function WriteContentWithEncoding([string]$path, [string[]]$content, [string]$en | |||
| 'utf8' { $noBomEncoding = New-Object System.Text.UTF8Encoding($false) } | |||
| } | |||
|
|
|||
| if ($content -eq $null) { | |||
| if ($null -eq $content) { | |||
There was a problem hiding this comment.
Thanks. I try to be consistent with this but forget from time to time.
There was a problem hiding this comment.
No worries, it's generally a lot more consistent that what I normally manage :)
| @@ -1,3 +1,4 @@ | |||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSUseDeclaredVarsMoreThanAssigments', '', Scope='*', Target='SuppressImportModule')] | |||
There was a problem hiding this comment.
In general we exclude our C# unit tests from code analysis. Should we do the same here - exclude Pester tests from script analysis? I would be in favor of that. Getting your module's script copasetic with PSSA can be enough of a challenge. :-) Or was this to get rid of a VSCode editor warning message about the rule?
There was a problem hiding this comment.
That seems reasonable, It wasn't a VSCode warning, I just got a bit carried away suppressing warnings that came up.
How would we do that? Just ignore analysis results from *.Tests.ps1 files, or is there another approach.
| @@ -375,6 +410,7 @@ function PromptUserForCredentialAndStorePassword { | |||
| } | |||
|
|
|||
| function AddSetting { | |||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSShouldProcess', '', Scope='Function')] | |||
There was a problem hiding this comment.
As a matter of preference, I would put this outside the function. But that might just be the C# dev in me.
There was a problem hiding this comment.
I did try that, putting it outside the function and at the top of the file, but it doesn't seem to like it at all. (Error is: Unexpected attribute 'System.Diagnostics.CodeAnalysis.SuppressMessage'.).
There was a problem hiding this comment.
BTW is this cropping up because we are analyzing the build script? If so, perhaps we should only analyze scripts under the src dir? Sorry if this is a duplicate comment. I responded today by email (on my phone) while I was out and about with my wife. Those email responses don't seem to get added to the review. Oh well.
There was a problem hiding this comment.
Nevermind, this file is under src. Duh. Guess I need to just call it a night and get some sleep. :-)
| @@ -1,4 +1,4 @@ | |||
| <# | |||
| <# | |||
There was a problem hiding this comment.
What did you change the encoding to? UTF-8 with BOM? Weird that PSSA would think the file was Unicode.
| @@ -375,6 +410,7 @@ function PromptUserForCredentialAndStorePassword { | |||
| } | |||
|
|
|||
| function AddSetting { | |||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSShouldProcess', '', Scope='Function')] | |||
There was a problem hiding this comment.
BTW is this cropping up because we are analyzing the build script? If so, perhaps we should only analyze scripts under the src dir? Sorry if this is a duplicate comment. I responded today by email (on my phone) while I was out and about with my wife. Those email responses don't seem to get added to the review. Oh well.
| @@ -24,10 +24,13 @@ Please follow the scripting style of this file when adding new script. | |||
| General notes | |||
| #> | |||
| function Invoke-Plaster { | |||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSAvoidUsingWriteHost', '', Scope='Function')] | |||
| [System.Diagnostics.CodeAnalysis.SuppressMessage('PSAvoidShouldContinueWithoutForce', '', Scope='Function', Target='CopyFileWithConflictDetection')] | |||
There was a problem hiding this comment.
Sorry, I wasn't very clear. This is the PR on PSSA I was referring to: PowerShell/PSScriptAnalyzer#625 I was running into this issue in Invoke-Plaster because I had several helper functions within begin that use $PSCmdlet.ShouldProcess.
|
@daviwil Can we get the PSSA module installed on the AppVeyor build machine? |
|
You guys were kickin' ass this weekend, some nice work here :) |
This pull request adds the analyze task for running script analyzer on the built project, as well as fixing or suppressing some additional script analyzer warnings/errors. Mentioned in #145.
There are some variables added to
build.settings.ps1to control the when the task will stop the build. I added a variable to also control which PowerShell hosts to automatically exempt from this task. I'm unsure if this is the right approach to take though.I also haven't added this as a dependency to any tasks yet, I think this would probably fit as a dependency to the publish task, but i'm open to suggestions.