ci(lint): enhance PSScriptAnalyzer settings and suppress false positives; improve error handling in scripts
This commit is contained in:
@@ -23,7 +23,25 @@
|
||||
|
||||
# Plural nouns in internal helpers (Get-GuestDiagnostics, Remove-OldJobDirs, etc.)
|
||||
# are intentional — they describe collections, not single objects.
|
||||
'PSUseSingularNouns'
|
||||
'PSUseSingularNouns',
|
||||
|
||||
# PSAvoidUsingPlainTextForPassword fires as a false positive on *CredentialTarget params
|
||||
# (Windows Credential Manager target strings, not passwords). Real plain-text password
|
||||
# usage in template setup scripts is already caught by PSAvoidUsingConvertToSecureStringWithPlainText
|
||||
# with targeted SuppressMessage attributes where intentional.
|
||||
'PSAvoidUsingPlainTextForPassword',
|
||||
|
||||
# These scripts use [switch]$VerifyArtifact = $true for opt-out patterns.
|
||||
# Removing the default would silently change script behaviour.
|
||||
'PSAvoidDefaultValueSwitchParameter',
|
||||
|
||||
# Stop-Vm is an intentional internal name in a VMware-only CI environment;
|
||||
# Hyper-V is not installed on the CI host so there is no real cmdlet to shadow.
|
||||
'PSAvoidOverwritingBuiltInCmdlets',
|
||||
|
||||
# Advisory rule only. Params may be declared for external callers, future use,
|
||||
# or accepted-but-ignored forwarding. Not a safety issue.
|
||||
'PSReviewUnusedParameter'
|
||||
)
|
||||
|
||||
# ── Rule-specific configuration ──────────────────────────────────────────────
|
||||
@@ -33,9 +51,11 @@
|
||||
Enable = $true
|
||||
}
|
||||
|
||||
# All state-changing functions must support -WhatIf / ShouldProcess
|
||||
# ShouldProcess/WhatIf support is not required for one-shot deployment scripts
|
||||
# and internal CI helper functions; adding it to all state-changing functions
|
||||
# would be invasive with no operational benefit in this environment.
|
||||
PSUseShouldProcessForStateChangingFunctions = @{
|
||||
Enable = $true
|
||||
Enable = $false
|
||||
}
|
||||
|
||||
# Credentials must flow as [PSCredential], not plain strings
|
||||
@@ -43,9 +63,9 @@
|
||||
Enable = $true
|
||||
}
|
||||
|
||||
# No plain-text passwords in params or variables
|
||||
# Covered by ExcludeRules above (false positives on *CredentialTarget params).
|
||||
PSAvoidUsingPlainTextForPassword = @{
|
||||
Enable = $true
|
||||
Enable = $false
|
||||
}
|
||||
|
||||
# ConvertTo-SecureString -AsPlainText only acceptable during template setup;
|
||||
|
||||
Reference in New Issue
Block a user