Running PSScriptAnalyzer as local action.

.github/workflows/powershell.yaml

@@ -27,7 +27,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run PSScriptAnalyzer
-        uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f # v1.1
+        uses: ./Actions/PSScriptAnalyzer
         with:
           path: .\
           recurse: true

Actions/PSScriptAnalyzer/README.md

@@ -0,0 +1,28 @@
+# PowerShell Script Analyzer
+
+Run the PSScriptAnalyzer tool
+
+## INPUT
+
+### ENV variables
+
+none
+
+### Parameters
+
+| Name | Required | Description | Default value |
+| :-- | :-: | :-- | :-- |
+| path | Yes | Specifies the path to the scripts or module to be analyzed. Wildcard characters are supported. | powershell |
+| excludeRule | No | Comma separated list of PSScriptAnalyzer rules to exclude. Wildcard characters are supported. | |
+| recurse | No | Runs Script Analyzer on the files in the Path directory and all subdirectories recursively. | |
+| output | Yes | Specifies where the path for the sarif file | results.sarif |
+
+## OUTPUT
+
+### ENV variables
+
+none
+
+### OUTPUT variables
+
+none

Actions/PSScriptAnalyzer/action.yml

@@ -0,0 +1,62 @@
+name: Run PSScriptAnalyzer
+author: Microsoft Corporation
+branding:
+  icon: "check"
+  color: "gray-dark"
+inputs:
+  path:
+    description: 'Specifies the path to the scripts or module to be analyzed. Wildcard characters are supported.'
+    required: true
+    default: '.\'
+  excludeRule:
+    description: 'Comma separated list of PSScriptAnalyzer rules to exclude. Wildcard characters are supported.'
+    required: false
+  recurse:
+    description: 'Runs Script Analyzer on the files in the Path directory and all subdirectories recursively.'
+    required: false
+  output:
+    description: 'Specifies where the path for the sarif file'
+    required: true
+    default: 'results.sarif'
+runs:
+  using: "composite"
+  steps:
+    - name: Run PSScriptAnalyzer and ConvertToSARIF
+      shell: pwsh
+      run: |
+        $analyzerModule = Get-Module -ListAvailable -Name PSScriptAnalyzer
+        if ($null -eq $analyzerModule) {
+          Install-Module -Name PSScriptAnalyzer -Force
+        }
+
+        $sarifModule = Get-Module -ListAvailable -Name ConvertToSARIF
+        if ($null -eq $sarifModule) {
+          Install-Module -Name ConvertToSARIF -Force
+        }
+        Import-Module -Name ConvertToSARIF -Force
+
+        $htPSA = [ordered]@{ Path = '${{ inputs.path }}'; }
+        Write-Output "Modules installed, now running tests."
+        if(![string]::IsNullOrEmpty('${{ inputs.excludeRule }}')) { $htPSA.add('ExcludeRule', @(${{ inputs.excludeRule }})) }
+        if(![string]::IsNullOrEmpty('${{ inputs.recurse }}')) { $htPSA.add('Recurse', $true) }
+        $htCTS = [ordered]@{ FilePath = '${{ inputs.output }}'; }
+
+        $maxRetries = 3
+        $retryCount = 0
+        $success = $false
+
+        while (-not $success -and $retryCount -lt $maxRetries) {
+          Try {
+            Invoke-ScriptAnalyzer @htPSA -Verbose | ConvertTo-SARIF @htCTS
+            $success = $true
+          } Catch {
+            Write-Host "::Error:: $_"
+            $retryCount++
+            Write-Output "Retrying... ($retryCount/$maxRetries)"
+          }
+        }
+
+        if (-not $success) {
+          Write-Host "::Error:: Failed after $maxRetries attempts."
+          exit 1
+        }