fix(windows): initialize visual defaults safely #763
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validation | |
| on: | |
| push: | |
| branches: [windows] | |
| pull_request: | |
| branches: [windows] | |
| jobs: | |
| tests: | |
| name: Unit & Integration Tests | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.24.6" | |
| - name: Install Pester | |
| run: | | |
| Install-Module -Name Pester -Force -SkipPublisherCheck -Scope CurrentUser | |
| shell: pwsh | |
| - name: Run PowerShell tests | |
| run: | | |
| Import-Module Pester | |
| $config = New-PesterConfiguration | |
| $config.Run.Path = "./tests" | |
| $config.Output.Verbosity = "Detailed" | |
| $config.Run.Exit = $true | |
| Invoke-Pester -Configuration $config | |
| shell: pwsh | |
| - name: Run Go tests | |
| run: | | |
| cd cmd/analyze | |
| go test -v ./... | |
| cd ../status | |
| go test -v ./... | |
| shell: pwsh | |
| build: | |
| name: Build | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.24.6" | |
| - name: Build Go binaries | |
| run: | | |
| go build -o bin/analyze.exe ./cmd/analyze/ | |
| go build -o bin/status.exe ./cmd/status/ | |
| shell: pwsh | |
| - name: Verify binaries | |
| run: | | |
| if (Test-Path bin/analyze.exe) { | |
| Write-Host "analyze.exe built successfully" | |
| } else { | |
| Write-Host "Failed to build analyze.exe" | |
| exit 1 | |
| } | |
| if (Test-Path bin/status.exe) { | |
| Write-Host "status.exe built successfully" | |
| } else { | |
| Write-Host "Failed to build status.exe" | |
| exit 1 | |
| } | |
| shell: pwsh | |
| security: | |
| name: Security Checks | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Load core modules | |
| run: | | |
| . ./lib/core/base.ps1 | |
| . ./lib/core/file_ops.ps1 | |
| Write-Host "Core modules loaded successfully" | |
| shell: pwsh | |
| - name: Verify protected paths | |
| run: | | |
| . ./lib/core/base.ps1 | |
| . ./lib/core/file_ops.ps1 | |
| $protectedPaths = @( | |
| "C:\Windows", | |
| "C:\Windows\System32", | |
| "C:\Program Files", | |
| "C:\Program Files (x86)" | |
| ) | |
| foreach ($path in $protectedPaths) { | |
| if (-not (Test-ProtectedPath -Path $path)) { | |
| Write-Host "FAIL: $path should be protected!" -ForegroundColor Red | |
| exit 1 | |
| } | |
| Write-Host "OK: $path is protected" -ForegroundColor Green | |
| } | |
| shell: pwsh | |
| - name: Check for unsafe patterns | |
| run: | | |
| $hasIssues = $false | |
| # Check for raw Remove-Item without safety | |
| $unsafePatterns = Get-ChildItem -Path lib,bin -Recurse -Filter "*.ps1" | | |
| Select-String -Pattern "Remove-Item.*-Recurse.*-Force" | | |
| Where-Object { $_.Line -notmatch "Remove-SafeItem|function Remove-" } | |
| if ($unsafePatterns) { | |
| Write-Host "Warning: Potential unsafe Remove-Item usage found:" -ForegroundColor Yellow | |
| $unsafePatterns | ForEach-Object { Write-Host " $($_.Filename):$($_.LineNumber)" } | |
| } | |
| Write-Host "Security check completed" -ForegroundColor Green | |
| shell: pwsh | |
| - name: Check for secrets | |
| run: | | |
| $matches = Get-ChildItem -Path . -Recurse -Filter "*.ps1" | | |
| Select-String -Pattern "password|secret|api_key" -CaseSensitive:$false | | |
| Where-Object { $_.Line -notmatch "^\s*#" } | |
| if ($matches) { | |
| Write-Host "Review these lines for potential secrets:" -ForegroundColor Yellow | |
| $matches | ForEach-Object { Write-Host " $($_.Filename):$($_.LineNumber): $($_.Line.Trim())" } | |
| } | |
| Write-Host "Secret scan completed" -ForegroundColor Green | |
| shell: pwsh |