Validate infrastructure as code (IaC) and DevOps repositories using rules. PSRule allows you to analyze a repository with pre-built rules or create your own. Analysis can be performed from input files or the repository structure.
To learn about PSRule and how to write your own rules see Getting started.
To get the latest stable release use:
- name: Run PSRule analysis
uses: microsoft/ps-rule@latestTo get the latest stable release by major version use:
- name: Run PSRule analysis
uses: microsoft/ps-rule@v2To get a specific release use (recommended):
- name: Run PSRule analysis
uses: microsoft/[email protected]To get the latest bits use:
- name: Run PSRule analysis
uses: microsoft/ps-rule@mainTo use the latest action with an older version of PSRule, you can use the version parameter.
For example:
- name: Run PSRule analysis
uses: microsoft/[email protected]
with:
version: '1.11.1'For a list of changes please see the change log.
The recommended approach is to pin to the latest specific release. Pinning to a specific release reduces the risk of new releases breaking your pipeline. You can easily update to the latest release by changing the version number. At such time, you can test the new release in a feature branch before merging to main.
Using microsoft/ps-rule@main is not recommended for production workflows.
The main branch is under active development and may be unstable.
Use microsoft/ps-rule@main to try latest updates ahead of a stable release and provide feedback.
- name: Run PSRule analysis
uses: microsoft/ps-rule@main
with:
inputType: repository, inputPath # Optional. Determines the type of input to use for PSRule.
inputPath: string # Optional. The path PSRule will look for files to validate.
modules: string # Optional. A comma separated list of modules to use for analysis.
source: string # Optional. A path containing rules to use for analysis.
baseline: string # Optional. The name of a PSRule baseline to use.
conventions: string # Optional. A comma separated list of conventions to use.
option: string # Optional. The path to an options file.
outcome: Fail, Pass, Error, Processed, Problem, All # Optional. Filters output to include results with the specified outcome.
outputFormat: None, Yaml, Json, NUnit3, Csv, Markdown, Sarif # Optional. The format to use when writing results to disk.
outputPath: string # Optional. The file path to write results to.
path: string # Optional. The working directory PSRule is run from.
prerelease: boolean # Optional. Determine if a pre-release module version is installed.
repository: string # Optional. The name of the PowerShell repository where PSRule modules are installed from.
summary: boolean # Optional. Determines if a job summary is written.
version: string # Optional. The specific version of PSRule to use.Determines the type of input to use for PSRule either repository or inputPath.
Defaults to repository.
When set to:
repository- The structure of the repository withininputPathwill be analyzed.inputPath- Supported file formats withininputPathwill be read as objects.
The path PSRule will look for input files.
You can still use this parameter even when inputType is set to repository.
This must be a relative path from the path input parameter.
Defaults to repository root.
Note: Avoid using a relative path starting with /, as a leading slash indicates root on Linux.
A comma separated list of modules to use for analysis.
Modules are additional packages that can be installed from the PowerShell Gallery. PSRule will install the latest stable version from the PowerShell Gallery automatically by default. Available modules.
To install pre-release module versions, use prerelease: true.
An path containing rules to use for analysis.
Defaults to .ps-rule/.
Use this option to include rules that have not been packaged as a module.
The name of a PSRule baseline to use. Baselines can be used from modules or specified in a separate file.
- To use a baseline included in a module use
modules:withbaseline:. - To use a baseline specified in a separate file use
source:withbaseline:.
A comma separated list of conventions to use. Conventions can be used from modules or specified in a separate file.
- To use a convention included in a module use
modules:withconventions:. - To use a convention specified in a separate file use
source:withconventions:.
For example: conventions: Monitor.LogAnalytics.Import
The path to an options file.
By default, ps-rule.yaml will be used if it exists.
Configure this parameter to use a different file.
Filters output to include results with the specified outcome.
Supported outcomes are Fail, Pass, Error, Processed, Problem, All.
Defaults to Processed.
The output format to write result to disk.
Supported formats are Yaml, Json, NUnit3, Csv, Markdown, Sarif.
Defaults to None.
The file path to write results to when outputFormat is configured.
The working directory PSRule is run from. Defaults to repository root.
Options specified in ps-rule.yaml from this directory will be used unless overridden by inputs.
Determine if a pre-release module versions are installed.
When set to true the latest pre-release or stable module version is installed.
If this input is not configured, invalid, or set to false only stable module versions will be installed.
The name of the PowerShell repository where PSRule modules are installed from. By default this is the PowerShell Gallery.
When configured, PowerShell modules are installed from this repository.
Before calling the ps-rule action, register and authenticate to the repository if required.
For example, to register a local repository use:
Register-PSRepository -SourceLocation \\server\share -Name Local -InstallationPolicy Trusted;For details PowerShell repositories see Working with Private PowerShellGet Repositories.
Determines if a job summary is written.
By default, a job summary is generated and attached to the workflow run.
When set to false the job summary is skipped.
The specific version of PSRule to use. By default, the latest stable version of PSRule will be used. When set:
- The specific version of PSRule will be installed and imported for use.
- If a pre-release version is specified,
prerelease: truemust also be specified. - If the version is not found, an error will be thrown.
To use PSRule:
- See Creating a workflow file.
- Reference
microsoft/[email protected]. For example:
name: CI
on: [push]
jobs:
analyze:
name: Analyze repository
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run PSRule analysis
uses: microsoft/[email protected]- Create rules within the
.ps-rule/directory. For example:
# Example .ps-rule/GitHub.Community.Rule.ps1
# Synopsis: Check for recommended community files
Rule 'GitHub.Community' -Type 'PSRule.Data.RepositoryInfo' {
$Assert.FilePath($TargetObject, 'FullName', @('LICENSE'));
$Assert.FilePath($TargetObject, 'FullName', @('CODE_OF_CONDUCT.md'));
$Assert.FilePath($TargetObject, 'FullName', @('CONTRIBUTING.md'));
$Assert.FilePath($TargetObject, 'FullName', @('README.md'));
$Assert.FilePath($TargetObject, 'FullName', @('.github/CODEOWNERS'));
$Assert.FilePath($TargetObject, 'FullName', @('.github/PULL_REQUEST_TEMPLATE.md'));
}- Run the workflow.
This project uses GitHub Issues to track bugs and feature requests. Please search the existing issues before filing new issues to avoid duplicates.
- For new issues, file your bug or feature request as a new issue.
- For help, discussion, and support questions about using this project, join or start a discussion.
Support for this project/ product is limited to the resources listed above.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
This project is licensed under the MIT License.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent