fix: restore missing CI status checks from deleted workflows

vicperdana · Copilot · vicperdana · commit 63b31598628c · 2026-04-07T19:56:41.000+10:00
- Add cross-platform test matrix to ci.yml matching old build.yaml:
  linux-x64, linux-musl-x64, win-x64 (pwsh + powershell), osx-x64
- Rename codeql.yml workflow to 'Analyze' and add:
  - PSRule analysis (Analyze with PSRule) from old analyze.yaml
  - DevSkim security scanning (Analyze with DevSkim) from old analyze.yaml
  - C# CodeQL analysis (Analyze with CodeQL) from old analyze.yaml
  - Keep existing JS/TS CodeQL for VS Code extension
- Add pipeline-deps.ps1 and PSRule results upload to build job
- Match old check names for branch protection rule compatibility

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -85,6 +85,11 @@ jobs:
         with:
           dotnet-version: ${{ env.DOTNET_VERSION }}
       
+      - name: Install dependencies
+        shell: pwsh
+        timeout-minutes: 3
+        run: ./scripts/pipeline-deps.ps1
+
       - name: Download PSDocs Module
         uses: actions/download-artifact@v4
         with:
@@ -103,20 +108,94 @@ jobs:
         shell: pwsh
         working-directory: packages/psdocs-azure
         run: |
-          Invoke-Build Build -File ./pipeline.build.ps1
-      
-      - name: Test PSDocs.Azure
-        shell: pwsh
-        working-directory: packages/psdocs-azure
-        run: |
-          Invoke-Build Test -File ./pipeline.build.ps1
+          Invoke-Build Build -File ./pipeline.build.ps1 -Configuration Release -AssertStyle GitHubActions
       
       - name: Upload PSDocs.Azure Module
         uses: actions/upload-artifact@v4
         with:
           name: psdocs-azure-module
           path: packages/psdocs-azure/out/modules/PSDocs.Azure/
 
+      - name: Upload PSRule Results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: Module.PSRule.TestResults
+          path: packages/psdocs-azure/reports/ps-rule*.xml
+          retention-days: 3
+          if-no-files-found: ignore
+
+  test:
+    name: Test (${{ matrix.rid }}-${{ matrix.shell }})
+    needs: build-psdocs-azure
+    if: needs.build-psdocs-azure.result == 'success'
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ['ubuntu-latest']
+        rid: ['linux-x64']
+        shell: ['pwsh']
+        include:
+          - os: windows-latest
+            rid: win-x64
+            shell: pwsh
+          - os: windows-latest
+            rid: win-x64
+            shell: powershell
+          - os: ubuntu-latest
+            rid: linux-x64
+            shell: pwsh
+          - os: ubuntu-latest
+            rid: linux-musl-x64
+            shell: pwsh
+          - os: macos-latest
+            rid: osx-x64
+            shell: pwsh
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - if: ${{ matrix.shell == 'pwsh' }}
+        name: Install dependencies (PowerShell)
+        shell: pwsh
+        timeout-minutes: 3
+        run: ./scripts/pipeline-deps.ps1
+
+      - if: ${{ matrix.shell == 'powershell' }}
+        name: Install dependencies (Windows PowerShell)
+        shell: powershell
+        timeout-minutes: 3
+        run: ./scripts/pipeline-deps.ps1
+
+      - name: Download module
+        uses: actions/download-artifact@v4
+        with:
+          name: psdocs-azure-module
+          path: packages/psdocs-azure/out/modules/PSDocs.Azure
+
+      - if: ${{ matrix.shell == 'pwsh' }}
+        name: Test module (PowerShell)
+        shell: pwsh
+        timeout-minutes: 15
+        working-directory: packages/psdocs-azure
+        run: Invoke-Build TestModule -File ./pipeline.build.ps1 -Configuration Release -AssertStyle GitHubActions
+
+      - if: ${{ matrix.shell == 'powershell' }}
+        name: Test module (Windows PowerShell)
+        shell: powershell
+        timeout-minutes: 30
+        working-directory: packages/psdocs-azure
+        run: Invoke-Build TestModule -File ./pipeline.build.ps1 -Configuration Release -AssertStyle GitHubActions
+
   build-vscode:
     needs: changes
     if: needs.changes.outputs.vscode == 'true' || github.event_name == 'push'
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,26 +1,87 @@
-# CodeQL Security Analysis
-# Scans VS Code extension for security vulnerabilities
+# Security and Code Analysis
+# Scans for security vulnerabilities and code quality issues
 
-name: CodeQL
+name: Analyze
 
 on:
   push:
-    branches: [main]
-    paths:
-      - 'packages/vscode-extension/**/*.ts'
-      - 'packages/vscode-extension/**/*.js'
+    branches: [main, 'release/*']
   pull_request:
-    branches: [main]
-    paths:
-      - 'packages/vscode-extension/**/*.ts'
-      - 'packages/vscode-extension/**/*.js'
+    branches: [main, 'release/*']
   schedule:
-    # Run weekly on Monday at 00:00 UTC
-    - cron: '0 0 * * 1'
+    - cron: '26 21 * * 0' # At 09:26 PM, on Sunday each week
+  workflow_dispatch:
+
+permissions: {}
 
 jobs:
-  analyze:
-    name: Analyze
+  oss:
+    name: Analyze with PSRule
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run PSRule analysis
+        uses: microsoft/ps-rule@v2.9.0
+        with:
+          modules: PSRule.Rules.MSFT.OSS
+          prerelease: true
+
+  devskim:
+    name: Analyze with DevSkim
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run DevSkim scanner
+        uses: microsoft/DevSkim-Action@v1.0.16
+        with:
+          directory-to-scan: packages/psdocs-azure/src/
+
+      - name: Upload results to security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: devskim-results.sarif
+
+  codeql-csharp:
+    name: Analyze with CodeQL
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '8.0.x'
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: 'csharp'
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:csharp"
+
+  codeql-typescript:
+    name: CodeQL
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -35,7 +96,6 @@ jobs:
         uses: github/codeql-action/init@v3
         with:
           languages: javascript-typescript
-          # Focus on VS Code extension source
           paths:
             - packages/vscode-extension/src
 
