name: Code analysis

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

jobs:
  pssa:
    name: PSScriptAnalyzer
    runs-on: windows-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
        uses: actions/checkout@v4

      - name: PowerShell Module Cache
        uses: potatoqualitee/psmodulecache@v6.2
        with:
          modules-to-cache: PSScriptAnalyzer, ConvertToSARIF:1.0.0

      # Not using microsoft/psscriptanalyzer-action@v1.0 because we're missing psm1 in src + need to exclude generated ps1xml
      - name: Run PSScriptAnalyzer
        shell: pwsh
        run: |
          Import-Module ConvertToSARIF -Force

          Get-ChildItem -Path ./src/ -Filter *.ps* -Recurse -File |
          Where-Object { $_.Name -ne 'Sync-WithProfiler.ps1' } |
          Invoke-ScriptAnalyzer -Settings ./.github/workflows/PSScriptAnalyzerSettings.psd1 |
          ConvertTo-SARIF -FilePath results.sarif

      # Upload the SARIF file generated in the previous step
      - name: Upload SARIF results file
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif
  # codeql:
  #   name: CodeQL C#
  #   runs-on: ubuntu-latest
  #   permissions:
  #     actions: read
  #     contents: read
  #     security-events: write
  #   steps:
  #   - name: Checkout repository
  #     uses: actions/checkout@v3

  #   - name: Initialize CodeQL
  #     uses: github/codeql-action/init@v2
  #     with:
  #       languages: csharp

  #   - name: Autobuild
  #     uses: github/codeql-action/autobuild@v2

  #   - name: Perform CodeQL Analysis
  #     uses: github/codeql-action/analyze@v2