microsoft/hve-core

Public

mirrored fromhttps://github.com/microsoft/hve-coreAvailable

Watch0 Fork0 Star0

Code Commits Issues Pull requests Actions Insights Security

68b04bc3b47266718f1570cf7f2cb7908467f8d4

Find a branch or tag

Branches

68b04bc3b47266718f1570cf7f2cb7908467f8d4

Clone

HTTPS

Download ZIP

hve-core/scripts

scripts/README.md

198lines · modecode

Raw Download

Latest commit unavailable.

unknown

1	`---`
2	`title: Scripts`
3	`description: PowerShell scripts for linting, validation, and security automation`
4	`author: HVE Core Team`
5	`ms.date: 2025-11-05`
6	`ms.topic: reference`
7	`keywords:`
8	`- powershell`
9	`- scripts`
10	`- automation`
11	`- linting`
12	`- security`
13	`estimated_reading_time: 5`
14	`---`
15
16	This directory contains PowerShell scripts for automating linting, validation, and security checks in the `hve-core` repository.
17
18	`## Directory Structure`
19
20	```text
21	`scripts/`
22	`├── collections/ Collection validation and shared helpers`
23	`├── extension/ VS Code extension packaging utilities`
24	`├── lib/ Shared utility modules`
25	`├── linting/ PowerShell linting and validation scripts`
26	`├── plugins/ Copilot CLI plugin generation`
27	`├── security/ Security scanning and SHA pinning scripts`
28	`└── tests/ Pester test organization`
29	```
30
31	`## Extension`
32
33	`VS Code extension packaging utilities.`
34
35	`\| Script \| Purpose \|`
36	`\|-------------------------\|------------------------------------------\|`
37	\| `Package-Extension.ps1` \| Package the VS Code extension \|
38	\| `Prepare-Extension.ps1` \| Prepare extension contents for packaging \|
39
40	`## Library`
41
42	`Shared utility modules used across scripts.`
43
44	`\| Script \| Purpose \|`
45	`\|----------------------------\|--------------------------------------\|`
46	\| `Get-VerifiedDownload.ps1` \| Download files with SHA verification \|
47
48	`## Linting Scripts`
49
50	The `linting/` directory contains scripts for validating code quality and documentation:
51
52	`\| Script \| Purpose \|`
53	`\|------------------------------------\|----------------------------------------------------\|`
54	\| `Invoke-PSScriptAnalyzer.ps1` \| Static analysis for PowerShell files \|
55	\| `Validate-MarkdownFrontmatter.ps1` \| Validate YAML frontmatter in markdown files \|
56	\| `Validate-SkillStructure.ps1` \| Validate skill directory structure and frontmatter \|
57	\| `Invoke-LinkLanguageCheck.ps1` \| Detect en-us language paths in URLs \|
58	\| `Link-Lang-Check.ps1` \| Link language checking entry point \|
59	\| `Markdown-Link-Check.ps1` \| Validate markdown links \|
60	\| `Invoke-YamlLint.ps1` \| YAML file validation \|
61	\| `Test-CopyrightHeaders.ps1` \| Validate copyright headers in source files \|
62
63	`See [linting/README.md](linting/README.md) for detailed documentation.`
64
65	`## Security Scripts`
66
67	The `security/` directory contains scripts for security scanning and dependency management:
68
69	`\| Script \| Purpose \|`
70	`\|-------------------------------------\|-------------------------------------------\|`
71	\| `Test-DependencyPinning.ps1` \| Validate SHA pinning compliance \|
72	\| `Test-SHAStaleness.ps1` \| Check for outdated SHA pins \|
73	\| `Update-ActionSHAPinning.ps1` \| Automate updating GitHub Actions SHA pins \|
74	\| `Test-ActionVersionConsistency.ps1` \| Validate action version consistency \|
75
76	`## Plugins`
77
78	`Copilot CLI plugin generation and validation.`
79
80	`\| Script \| Purpose \|`
81	`\|----------------------------\|-------------------------------------------\|`
82	\| `Generate-Plugins.ps1` \| Generate plugin packages from collections \|
83	\| `Validate-Marketplace.ps1` \| Validate marketplace metadata \|
84
85	`## Collections`
86
87	`Collection validation and shared helpers.`
88
89	`\| Script \| Purpose \|`
90	`\|----------------------------\|--------------------------------------------\|`
91	\| `Validate-Collections.ps1` \| Validate collection metadata and structure \|
92
93	`## Tests`
94
95	`Pester test organization matching the scripts structure.`
96
97	`\| Directory \| Tests For \|`
98	`\|----------------\|---------------------------\|`
99	\| `collections/` \| Collection helpers tests \|
100	\| `extension/` \| Extension packaging tests \|
101	\| `lib/` \| Library utility tests \|
102	\| `linting/` \| Linting script tests \|
103	\| `security/` \| Security validation tests \|
104	\| `plugins/` \| Plugin generation tests \|
105	\| `Fixtures/` \| Shared test fixtures \|
106	\| `Mocks/` \| Shared mock data \|
107
108	`Run all tests:`
109
110	```bash
111	`npm run test:ps`
112	```
113
114	`## Usage`
115
116	All scripts are designed to run both locally and in GitHub Actions workflows. They support common parameters like `-Verbose` and `-Debug` for troubleshooting.
117
118	`### Local Testing`
119
120	```powershell
121	`# Test PSScriptAnalyzer on changed files`
122	`./scripts/linting/Invoke-PSScriptAnalyzer.ps1 -ChangedFilesOnly -Verbose`
123
124	`# Validate markdown frontmatter`
125	`./scripts/linting/Validate-MarkdownFrontmatter.ps1 -Verbose`
126
127	`# Check for language paths in URLs`
128	`./scripts/linting/Invoke-LinkLanguageCheck.ps1 -Verbose`
129	```
130
131	`### GitHub Actions Integration`
132
133	`All scripts automatically detect GitHub Actions environment and provide appropriate output formatting (annotations, summaries, artifacts).`
134
135	`## Contributing`
136
137	`When adding new scripts:`
138
139	`1. Follow PowerShell best practices (PSScriptAnalyzer compliant)`
140	`2. Include the entry point guard pattern (see below)`
141	3. Support `-Verbose` and `-Debug` parameters
142	4. Add GitHub Actions integration using `LintingHelpers` module functions
143	5. Include inline help with `.SYNOPSIS`, `.DESCRIPTION`, `.PARAMETER`, and `.EXAMPLE`
144	`6. Document in relevant README files`
145	`7. Test locally before creating PR`
146
147	`### Entry Point Guard Pattern`
148
149	All production scripts use a dot-source guard that enables Pester tests to import functions without executing main logic. Extract main logic into an `Invoke-*` orchestrator function and wrap direct execution in a guard block:
150
151	```powershell
152	`#region Functions`
153
154	`function Invoke-ScriptMain {`
155	`[CmdletBinding()]`
156	`param( <# script params #> )`
157	`# Main logic here`
158	`}`
159
160	`#endregion Functions`
161
162	`#region Main Execution`
163	`if ($MyInvocation.InvocationName -ne '.') {`
164	`try {`
165	`Invoke-ScriptMain @PSBoundParameters`
166	`exit 0`
167	`}`
168	`catch {`
169	`Write-Error -ErrorAction Continue "ScriptName failed: $($_.Exception.Message)"`
170	`Write-CIAnnotation -Message $_.Exception.Message -Level Error`
171	`exit 1`
172	`}`
173	`}`
174	`#endregion Main Execution`
175	```
176
177	`Key rules:`
178
179	* The `if` guard wraps `try`/`catch` (not the reverse)
180	* Name the orchestrator `Invoke-*` matching the script noun
181	* Use `#region Functions` and `#region Main Execution` markers
182	`* See [Package-Extension.ps1](extension/Package-Extension.ps1) for a canonical example`
183
184	`## Related Documentation`
185
186	`* [Collection Scripts Documentation](collections/README.md)`
187	`* [Extension Packaging Documentation](extension/README.md)`
188	`* [Library Utilities Documentation](lib/README.md)`
189	`* [Linting Scripts Documentation](linting/README.md)`
190	`* [Plugin Generation Documentation](plugins/README.md)`
191	`* [Security Scripts Documentation](security/README.md)`
192	`* [Test Organization Documentation](tests/README.md)`
193	`* [GitHub Workflows Documentation](../.github/workflows/README.md)`
194	`* [Contributing Guidelines](../CONTRIBUTING.md)`
195
196	`---`
197
198	`🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.`

microsoft/hve-core

Branches

Tags

Clone