feat: Implement Testing and Security Framework #9
Conversation
This commit introduces a comprehensive, multi-language testing and security framework. - Adds a .pre-commit-config.yaml with hooks for linting (markdown, yaml, powershell), formatting (prettier), and secret scanning (gitleaks). - Establishes a ests/ directory with a unit test for the existing PowerShell script using Pester. - Implements a GitHub Actions CI workflow (.github/workflows/ci.yml) to run linters and tests automatically on pull requests. - Adds TESTING.md to document the local testing setup. - Includes .vscode/ settings for recommended extensions and tasks. - Updates CONTRIBUTING.md and Copilot instructions to enforce a test-focused development approach, emphasizing edge case testing.
|
@copilot given the failures in the checks, analyze what changes are required to fix this PR and then commit them. |
|
@AprilDeFeu I've opened a new pull request, #10, to work on those changes. Once the pull request is ready, I'll request review from you. |
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a comprehensive testing and security framework for the Scripts repository, including pre-commit hooks, unit tests, CI automation, and updated documentation to enforce quality standards.
Key Changes
- Added pre-commit configuration with linting, formatting, and security scanning hooks
- Implemented Pester unit tests for PowerShell scripts with basic validation and smoke testing
- Created GitHub Actions CI workflow to automate testing and linting on pull requests
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
tests/unit/PowerShell/system-maintenance.Tests.ps1 |
Pester unit test file for PowerShell system maintenance script with validation and smoke tests |
TESTING.md |
Documentation outlining the testing framework, local testing setup, and CI pipeline |
CONTRIBUTING.md |
Updated contribution guidelines with test-focused development principles and coverage checklist |
.vscode/tasks.json |
VSCode tasks for running linting and PowerShell unit tests |
.vscode/extensions.json |
Recommended VSCode extensions for PowerShell and Prettier |
.pre-commit-config.yaml |
Pre-commit hook configuration for code quality, formatting, and security checks |
.github/workflows/ci.yml |
CI workflow for automated linting and PowerShell testing |
.github/instructions/copilot.instructions.md |
Repository-specific Copilot instructions for testing and quality standards |
.pre-commit-config.yaml
Outdated
| # Exclude the test file itself from analysis for now | ||
| exclude: '^tests/unit/PowerShell/system-maintenance.Tests.ps1$' |
There was a problem hiding this comment.
[nitpick] The comment references a file path that doesn't match the actual test file location. The exclude pattern is '^tests/unit/PowerShell/system-maintenance.Tests.ps1$' but the comment says "Exclude the test file itself from analysis for now." This is misleading because:
- It's unclear why a test file would need to be excluded from PowerShell script analysis
- The comment "for now" suggests this is temporary, but there's no explanation of when or why it should be re-enabled
- Test files should generally follow the same code quality standards as the scripts they test
Consider either removing this exclusion or providing a clear explanation of why this specific test file needs to be excluded from analysis.
| # Exclude the test file itself from analysis for now | |
| exclude: '^tests/unit/PowerShell/system-maintenance.Tests.ps1$' |
There was a problem hiding this comment.
This file is ignored because it involves a system-wide cleanup, so it is incredibly expensive on the checks.
| # tests/unit/PowerShell/system-maintenance.Tests.ps1 | ||
|
|
||
| BeforeAll { | ||
| # Suppress verbose output from the script itself during tests | ||
| $VerbosePreference = 'SilentlyContinue' | ||
| # Path to the script being tested | ||
| $scriptPath = "$PSScriptRoot/../../../PowerShell/system-administration/maintenance/system-maintenance.ps1" | ||
| } | ||
|
|
||
| Describe "system-maintenance.ps1" { | ||
| Context "Basic Script Validation" { | ||
| It "should be a valid script file" { | ||
| Test-Path -Path $scriptPath | Should -Be $true | ||
| } | ||
|
|
||
| It "should have comment-based help" { | ||
| $help = Get-Help -Path $scriptPath -ErrorAction SilentlyContinue | ||
| $help | Should -Not -BeNull | ||
| ($help.Name -eq 'system-maintenance') | Should -Be $true | ||
| } | ||
|
|
||
| It "should support -WhatIf" { | ||
| $command = Get-Command -Path $scriptPath | ||
| $command.Parameters.Keys | Should -Contain 'WhatIf' | ||
| } | ||
| } | ||
|
|
||
| Context "Execution Smoke Test" { | ||
| It "should run without throwing errors with default parameters" { | ||
| & $scriptPath -WhatIf | Should -Not -Throw | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
The entire test file content is duplicated (lines 1-33 are identical to lines 34-66). This duplication should be removed, keeping only one copy of the test suite.
| # tests/unit/PowerShell/system-maintenance.Tests.ps1 | |
| BeforeAll { | |
| # Suppress verbose output from the script itself during tests | |
| $VerbosePreference = 'SilentlyContinue' | |
| # Path to the script being tested | |
| $scriptPath = "$PSScriptRoot/../../../PowerShell/system-administration/maintenance/system-maintenance.ps1" | |
| } | |
| Describe "system-maintenance.ps1" { | |
| Context "Basic Script Validation" { | |
| It "should be a valid script file" { | |
| Test-Path -Path $scriptPath | Should -Be $true | |
| } | |
| It "should have comment-based help" { | |
| $help = Get-Help -Path $scriptPath -ErrorAction SilentlyContinue | |
| $help | Should -Not -BeNull | |
| ($help.Name -eq 'system-maintenance') | Should -Be $true | |
| } | |
| It "should support -WhatIf" { | |
| $command = Get-Command -Path $scriptPath | |
| $command.Parameters.Keys | Should -Contain 'WhatIf' | |
| } | |
| } | |
| Context "Execution Smoke Test" { | |
| It "should run without throwing errors with default parameters" { | |
| & $scriptPath -WhatIf | Should -Not -Throw | |
| } | |
| } | |
| } |
|
|
||
| Context "Execution Smoke Test" { | ||
| It "should run without throwing errors with default parameters" { | ||
| & $scriptPath -WhatIf | Should -Not -Throw |
There was a problem hiding this comment.
The test on line 30 uses Should -Not -Throw incorrectly. The Should -Not -Throw assertion requires a script block { } to wrap the command being tested.
Correct syntax:
{ & $scriptPath -WhatIf } | Should -Not -Throw
.pre-commit-config.yaml
Outdated
| - id: psscriptanalyzer | ||
| name: psscriptanalyzer | ||
| entry: pwsh -Command "Invoke-ScriptAnalyzer -Path ." | ||
| language: "powershell" |
There was a problem hiding this comment.
The language field value should be system instead of "powershell" for local hooks in pre-commit. The language: "powershell" is not a valid pre-commit language type. Use language: system and ensure PowerShell is available in the system PATH.
| language: "powershell" | |
| language: system |
.pre-commit-config.yaml
Outdated
| name: psscriptanalyzer | ||
| entry: pwsh -Command "Invoke-ScriptAnalyzer -Path ." | ||
| language: "powershell" | ||
| types: ["powershell"] |
There was a problem hiding this comment.
The types field should use powershell without quotes. Pre-commit type identifiers should not be quoted in arrays.
Correct syntax:
types: [powershell]| types: ["powershell"] | |
| types: [powershell] |
| run: | | ||
| $result = Invoke-Pester -Path 'tests/unit/PowerShell' -PassThru | ||
| if ($result.FailedCount -gt 0) { | ||
| exit 1 | ||
| } |
There was a problem hiding this comment.
Missing the closing brace } for the run block. The PowerShell script block that starts on line 45 is not properly closed, which will cause a workflow syntax error.
Add the closing brace after line 49:
if ($result.FailedCount -gt 0) {
exit 1
}- Changed psscriptanalyzer language from 'powershell' to 'system' in .pre-commit-config.yaml
- Fixed bash syntax error in template.sh (replaced 'else {' with 'else')
- Fixed SC2155 ShellCheck warnings by separating variable declarations and assignments
- Updated markdownlint config to exclude instruction files and be more lenient
- Fixed line length issues in CONTRIBUTING.md
- Added shellcheck disable comment for intentional SCRIPT_DIR in template
- All pre-commit hooks now pass successfully
Co-authored-by: AprilDeFeu <[email protected]>
Fix CI failures: pre-commit configuration and shell script issues
|
@copilot review this again |
|
@AprilDeFeu I've opened a new pull request, #11, to work on those changes. Once the pull request is ready, I'll request review from you. |
Co-authored-by: AprilDeFeu <[email protected]>
fix: Address code review feedback in testing framework
|
@copilot based off the feedback of the CI Test PowerShell check, create a fix in this draft as another commit. |
|
@AprilDeFeu I've opened a new pull request, #12, to work on those changes. Once the pull request is ready, I'll request review from you. |
…test assertions Co-authored-by: AprilDeFeu <[email protected]>
… separators Co-authored-by: AprilDeFeu <[email protected]>
[WIP] Add multi-language testing and security framework
| ### Test Coverage Checklist | ||
| Before submitting, ensure your tests cover the following scenarios: | ||
|
|
||
| - [ ] **Happy Path:** Does the script work as expected with valid, typical inputs? | ||
| - [ ] **Invalid Inputs:** How does the script handle incorrect, malformed, or unexpected inputs? | ||
| (e.g., wrong data types, non-existent files). | ||
| - [ ] **Edge Cases:** | ||
| - [ ] Empty or null inputs. | ||
| - [ ] Very large inputs (e.g., large files, many items). | ||
| - [ ] Zero-value inputs (e.g., `0`, `""`). | ||
| - [ ] Inputs with special characters or different encodings. | ||
| - [ ] **Permissions:** Does the script fail gracefully if it lacks the required permissions for a file, | ||
| directory, or network resource? | ||
| - [ ] **Dependencies:** How does the script behave if a required dependency (module, command-line tool) is missing? | ||
| - [ ] **Concurrency:** If applicable, is the script safe to run multiple times simultaneously? Does it handle file locking? |
There was a problem hiding this comment.
The test coverage checklist is comprehensive but not reflected in the actual PowerShell unit tests provided. The sample test file (tests/unit/PowerShell/system-maintenance.Tests.ps1) only includes basic validation and a smoke test with -WhatIf, missing most items from this checklist (invalid inputs, edge cases, permissions, dependencies). Consider adding example tests that demonstrate these scenarios or note that this is an aspirational checklist.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
|
@AprilDeFeu I've opened a new pull request, #13, to work on those changes. Once the pull request is ready, I'll request review from you. |
Co-authored-by: AprilDeFeu <[email protected]>
Add comprehensive test examples demonstrating test coverage checklist
|
@copilot fully review this PR one more time |
|
@AprilDeFeu I've opened a new pull request, #14, to work on those changes. Once the pull request is ready, I'll request review from you. |
Complete comprehensive PR review with validation of testing and security framework
This pull request introduces a comprehensive, multi-language testing and security framework to ensure the quality and integrity of all scripts in the repository.
Key additions include:
.pre-commit-config.yamlwith hooks for linting, formatting, and secret scanning.tests/directory with Pester unit tests for PowerShell scripts.CONTRIBUTING.mdand Copilot instructions to enforce a test-focused development approach.