From 96eebcedf2b25274c5e96d2fb5505edc15796759 Mon Sep 17 00:00:00 2001
From: Ivan Dlugos <dlugos.ivan@gmail.com>
Date: Wed, 29 Oct 2025 20:12:02 +0100
Subject: [PATCH 1/2] ci: replace manual PSScriptAnalyzer with official GitHub
 Action
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace custom PowerShell script with microsoft/psscriptanalyzer-action
to simplify the lint job and integrate with GitHub Security features.

Benefits:
- Reduces maintenance burden (30+ lines to ~15 lines)
- SARIF output integrates with Code Scanning alerts in Security tab
- Cleaner workflow with official Microsoft-maintained action
- Maintains same behavior (fails on errors, passes on warnings)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/test-powershell-module.yml | 41 ++++++++------------
 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/test-powershell-module.yml b/.github/workflows/test-powershell-module.yml
index b0b0812..c8dd005 100644
--- a/.github/workflows/test-powershell-module.yml
+++ b/.github/workflows/test-powershell-module.yml
@@ -32,37 +32,28 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ${{ inputs.module-path }}
-        shell: pwsh
+    permissions:
+      contents: read
+      security-events: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - run: $PSVersionTable
-
-      - name: Show PSScriptAnalyzer versions
-        run: |
-          Get-Module PSScriptAnalyzer | Format-Table -AutoSize
-          Get-Command Invoke-ScriptAnalyzer | Format-Table -AutoSize
+      - name: Run PSScriptAnalyzer
+        uses: microsoft/psscriptanalyzer-action@v1.1
+        with:
+          path: ${{ inputs.module-path }}
+          recurse: true
+          output: results.sarif
+          settings: ${{ inputs.settings-path }}
 
-      - name: Run PowerShell Script Analyzer
-        run: |
-          Write-Host "Running PSScriptAnalyzer on ${{ inputs.module-name }} module..."
-          $settingsPath = Join-Path ".." "${{ inputs.settings-path }}"
-          $analysisResults = Invoke-ScriptAnalyzer -Path . -Recurse -ReportSummary -Settings $settingsPath
-          if ($analysisResults) {
-            Write-Host "PSScriptAnalyzer found issues:" -ForegroundColor Yellow
-            $analysisResults | Format-Table -AutoSize
-            if ($analysisResults | Where-Object { $_.Severity -eq 'Error' }) {
-              Write-Error "PSScriptAnalyzer found errors. Please fix them before merging."
-              exit 1
-            }
-          } else {
-            Write-Host "PSScriptAnalyzer passed with no issues" -ForegroundColor Green
-          }
+      - name: Upload SARIF results to GitHub Security
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: results.sarif
+          category: psscriptanalyzer
 
   unit-tests:
     runs-on: windows-latest

From 71b94268627fcb83a28a7dd23c74bfffba19fe85 Mon Sep 17 00:00:00 2001
From: Ivan Dlugos <dlugos.ivan@gmail.com>
Date: Wed, 29 Oct 2025 20:26:17 +0100
Subject: [PATCH 2/2] ci: add path filters for workflow and settings files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add path filters to trigger CI when shared workflow files or settings
are modified, ensuring changes to test-powershell-module.yml and
PSScriptAnalyzerSettings.psd1 trigger appropriate workflows.

Each workflow now triggers on changes to:
- Its own workflow file
- The reusable test-powershell-module.yml workflow
- The shared PSScriptAnalyzerSettings.psd1 file

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/app-runner.yml        | 6 ++++++
 .github/workflows/sentry-api-client.yml | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/.github/workflows/app-runner.yml b/.github/workflows/app-runner.yml
index 32a9e24..016a054 100644
--- a/.github/workflows/app-runner.yml
+++ b/.github/workflows/app-runner.yml
@@ -5,10 +5,16 @@ on:
     branches: ['main']
     paths:
       - 'app-runner/**'
+      - '.github/workflows/app-runner.yml'
+      - '.github/workflows/test-powershell-module.yml'
+      - 'PSScriptAnalyzerSettings.psd1'
   pull_request:
     branches: ['main']
     paths:
       - 'app-runner/**'
+      - '.github/workflows/app-runner.yml'
+      - '.github/workflows/test-powershell-module.yml'
+      - 'PSScriptAnalyzerSettings.psd1'
 
 jobs:
   test:
diff --git a/.github/workflows/sentry-api-client.yml b/.github/workflows/sentry-api-client.yml
index 53daa29..1ed9cc5 100644
--- a/.github/workflows/sentry-api-client.yml
+++ b/.github/workflows/sentry-api-client.yml
@@ -5,10 +5,16 @@ on:
     branches: ['main']
     paths:
       - 'sentry-api-client/**'
+      - '.github/workflows/sentry-api-client.yml'
+      - '.github/workflows/test-powershell-module.yml'
+      - 'PSScriptAnalyzerSettings.psd1'
   pull_request:
     branches: ['main']
     paths:
       - 'sentry-api-client/**'
+      - '.github/workflows/sentry-api-client.yml'
+      - '.github/workflows/test-powershell-module.yml'
+      - 'PSScriptAnalyzerSettings.psd1'
 
 jobs:
   test: