Skip to content

Fix PowerShell regex quoting in CI secret check #13

Fix PowerShell regex quoting in CI secret check

Fix PowerShell regex quoting in CI secret check #13

Workflow file for this run

name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
lint:
name: Code Quality Checks
runs-on: windows-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Check for hardcoded paths
run: |
Write-Host "Checking for hardcoded personal paths..."
# Patterns to search for (actual problematic hardcoded paths)
$personalPaths = @(
"C:\\Users\\Lost",
"E:\\AI\\",
"D:\\Users\\Lost"
)
$found = $false
foreach ($path in $personalPaths) {
$files = Get-ChildItem -Path . -Include "*.py","*.ps1","*.bat" -Recurse -File | Where-Object {
$_.FullName -notmatch "\\\.git\\" -and
$_.FullName -notmatch "check_sanitization" -and
$_.FullName -notmatch "workflows\\ci\.yml"
}
$matches = $files | Select-String -Pattern $path -ErrorAction SilentlyContinue
if ($matches) {
Write-Host "::error::Found personal hardcoded path: $path"
$matches | ForEach-Object { Write-Host " - $($_.Path):$($_.LineNumber)" }
$found = $true
}
}
if ($found) {
Write-Host "::error::Personal paths detected! These must be removed before merge."
exit 1
}
Write-Host "✓ No personal hardcoded paths found"
Write-Host " Note: Generic examples like 'C:\Users\YourName' are allowed"
- name: Validate .gitignore
run: |
Write-Host "Validating .gitignore..."
if (-not (Test-Path ".gitignore")) {
Write-Host "::error::.gitignore file is missing"
exit 1
}
Write-Host "✓ .gitignore exists"
- name: Check file structure
run: |
Write-Host "Checking repository structure..."
$requiredFiles = @(
"README.md",
"LICENSE",
"CONTRIBUTING.md",
".github/SECURITY.md"
)
foreach ($file in $requiredFiles) {
if (-not (Test-Path $file)) {
Write-Host "::warning::Required file missing: $file"
} else {
Write-Host "✓ $file exists"
}
}
- name: Validate markdown files
run: |
Write-Host "Validating markdown files..."
$mdFiles = Get-ChildItem -Path . -Filter "*.md" -Recurse -File | Where-Object { $_.FullName -notmatch "\\\.git\\" }
foreach ($file in $mdFiles) {
$content = Get-Content $file.FullName -Raw
if ($content.Length -eq 0) {
Write-Host "::warning::Empty markdown file: $($file.FullName)"
}
}
Write-Host "✓ Markdown validation complete"
- name: Check for secrets
run: |
Write-Host "Checking for potential secrets..."
$secretPatterns = @(
'api[_-]?key\s*=\s*[''"][^''"]+[''"']',
'password\s*=\s*[''"][^''"]+[''"']',
'token\s*=\s*[''"][^''"]+[''"']',
'secret\s*=\s*[''"][^''"]+[''"']'
)
$found = $false
foreach ($pattern in $secretPatterns) {
$files = Get-ChildItem -Path . -Include "*.py","*.ps1","*.bat","*.md" -Recurse -File | Where-Object { $_.FullName -notmatch "\\\.git\\" }
$matches = $files | Select-String -Pattern $pattern -ErrorAction SilentlyContinue | Where-Object { $_.Line -notmatch "#.*example|#.*placeholder" }
if ($matches) {
Write-Host "::warning::Potential secret found (may be false positive):"
$matches | ForEach-Object { Write-Host " - $($_.Path):$($_.LineNumber)" }
}
}
Write-Host "✓ Secret check complete"
validate-scripts:
name: Validate Scripts
runs-on: windows-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Validate PowerShell scripts
run: |
Write-Host "Validating PowerShell scripts..."
$ps1Files = Get-ChildItem -Path . -Filter "*.ps1" -Recurse -File | Where-Object { $_.FullName -notmatch "\\\.git\\" }
foreach ($file in $ps1Files) {
Write-Host "Checking $($file.Name)..."
$errors = $null
$null = [System.Management.Automation.PSParser]::Tokenize((Get-Content $file.FullName -Raw), [ref]$errors)
if ($errors.Count -gt 0) {
Write-Host "::error::PowerShell syntax errors in $($file.Name):"
$errors | ForEach-Object { Write-Host " - $($_.Message)" }
exit 1
}
}
Write-Host "✓ All PowerShell scripts are valid"
- name: Validate batch files
run: |
Write-Host "Validating batch files..."
$batFiles = Get-ChildItem -Path . -Filter "*.bat" -Recurse -File | Where-Object { $_.FullName -notmatch "\\\.git\\" }
foreach ($file in $batFiles) {
Write-Host "✓ $($file.Name) exists"
}
Write-Host "✓ Batch file validation complete"