Lint

security: Tier 2 review — pagination SSRF fix + threat model + supply… #343

	name: Lint

	on:
	push:
	branches: [dev, main, master]
	paths:
	- 'Functions/**'
	- '*.ps1'
	- '*.psm1'
	pull_request:
	branches: [dev, main, master]
	paths:
	- 'Functions/**'
	- '*.ps1'
	- '*.psm1'

	permissions:
	contents: read

	jobs:
	lint:
	name: PSScriptAnalyzer
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Cache PSScriptAnalyzer
	uses: actions/cache@v4
	id: ps-cache
	with:
	path: ~/.local/share/powershell/Modules
	key: ps-modules-ubuntu-pssa-v1

	- name: Install PSScriptAnalyzer
	if: steps.ps-cache.outputs.cache-hit != 'true'
	shell: pwsh
	run: \|
	Set-PSRepository PSGallery -InstallationPolicy Trusted
	Install-Module PSScriptAnalyzer -Force -Scope CurrentUser

	- name: Run PSScriptAnalyzer
	shell: pwsh
	run: \|
	# Use project settings file (falls back to defaults if not found)
	$settingsPath = './PSScriptAnalyzerSettings.psd1'
	$settings = if (Test-Path $settingsPath) { $settingsPath } else { $null }

	Write-Host "Analyzing Functions directory..." -ForegroundColor Cyan
	if ($settings) {
	Write-Host "Using settings: $settingsPath" -ForegroundColor Gray
	}

	$splat = @{
	Path = './Functions'
	Recurse = $true
	Severity = 'Error', 'Warning', 'Information'
	}
	if ($settings) {
	$splat['Settings'] = $settings
	}

	$results = Invoke-ScriptAnalyzer @splat

	if ($results) {
	Write-Host "`n❌ PSScriptAnalyzer found $($results.Count) issue(s):`n" -ForegroundColor Red
	$results \| Format-Table -Property Severity, RuleName, ScriptName, Line, Message -AutoSize -Wrap
	exit 1
	} else {
	Write-Host "✅ No issues found!" -ForegroundColor Green
	}

Provide feedback