Feature: Implement Dual-Validation PSScriptAnalyzer with Standardized Settings

[jonnybottles]

What problem would this feature solve?

Currently, PSScriptAnalyzer in Hawk:

• Only runs during CI via PSScriptAnalyzer.Tests.ps1
• Has hardcoded rule exclusions
• No local validation before commits
• No standardized settings file

This means:

• Developers only discover issues after pushing code
• CI pipeline failures for fixable style issues
• Inconsistent rule enforcement
• No documented reasoning for exclusions

Proposed Solution

Implement a dual-validation approach that runs PSScriptAnalyzer:

• Locally via pre-commit hooks
• In CI via existing Pester tests

Both using the same standardized settings file to ensure consistency.

Technical Requirements

Settings File Requirements

• Create standardized PSScriptAnalyzer settings file in .github/psscriptanalyzer/settings.psd1
• Maintain current rule exclusions (PSAvoidTrailingWhitespace, PSShouldProcess)
• Document reasoning for each excluded rule
• Ensure settings file is accessible to both local and CI validation

Test Suite Updates

• Modify PSScriptAnalyzer.Tests.ps1 to use centralized settings file
• Remove hardcoded rule exclusions from test file
• Maintain current test behavior and reporting
• Ensure test failures provide clear guidance

Pre-commit Hook Requirements

• Create pre-commit hook configuration file
• Configure hook to use same settings file as CI
• Support PS1, PSM1, and PSD1 file validation
• Provide clear error messages for validation failures

Documentation Requirements

• Create setup guide for pre-commit hooks

Implementation Approach

Implementation Steps

• Create settings file with current exclusions
• Update PSScriptAnalyzer test to use settings file
• Add pre-commit hook configuration
• Add documentation and setup instructions
• Test both local and CI validation

Acceptance Criteria

Acceptance Criteria

1. Settings File

• Created with current exclusions
• Properly referenced by both validations
• No changes to enforced rules

2. Pre-commit Hook

• Configuration file created
• Works with settings file
• Clear error messages
• Easy to set up

3. CI Test

• Updated to use settings file
• Maintains current behavior
• Consistent with pre-commit
• Clear test failures

4. Documentation

• Pre-commit setup instructions

[jonnybottles]

Done:

• Implemented the PSScriptAnalyzer settings / config file
• Implemented Github pre-commit hook
• Updated Confluence page with appropriate documentation for each developer to setup pre-commit hooks and VSCode extension that refernces the PSScriptAnalyzer settings file

To Do:

• CI workflow integration

[jonnybottles]

Both pre-commit hook and workflow references same PSSA config file. Need to modify ole validate.yml to no longer call PSSA in the PSScriptAnalyzer.Tests.ps1 file and then remove that file.

[jonnybottles]

PSSA config file moved to Hawk/internal/configurations. Both pre-commit hook / workflow is working and ticket tasks are complete. However, the RobustCloudCommand error is now showing back up and needs to be fixed. To allow for pushing to the repo the module build in vsts-prequisites.ps1 is currently commented out to avoid the RobustCloudCommand failure.

Current recommended appraoch is to download the RobustCloudCommand from its GitHub repo and then include it in a Hawk folder Hawk/external, and have the Hawk.psd1 reference that file instead of the external no longer existing module in the PowerShell gallery.