Skip to content

-SaveDscDependency does not work on Microsoft-hosted 'ubuntu-latest' agents #2096

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ferike86 opened this issue Apr 22, 2025 · 3 comments
Open

-SaveDscDependency does not work on Microsoft-hosted 'ubuntu-latest' agents #2096

ferike86 opened this issue Apr 22, 2025 · 3 comments
Labels
Issue - Bug

Comments

@ferike86
Copy link

Steps to reproduce

Invoke-ScriptAnalyzer -Path . -Recurse -ReportSummary -SaveDscDependency -EnableExit

We have some new scripts which rely on DSC modules (for example 'nxtools', 'PSDscResources' and 'SecurityPolicyDSC'). RestrictRDPForLocalAccounts.ps1 is one of the PowerShell script files that used DSC modules. While executing the PSScriptAnalyzer scan with the -SaveDscDependency option on the Microsoft-hosted 'ubuntu-latest' agents in our CI/CD pipeline, the DSC modules are not saved:

Image

The same command works fine on Microsoft-hosted 'windows-latest' agents:

Image

Expected behavior

The DSC modules are downloaded and the script files are scanned the same way as on Windows.

Actual behavior

The DSC modules are not downloaded and the scan list parse errors.

Environment data

Microsoft-hosted 'ubuntu-latest' agents
PowerShell 7.4.7
PSScriptAnalyzer: 1.24.0
@bergmeister
Copy link
Collaborator

Interesting, #1246 enabled Linux but testing requires DSC to be installed, which is something custom and at the time wasn't in the CI runner agents. I wonder whether that is still the case and you have checked that you have bootstrapped DSC on the ubuntu agent?

@ferike86
Copy link
Author

@bergmeister yeah, you were right with DSC installation, it was missing from the agent. After following this guide https://learn.microsoft.com/en-us/powershell/dsc/getting-started/lnxgettingstarted?view=dsc-1.1 and applying some hacks from here microsoft/PowerShell-DSC-for-Linux#674 (comment) I have some partial success.

The 'nxtools' DSC module is downloaded now and the script file scanned successfully, previously it was also not downloaded. However, the 'PSDscResources' and 'SecurityPolicyDSC' DSC modules are still not downloaded for some reason.

For visibility, I'm providing the Azure YAML pipeline steps for the DSC setup:

      - job: PSScriptAnalyzer
        displayName: PSScriptAnalyzer
        pool:
          vmImage: ubuntu-latest
        steps:
          - task: Bash@3
            displayName: Check OpenSSL version
            inputs:
              targetType: inline
              script: |
                openssl version
          - task: Bash@3
            displayName: Install OMI
            inputs:
              targetType: inline
              script: |
                curl -sSL -O https://github.com/microsoft/omi/releases/download/v1.9.1-0/omi-1.9.1-0.ssl_300.ulinux.s.x64.deb
                sudo dpkg -i ./omi-1.9.1-0.ssl_300.ulinux.s.x64.deb
          - task: Bash@3
            displayName: Install DSC
            inputs:
              targetType: inline
              script: |
                curl -sSL -O https://github.com/microsoft/PowerShell-DSC-for-Linux/releases/download/v1.2.4-0/dsc-1.2.4-0.ssl_110.x64.deb
                sudo dpkg -i ./dsc-1.2.4-0.ssl_110.x64.deb
          - task: Bash@3
            displayName: Fixing OMI installation
            inputs:
              targetType: inline
              script: |
                echo 'Configuring LD Cache for OMI...'
                sudo bash -c "echo '/opt/omi/lib' >/etc/ld.so.conf.d/omi.conf"
                sudo ldconfig >/dev/null
                ldconfig --print-cache | grep 'libmi\.so' >/dev/null \
                    && echo 'OMI libraries are available.' \
                    || { echo 'OMI libraries are NOT available!'; return 1; }
                echo 'Fixing default OMI installation...'
                sudo ln --symbolic --force --no-dereference \
                    /etc/opt/omi/conf/dsc/configuration/baseregistration/ \
                    /etc/opt/omi/conf/dsc/configuration/BaseRegistration
                sudo ln --symbolic --force --no-dereference \
                    /etc/opt/omi/conf/dsc/configuration/baseregistration/baseresource.schema.mof \
                    /etc/opt/omi/conf/dsc/configuration/BaseRegistration/BaseResource.schema.mof
          - task: PowerShell@2
            displayName: Run PSScriptAnalyzer for all .ps1 files
            inputs:
              targetType: inline
              script: |
                Install-Module -Name PSScriptAnalyzer -Force
                Invoke-ScriptAnalyzer -Path . -Recurse -ReportSummary -SaveDscDependency -EnableExit -Verbose
              pwsh: true

@bergmeister
Copy link
Collaborator

WSL could be useful to try replicate/debug in an easier way?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue - Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bergmeister @ferike86