ci: pin PSScriptAnalyzer version in the lint job

[tablackburn]

Summary

• The PSScriptAnalyzer Lint job installed PSScriptAnalyzer unpinned and called Invoke-ScriptAnalyzer with no explicit Import-Module, so it ignored the 1.24.0 pin in build.depend.psd1 (only the build/test jobs honor it, via PSDepend).
• On a cache hit the install step was skipped entirely, letting the runner image's bundled copy load alongside the cached one and crash with "You cannot have more than one dynamic module in each dynamic assembly in this version of the runtime." This failed CI on main after style: re-sync test scaffolding to canonical template (post-#36) #55, while the identical PR tree had passed minutes earlier — confirming it was environmental, not a lint violation.
• Fix: read the pinned version from build.depend.psd1, install that exact version (verified present even on a cache hit), and Import-Module -RequiredVersion it explicitly before Invoke-ScriptAnalyzer so exactly one assembly version loads. The cache key already hashes build.depend.psd1, so the installed version and cache stay coupled to a single source of truth.

Test Plan

• YAML parses; both embedded pwsh blocks parse cleanly
• End-to-end run in a pwsh 7.5 / ubuntu-24.04 container under the failure condition: with 1.25.0 pre-polluting the module path, the step still installs and loads exactly 1.24.0 and analyzes cleanly (0 errors)
• CI PSScriptAnalyzer Lint job passes on this PR

Breaking Changes

None. Behavior change is confined to the lint job's module install/import.

Notes

A separate follow-up (discussed but intentionally not included here) may unify the lint ruleset with the in-build analysis and revisit the now-likely-obsolete Linux/macOS PSScriptAnalyzer workaround in build.psake.ps1.

Summary by CodeRabbit

• Chores
  • Improved CI linting reliability by ensuring the pinned analysis module version is detected, imported, and used consistently.
  • Removed dependency on a cache-based gate for module setup, reducing flaky failures caused by multiple module instances.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8683d60a-d996-4f78-b226-9fc6c541f84e

📥 Commits

Reviewing files that changed from the base of the PR and between 5a82f72 and b0faa4a.

📒 Files selected for processing (1)

• .github/workflows/CI.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/CI.yaml

---

📝 Walkthrough

Walkthrough

The CI lint job now reads the pinned PSScriptAnalyzer version from build.depend.psd1, checks/install that exact module from PSGallery when missing, and explicitly imports the pinned version before running analysis; the prior cache-step gating was removed.

Changes

CI Lint Job Module Management

Layer / File(s)	Summary
PSScriptAnalyzer version pinning and installation .github/workflows/CI.yaml	Cache-step identifier removed. Inline script added to read pinned PSScriptAnalyzer version from build.depend.psd1, check local availability, and install from PSGallery when absent. Lint execution step updated to explicitly import the pinned version before running analysis.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• tablackburn/PlexAutomationToolkit#35: Prior modification to the same lint job's PSScriptAnalyzer installation logic based on cache behavior.

Poem

🐰 I hop through CI with a careful paw,
I read the pinned version, check what I saw,
If PSGallery holds it, I fetch with grace,
Then import it plainly, no mix-up to face,
Lint runs tidy now — a happy little race.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: pinning PSScriptAnalyzer version in the lint job, which directly addresses the core problem of unpinned module versions causing intermittent CI failures.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/pin-pssa-version-in-lint-job

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR makes the CI lint job use the same pinned PSScriptAnalyzer version as the rest of the build, reducing environment-dependent failures from runner-provided or cached module versions.

Changes:

• Removes cache-hit gating so the lint job always verifies the required PSScriptAnalyzer version.
• Reads the pinned version from build.depend.psd1.
• Explicitly imports that pinned version before running Invoke-ScriptAnalyzer.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/CI.yaml:
- Line 61: Add -ErrorAction Stop to the PowerShell module installation and
import calls so the workflow fails fast on non-terminating errors: update the
Install-Module invocation (Install-Module -Name 'PSScriptAnalyzer'
-RequiredVersion $requiredVersion ...) and the Import-Module invocation
(Import-Module -Name 'PSScriptAnalyzer' -RequiredVersion $requiredVersion -Force
...) to include -ErrorAction Stop, ensuring failures prevent subsequent
Invoke-ScriptAnalyzer from running with an incorrect module state/version.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 91f81bd6-274a-48e3-a851-7ec30c5696e7

📥 Commits

Reviewing files that changed from the base of the PR and between 58d18d8 and 5a82f72.

📒 Files selected for processing (1)

• .github/workflows/CI.yaml