🔒security(module): harden repository health

[SamErde]

Summary

• harden repository health signals with a root license, Dependabot config, safer workflow permissions, and generated artifact cleanup
• fix Publish, MkDocs, and Read the Docs automation paths and dependency installation
• improve cleanup cmdlet behavior with safer filesystem handling, clearer streams, platform validation, and stronger tests
• raise the enforced Pester coverage baseline from 2% to 40%

Validation

• pwsh -NoProfile -Command 'Set-Location -Path .\src; Invoke-Build TestLocal .\TheCleaners.build.ps1'
• git diff --check

Notes

Python is not installed in this local environment, so MkDocs was not executed locally. The docs workflow now installs from docs/requirements.txt and should validate the corrected MkDocs configuration in CI.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[Copilot]

Pull request overview

This PR strengthens the repo’s security/maintenance posture (license, Dependabot, safer workflow permissions, docs automation fixes) while also hardening several cleanup cmdlets with safer filesystem handling and expanded unit tests, raising the enforced Pester coverage baseline.

Changes:

• Harden cleanup cmdlets (safer enumeration/removal, clearer output streams, Windows-host validation) and add/extend unit tests.
• Raise the enforced Pester coverage threshold from 2% to 40% in the Invoke-Build pipeline.
• Improve repository health/automation (MIT LICENSE, Dependabot, MkDocs/Read the Docs config fixes, workflow permission tightening, and removal of generated artifacts from source control).

Reviewed changes

Copilot reviewed 30 out of 32 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/TheCleaners/Public/Get-StaleUserProfile.ps1	Adds parameter validation, Windows-host gating, error handling, and safer size measurement.
src/TheCleaners/Public/Clear-WindowsTemp.ps1	Refactors temp cleanup enumeration/removal and switches to information/warning streams.
src/TheCleaners/Public/Clear-OldIISLog.ps1	Improves path checks and registry lookup error handling.
src/TheCleaners/Public/Clear-OldExchangeLog.ps1	Removes ignored Join-Path errors, adds safer enumeration/removal error handling, and propagates WhatIf to IIS cleanup.
src/TheCleaners/Public/Clear-CurrentUserTemp.ps1	Adds safer enumeration, improved messaging, and more robust empty-directory cleanup loop.
src/TheCleaners/Private/Show-TCLogo.ps1	Fixes help text/examples to match the function name and correct a typo.
src/TheCleaners/Private/Remove-OldFiles.ps1	Reuses a cutoff date variable and suppresses nested confirmation prompts.
src/TheCleaners.build.ps1	Raises coverage threshold to 40% and improves clean task error handling/message spelling.
src/Tests/Unit/CleanupBehavior.Tests.ps1	Adds unit tests for Clear-WindowsTemp and Get-StaleUserProfile.
src/PSScriptAnalyzerSettings.psd1	Fixes a comment typo.
src/Artifacts/TheCleaners.psm1	Removes generated/local artifact from repo tracking.
src/Artifacts/TheCleaners.psd1	Removes generated/local artifact from repo tracking.
src/Artifacts/Invoke-TheCleaners.ps1	Removes generated/local artifact from repo tracking.
src/Artifacts/en-US/TheCleaners-help.xml	Removes generated/local artifact from repo tracking.
README.md	Switches badge link to HTTPS, adds image alt text, and fixes “Example 1” header formatting.
mkdocs.yml	Fixes function page nav entries to match actual cmdlet names/files.
LICENSE	Adds root MIT license file.
docs/index.md	Mirrors README fixes (HTTPS badge link, image alt text, “Example 1” header).
docs/Clear-OldIISLog.md	Updates “To Do” wording to a more neutral “Future enhancements…” note.
actions_bootstrap.ps1	Avoids trusting PSGallery globally; installs modules CurrentUser and scopes SkipPublisherCheck to Pester on Windows.
.readthedocs.yaml	Points RTD to the root mkdocs.yml and installs from docs/requirements.txt.
.gitignore	Ignores src/Archive and src/Artifacts generated output directories.
.github/workflows/Publish.yml	Adds minimal permissions and switches to passing the API key via env to the publish script.
.github/workflows/publish.ps1	Adds comment-based help, parameter validation, and stricter error handling for publishing.
.github/workflows/Deploy MkDocs.yml	Tightens permissions and installs Python deps from docs/requirements.txt; watches mkdocs.yml path.
.github/SECURITY.md	Updates vulnerability reporting guidance to use GitHub private reporting/advisories.
.github/PULL_REQUEST_TEMPLATE.md	Fixes grammar in the license checkbox line.
.github/dependabot.yml	Adds Dependabot updates for GitHub Actions and docs pip dependencies.
.github/CONTRIBUTING.md	Updates contribution target branch and fixes LICENSE link path.
.editorconfig	Fixes “PowerShell” casing in a comment.
.cspell.json	Fixes ignored-word entry for “Chocolatey”.