Add Sonar analysis and documentation generation

[Copilot]

Pull Request

Description

Adds SonarCloud analysis integration and automated code quality report generation to BuildMark, following the VHDLTest project pattern.

Files Added

• package.json - npm dependencies for mermaid diagram rendering
• .config/dotnet-tools.json - dotnet tools: sonarscanner, pandoc, weasyprint, sarifmark, sonarmark, reqstream, spdx-tool, sbom-tool
• docs/template/template.html - PDF generation template with CSS paged media styling
• docs/quality/ - Quality report configuration and content (introduction, title, definition)

Workflow Changes

build job:

• Added tool restore step
• Wrapped build/test with Sonar scanner begin/end steps
• Configured for demaconsulting_BuildMark project key with opencover reports

build-docs job (new):

• Downloads test results and CodeQL SARIF from prior jobs
• Generates CodeQL report via SarifMark
• Generates SonarCloud report via SonarMark
• Combines into PDF: "BuildMark Code Quality.pdf"
• Uses github.head_ref || github.ref_name for correct PR branch handling

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code quality improvement

Related Issues

Implements feature request for Sonar analysis and documentation generation.

Pre-Submission Checklist

Before submitting this pull request, ensure you have completed the following:

Build and Test

• Code builds successfully: dotnet build --configuration Release
• All tests pass: dotnet test --configuration Release
• Code produces zero warnings

Code Quality

• Code formatting is correct: dotnet format --verify-no-changes
• New code has appropriate XML documentation comments
• Static analyzer warnings have been addressed

Quality Checks

Please run the following checks before submitting:

• Spell checker passes: cspell "**/*.{md,cs}"
• Markdown linter passes: markdownlint "**/*.md"
• YAML linter passes: yamllint '**/*.{yml,yaml}'

Testing

• Added unit tests for new functionality
• Updated existing tests if behavior changed
• All tests follow the AAA (Arrange, Act, Assert) pattern
• Test coverage is maintained or improved

Documentation

• Updated README.md (if applicable)
• Updated ARCHITECTURE.md (if applicable)
• Added code examples for new features (if applicable)
• Updated requirements.yaml (if applicable)

Additional Notes

No code changes to BuildMark itself - only infrastructure additions. The build-docs job requires SONAR_TOKEN secret to be configured in the repository. Quality reports will be generated as PDF artifacts on each build.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://storage.googleapis.com/chromium-browser-snapshots/Linux_x64/1108766/chrome-linux.zip
  • Triggering command: /usr/local/bin/node node install.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature]: Sonar analysis and documentation</issue_title>
<issue_description>### Problem Statement

The BuildMark project needs Sonar analysis and document generation

Proposed Solution

Please review https://github.com/demaconsulting/VHDLTest as a template and:

• Add dotnet-sonarscanner to scan the BuildMark project
• Add the build-docs job to the build.yaml file to build the code quality report
• The package.json file should be copied without change
• The .config/dotnet-tools.json should be copied without change
• The docs/template should be copied without change
• The docs/quality should be copied and updated for BuildMark
• The pattern of PDF building with version, date, and archiving should be used.

User guide, requirements, and trace-matrix will be added later.

Alternatives Considered

No response

Usage Examples

Benefits

Standard document building job.

Priority

Low - Nice to have

Willingness to Contribute

Yes, I can submit a pull request

Additional Context

No response

Checklist

• I have searched existing issues to ensure this is not a duplicate
• I have provided a clear description of the feature
• I have explained why this feature would be useful</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Feature]: Sonar analysis and documentation #15

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.