From c23bec19815512bf6a65758d36ae1c5058d0562f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 3 Feb 2026 15:59:19 +0000
Subject: [PATCH 1/3] Initial plan


From f1b7d1c124d95abe1ad604bf1694ab8c7ae288f1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 3 Feb 2026 16:02:41 +0000
Subject: [PATCH 2/3] Add Sonar analysis and documentation build infrastructure

- Copy package.json from VHDLTest template
- Copy .config/dotnet-tools.json with required tools
- Copy docs/template/template.html for PDF generation
- Copy and adapt docs/quality files for BuildMark
- Add Sonar scanner steps to build job
- Add build-docs job to build.yaml workflow

Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
---
 .config/dotnet-tools.json    |  54 ++++++
 .github/workflows/build.yaml | 124 ++++++++++++
 docs/quality/definition.yaml |  16 ++
 docs/quality/introduction.md |  35 ++++
 docs/quality/title.txt       |  17 ++
 docs/template/template.html  | 354 +++++++++++++++++++++++++++++++++++
 package.json                 |   7 +
 7 files changed, 607 insertions(+)
 create mode 100644 .config/dotnet-tools.json
 create mode 100644 docs/quality/definition.yaml
 create mode 100644 docs/quality/introduction.md
 create mode 100644 docs/quality/title.txt
 create mode 100644 docs/template/template.html
 create mode 100644 package.json

diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
new file mode 100644
index 0000000..8ac7fa7
--- /dev/null
+++ b/.config/dotnet-tools.json
@@ -0,0 +1,54 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "dotnet-sonarscanner": {
+      "version": "11.1.0",
+      "commands": [
+        "dotnet-sonarscanner"
+      ]
+    },
+    "microsoft.sbom.dotnettool": {
+      "version": "4.1.5",
+      "commands": [
+        "sbom-tool"
+      ]
+    },
+    "demaconsulting.spdxtool": {
+      "version": "2.6.0",
+      "commands": [
+        "spdx-tool"
+      ]
+    },
+    "demaconsulting.pandoctool": {
+      "version": "3.8.3",
+      "commands": [
+        "pandoc"
+      ]
+    },
+    "demaconsulting.weasyprinttool": {
+      "version": "68.0.0",
+      "commands": [
+        "weasyprint"
+      ]
+    },
+    "demaconsulting.reqstream": {
+      "version": "1.0.1",
+      "commands": [
+        "reqstream"
+      ]
+    },
+    "demaconsulting.sonarmark": {
+      "version": "1.1.0",
+      "commands": [
+        "sonarmark"
+      ]
+    },
+    "demaconsulting.sarifmark": {
+      "version": "1.1.0",
+      "commands": [
+        "sarifmark"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index fc5f08a..8546f73 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -62,10 +62,27 @@ jobs:
             9.x
             10.x
 
+      - name: Restore Tools
+        run: >
+          dotnet tool restore
+
       - name: Restore Dependencies
         run: >
           dotnet restore
 
+      - name: Start Sonar Scanner
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: >
+          dotnet dotnet-sonarscanner
+          begin
+          /k:"demaconsulting_BuildMark"
+          /o:"demaconsulting"
+          /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+          /d:sonar.host.url="https://sonarcloud.io"
+          /d:sonar.cs.opencover.reportsPaths=**/*.opencover.xml
+          /d:sonar.scanner.scanAll=false
+
       - name: Build
         run: >
           dotnet build
@@ -83,6 +100,14 @@ jobs:
           --logger "trx;LogFilePrefix=${{ matrix.os }}"
           --results-directory test-results
 
+      - name: End Sonar Scanner
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: >
+          dotnet dotnet-sonarscanner
+          end
+          /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+
       - name: Create Dotnet Tool
         run: >
           dotnet pack
@@ -134,6 +159,10 @@ jobs:
             9.x
             10.x
 
+      - name: Restore Tools
+        run: >
+          dotnet tool restore
+
       - name: Restore Dependencies
         run: >
           dotnet restore
@@ -204,3 +233,98 @@ jobs:
           echo "Testing buildmark --help..."
           buildmark --help || { echo "✗ Help command failed"; exit 1; }
           echo "✓ Help command succeeded"
+
+  build-docs:
+    name: Build Documents
+    runs-on: windows-latest
+
+    needs: [build, integration-test, codeql]
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: '10.x'
+
+      - name: Restore Tools
+        run: dotnet tool restore
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 'lts/*'
+
+      - name: Install npm dependencies
+        run: npm install
+
+      - name: Download All Test Results
+        uses: actions/download-artifact@v7
+        with:
+          pattern: test-results-*
+          path: test-results
+          merge-multiple: true
+
+      - name: Download CodeQL SARIF
+        uses: actions/download-artifact@v7
+        with:
+          name: codeql-sarif
+          path: codeql-results
+
+      - name: Generate CodeQL Quality Report with SarifMark
+        run: >
+          dotnet sarifmark
+          --sarif codeql-results/csharp.sarif
+          --report docs/quality/codeql-quality.md
+          --heading "BuildMark CodeQL Analysis"
+          --report-depth 1
+
+      - name: Display CodeQL Quality Report
+        shell: bash
+        run: |
+          echo "=== CodeQL Quality Report ==="
+          cat docs/quality/codeql-quality.md
+
+      - name: Generate Code Quality Report with SonarMark
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: >
+          dotnet sonarmark
+          --server https://sonarcloud.io
+          --project-key demaconsulting_BuildMark
+          --branch ${{ github.ref_name }}
+          --token "$env:SONAR_TOKEN"
+          --report docs/quality/sonar-quality.md
+          --report-depth 1
+
+      - name: Display SonarCloud Quality Report
+        shell: bash
+        run: |
+          echo "=== SonarCloud Quality Report ==="
+          cat docs/quality/sonar-quality.md
+
+      - name: Generate Code Quality HTML with Pandoc
+        shell: bash
+        run: >
+          dotnet pandoc
+          --defaults docs/quality/definition.yaml
+          --metadata version="${{ inputs.version }}"
+          --metadata date="$(date +'%Y-%m-%d')"
+          --output docs/quality/quality.html
+
+      - name: Convert Code Quality HTML to PDF with Weasyprint
+        run: >
+          dotnet weasyprint
+          docs/quality/quality.html
+          "docs/BuildMark Code Quality.pdf"
+
+      - name: Upload Document Artifacts
+        uses: actions/upload-artifact@v6
+        with:
+          name: documents
+          path: docs/*.pdf
diff --git a/docs/quality/definition.yaml b/docs/quality/definition.yaml
new file mode 100644
index 0000000..65420a4
--- /dev/null
+++ b/docs/quality/definition.yaml
@@ -0,0 +1,16 @@
+---
+resource-path:
+  - docs/quality
+  - docs/template
+
+input-files:
+  - docs/quality/title.txt
+  - docs/quality/introduction.md
+  - docs/quality/codeql-quality.md
+  - docs/quality/sonar-quality.md
+
+template: template.html
+
+table-of-contents: true
+
+number-sections: true
diff --git a/docs/quality/introduction.md b/docs/quality/introduction.md
new file mode 100644
index 0000000..e2f2996
--- /dev/null
+++ b/docs/quality/introduction.md
@@ -0,0 +1,35 @@
+# Introduction
+
+This document contains the code quality analysis report for the BuildMark project.
+
+## Purpose
+
+This report serves as evidence that the BuildMark codebase maintains good quality
+standards. It provides a comprehensive analysis of code quality metrics, including
+quality gate status, code issues, security hot spots, technical debt, and code coverage.
+
+## Scope
+
+This code quality report covers:
+
+- Quality gate status and conditions
+- Code issues categorized by type and severity
+- Security hot spots requiring review
+- Technical debt assessment
+- Code coverage and duplication metrics
+
+## Analysis Source
+
+This report contains quality analysis results captured at the time this version of BuildMark
+was built. It serves as evidence that the code maintains good quality standards and provides
+transparency about the project's code health. The analysis includes results from various
+quality tools run during the build process.
+
+## Audience
+
+This document is intended for:
+
+- Software developers working on BuildMark
+- Quality assurance teams reviewing code quality
+- Project stakeholders evaluating project health
+- Contributors understanding quality standards
diff --git a/docs/quality/title.txt b/docs/quality/title.txt
new file mode 100644
index 0000000..f55967c
--- /dev/null
+++ b/docs/quality/title.txt
@@ -0,0 +1,17 @@
+---
+title: BuildMark Tool
+subtitle: Code Quality Report
+author: DEMA Consulting
+description: Code Quality Report for the BuildMark Tool for generating markdown build notes
+lang: en-US
+keywords:
+  - BuildMark
+  - Code Quality
+  - SonarCloud
+  - CodeQL
+  - Analysis
+  - C#
+  - .NET
+  - Build Notes
+  - Documentation
+---
diff --git a/docs/template/template.html b/docs/template/template.html
new file mode 100644
index 0000000..eb2ac3a
--- /dev/null
+++ b/docs/template/template.html
@@ -0,0 +1,354 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="$lang$" xml:lang="$lang$"$if(dir)$ dir="$dir$"$endif$>
+<head>
+  <meta charset="utf-8" />
+  <meta name="generator" content="pandoc" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
+$if(author-meta)$
+  <meta name="author" content="$author-meta$" />
+$endif$
+$if(date-meta)$
+  <meta name="dcterms.date" content="$date-meta$" />
+$endif$
+$if(keywords)$
+  <meta name="keywords" content="$for(keywords)$$keywords$$sep$, $endfor$" />
+$endif$
+$if(description-meta)$
+  <meta name="description" content="$description-meta$" />
+$endif$
+  <title>$if(title-prefix)$$title-prefix$ – $endif$$pagetitle$</title>
+  <style>
+/* 
+ * This template uses CSS Paged Media Level 3 features (@page, string-set, target-counter)
+ * which require a compatible PDF generator such as Weasyprint or Prince.
+ * These features may not work with other tools like wkhtmltopdf or Puppeteer.
+ */
+
+/* General styling */
+body {
+  font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
+  line-height: 1.6;
+  color: #333;
+  max-width: 800px;
+  margin: 0 auto;
+  padding: 2rem;
+  font-size: 10pt;
+}
+
+/* Title block */
+#title-block-header {
+  text-align: center;
+  margin-bottom: 3rem;
+  padding-bottom: 2rem;
+  border-bottom: 2px solid #e0e0e0;
+}
+
+.title {
+  font-size: 2.5rem;
+  font-weight: bold;
+  margin-bottom: 0.5rem;
+  color: #1a1a1a;
+}
+
+.subtitle {
+  font-size: 1.5rem;
+  color: #666;
+  margin-bottom: 1rem;
+}
+
+.version {
+  font-size: 1rem;
+  color: #888;
+  margin-bottom: 1rem;
+  font-style: italic;
+}
+
+.author, .date {
+  font-size: 1rem;
+  color: #888;
+}
+
+/* Table of Contents */
+#TOC {
+  background-color: #f8f9fa;
+  padding: 1.5rem;
+  margin-bottom: 2rem;
+  border-radius: 4px;
+}
+
+#TOC h2 {
+  margin-top: 0;
+}
+
+#TOC ul {
+  list-style-type: none;
+  padding-left: 0;
+}
+
+#TOC ul ul {
+  padding-left: 1.5rem;
+}
+
+#TOC li {
+  margin: 0.5rem 0;
+}
+
+#TOC a {
+  color: #0066cc;
+  text-decoration: none;
+}
+
+#TOC a:hover {
+  text-decoration: underline;
+}
+
+/* Headings */
+h1, h2, h3, h4, h5, h6 {
+  margin-top: 2rem;
+  margin-bottom: 1rem;
+  font-weight: 600;
+  line-height: 1.25;
+  page-break-after: avoid;
+}
+
+h1 {
+  font-size: 16pt;
+  border-bottom: 2px solid #e0e0e0;
+  padding-bottom: 0.5rem;
+}
+
+h2 {
+  font-size: 14pt;
+  border-bottom: 1px solid #e0e0e0;
+  padding-bottom: 0.5rem;
+}
+
+h3 {
+  font-size: 12pt;
+}
+
+h4 {
+  font-size: 11pt;
+}
+
+h5 {
+  font-size: 10pt;
+}
+
+h6 {
+  font-size: 10pt;
+}
+
+/* Paragraphs */
+p {
+  margin-bottom: 1rem;
+}
+
+/* Lists */
+ul, ol {
+  margin-bottom: 1rem;
+  padding-left: 2rem;
+}
+
+li {
+  margin-bottom: 0.1rem;
+}
+
+/* Code blocks */
+pre {
+  background-color: #f5f5f5;
+  border: 1px solid #ddd;
+  border-radius: 4px;
+  padding: 1rem;
+  overflow: auto;
+  margin-bottom: 1rem;
+  page-break-inside: avoid;
+}
+
+code {
+  background-color: #f5f5f5;
+  padding: 0.2rem 0.4rem;
+  border-radius: 3px;
+  font-family: 'Courier New', Courier, monospace;
+  font-size: 0.9em;
+}
+
+pre code {
+  background-color: transparent;
+  padding: 0;
+}
+
+/* Tables */
+table {
+  border-collapse: collapse;
+  width: 100%;
+  margin-bottom: 1rem;
+  page-break-inside: avoid;
+}
+
+th, td {
+  border: 1px solid #ddd;
+  padding: 0.15rem 0.3rem;
+  text-align: left;
+}
+
+th {
+  background-color: #f5f5f5;
+  font-weight: 600;
+}
+
+tr:nth-child(even) {
+  background-color: #f9f9f9;
+}
+
+/* Links */
+a {
+  color: #0066cc;
+  text-decoration: none;
+}
+
+a:hover {
+  text-decoration: underline;
+}
+
+/* Blockquotes */
+blockquote {
+  border-left: 4px solid #ddd;
+  padding-left: 1rem;
+  margin-left: 0;
+  color: #666;
+  font-style: italic;
+}
+
+/* Images */
+img {
+  max-width: 100%;
+  height: auto;
+  display: block;
+  margin: 1rem auto;
+}
+
+/* Print styles for PDF generation */
+@media print {
+  body {
+    max-width: 100%;
+    padding: 0;
+  }
+
+  #TOC {
+    page-break-after: always;
+  }
+
+  h1, h2, h3, h4, h5, h6 {
+    page-break-after: avoid;
+  }
+
+  pre, table, blockquote {
+    page-break-inside: avoid;
+  }
+
+  a {
+    color: #000;
+  }
+}
+
+/* PDF-specific styles for headers and footers */
+@page {
+  size: letter;
+  margin: 1in 0.75in;
+  
+  @top-left {
+    content: string(doctitle);
+    font-size: 10pt;
+    color: #666;
+  }
+  
+  @top-right {
+    content: string(docversion);
+    font-size: 10pt;
+    color: #666;
+  }
+  
+  @bottom-center {
+    content: "Page " counter(page) " of " counter(pages);
+    font-size: 10pt;
+    color: #666;
+  }
+}
+
+/* Don't show header/footer on title page */
+@page :first {
+  @top-left {
+    content: none;
+  }
+  
+  @top-right {
+    content: none;
+  }
+  
+  @bottom-center {
+    content: none;
+  }
+}
+
+/* Set the document title for the header */
+.title {
+  string-set: doctitle content();
+}
+
+/* Set the document version for the header */
+.version {
+  string-set: docversion content();
+}
+
+/* Add page numbers to TOC entries using target-counter */
+#TOC a::after {
+  content: leader('.') target-counter(attr(href), page);
+  float: right;
+}
+  </style>
+$for(css)$
+  <link rel="stylesheet" href="$css$" />
+$endfor$
+$if(math)$
+  $math$
+$endif$
+$for(header-includes)$
+  $header-includes$
+$endfor$
+</head>
+<body>
+$for(include-before)$
+$include-before$
+$endfor$
+$if(title)$
+<header id="title-block-header">
+<h1 class="title">$title$</h1>
+$if(subtitle)$
+<p class="subtitle">$subtitle$</p>
+$endif$
+$if(version)$
+<p class="version">Version $version$</p>
+$endif$
+$for(author)$
+<p class="author">$author$</p>
+$endfor$
+$if(date)$
+<p class="date">$date$</p>
+$endif$
+</header>
+$endif$
+$if(toc)$
+<nav id="$idprefix$TOC" role="doc-toc">
+$if(toc-title)$
+<h2 id="$idprefix$toc-title">$toc-title$</h2>
+$endif$
+$table-of-contents$
+</nav>
+$endif$
+$body$
+$for(include-after)$
+$include-after$
+$endfor$
+</body>
+</html>
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..ccccfb1
--- /dev/null
+++ b/package.json
@@ -0,0 +1,7 @@
+{
+  "private": true,
+  "dependencies": {
+    "@mermaid-js/mermaid-cli": "11.12.0",
+    "mermaid-filter": "1.4.7"
+  }
+}

From e2dda703e3373287216810ba3196f865ccc081e6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 3 Feb 2026 16:04:48 +0000
Subject: [PATCH 3/3] Fix branch parameter for SonarMark in build-docs job

Use github.head_ref || github.ref_name to correctly handle both PR and branch events

Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
---
 .github/workflows/build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 8546f73..f6415a0 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -297,7 +297,7 @@ jobs:
           dotnet sonarmark
           --server https://sonarcloud.io
           --project-key demaconsulting_BuildMark
-          --branch ${{ github.ref_name }}
+          --branch ${{ github.head_ref || github.ref_name }}
           --token "$env:SONAR_TOKEN"
           --report docs/quality/sonar-quality.md
           --report-depth 1