demaconsulting · Malcolmnixon · Feb 3, 2026 · Feb 3, 2026 · Feb 3, 2026 · Feb 3, 2026
diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
@@ -0,0 +1,54 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "dotnet-sonarscanner": {
+      "version": "11.1.0",
+      "commands": [
+        "dotnet-sonarscanner"
+      ]
+    },
+    "microsoft.sbom.dotnettool": {
+      "version": "4.1.5",
+      "commands": [
+        "sbom-tool"
+      ]
+    },
+    "demaconsulting.spdxtool": {
+      "version": "2.6.0",
+      "commands": [
+        "spdx-tool"
+      ]
+    },
+    "demaconsulting.pandoctool": {
+      "version": "3.8.3",
+      "commands": [
+        "pandoc"
+      ]
+    },
+    "demaconsulting.weasyprinttool": {
+      "version": "68.0.0",
+      "commands": [
+        "weasyprint"
+      ]
+    },
+    "demaconsulting.reqstream": {
+      "version": "1.0.1",
+      "commands": [
+        "reqstream"
+      ]
+    },
+    "demaconsulting.sonarmark": {
+      "version": "1.1.0",
+      "commands": [
+        "sonarmark"
+      ]
+    },
+    "demaconsulting.sarifmark": {
+      "version": "1.1.0",
+      "commands": [
+        "sarifmark"
+      ]
+    }
+  }
+}
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -62,10 +62,27 @@ jobs:
             9.x
             10.x
 
+      - name: Restore Tools
+        run: >
+          dotnet tool restore
+
       - name: Restore Dependencies
         run: >
           dotnet restore
 
+      - name: Start Sonar Scanner
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: >
+          dotnet dotnet-sonarscanner
+          begin
+          /k:"demaconsulting_BuildMark"
+          /o:"demaconsulting"
+          /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+          /d:sonar.host.url="https://sonarcloud.io"
+          /d:sonar.cs.opencover.reportsPaths=**/*.opencover.xml
+          /d:sonar.scanner.scanAll=false
+
       - name: Build
         run: >
           dotnet build
@@ -83,6 +100,14 @@ jobs:
           --logger "trx;LogFilePrefix=${{ matrix.os }}"
           --results-directory test-results
 
+      - name: End Sonar Scanner
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: >
+          dotnet dotnet-sonarscanner
+          end
+          /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+
       - name: Create Dotnet Tool
         run: >
           dotnet pack
@@ -134,6 +159,10 @@ jobs:
             9.x
             10.x
 
+      - name: Restore Tools
+        run: >
+          dotnet tool restore
+
       - name: Restore Dependencies
         run: >
           dotnet restore
@@ -204,3 +233,98 @@ jobs:
           echo "Testing buildmark --help..."
           buildmark --help || { echo "✗ Help command failed"; exit 1; }
           echo "✓ Help command succeeded"
+
+  build-docs:
+    name: Build Documents
+    runs-on: windows-latest
+
+    needs: [build, integration-test, codeql]
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup dotnet
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: '10.x'
+
+      - name: Restore Tools
+        run: dotnet tool restore
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 'lts/*'
+
+      - name: Install npm dependencies
+        run: npm install
+
+      - name: Download All Test Results
+        uses: actions/download-artifact@v7
+        with:
+          pattern: test-results-*
+          path: test-results
+          merge-multiple: true
+
+      - name: Download CodeQL SARIF
+        uses: actions/download-artifact@v7
+        with:
+          name: codeql-sarif
+          path: codeql-results
+
+      - name: Generate CodeQL Quality Report with SarifMark
+        run: >
+          dotnet sarifmark
+          --sarif codeql-results/csharp.sarif
+          --report docs/quality/codeql-quality.md
+          --heading "BuildMark CodeQL Analysis"
+          --report-depth 1
+
+      - name: Display CodeQL Quality Report
+        shell: bash
+        run: |
+          echo "=== CodeQL Quality Report ==="
+          cat docs/quality/codeql-quality.md
+
+      - name: Generate Code Quality Report with SonarMark
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: >
+          dotnet sonarmark
+          --server https://sonarcloud.io
+          --project-key demaconsulting_BuildMark
+          --branch ${{ github.head_ref || github.ref_name }}
+          --token "$env:SONAR_TOKEN"
+          --report docs/quality/sonar-quality.md
+          --report-depth 1
+
+      - name: Display SonarCloud Quality Report
+        shell: bash
+        run: |
+          echo "=== SonarCloud Quality Report ==="
+          cat docs/quality/sonar-quality.md
+
+      - name: Generate Code Quality HTML with Pandoc
+        shell: bash
+        run: >
+          dotnet pandoc
+          --defaults docs/quality/definition.yaml
+          --metadata version="${{ inputs.version }}"
+          --metadata date="$(date +'%Y-%m-%d')"
+          --output docs/quality/quality.html
+
+      - name: Convert Code Quality HTML to PDF with Weasyprint
+        run: >
+          dotnet weasyprint
+          docs/quality/quality.html
+          "docs/BuildMark Code Quality.pdf"
+
+      - name: Upload Document Artifacts
+        uses: actions/upload-artifact@v6
+        with:
+          name: documents
+          path: docs/*.pdf
diff --git a/docs/quality/definition.yaml b/docs/quality/definition.yaml
@@ -0,0 +1,16 @@
+---
+resource-path:
+  - docs/quality
+  - docs/template
+
+input-files:
+  - docs/quality/title.txt
+  - docs/quality/introduction.md
+  - docs/quality/codeql-quality.md
+  - docs/quality/sonar-quality.md
+
+template: template.html
+
+table-of-contents: true
+
+number-sections: true
diff --git a/docs/quality/introduction.md b/docs/quality/introduction.md
@@ -0,0 +1,35 @@
+# Introduction
+
+This document contains the code quality analysis report for the BuildMark project.
+
+## Purpose
+
+This report serves as evidence that the BuildMark codebase maintains good quality
+standards. It provides a comprehensive analysis of code quality metrics, including
+quality gate status, code issues, security hot spots, technical debt, and code coverage.
+
+## Scope
+
+This code quality report covers:
+
+- Quality gate status and conditions
+- Code issues categorized by type and severity
+- Security hot spots requiring review
+- Technical debt assessment
+- Code coverage and duplication metrics
+
+## Analysis Source
+
+This report contains quality analysis results captured at the time this version of BuildMark
+was built. It serves as evidence that the code maintains good quality standards and provides
+transparency about the project's code health. The analysis includes results from various
+quality tools run during the build process.
+
+## Audience
+
+This document is intended for:
+
+- Software developers working on BuildMark
+- Quality assurance teams reviewing code quality
+- Project stakeholders evaluating project health
+- Contributors understanding quality standards
diff --git a/docs/quality/title.txt b/docs/quality/title.txt
@@ -0,0 +1,17 @@
+---
+title: BuildMark Tool
+subtitle: Code Quality Report
+author: DEMA Consulting
+description: Code Quality Report for the BuildMark Tool for generating markdown build notes
+lang: en-US
+keywords:
+  - BuildMark
+  - Code Quality
+  - SonarCloud
+  - CodeQL
+  - Analysis
+  - C#
+  - .NET
+  - Build Notes
+  - Documentation
+---