Add SonarCloud analysis to CI pipeline

[Copilot]

Integrates SonarCloud static analysis and code coverage reporting into the build workflow.

Changes

• .config/dotnet-tools.json: Added dotnet-sonarscanner v11.0.0
• .github/workflows/build.yaml:
  • Added SONAR_TOKEN secret input
  • Added pull-requests: write permission for analysis result comments
  • Wrapped build/test steps with SonarScanner begin/end commands
  • Configured test execution to collect coverage in OpenCover format
  • SonarScanner configured with project key demaconsulting_ReqStream, org demaconsulting
• .github/workflows/build_on_push.yaml:
  • Pass SONAR_TOKEN to both Windows and Linux build jobs
  • Added pull-requests: write permission to build-windows and build-linux jobs
• .github/workflows/release.yaml:
  • Pass SONAR_TOKEN to build job
  • Added pull-requests: write permission to build job

Configuration

- name: Start Sonar Scanner
  run: >
    dotnet sonarscanner begin
    /k:"demaconsulting_ReqStream"
    /o:"demaconsulting"
    /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
    /d:sonar.host.url="https://sonarcloud.io"
    /d:sonar.cs.opencover.reportsPaths=**/*.opencover.xml
    /d:sonar.scanner.scanAll=false

- name: Test
  run: >
    dotnet test
    --collect "XPlat Code Coverage;Format=opencover"

- name: End Sonar Scanner
  run: >
    dotnet sonarscanner end
    /d:sonar.token="${{ secrets.SONAR_TOKEN }}"

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature]: SonarCloud Analysis</issue_title>
<issue_description>### Problem Statement

The CI builds should use SonarCloud

Proposed Solution

The .config/dotnet-tools.json file should add the dotnet-sonarscanner tool.

The build.yaml should dtake an additional secret of 'SONAR_TOKEN' which is required.

The 'build' job in build.yaml should:

• Add the pull-request write permission to write analysis results
• Add a Start Sonar Scanner step before the build which runs the dotnet-sonarscanner tool to begin the scan with:
  • /k:"demaconsulting_ReqStream" key
  • /o:"demaconsulting" organization
  • /d:sonar.token="${{ secrets.SONAR_TOKEN }}" for the SonarQube token
  • /d:sonar.host.url="https://sonarcloud.io"
  • /d:sonar.cs.opencover.reportsPath=**/*.opencover.xml
  • /d:sonar.scanner.scanAll=false
• Modify the test execution to generate coverage using --collect "XPlat Code Coverage;Format=opencover"
• Add an End Sonar Scanner step after running the tests which runs the dotnet-sonarscanner tool to end the scan with:
  • /d:sonar.token="${{ secrets.SONAR_TOKEN }}" for the SonarQube token

The build jobs of build_on_push.yaml need to pass in the secret SONAR_TOKEN of ${{ secrets.SONAR_TOKEN }}

The build job of release.yaml needs to pass in the secret SONAR_TOKEN of ${{ secrets.SONAR_TOKEN }}

Alternatives Considered

No response

Additional Context

No response

Priority

Medium - Would improve workflow

Contribution

• I would be willing to submit a PR for this feature

Code of Conduct

• I agree to follow this project's Code of Conduct</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Feature]: SonarCloud Analysis #33

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Malcolmnixon]

@copilot The build jobs of 'build_on_push.yaml' and 'release.yaml' need to have 'pull-requests: write' permission as they use the build.yaml reusable workflow which needs that permission to write SonarQube results.

[Copilot]

@copilot The build jobs of 'build_on_push.yaml' and 'release.yaml' need to have 'pull-requests: write' permission as they use the build.yaml reusable workflow which needs that permission to write Sona...

Added pull-requests: write permission to build-windows, build-linux jobs in build_on_push.yaml and build job in release.yaml in commit 44eb895