Merge pull request #10 from rgdevment/feat/pipelines

feat: add SonarCloud integration and CodeQL analysis workflow

Author: rgdevment

.github/FUNDING.yml

@@ -1 +1,2 @@
 github: rgdevment
+buy_me_a_coffee: rgdevment

.github/workflows/ci.yml

@@ -42,3 +42,63 @@ jobs:
 
       - name: Run Tests
         run: dotnet test CopyPaste.slnx -c Release -p:Platform=x64 --no-build --verbosity normal --logger "console;verbosity=detailed"
+
+  sonarcloud:
+    name: SonarCloud
+    runs-on: windows-latest
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: "10.0.x"
+          dotnet-quality: "preview"
+
+      - name: Setup Java 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: "17"
+
+      - name: Cache NuGet packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget-
+
+      - name: Install SonarScanner
+        run: dotnet tool install --global dotnet-sonarscanner
+
+      - name: SonarScanner Begin
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: >
+          dotnet sonarscanner begin
+          /k:"${{ vars.SONAR_PROJECT_KEY }}"
+          /o:"${{ vars.SONAR_ORGANIZATION }}"
+          /d:sonar.host.url="https://sonarcloud.io"
+          /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
+          /d:sonar.cs.opencover.reportsPaths="**/coverage.opencover.xml"
+
+      - name: Restore dependencies
+        run: dotnet restore -p:Platform=x64
+
+      - name: Build Solution
+        run: dotnet build CopyPaste.slnx -c Release -p:Platform=x64 --no-restore
+
+      - name: Run Tests with Coverage
+        run: >
+          dotnet test CopyPaste.slnx -c Release -p:Platform=x64 --no-build
+          --collect:"XPlat Code Coverage"
+          -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
+
+      - name: SonarScanner End
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: dotnet sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"

.github/workflows/codeql.yml

@@ -0,0 +1,60 @@
+name: CodeQL
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '39 11 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze C#
+    runs-on: windows-latest
+    timeout-minutes: 120
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: "10.0.x"
+          dotnet-quality: "preview"
+
+      - name: Cache NuGet packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget-
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: csharp
+          build-mode: manual
+
+      - name: Build projects (CodeQL traced)
+        shell: pwsh
+        run: |
+          # Build Core and Listener libraries only.
+          # CopyPaste.UI is excluded because WinRT source generators and the
+          # XAML compiler are incompatible with the CodeQL build tracer.
+          # Security-relevant code (SQLite, file I/O, networking, clipboard)
+          # lives in Core and Listener.
+          dotnet build CopyPaste.Core/CopyPaste.Core.csproj -c Release -p:Platform=x64
+          dotnet build CopyPaste.Listener/CopyPaste.Listener.csproj -c Release -p:Platform=x64
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: '/language:csharp'

CopyPaste.Core.Tests/CopyPaste.Core.Tests.csproj

@@ -6,7 +6,9 @@
     <!-- CA1707: Underscores in identifiers are the project-wide naming convention -->
     <!-- CA1054: Tests use string URLs to verify parsing behavior -->
     <!-- CA1515: xUnit requires public test classes for discovery/reflection -->
-    <NoWarn>IDE0022;CA1707;CA1054;CA1515</NoWarn>
+    <!-- S4144: Test methods intentionally share similar structure with different data -->
+    <!-- S2925: Thread.Sleep is needed for timing-sensitive integration tests -->
+    <NoWarn>IDE0022;CA1707;CA1054;CA1515;S4144;S2925</NoWarn>
     <EnforceCodeStyleInBuild>false</EnforceCodeStyleInBuild>
   </PropertyGroup>
   <ItemGroup>

CopyPaste.Core.Tests/UpdateCheckerTests.cs

@@ -97,8 +97,11 @@ public void UpdateChecker_CanBeCreatedAndDisposed()
     {
         var checker = new UpdateChecker();
         checker.Dispose();
+
         // Double dispose should not throw
-        checker.Dispose();
+        var exception = Record.Exception(() => checker.Dispose());
+
+        Assert.Null(exception);
     }
 
     #endregion

CopyPaste.Listener.Tests/CopyPaste.Listener.Tests.csproj

@@ -6,7 +6,8 @@
     <!-- CA1707: Underscores in identifiers are the project-wide naming convention -->
     <!-- CA1054: Tests use string URLs to verify parsing behavior -->
     <!-- CA1515: xUnit requires public test classes for discovery/reflection -->
-    <NoWarn>IDE0022;CA1707;CA1054;CA1515</NoWarn>
+    <!-- S4144: Test methods intentionally share similar structure with different data -->
+    <NoWarn>IDE0022;CA1707;CA1054;CA1515;S4144</NoWarn>
     <EnforceCodeStyleInBuild>false</EnforceCodeStyleInBuild>
   </PropertyGroup>
   <ItemGroup>

CopyPaste.Listener.Tests/WindowsClipboardListenerTests.cs

@@ -304,19 +304,27 @@ public void DetectFileCollectionType_NonExistentFile_ReturnsBasedOnExtension()
     [Fact]
     public void Dispose_CanBeCalledMultipleTimes_DoesNotThrow()
     {
-        var listener = new WindowsClipboardListener(new StubClipboardService());
+        using var listener = new WindowsClipboardListener(new StubClipboardService());
 
-        listener.Dispose();
-        listener.Dispose();
-        listener.Dispose();
+        var exception = Record.Exception(() =>
+        {
+            listener.Dispose();
+            listener.Dispose();
+            listener.Dispose();
+        });
+
+        Assert.Null(exception);
     }
 
     [Fact]
     public void NewInstance_BeforeStart_CanBeDisposed()
     {
         // Listener that was never started should dispose cleanly
-        var listener = new WindowsClipboardListener(new StubClipboardService());
-        listener.Dispose();
+        using var listener = new WindowsClipboardListener(new StubClipboardService());
+
+        var exception = Record.Exception(() => listener.Dispose());
+
+        Assert.Null(exception);
     }
 
     #endregion
@@ -437,9 +445,11 @@ public void Dispose()
 
     private sealed class StubClipboardService : IClipboardService
     {
+#pragma warning disable CS0067 // Events required by interface but unused in stub
         public event Action<ClipboardItem>? OnItemAdded;
         public event Action<ClipboardItem>? OnThumbnailReady;
         public event Action<ClipboardItem>? OnItemReactivated;
+#pragma warning restore CS0067
         public int PasteIgnoreWindowMs { get; set; } = 450;
 
         public void AddText(string? text, ClipboardContentType type, string? source, byte[]? rtfBytes = null) { }
@@ -452,8 +462,5 @@ public void UpdatePin(Guid id, bool isPinned) { }
         public void UpdateLabelAndColor(Guid id, string? label, CardColor color) { }
         public ClipboardItem? MarkItemUsed(Guid id) => null;
         public void NotifyPasteInitiated(Guid itemId) { }
-
-        // Suppress unused event warnings
-        internal void SuppressWarnings() { OnItemAdded?.Invoke(null!); OnThumbnailReady?.Invoke(null!); OnItemReactivated?.Invoke(null!); }
     }
 }

CopyPaste.UI.Tests/CopyPaste.UI.Tests.csproj

@@ -8,7 +8,8 @@
     <IsTestProject>true</IsTestProject>
     <!-- CA1707: Underscores in identifiers are the project-wide naming convention -->
     <!-- CA1515: xUnit requires public test classes for discovery/reflection -->
-    <NoWarn>IDE0022;CA1707;CA1515</NoWarn>
+    <!-- S4144: Test methods intentionally share similar structure with different data -->
+    <NoWarn>IDE0022;CA1707;CA1515;S4144</NoWarn>
     <EnforceCodeStyleInBuild>false</EnforceCodeStyleInBuild>
   </PropertyGroup>
 

CopyPaste.UI.Tests/MainViewModelTests.cs

@@ -391,8 +391,13 @@ public void Cleanup_MultipleCalls_DoesNotThrow()
     {
         var viewModel = CreateViewModel();
 
-        viewModel.Cleanup();
-        viewModel.Cleanup();
+        var exception = Record.Exception(() =>
+        {
+            viewModel.Cleanup();
+            viewModel.Cleanup();
+        });
+
+        Assert.Null(exception);
     }
 
     #endregion

README.md

@@ -12,6 +12,15 @@
     <a href="https://github.com/rgdevment/CopyPaste/actions">
       <img src="https://img.shields.io/github/actions/workflow/status/rgdevment/CopyPaste/ci.yml?style=flat-square&logo=github-actions&label=Build" alt="Build Status"/>
     </a>
+    <a href="https://github.com/rgdevment/CopyPaste/actions/workflows/codeql.yml">
+      <img src="https://img.shields.io/github/actions/workflow/status/rgdevment/CopyPaste/codeql.yml?style=flat-square&logo=github&label=CodeQL" alt="CodeQL"/>
+    </a>
+    <a href="https://sonarcloud.io/summary/overall?id=rgdevment_CopyPaste">
+      <img src="https://img.shields.io/sonar/quality_gate/rgdevment_CopyPaste?server=https%3A%2F%2Fsonarcloud.io&style=flat-square&logo=sonarcloud&label=Quality%20Gate" alt="Quality Gate"/>
+    </a>
+    <a href="https://sonarcloud.io/component_measures?id=rgdevment_CopyPaste&metric=coverage">
+      <img src="https://img.shields.io/sonar/coverage/rgdevment_CopyPaste?server=https%3A%2F%2Fsonarcloud.io&style=flat-square&logo=sonarcloud&label=Coverage" alt="Coverage"/>
+    </a>
     <a href="https://github.com/rgdevment/CopyPaste/releases">
       <img src="https://img.shields.io/github/v/release/rgdevment/CopyPaste?include_prereleases&style=flat-square&label=Latest&color=0078D4" alt="Latest Release"/>
     </a>
@@ -28,7 +37,16 @@
   </p>
 
   <p align="center">
-    <sub>Also available as a <a href="https://github.com/rgdevment/CopyPaste/releases/latest">standalone installer</a> from GitHub Releases.</sub>
+    <sub><strong>Also available as a <a href="https://github.com/rgdevment/CopyPaste/releases/latest">standalone installer</a> from GitHub Releases.</strong></sub>
+  </p>
+
+  <p>
+    <a href="https://github.com/sponsors/rgdevment">
+      <img src="https://img.shields.io/badge/Sponsor-♥-ea4aaa?style=flat-square&logo=github" alt="GitHub Sponsors"/>
+    </a>
+    <a href="https://buymeacoffee.com/rgdevment">
+      <img src="https://img.shields.io/badge/Buy%20Me%20a%20Coffee-☕-FFDD00?style=flat-square&logo=buy-me-a-coffee&logoColor=black" alt="Buy Me a Coffee"/>
+    </a>
   </p>
 </div>