Merge pull request #5 from STARIONGROUP/feat/gh3-cicd

Fix #3; GitHub Actions + templates

.github/CONTRIBUTING.md

@@ -0,0 +1,65 @@
+# How to contribute
+
+We would like to start with saying thank you for wanting to contribute to ea-modelkit codebase. We want to keep it as easy as possible to contribute changes that get things working in your environment. There are a few guidelines that we need contributors to follow so that we have a chance of keeping on top of things.
+
+- [How to contribute](#how-to-contribute)
+  - [Making Changes](#making-changes)
+    - [Handling Updates from Upstream/Development](#handling-updates-from-upstreamdevelopment)
+    - [Sending a Pull Request](#sending-a-pull-request)
+  - [Style Guidelines](#style-guidelines)
+
+## Making Changes
+
+1. [Fork](http://help.github.com/forking/) on GitHub
+1. Clone your fork locally
+1. Configure the upstream repo (`git remote add upstream git://github.com/STARIONGROUP/ea-modelkit`) 
+1. Checkout development
+1. Create a local branch (`git checkout -b myBranch`) from development
+1. Work on your feature
+1. Rebase if required (see below)
+1. Push the branch up to GitHub (`git push origin myBranch`)
+1. Send a Pull Request on GitHub
+
+You should **never** work on a clone of master or development, and you should **never** send a pull request from master or development - always from a branch. The reasons for this are detailed below.
+
+### Handling Updates from Upstream/Development
+
+While you're working away in your branch it's quite possible that your upstream development (most likely the canonical ea-modelkit version) may be updated. If this happens you should:
+
+1. [Stash](http://git-scm.com/book/en/Git-Tools-Stashing) any un-committed changes you need to
+1. `git checkout development`
+1. `git pull upstream development`
+1. `git checkout myBranch`
+1. `git rebase development myBranch`
+1. `git push origin development` - (optional) this makes sure your remote development is up to date
+
+This ensures that your history is "clean" i.e. you have one branch off from development followed by your changes in a straight line. Failing to do this ends up with several "messy" merges in your history, which we don't want. This is the reason why you should always work in a branch and you should never be working in, or sending pull requests from, development.
+
+If you're working on a long running feature then you may want to do this quite often, rather than run the risk of potential merge issues further down the line.
+
+### Sending a Pull Request
+
+While working on your feature you may well create several branches, which is fine, but before you send a pull request you should ensure that you have rebased back to a single "Feature branch". We care about your commits, and we care about your feature branch; but we don't care about how many or which branches you created while you were working on it :smile:.
+
+When you're ready to go you should confirm that you are up to date and rebased with upstream/development (see "Handling Updates from Upstream/development" above), and then:
+
+1. `git push origin myBranch`
+1. Send a descriptive [Pull Request](https://help.github.com/articles/creating-a-pull-request/) on GitHub - making sure you have selected the correct branch in the GitHub UI!
+1. Wait for @samatstarion or @antoineatstariongroup merge your changes in.
+
+And remember; **A pull-request with tests is a pull-request that's likely to be pulled in.** :grin: Bonus points if you document your feature in our [wiki](https://github.com/STARIONGROUP/ea-modelkit/wiki) once it has been pulled in
+
+## Style Guidelines
+
+- Indent with 4 spaces, **not** tabs.
+- No underscore (`_`) prefix for member names.
+- Use `this` when accessing instance members, e.g. `this.Name = "ea-modelkit";`.
+- Use the `var` keyword unless the inferred type is not obvious.
+- Use the C# type aliases for types that have them, e.g. `int` instead of `Int32`, `string` instead of `String` etc.
+- Use meaningful names (no hungarian notation), we like long descriptive names of methods, variables and parameters.
+- Wrap `if`, `else` and `using` blocks (or blocks in general, really) in curly braces, even if it's a single line.
+- Put `using` statements inside namespace.
+- Pay attention to whitespace and extra blank lines
+- Absolutely **no** regions
+
+> If you are a ReSharper user, you can make use of our `.DotSettings` file to ensure you cover as many of our style guidelines as possible. There may be some style guidelines which are not covered by the file, so please pay attention to the style of existing code.

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,23 @@
+### Prerequisites
+
+- [ ] I have written a descriptive issue title
+- [ ] I have verified that I am running the latest version of the ea-modelkit
+- [ ] I have searched [open](https://github.com/STARIONGROUP/ea-modelkit/issues) and [closed](https://github.com/STARIONGROUP/ea-modelkit/issues?q=is%3Aissue+is%3Aclosed) issues to ensure it has not already been reported
+
+### Description
+<!-- A description of the bug or feature -->
+
+### Steps to Reproduce
+<!-- List of steps, sample code, failing test or link to a project that reproduces the behavior -->
+
+### System Configuration
+<!-- Tell us about the environment where you are experiencing the bug -->
+
+- ea-modelkit version:
+  - [ ] ea-modelkit:         
+  - [ ] Other:              
+- Environment (Operating system, version and so on):
+- .NET Framework version:
+- Additional information:
+
+<!-- Thanks for reporting the issue to ea-modelkit! -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,11 @@
+### Prerequisites
+
+- [ ] I have written a descriptive pull-request title
+- [ ] I have verified that there are no overlapping [pull-requests](https://github.com/STARIONGROUP/ea-modelkit/pulls) open
+- [ ] I have verified that I am following the EA-ModelKit [code style guidelines](https://raw.githubusercontent.com/STARIONGROUP/ea-modelkit/master/.github/CONTRIBUTING.md)
+- [ ] I have provided test coverage for my change (where applicable)
+
+### Description
+<!-- A description of the changes proposed in the pull-request -->
+
+<!-- Thanks for contributing to ea-modelkit! -->

.github/workflows/CodeQuality.yml

@@ -0,0 +1,53 @@
+name: Build & Test & SonarQube
+
+on:
+  push:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    name: Build
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          overwrite-settings: false
+
+      - name: Setup MSBuild
+        uses: microsoft/[email protected]
+
+      - name: Setup VSTest
+        uses: darenm/[email protected]
+
+      - name: Setup NuGet
+        uses: NuGet/[email protected]
+
+      - name: add DevExpress nuget feed
+        run: dotnet nuget add source https://nuget.devexpress.com/api -n DXFeed -u DevExpress -p ${{ secrets.DEVEXPRESS_NUGET_KEY }} --store-password-in-clear-text
+
+      - name: Restore dependencies
+        run: nuget restore ea-modelkit.sln
+
+      - name: Sonarqube Begin
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          dotnet tool install --global dotnet-sonarscanner
+          dotnet sonarscanner begin /k:"STARIONGROUP_ea-modelkit" /o:"stariongroup" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.opencover.reportsPaths="./CoverageResults/coverage.opencover.xml"
+
+      - name: Build
+        run: msbuild ea-modelkit.sln -property:Configuration=CICD -property:platform="Any CPU" /p:RestorePackages=false
+
+      - name: Run Tests and Compute Coverage
+        run: vstest.console.exe EA-ModelKit.Tests\bin\CICD\net481\EAModelKit.Tests.dll /Platform:x64 /EnableCodeCoverage
+
+      - name: Sonarqube end
+        run: dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,45 @@
+name: "Code scanning - action"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 18 * * 1'
+
+jobs:
+  CodeQL-Build:
+
+    runs-on: windows-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      # Override language selection by uncommenting this and choosing your languages
+      with:
+        languages: csharp
+
+    - name: Setup MSBuild
+      uses: microsoft/[email protected]
+
+    - name: Setup NuGet
+      uses: NuGet/[email protected]
+
+    - name: add DevExpress nuget feed
+      run: dotnet nuget add source https://nuget.devexpress.com/api -n DXFeed -u DevExpress -p ${{ secrets.DEVEXPRESS_NUGET_KEY }} --store-password-in-clear-text
+
+    - name: Restore dependencies
+      run: nuget restore ea-modelkit.sln
+
+    - name: Build
+      run: msbuild ea-modelkit.sln -property:Configuration=CICD -property:platform="Any CPU" /p:RestorePackages=false
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3

.github/workflows/nuget-reference-check.yml

@@ -0,0 +1,50 @@
+name: "nuget package reference check"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 8 * * *'
+
+jobs:
+  build:
+    runs-on: windows-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    - name: Setup MSBuild
+      uses: microsoft/[email protected]
+
+    - name: Setup NuGet
+      uses: NuGet/[email protected]
+
+    - name: add DevExpress nuget feed
+      run: dotnet nuget add source https://nuget.devexpress.com/api -n DXFeed -u DevExpress -p ${{ secrets.DEVEXPRESS_NUGET_KEY }} --store-password-in-clear-text
+
+    - name: Restore dependencies
+      run: nuget restore ea-modelkit.sln
+
+    - name: Build
+      run: msbuild ea-modelkit.sln -property:Configuration=CICD -property:platform="Any CPU" /p:RestorePackages=false
+
+    - name: Checking NuGet vulnerabilites
+      run: |
+        dotnet list EA-ModelKit.sln package --outdated --include-transitive
+        dotnet list EA-ModelKit.sln package --deprecated --include-transitive
+        dotnet list EA-ModelKit.sln package --vulnerable --include-transitive 2>&1 | tee vulnerabilities.log
+
+        Write-Host "Analyze dotnet list package command log output..."
+        $logContent = Get-Content vulnerabilities.log
+        if ($logContent -match '\bcritical\b|\bhigh\b|\bmoderate\b|\blow\b') {
+            Write-Host "Security Vulnerabilities found"
+            exit 1
+        } else {
+            Write-Host "No Security Vulnerabilities found"
+            exit 0
+        }
+      shell: pwsh

EA-ModelKit.Tests/EA-ModelKit.Tests.csproj

@@ -6,6 +6,8 @@
         <IsPackable>false</IsPackable>
         <LangVersion>latest</LangVersion>
         <Configurations>Debug;Release;CICD</Configurations>
+        <AssemblyName>EAModelKit.Tests</AssemblyName>
+        <RootNamespace>EAModelKit.Tests</RootNamespace>
     </PropertyGroup>
 
     <ItemGroup>

EA-ModelKit.sln

@@ -8,15 +8,20 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
+		CICD|Any CPU = CICD|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{6E1CFB9B-538B-4684-A66B-2C81A6AFA2A4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{6E1CFB9B-538B-4684-A66B-2C81A6AFA2A4}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{6E1CFB9B-538B-4684-A66B-2C81A6AFA2A4}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{6E1CFB9B-538B-4684-A66B-2C81A6AFA2A4}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6E1CFB9B-538B-4684-A66B-2C81A6AFA2A4}.CICD|Any CPU.ActiveCfg = CICD|Any CPU
+		{6E1CFB9B-538B-4684-A66B-2C81A6AFA2A4}.CICD|Any CPU.Build.0 = CICD|Any CPU
 		{C340292F-8ED3-4C46-BCFB-A7B7EA22D3A9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{C340292F-8ED3-4C46-BCFB-A7B7EA22D3A9}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{C340292F-8ED3-4C46-BCFB-A7B7EA22D3A9}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{C340292F-8ED3-4C46-BCFB-A7B7EA22D3A9}.Release|Any CPU.Build.0 = Release|Any CPU
+		{C340292F-8ED3-4C46-BCFB-A7B7EA22D3A9}.CICD|Any CPU.ActiveCfg = CICD|Any CPU
+		{C340292F-8ED3-4C46-BCFB-A7B7EA22D3A9}.CICD|Any CPU.Build.0 = CICD|Any CPU
 	EndGlobalSection
 EndGlobal

EA-ModelKit/Properties/AssemblyInfo.cs

@@ -10,5 +10,5 @@
 // The following GUID is for the ID of the typelib if this project is exposed to COM
 [assembly: Guid("6E1CFB9B-538B-4684-A66B-2C81A6AFA2A4")]
 
-[assembly: InternalsVisibleTo("EA-ModelKit.Tests")]
+[assembly: InternalsVisibleTo("EAModelKit.Tests")]
 [assembly: InternalsVisibleTo("DynamicProxyGenAssembly2")]