Introduce JetBrains Qodana quality scans (#96)

* Introduce JetBrains Qodana quality scans
* Fix or suppress code inspections

.github/dependabot.yml

@@ -23,7 +23,7 @@ updates:
     ignore:
       - dependency-name: "Moq"
   - package-ecosystem: "github-actions"
-    directory: "/.github"
+    directory: "/"
     schedule:
       interval: "weekly"
       day: "sunday"

.github/workflows/cicd.yml

@@ -3,23 +3,29 @@
 on:
   pull_request:
     paths:
-    - 'src/**'
     - 'GitVersion.yml'
+    - 'src/**'
+    - '!src/qodana.yml'
     - '.github/actions/**'
     - '.github/workflows/**'
     - '!.github/workflows/codeql.yml'
     - '!.github/workflows/fossa-scan.yml'
+    - '!.github/workflows/qodana.yml'
+    - '!.github/workflows/semgrep.yml'
     types: [opened, synchronize, reopened]
   push:
     branches:
     - 'master'
     paths:
-    - 'src/**'
     - 'GitVersion.yml'
+    - 'src/**'
+    - '!src/qodana.yml'
     - '.github/actions/**'
     - '.github/workflows/**'
     - '!.github/workflows/codeql.yml'
     - '!.github/workflows/fossa-scan.yml'
+    - '!.github/workflows/qodana.yml'
+    - '!.github/workflows/semgrep.yml'
   workflow_dispatch:
     inputs:
       buildAutoFakeItEasy:

.github/workflows/codeql.yml

@@ -4,13 +4,15 @@ on:
   pull_request:
     paths:
     - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/codeql.yml'
     types: [opened, synchronize, reopened]
   push:
     branches:
     - 'master'
     paths:
     - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/codeql.yml'
   schedule:
   - cron: '20 23 * * 0'
@@ -46,15 +48,14 @@ jobs:
     steps:
     - name: 📥 checkout
       uses: actions/checkout@v3
-
+      with:
+        fetch-depth: 0
     - name: 🎰 initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
-
     - name: 🏗️ build
       run: dotnet build ./src/Objectivity.AutoFixture.XUnit2.AutoMock.sln
-
     - name: 🔬 analyze with CodeQL
       uses: github/codeql-action/analyze@v2
       with:

.github/workflows/fossa-scan.yml

@@ -4,13 +4,15 @@ on:
   pull_request:
     paths:
     - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/fossa-scan.yml'
     types: [opened, synchronize, reopened]
   push:
     branches:
     - 'master'
     paths:
     - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/fossa-scan.yml'  
   workflow_dispatch:
 
@@ -26,6 +28,8 @@ jobs:
     steps:
     - name: 📥 checkout
       uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
     - name: 🔬 scan
       uses: fossas/fossa-action@main
       with:

.github/workflows/qodana.yml

@@ -0,0 +1,60 @@
+name: '🧠 Qodana: Static Code Analysis'
+
+on:
+  pull_request:
+    paths:
+    - 'src/**'
+    - '.github/workflows/qodana.yml'
+    types: [opened, synchronize, reopened]
+  push:
+    branches:
+    - 'master'
+    paths:
+    - 'src/**'
+    - '.github/workflows/qodana.yml'
+  schedule:
+    - cron: '17 5 * * 0' # Random time
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  qodana:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      checks: write
+    steps:
+      - name: 📥 checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 
+      - name: 💾 cache nuget packages
+        uses: actions/cache@v3
+        with:
+          path: ${{ runner.temp }}/qodana/caches
+          key: ${{ runner.os }}-qodana-${{ github.ref }}-${{ hashFiles('**/*.csproj') }}
+          restore-keys: |
+            ${{ runner.os }}-qodana-${{ github.ref }}
+      - name: 🔬 Qodana Scan
+        uses: JetBrains/[email protected]
+        with:
+          pr-mode: false
+          args: |
+            --project-dir,src,
+            --save-report=false
+          results-dir: ${{ runner.temp }}/qodana/results
+          cache-dir: ${{ runner.temp }}/qodana/caches
+          primary-cache-key: ${{ runner.os }}-qodana-${{ github.ref }}-${{ hashFiles('**/*.csproj') }}
+          additional-cache-key: ${{ runner.os }}-qodana-${{ github.ref }}
+          upload-result: true
+        env:
+          QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
+      - name: 📊 Upload SARIF file for GitHub Advanced Security Dashboard
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
+        if: always()

.github/workflows/semgrep.yml

@@ -1,21 +1,27 @@
-name: 🔎 Semgrep
+name: '🔎 Semgrep: Static Code Analysis'
 
 on:
   pull_request:
     paths:
     - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/semgrep.yml'
     types: [opened, synchronize, reopened]
   push:
     branches:
     - 'master'
     paths:
     - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/semgrep.yml'
   schedule:
     - cron: '38 7 * * 0' # Random time
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   semgrep:
     name: semgrep/ci 
@@ -29,17 +35,15 @@ jobs:
     if: (github.actor != 'dependabot[bot]')
 
     steps:
-      # Fetch project source with GitHub Actions Checkout.
-      - uses: actions/checkout@v3
-      # Run the "semgrep ci" command on the command line of the docker image.
-      - run: semgrep ci --sarif > semgrep.sarif
+      - name: 📥 checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 
+      - name: 🔬 Semgrep Scan
+        run: semgrep ci --sarif > semgrep.sarif
         env:
-          # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
-          # Generate a token from Semgrep Cloud Platform > Settings
-          # and add it to your GitHub secrets.
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
-
-      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+      - name: 📊 Upload SARIF file for GitHub Advanced Security Dashboard
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: semgrep.sarif

.github/workflows/test-mutations.yml

@@ -3,17 +3,19 @@ name: '👾 Stryker.NET: Mutation testing'
 on:
   pull_request:
     paths:
-    - 'src/**'
     - 'stryker-config.yml'
+    - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/test-mutations.yml'
     - '.github/actions/materialize-signing-key/**'
     types: [opened, synchronize, reopened]
   push:
     branches:
     - 'master'
     paths:
-    - 'src/**'
     - 'stryker-config.yml'
+    - 'src/**'
+    - '!src/qodana.yml'
     - '.github/workflows/test-mutations.yml'
     - '.github/actions/materialize-signing-key/**'
   workflow_dispatch:

src/.editorconfig

@@ -59,22 +59,32 @@ dotnet_style_prefer_conditional_expression_over_return = true:silent
 # Naming Conventions          #
 ###############################
 # Style Definitions
-dotnet_naming_style.pascal_case_style.capitalization             = pascal_case
-# Use PascalCase for constant fields  
+dotnet_naming_style.pascal_case_style.capitalization = pascal_case
+dotnet_naming_style.camel_case_style.capitalization = camel_case
+
+# Use PascalCase for constant fields
 dotnet_naming_rule.constant_fields_should_be_pascal_case.severity = suggestion
 dotnet_naming_rule.constant_fields_should_be_pascal_case.symbols  = constant_fields
-dotnet_naming_rule.constant_fields_should_be_pascal_case.style = pascal_case_style
+dotnet_naming_rule.constant_fields_should_be_pascal_case.style    = pascal_case_style
 dotnet_naming_symbols.constant_fields.applicable_kinds            = field
 dotnet_naming_symbols.constant_fields.applicable_accessibilities  = *
 dotnet_naming_symbols.constant_fields.required_modifiers          = const
 
-dotnet_naming_rule.private_members_with_underscore.symbols  = private_fields
-dotnet_naming_rule.private_members_with_underscore.style = prefix_underscore
-dotnet_naming_rule.private_members_with_underscore.severity = warning
+# Use PascalCase for static fields
+dotnet_naming_rule.static_fields_should_be_pascal_case.severity = suggestion
+dotnet_naming_rule.static_fields_should_be_pascal_case.symbols  = static_fields
+dotnet_naming_rule.static_fields_should_be_pascal_case.style    = pascal_case_style
+dotnet_naming_symbols.static_fields.applicable_kinds            = field
+dotnet_naming_symbols.static_fields.applicable_accessibilities  = *
+dotnet_naming_symbols.static_fields.required_modifiers          = static
+
+# Use camelCase for private fields
+dotnet_naming_rule.private_members_with_underscore.severity     = suggestion
+dotnet_naming_rule.private_members_with_underscore.symbols      = private_fields
+dotnet_naming_rule.private_members_with_underscore.style        = camel_case_style
 dotnet_naming_symbols.private_fields.applicable_kinds           = field
 dotnet_naming_symbols.private_fields.applicable_accessibilities = private
-dotnet_naming_style.prefix_underscore.capitalization = camel_case
-dotnet_naming_style.prefix_underscore.required_prefix = _
+
 dotnet_style_operator_placement_when_wrapping = beginning_of_line
 tab_width = 4
 end_of_line = crlf
@@ -153,6 +163,7 @@ csharp_using_directive_placement = outside_namespace:silent
 csharp_prefer_simple_using_statement = true:suggestion
 csharp_style_namespace_declarations = file_scoped:silent
 csharp_style_prefer_method_group_conversion = true:silent
+csharp_style_prefer_top_level_statements = true:silent
 csharp_style_expression_bodied_lambdas = true:silent
 csharp_style_expression_bodied_local_functions = false:silent
 
@@ -3496,4 +3507,10 @@ dotnet_diagnostic.xUnit3000.severity = warning
 
 # xUnit3001: Classes that implement Xunit.Abstractions.IXunitSerializable must have a public parameterless constructor
 dotnet_diagnostic.xUnit3001.severity = warning
-csharp_style_prefer_top_level_statements = true:silent
+
+## ReSharper
+
+# Convert constructor into primary constructor
+resharper_convert_to_primary_constructor_highlighting = none
+# Use collection expression syntax
+resharper_use_collection_expression_highlighting = none

src/Objectivity.AutoFixture.XUnit2.AutoFakeItEasy.Tests/.editorconfig

@@ -21,4 +21,13 @@ dotnet_diagnostic.S3376.severity = none
 # S4158: Empty collections should not be accessed or iterated.
 dotnet_diagnostic.S4158.severity = none
 # S6608: Prefer indexing instead of "Enumerable" methods on types implementing "IList"
-dotnet_diagnostic.S6608.severity = none
+dotnet_diagnostic.S6608.severity = none
+
+## ReSharper
+
+# Possible 'System.NullReferenceException'
+resharper_possible_null_reference_exception_highlighting = none
+# Use collection expression syntax
+resharper_use_collection_expression_highlighting = none
+# Possible 'null' assignment to entity
+resharper_assign_null_to_not_null_attribute_highlighting = none

src/Objectivity.AutoFixture.XUnit2.AutoFakeItEasy.Tests/IFakeObjectUnderTest.cs

@@ -1,7 +1,10 @@
 namespace Objectivity.AutoFixture.XUnit2.AutoFakeItEasy.Tests
 {
+    using System.Diagnostics.CodeAnalysis;
+
     public interface IFakeObjectUnderTest
     {
+        [SuppressMessage("ReSharper", "UnusedMember.Global", Justification = "Required for test.")]
         public string StringProperty { get; set; }
     }
 }

src/Objectivity.AutoFixture.XUnit2.AutoMoq.Tests/.editorconfig

@@ -21,4 +21,13 @@ dotnet_diagnostic.S3376.severity = none
 # S4158: Empty collections should not be accessed or iterated.
 dotnet_diagnostic.S4158.severity = none
 # S6608: Prefer indexing instead of "Enumerable" methods on types implementing "IList"
-dotnet_diagnostic.S6608.severity = none
+dotnet_diagnostic.S6608.severity = none
+
+## ReSharper
+
+# Possible 'System.NullReferenceException'
+resharper_possible_null_reference_exception_highlighting = none
+# Use collection expression syntax
+resharper_use_collection_expression_highlighting = none
+# Possible 'null' assignment to entity
+resharper_assign_null_to_not_null_attribute_highlighting = none

src/Objectivity.AutoFixture.XUnit2.AutoMoq.Tests/IFakeObjectUnderTest.cs

@@ -1,7 +1,10 @@
 namespace Objectivity.AutoFixture.XUnit2.AutoMoq.Tests
 {
+    using System.Diagnostics.CodeAnalysis;
+
     public interface IFakeObjectUnderTest
     {
+        [SuppressMessage("ReSharper", "UnusedMember.Global", Justification = "Required for test.")]
         public string StringProperty { get; set; }
     }
 }

src/Objectivity.AutoFixture.XUnit2.AutoNSubstitute.Tests/.editorconfig

@@ -21,4 +21,13 @@ dotnet_diagnostic.S3376.severity = none
 # S4158: Empty collections should not be accessed or iterated.
 dotnet_diagnostic.S4158.severity = none
 # S6608: Prefer indexing instead of "Enumerable" methods on types implementing "IList"
-dotnet_diagnostic.S6608.severity = none
+dotnet_diagnostic.S6608.severity = none
+
+## ReSharper
+
+# Possible 'System.NullReferenceException'
+resharper_possible_null_reference_exception_highlighting = none
+# Use collection expression syntax
+resharper_use_collection_expression_highlighting = none
+# Possible 'null' assignment to entity
+resharper_assign_null_to_not_null_attribute_highlighting = none

src/Objectivity.AutoFixture.XUnit2.AutoNSubstitute.Tests/IFakeObjectUnderTest.cs

@@ -1,7 +1,10 @@
 namespace Objectivity.AutoFixture.XUnit2.AutoNSubstitute.Tests
 {
+    using System.Diagnostics.CodeAnalysis;
+
     public interface IFakeObjectUnderTest
     {
+        [SuppressMessage("ReSharper", "UnusedMember.Global", Justification = "Required for test.")]
         public string StringProperty { get; set; }
     }
 }