Add comprehensive code quality infrastructure and documentation

[Copilot]

Quality Improvement Plan for SpdxTool

All planned quality improvements have been successfully implemented and refined based on feedback:

Code Quality Improvements ✅

• Add .editorconfig for consistent code style enforcement across editors/IDEs
• Add code analyzer configuration directly in csproj files
• Enable additional code analyzers (Microsoft.CodeAnalysis.NetAnalyzers v9.0.0, SonarAnalyzer.CSharp v10.5.0)
• Configure warnings-as-errors with CA rule suppressions in .editorconfig

Testing Improvements ✅

• Add test coverage configuration in csproj files
• Document test patterns and best practices in CONTRIBUTING.md

Documentation Improvements ✅

• Add CONTRIBUTING.md with development guidelines
• Add CODE_OF_CONDUCT.md (Contributor Covenant 2.1)
• Enhance AGENTS.md with quality tool instructions
• Add architecture documentation (ARCHITECTURE.md)
• Add issue templates (bug report, feature request)
• Enhance README.md with contributing and quality sections
• Add QUALITY_IMPROVEMENTS.md documenting all changes

Build and CI Improvements ✅

• Add markdown linting configuration (.markdownlint.json)
• Add spell checking configuration (.cspell.json)
• Integrate quality checks into build_on_push.yaml CI workflow with proper permissions
• Automated markdown linting with markdownlint-cli
• Automated spell checking with cspell
• Relaxed markdown rules to accommodate existing documentation style
• Added SPDX-specific terms to spell checker dictionary
• Add Dependabot configuration for automated weekly dependency updates

Summary

All quality improvements have been completed and tested:

• ✅ Build succeeds with 0 warnings, 0 errors
• ✅ All 97 tests pass across net8.0, net9.0, and net10.0
• ✅ Code analysis passes with no issues
• ✅ Markdown linting passes with relaxed rules
• ✅ Spell checking passes with SPDX vocabulary
• ✅ Quality checks integrated into CI pipeline with proper permissions
• ✅ Analyzer configuration directly in csproj files (no Directory.Build.props)
• ✅ Warning suppressions configured in .editorconfig using dotnet_diagnostic rules
• ✅ Dependabot configured to update NuGet packages and GitHub Actions weekly
• ✅ No security vulnerabilities introduced

The changes are backward compatible and enhance code quality, documentation, and CI automation without modifying existing functionality.

Original prompt

what sort of quality improvements would be good to perform on this project. consider the code, tests, documentation, additional quality tools, and agents.md changes.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Malcolmnixon]

Could you make the quality checks (.cspell.json and .markdownlint.json) be executed in the build_on_push.yaml; which also means we can skip having the quality check scripts.

I'd like to skip the pull request template for now.

[Copilot]

Could you make the quality checks (.cspell.json and .markdownlint.json) be executed in the build_on_push.yaml; which also means we can skip having the quality check scripts.

I'd like to skip the pu...

Done in commit e77177f. I've:

• Added quality-checks job to build_on_push.yaml that runs markdownlint-cli and cspell
• Removed the scripts directory (quality-check.sh, quality-check.ps1, scripts/README.md)
• Removed the pull request template
• Updated CONTRIBUTING.md to remove script references
• Updated QUALITY_IMPROVEMENTS.md to reflect the CI-based approach

The quality checks now run automatically in CI on every push, checking markdown formatting and spelling across documentation and code files.

[Malcolmnixon]

Your additional quality check job is now reporting issues. Please either fix the issues, or relax the .markdownlint.json enforcement to relax the quality.

[Copilot]

Your additional quality check job is now reporting issues. Please either fix the issues, or relax the .markdownlint.json enforcement to relax the quality.

Fixed in commit 8ded349. I've relaxed the .markdownlint.json rules to accommodate existing documentation style:

• Disabled line length limits (MD013)
• Disabled trailing spaces check (MD009)
• Disabled multiple blank lines check (MD012)
• Disabled list formatting rules (MD004, MD022, MD031, MD032)
• Disabled code block language requirement (MD040)
• Disabled link text rules (MD059)

Also added missing SPDX-specific terms to .cspell.json:

• SPDXID
• NOASSERTION
• dotnettool
• declaredat

Both quality checks now pass successfully.

[Malcolmnixon]

The build_on_push.yaml is reporting a CodeQL complaint that the new quality-checks doesn't have an explicit permissions block. Please add the "contents:read" permission.

Additionally I'm not a fan of the Directory.Build.props files. I prefer the settings to be in the csproj files directly. Could you do the minimal changes to the csproj, and possibly move any applicable warning suppressions to the .editorconfig file.

[Copilot]

The build_on_push.yaml is reporting a CodeQL complaint that the new quality-checks doesn't have an explicit permissions block. Please add the "contents:read" permission.

Additionally I'm not a fan ...

Fixed in commit 839f1ba. I've:

1. Added contents: read permission to the quality-checks job in build_on_push.yaml
2. Removed Directory.Build.props completely
3. Moved analyzer settings directly into both csproj files:
   • Added EnableNETAnalyzers, AnalysisMode, AnalysisLevel, and EnforceCodeStyleInBuild properties
   • Added Microsoft.CodeAnalysis.NetAnalyzers and SonarAnalyzer.CSharp package references
4. Moved all warning suppressions to .editorconfig using dotnet_diagnostic rules (18 CA rules)

Build and all 97 tests pass successfully.

[Malcolmnixon]

Could you also add a dependabot configuration to update packages every week.

[Copilot]

Could you also add a dependabot configuration to update packages every week.

Done in commit 2675bac. I've added .github/dependabot.yml configured to:

• Update NuGet packages weekly (Mondays at 09:00)
• Update GitHub Actions weekly (Mondays at 09:00)
• Limit to 10 open PRs for NuGet and 5 for GitHub Actions
• Add appropriate labels ("dependencies", "nuget"/"github-actions")
• Use conventional commit prefixes ("deps" for NuGet, "ci" for Actions)