ci: stabilize CI and remove red-X noise (formatting gate, STJ pin via CPM, solution-scoped restore/list, unique artifact name, Dependabot skip, permissions + CodeQL setup)

Author: KeelMatrix

.github/workflows/ci.yml

@@ -1,16 +1,19 @@
 name: CI
 
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+
 on:
   push:
-    branches:
-      - main
-      - master
+    branches: [ main, master ]
   pull_request:
-    branches:
-      - "*"
+    branches: [ "*" ]
 
 jobs:
   build:
+    if: github.actor != 'dependabot[bot]'
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -22,7 +25,7 @@ jobs:
         with:
           dotnet-version: '8.0.x'
       - name: Restore dependencies
-        run: dotnet restore
+        run: dotnet restore KeelMatrix.QueryWatch.sln
       - name: Build
         run: dotnet build --configuration Release --no-restore
       - name: Test
@@ -42,10 +45,12 @@ jobs:
         with:
           name: nuget-packages
           path: ./artifacts/packages
+          if-no-files-found: error
+          overwrite: true
       - name: Verify formatting
         run: dotnet format --verify-no-changes
       - name: Check for vulnerable dependencies
-        run: dotnet list package --vulnerable
+        run: dotnet list KeelMatrix.QueryWatch.sln package --vulnerable
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
         with:

.github/workflows/codeql.yml

@@ -0,0 +1,114 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '24 15 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+
+    # Ensure the SARIF upload can succeed.
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # typical for public repos (safe to keep)
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # Scan GitHub Actions workflows (YAML) for common issues.
+          - language: actions
+            build-mode: none
+
+          # Primary language of this repo (KeelMatrix.QueryWatch)
+          - language: csharp
+            # Let CodeQL discover and build your solution automatically.
+            build-mode: autobuild
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Add any setup steps before running the `github/codeql-action/init` action.
+      # This includes steps like installing compilers or runtimes (`actions/setup-node`
+      # or others). This is typically only required for manual builds.
+      # - name: Setup runtime (example)
+      #   uses: actions/setup-example@v1
+
+      # Ensure .NET 8 SDK is present for autobuild of the C# solution.
+      - name: Set up .NET 8
+        if: matrix.language == 'csharp'
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '8.0.x'
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          #
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          queries: +security-extended,security-and-quality
+
+      # If the analyze step fails for one of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix above
+      # to set the build mode to "manual" for that language. Then modify this step
+      # to build your code.
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          echo 'If you are using a "manual" build mode for one or more of the' \
+            'languages you are analyzing, replace this with the commands to build' \
+            'your code, for example:'
+          echo '  dotnet restore KeelMatrix.QueryWatch.sln'
+          echo '  dotnet build   KeelMatrix.QueryWatch.sln -c Release --no-restore'
+          exit 1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

Directory.Build.props

@@ -14,4 +14,9 @@
     <!-- Generate XML documentation for all projects by default -->
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
   </PropertyGroup>
+  
+  <!-- Optional: suppress CS1591 for Release builds of packable projects -->
+  <PropertyGroup Condition="'$(IsPackable)'=='true' and '$(Configuration)'=='Release'">
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+  </PropertyGroup>
 </Project>

Directory.Packages.props

@@ -16,5 +16,8 @@
     <!-- JSON serializer used by QueryWatch.Reporting -->
     <!-- Pin a patched System.Text.Json so NuGet never resolves 8.0.0 -->
     <PackageVersion Include="System.Text.Json" Version="8.0.5" />
+	
+	<PackageVersion Include="Microsoft.EntityFrameworkCore" Version="8.0.8" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Relational" Version="8.0.8" />
   </ItemGroup>
 </Project>

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Your Name
+Copyright (c) 2025 KeelMatrix
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,3 +1,5 @@
+> The project is currently under development. Keep an eye out for its release!
+
 # KeelMatrix.QueryWatch
 
 > Catch N+1 queries and slow SQL in tests. Fail builds when query budgets are exceeded.

src/KeelMatrix.QueryWatch/Ado/QueryWatchCommand.cs

@@ -4,48 +4,40 @@
 using System.Diagnostics;
 using System.Diagnostics.CodeAnalysis;
 
-namespace KeelMatrix.QueryWatch.Ado
-{
+namespace KeelMatrix.QueryWatch.Ado {
     /// <summary>
     /// Delegating <see cref="DbCommand"/> that measures execution and records into a session.
     /// </summary>
-    public sealed class QueryWatchCommand : DbCommand
-    {
+    public sealed class QueryWatchCommand : DbCommand {
         private readonly DbCommand _inner;
         private readonly QueryWatchSession _session;
         private readonly DbConnection? _connection; // wrapper connection
 
-        public QueryWatchCommand(DbCommand inner, QueryWatchSession session, DbConnection? wrapperConnection = null)
-        {
+        public QueryWatchCommand(DbCommand inner, QueryWatchSession session, DbConnection? wrapperConnection = null) {
             _inner = inner ?? throw new ArgumentNullException(nameof(inner));
             _session = session ?? throw new ArgumentNullException(nameof(session));
             _connection = wrapperConnection;
         }
 
         [AllowNull]
-        public override string CommandText
-        {
+        public override string CommandText {
             get => _inner.CommandText;
             set => _inner.CommandText = value;
         }
 
-        public override int CommandTimeout
-        {
+        public override int CommandTimeout {
             get => _inner.CommandTimeout;
             set => _inner.CommandTimeout = value;
         }
 
-        public override CommandType CommandType
-        {
+        public override CommandType CommandType {
             get => _inner.CommandType;
             set => _inner.CommandType = value;
         }
 
-        protected override DbConnection? DbConnection
-        {
+        protected override DbConnection? DbConnection {
             get => _connection ?? _inner.Connection;
-            set
-            {
+            set {
                 if (value is null) {
                     _inner.Connection = null;
                 }
@@ -60,20 +52,17 @@ protected override DbConnection? DbConnection
 
         protected override DbParameterCollection DbParameterCollection => _inner.Parameters;
 
-        protected override DbTransaction? DbTransaction
-        {
+        protected override DbTransaction? DbTransaction {
             get => _inner.Transaction;
             set => _inner.Transaction = value;
         }
 
-        public override bool DesignTimeVisible
-        {
+        public override bool DesignTimeVisible {
             get => _inner.DesignTimeVisible;
             set => _inner.DesignTimeVisible = value;
         }
 
-        public override UpdateRowSource UpdatedRowSource
-        {
+        public override UpdateRowSource UpdatedRowSource {
             get => _inner.UpdatedRowSource;
             set => _inner.UpdatedRowSource = value;
         }
@@ -85,50 +74,43 @@ public override UpdateRowSource UpdatedRowSource
 
         private void Record(TimeSpan elapsed) => _session.Record(_inner.CommandText ?? string.Empty, elapsed);
 
-        public override int ExecuteNonQuery()
-        {
+        public override int ExecuteNonQuery() {
             var sw = Stopwatch.StartNew();
             try { return _inner.ExecuteNonQuery(); }
             finally { sw.Stop(); Record(sw.Elapsed); }
         }
 
-        public override object? ExecuteScalar()
-        {
+        public override object? ExecuteScalar() {
             var sw = Stopwatch.StartNew();
             try { return _inner.ExecuteScalar(); }
             finally { sw.Stop(); Record(sw.Elapsed); }
         }
 
-        protected override DbDataReader ExecuteDbDataReader(CommandBehavior behavior)
-        {
+        protected override DbDataReader ExecuteDbDataReader(CommandBehavior behavior) {
             var sw = Stopwatch.StartNew();
             try { return _inner.ExecuteReader(behavior); }
             finally { sw.Stop(); Record(sw.Elapsed); }
         }
 
-        public override async Task<int> ExecuteNonQueryAsync(CancellationToken cancellationToken)
-        {
+        public override async Task<int> ExecuteNonQueryAsync(CancellationToken cancellationToken) {
             var sw = Stopwatch.StartNew();
             try { return await _inner.ExecuteNonQueryAsync(cancellationToken).ConfigureAwait(false); }
             finally { sw.Stop(); Record(sw.Elapsed); }
         }
 
-        public override async Task<object?> ExecuteScalarAsync(CancellationToken cancellationToken)
-        {
+        public override async Task<object?> ExecuteScalarAsync(CancellationToken cancellationToken) {
             var sw = Stopwatch.StartNew();
             try { return await _inner.ExecuteScalarAsync(cancellationToken).ConfigureAwait(false); }
             finally { sw.Stop(); Record(sw.Elapsed); }
         }
 
-        protected override async Task<DbDataReader> ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken)
-        {
+        protected override async Task<DbDataReader> ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken) {
             var sw = Stopwatch.StartNew();
             try { return await _inner.ExecuteReaderAsync(behavior, cancellationToken).ConfigureAwait(false); }
             finally { sw.Stop(); Record(sw.Elapsed); }
         }
 
-        protected override void Dispose(bool disposing)
-        {
+        protected override void Dispose(bool disposing) {
             if (disposing) _inner.Dispose();
             base.Dispose(disposing);
         }