Apply template updates: staged pipelines, artifact consolidation, and OTS Software requirements

[Copilot]

Pull Request

Description

Ports TemplateDotNetTool PRs #51 and #52 into SarifMark.

.config/dotnet-tools.json

• Bumped demaconsulting.reqstream 1.3.0 → 1.4.0 to enable ReqStream_EnforcementMode self-validation

.github/workflows/build.yaml

All jobs now follow four consistent # === SECTION ===-commented sections:

• quality-checks: versionmark output routed to artifacts/; VersionMark self-validation added; single artifacts-quality upload
• build: version capture moved before build/test; test results written to artifacts/; VersionMark self-validation added; uploads split into artifacts-build-${{ matrix.os }} (all outputs) and packages-${{ matrix.os }} (NuGet only)
• codeql: CodeQL SARIF output routed to artifacts/; uploaded as artifacts-codeql
• integration-test: downloads packages-${{ matrix.os }} (was artifacts-*); all outputs to artifacts/; single artifacts-validation-* upload
• build-docs: four separate downloads replaced with one artifacts-* pattern download (merge-multiple: true) + packages-ubuntu-latest → packages/; five OTS self-validation steps added (ReqStream, BuildMark, VersionMark, SarifMark, SonarMark); all paths updated to artifacts/

.github/workflows/release.yaml

• Downloads packages-ubuntu-latest (was artifacts-ubuntu-latest)
• Job description comments added

requirements.yaml

• Shortened requirement ID prefixes: SarifMark-Report-* → SarifMark-Rpt-* and SarifMark-Platform-* → SarifMark-Plt-*
• New OTS Software section with five ots-tagged requirements, each linked to self-validation TRX evidence:

ID	OTS Tool
SarifMark-OTS-MSTest	MSTest unit testing framework
SarifMark-OTS-ReqStream	Requirements traceability enforcement
SarifMark-OTS-BuildMark	Build notes generation
SarifMark-OTS-VersionMark	Tool version capture
SarifMark-OTS-SonarMark	SonarCloud quality reporting

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code quality improvement

Related Issues

Pre-Submission Checklist

Before submitting this pull request, ensure you have completed the following:

Build and Test

• Code builds successfully: dotnet build --configuration Release
• All tests pass: dotnet test --configuration Release
• Code produces zero warnings

Code Quality

• Code formatting is correct: dotnet format --verify-no-changes
• New code has appropriate XML documentation comments
• Static analyzer warnings have been addressed

Quality Checks

Please run the following checks before submitting:

• Spell checker passes: cspell "**/*.{md,cs}"
• Markdown linter passes: markdownlint "**/*.md"
• YAML linter passes: yamllint '**/*.{yml,yaml}'
• Self-validation passes:
  dotnet run --project src/DemaConsulting.SarifMark --configuration Release --framework net10.0 --no-build -- --validate

Testing

• Added unit tests for new functionality
• Updated existing tests if behavior changed
• All tests follow the AAA (Arrange, Act, Assert) pattern
• Test coverage is maintained or improved

Documentation

• Updated README.md (if applicable)
• Updated ARCHITECTURE.md (if applicable)
• Added code examples for new features (if applicable)
• Updated requirements.yaml (if applicable)

Additional Notes

No C# code changes — CI workflow restructuring and requirements traceability additions only. The artifacts/ folder convention ensures every job writes all outputs to a single local directory, keeping download/upload steps simple and consistent. The packages-* split keeps NuGet packages separate from build artifacts, matching the pattern already used by the integration-test job.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[Malcolmnixon]

@copilot Let's shorten the requirement IDs:

• "SarifMark-Report-" to "SarifMark-Rpt-"
• "SarifMark-Platform-" to "SarifMark-Plt-"

[Copilot]

@copilot Let's shorten the requirement IDs:

• "SarifMark-Report-" to "SarifMark-Rpt-"
• "SarifMark-Platform-" to "SarifMark-Plt-"

Done in 0a7c6ca — all 11 IDs updated: 6 SarifMark-Report-* → SarifMark-Rpt-* and 5 SarifMark-Platform-* → SarifMark-Plt-*.