lint using resharper

[harryob]

implements linting using rider's annotation tool, resharper. these lints aren't annotated using standard github pattern as there is a Ton of them, and resharper outputs them in SARIF. the best fitting tool for this seems to be the codeql security analysis tool, which is odd for a linter, but i think it still provides handy annotation

oh no! new bad code!! (only shows new inspections on the pr, not existing ones)

new commit addresses the issue, the issue is flagged as fixed and minimised

[github-advanced-security[bot]]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[wixoaGit]

This gives a ton of errors for our XAML UI (~6 pages). Is there something that can be done about that?

[harryob]

This gives a ton of errors for our XAML UI (~6 pages). Is there something that can be done about that?

that's odd, i never got anything reporting as an error on my fork. i'll add an exclusion for reporting anything on .xaml pages, given it seems to be misreporting for them anyway

[wixoaGit]

Turns out to also be giving lots of errors for things defined in RobustToolbox. This is probably due to the RT projects being excluded.

[harryob]

Turns out to also be giving lots of errors for things defined in RobustToolbox. This is probably due to the RT projects being excluded.

added a flag to skip the build to cut linting times, but this ended up also skipping the restore that happened - manually forcing it the restore performing the build seems to ensure the analysis works correctly