feat: scaffold code-quality-scan-workshop with 10 labs, screenshot automation, and Jekyll site

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: emmanuelknafo

.devcontainer/devcontainer.json

@@ -0,0 +1,26 @@
+{
+  "name": "Code Quality Scan Workshop",
+  "image": "mcr.microsoft.com/devcontainers/universal:2",
+  "features": {
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
+    "ghcr.io/devcontainers/features/node:1": { "version": "20" },
+    "ghcr.io/devcontainers/features/python:1": { "version": "3.12" },
+    "ghcr.io/devcontainers/features/dotnet:2": { "version": "8.0" },
+    "ghcr.io/devcontainers/features/java:1": { "version": "21" },
+    "ghcr.io/devcontainers/features/go:1": { "version": "1.22" }
+  },
+  "postCreateCommand": ".devcontainer/post-create.sh",
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "dbaeumer.vscode-eslint",
+        "ms-python.python",
+        "ms-dotnettools.csharp",
+        "golang.go",
+        "ms-vscode.vscode-typescript-next",
+        "charliermarsh.ruff",
+        "redhat.java"
+      ]
+    }
+  }
+}

.devcontainer/post-create.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+set -e
+
+DOMAIN="code-quality"
+SCANNER_REPO="code-quality-scan-demo-app"
+ORG="devopsabcs-engineering"
+
+echo "=========================================="
+echo " Code Quality Scan Workshop — Post-Create"
+echo "=========================================="
+
+# -----------------------------------------------
+# 1. Fork or clone the scanner demo-app as sibling
+# -----------------------------------------------
+if [ ! -d "../$SCANNER_REPO" ]; then
+  echo ""
+  echo "Setting up companion demo-app repository..."
+  gh repo fork "$ORG/$SCANNER_REPO" --clone -- "../$SCANNER_REPO" 2>/dev/null || \
+    git clone "https://github.com/$ORG/$SCANNER_REPO.git" "../$SCANNER_REPO"
+  echo "Demo-app repository cloned to ../$SCANNER_REPO"
+else
+  echo "Demo-app repository already exists at ../$SCANNER_REPO — skipping."
+fi
+
+# -----------------------------------------------
+# 2. Install ESLint (global for TypeScript linting)
+# -----------------------------------------------
+echo ""
+echo "Installing ESLint..."
+npm install -g eslint@latest 2>/dev/null || true
+
+# -----------------------------------------------
+# 3. Install Ruff (Python linter)
+# -----------------------------------------------
+echo ""
+echo "Installing Ruff..."
+pip install ruff --quiet 2>/dev/null || true
+
+# -----------------------------------------------
+# 4. Install jscpd (code duplication detection)
+# -----------------------------------------------
+echo ""
+echo "Installing jscpd..."
+npm install -g jscpd@latest 2>/dev/null || true
+
+# -----------------------------------------------
+# 5. Install Lizard (cyclomatic complexity)
+# -----------------------------------------------
+echo ""
+echo "Installing Lizard..."
+pip install lizard --quiet 2>/dev/null || true
+
+# -----------------------------------------------
+# 6. Install golangci-lint (Go linter)
+# -----------------------------------------------
+echo ""
+echo "Installing golangci-lint..."
+curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "$(go env GOPATH)/bin" latest 2>/dev/null || true
+
+# -----------------------------------------------
+# 7. Install Playwright for screenshot automation
+# -----------------------------------------------
+echo ""
+echo "Installing Playwright..."
+npm install -g playwright 2>/dev/null || true
+
+# -----------------------------------------------
+# 8. Install demo-app dependencies (if present)
+# -----------------------------------------------
+if [ -d "../$SCANNER_REPO/cq-demo-app-001" ]; then
+  echo ""
+  echo "Installing dependencies for cq-demo-app-001 (TypeScript)..."
+  cd "../$SCANNER_REPO/cq-demo-app-001" && npm install 2>/dev/null || true
+  cd -
+fi
+
+if [ -d "../$SCANNER_REPO/cq-demo-app-002" ]; then
+  echo ""
+  echo "Installing dependencies for cq-demo-app-002 (Python)..."
+  cd "../$SCANNER_REPO/cq-demo-app-002" && pip install -r requirements.txt --quiet 2>/dev/null || true
+  cd -
+fi
+
+echo ""
+echo "=========================================="
+echo " Setup complete! Start with Lab 00."
+echo "=========================================="

.gitignore

@@ -0,0 +1,15 @@
+node_modules/
+_site/
+.jekyll-cache/
+.jekyll-metadata
+Gemfile.lock
+*.pyc
+__pycache__/
+.env
+.env.local
+*.log
+.DS_Store
+Thumbs.db
+.sass-cache/
+.bundle/
+vendor/

CONTRIBUTING.md

@@ -0,0 +1,121 @@
+# Contributing to the Code Quality Scan Workshop
+
+Thank you for your interest in improving this workshop! This guide explains how to contribute lab content, screenshots, and fixes.
+
+## Getting Started
+
+1. Fork this repository.
+2. Clone your fork locally.
+3. Create a feature branch: `git checkout -b feature/your-change`.
+4. Make your changes following the standards below.
+5. Submit a pull request against `main`.
+
+## Lab Content Standards
+
+### File Structure
+
+Each lab is a directory under `labs/` with a single `README.md`:
+
+```
+labs/lab-NN-slug/
+└── README.md
+```
+
+### Frontmatter
+
+Every lab README MUST include YAML frontmatter:
+
+```yaml
+---
+permalink: /labs/lab-NN-slug/
+title: "Lab NN: Title"
+description: "One-sentence description"
+---
+```
+
+### Required Sections
+
+Every lab README MUST include these sections in order:
+
+1. **Title** (`# Lab NN: Title`)
+2. **Metadata table** (Duration, Level, Prerequisites)
+3. **Learning Objectives** (3–5 bullets)
+4. **Prerequisites** (tools, prior labs)
+5. **Exercises** (numbered steps with commands and screenshots)
+6. **Verification Checkpoint** (checklist)
+7. **Summary** (key takeaways)
+8. **Next Steps** (link to next lab)
+
+### Commands
+
+- Use **PowerShell Core** syntax for all commands.
+- Wrap commands in fenced code blocks with `powershell` language tag.
+- Never use Unix-only commands (`head`, `tail`, `cat`, `2>/dev/null`).
+
+### Working Directory Callouts
+
+When a step requires running commands in the demo-app repository, include:
+
+```markdown
+> **Working Directory**: Run the following commands from the `code-quality-scan-demo-app` repository root.
+```
+
+## Screenshot Standards
+
+### Naming Convention
+
+```
+lab-NN-description-slug.png
+```
+
+Examples:
+- `lab-02-eslint-output.png`
+- `lab-06-security-tab-results.png`
+
+### Screenshot References
+
+Place screenshot references after the step that produces visible output:
+
+```markdown
+![ESLint results showing 12 warnings](../images/lab-02/lab-02-eslint-output.png)
+```
+
+### Adding New Screenshots
+
+1. Add an entry to `scripts/screenshot-manifest.json`.
+2. Run `scripts/capture-screenshots.ps1` to generate the screenshot.
+3. Place the generated PNG in the appropriate `images/lab-NN/` directory.
+4. Update the `images/lab-NN/README.md` inventory.
+
+### Image Directory README
+
+Each `images/lab-NN/` directory has a `README.md` listing all screenshots:
+
+```markdown
+# Lab NN Screenshots
+
+| File | Description |
+|------|-------------|
+| `lab-NN-slug.png` | Description of what the screenshot shows |
+```
+
+## Delivery Guides
+
+The `delivery/` directory contains facilitator guides:
+
+- `half-day.md` — 3.5-hour delivery guide (Labs 00–05 + Lab 06)
+- `full-day.md` — 7-hour delivery guide (all labs)
+
+When adding labs, update both delivery guides with timing adjustments.
+
+## Pull Request Process
+
+1. Ensure your changes render correctly with Jekyll locally (`bundle exec jekyll serve`).
+2. Verify all screenshot references resolve to existing files.
+3. Test any commands in a GitHub Codespace.
+4. Update the screenshot manifest if adding new screenshots.
+5. Submit a PR with a clear description of changes.
+
+## Code of Conduct
+
+Be respectful, constructive, and inclusive. We follow the [Contributor Covenant](https://www.contributor-covenant.org/) Code of Conduct.

Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+gem "github-pages", group: :jekyll_plugins
+gem "webrick", "~> 1.8"

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 devopsabcs-engineering
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,84 @@
+# Code Quality Scan Workshop
+
+[![GitHub Pages](https://img.shields.io/badge/docs-GitHub%20Pages-blue)](https://devopsabcs-engineering.github.io/code-quality-scan-workshop/)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+
+Hands-on workshop for code quality scanning with ESLint, Ruff, jscpd, Lizard, and coverage tools. Learn to integrate a **4-tool scanning architecture** into your CI/CD pipelines and visualize results in GitHub Advanced Security, Azure DevOps Advanced Security, and Power BI.
+
+## Quick Start
+
+### Option 1: GitHub Codespaces (Recommended)
+
+1. Click **Code → Codespaces → New codespace** on this repository.
+2. Wait for the dev container to build (~3 minutes).
+3. Open the terminal and start with [Lab 00](labs/lab-00-prerequisites/).
+
+### Option 2: Local Setup
+
+1. Clone this repository:
+
+   ```powershell
+   git clone https://github.com/devopsabcs-engineering/code-quality-scan-workshop.git
+   cd code-quality-scan-workshop
+   ```
+
+2. Clone the companion demo-app repository as a sibling:
+
+   ```powershell
+   git clone https://github.com/devopsabcs-engineering/code-quality-scan-demo-app.git
+   ```
+
+3. Install prerequisites from [Lab 00](labs/lab-00-prerequisites/).
+
+## Labs
+
+| # | Lab | Duration | Level |
+|---|-----|----------|-------|
+| 00 | [Prerequisites](labs/lab-00-prerequisites/) | 30 min | Beginner |
+| 01 | [Explore Demo Apps](labs/lab-01-explore-demo-apps/) | 30 min | Beginner |
+| 02 | [Linting](labs/lab-02-linting/) | 45 min | Intermediate |
+| 03 | [Complexity Analysis](labs/lab-03-complexity/) | 30 min | Intermediate |
+| 04 | [Duplication Detection](labs/lab-04-duplication/) | 30 min | Intermediate |
+| 05 | [Coverage Analysis](labs/lab-05-coverage/) | 45 min | Intermediate |
+| 06 | [GitHub Actions CI/CD](labs/lab-06-github-actions/) | 30 min | Intermediate |
+| 06-ADO | [ADO Pipelines CI/CD](labs/lab-06-ado-pipelines/) | 30 min | Intermediate |
+| 07 | [Remediation (GitHub)](labs/lab-07-remediation-github/) | 45 min | Advanced |
+| 07-ADO | [Remediation (ADO)](labs/lab-07-ado-remediation/) | 45 min | Advanced |
+| 08 | [Power BI Dashboard](labs/lab-08-dashboard/) | 45 min | Advanced |
+
+## Scanning Architecture
+
+The workshop teaches a **4-tool architecture** for comprehensive code quality scanning:
+
+| Tool | Role | Output |
+|------|------|--------|
+| Per-language linters (ESLint, Ruff, .NET Analyzers, Checkstyle, golangci-lint) | Static analysis | Native SARIF |
+| jscpd | Code duplication detection | Native SARIF |
+| Lizard | Cyclomatic complexity analysis | CSV → SARIF via `lizard-to-sarif.py` |
+| Coverage tools (Jest, pytest-cov, Coverlet, JaCoCo, go test) | Test coverage measurement | Various → SARIF via `coverage-to-sarif.py` |
+
+All results are normalized to **SARIF v2.1.0** and uploaded to GitHub Security tab or ADO Advanced Security for unified triage.
+
+## Companion Repository
+
+This workshop uses the [code-quality-scan-demo-app](https://github.com/devopsabcs-engineering/code-quality-scan-demo-app) repository, which contains:
+
+- 5 demo applications (TypeScript, Python, C#, Java, Go) with intentional quality violations
+- SARIF converter scripts for Lizard and coverage tools
+- CI/CD pipelines for GitHub Actions and Azure DevOps
+- Power BI PBIP report for quality dashboards
+
+## Prerequisites Summary
+
+- Node.js 20+ · Python 3.12+ · .NET 8 SDK · Java 21+ · Go 1.22+
+- Docker Desktop (or Codespaces with Docker-in-Docker)
+- Visual Studio Code with ESLint, Python, C#, and Go extensions
+- GitHub CLI (`gh`) authenticated
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on adding labs, screenshots, and fixes.
+
+## License
+
+This project is licensed under the MIT License — see [LICENSE](LICENSE) for details.

_config.yml

@@ -0,0 +1,17 @@
+title: "Code Quality Scan Workshop"
+description: "Hands-on workshop: Code quality scanning with ESLint, Ruff, jscpd, Lizard, and coverage tools"
+remote_theme: just-the-docs/just-the-docs
+baseurl: "/code-quality-scan-workshop"
+url: "https://devopsabcs-engineering.github.io"
+
+exclude:
+  - scripts/
+  - delivery/
+  - .devcontainer/
+  - node_modules/
+  - package.json
+  - package-lock.json
+  - Gemfile.lock
+
+nav_order_base: 0
+heading_anchors: true

_includes/head-custom.html

@@ -0,0 +1,13 @@
+<script type="module">
+  import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs';
+  mermaid.initialize({ startOnLoad: true });
+  document.querySelectorAll('pre > code.language-mermaid').forEach(el => {
+    const div = document.createElement('div');
+    div.className = 'mermaid';
+    div.textContent = el.textContent;
+    el.parentElement.replaceWith(div);
+  });
+</script>
+<style>
+  .mermaid { text-align: center; }
+</style>