chore: add CODEOWNERS, Code of Conduct, CHANGELOG, Source Link, and workflow fixes (#223)

## Summary

Repository health improvements across 8 areas.

## Changes

### New files
- **`.github/CODEOWNERS`** – assigns `@petesramek` as owner of
`.github/`, `src/`, and `tests/`
- **`CODE_OF_CONDUCT.md`** – Contributor Covenant 2.1 with "project
maintainer" as enforcement contact
- **`CHANGELOG.md`** – minimal changelog that links to the [GitHub
Releases
page](https://github.com/petesramek/polyline-algorithm-csharp/releases)

### Workflow fixes (`.github/workflows/pull-request.yml`)
- **Fix trailing-quote bug** – removed stray `'` from the
`dotnet-sdk-version` parameter in the `publish-development-package` job
- **Fix benchmark `if` condition** – replaced invalid
`github.env.is_release` context with
`needs.workflow-variables.outputs.is-release == 'true'`; added
`workflow-variables` to the benchmark job's `needs` so the output is
available
- **Add `security` job** – new job that runs `dotnet list
src/PolylineAlgorithm/PolylineAlgorithm.csproj package --vulnerable
--include-transitive` after build; fails on non-zero exit

### Source Link (`Directory.Build.props`)
- Added `<EmbedUntrackedSources>true</EmbedUntrackedSources>` and
`<DebugType>embedded</DebugType>` to the first `PropertyGroup`
- Added `Microsoft.SourceLink.GitHub` version `8.*` (no known
vulnerabilities per GitHub Advisory Database) to the analyzer
`ItemGroup`

### Documentation (`docs/local-development.md`)
- Added **"Required Repository Secrets and Variables"** section listing:
  - Secret: `NUGET_PACKAGE_FEED_API_KEY`
- Variables: `NUGET_PACKAGE_FEED_URL`, `BENCHMARKDOTNET_RUN_OVERRIDE`,
`BENCHMARKDOTNET_RUNTIMES`, `BENCHMARKDOTNET_FILTER`,
`DEFAULT_BUILD_FRAMEWORK`, `SRC_DEFAULT_GLOB_PATTERN`

## Verification
- `dotnet build PolylineAlgorithm.slnx --configuration Release` passes
with 0 errors
- CodeQL security scan: 0 alerts

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: petesramek <2333452+petesramek@users.noreply.github.com>

Author: Copilot

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+* @petesramek
+
+.github/ @petesramek
+src/ @petesramek
+tests/ @petesramek

.github/workflows/pull-request.yml

@@ -222,12 +222,28 @@ jobs:
           nuget-feed-api-key: ${{ secrets.NUGET_PACKAGE_FEED_API_KEY }}
           nuget-feed-server: 'AzureArtifacts'
           working-directory: ${{ runner.temp }}/${{ env.nuget-packages-directory }}
-          dotnet-sdk-version: ${{ env.dotnet-sdk-version }}'
+          dotnet-sdk-version: ${{ env.dotnet-sdk-version }}
+
+  security:
+    name: 'Check for vulnerable packages'
+    needs: [build]
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout ${{ github.head_ref || github.ref }}'
+        uses: actions/checkout@v6
+
+      - name: 'Setup .NET'
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: ${{ env.dotnet-sdk-version }}
+
+      - name: 'Check for vulnerable packages'
+        run: dotnet list src/PolylineAlgorithm/PolylineAlgorithm.csproj package --vulnerable --include-transitive
 
   benchmark:
-    if: ${{ github.env.is_release || vars.BENCHMARKDOTNET_RUN_OVERRIDE == 'true' }}
+    if: ${{ needs.workflow-variables.outputs.is-release == 'true' || vars.BENCHMARKDOTNET_RUN_OVERRIDE == 'true' }}
     name: Benchmark with .NET CLI on ${{ matrix.os }}
-    needs: [build]
+    needs: [workflow-variables, build]
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]

CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+Release history is tracked via GitHub Releases.
+
+See all releases at: <https://github.com/petesramek/polyline-algorithm-csharp/releases>

CODE_OF_CONDUCT.md

@@ -0,0 +1,47 @@
+# Contributor Covenant Code of Conduct
+
+## Our Commitment
+
+We are committed to providing a welcoming and inspiring community for all. We pledge to create an environment in which every individual feels valued, respected, and free from harassment and discrimination.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+- Using welcoming and inclusive language
+- Being respectful of differing opinions, viewpoints, and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery and unwelcome sexual attention or advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or electronic address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement
+
+Community leaders are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Reporting
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainer responsible for enforcement. All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the reporter of any incident.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

Directory.Build.props

@@ -6,6 +6,8 @@
 		<ImplicitUsings>enable</ImplicitUsings>
 		<InvariantGlobalization>true</InvariantGlobalization>
 		<NeutralLanguage>en</NeutralLanguage>
+		<EmbedUntrackedSources>true</EmbedUntrackedSources>
+		<DebugType>embedded</DebugType>
 	</PropertyGroup>
 
 	<PropertyGroup>
@@ -20,6 +22,7 @@
 		<PackageReference Include="Meziantou.Analyzer" Version="3.*" PrivateAssets="all" />
 		<PackageReference Include="SonarAnalyzer.CSharp" Version="10.*" PrivateAssets="all" />
 		<PackageReference Include="SmartAnalyzers.ExceptionAnalyzer" Version="1.*" PrivateAssets="all" />
+		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.*" PrivateAssets="all" />
 	</ItemGroup>
 
 </Project>

docs/local-development.md

@@ -72,3 +72,24 @@ The CI `format` job also runs `dotnet format` automatically on every push to non
 ## Editor Configuration
 
 Code style rules are stored in `.editorconfig` at the repository root. Any compliant IDE (Visual Studio, VS Code with C# Dev Kit, Rider) will pick these up automatically.
+
+## Required Repository Secrets and Variables
+
+The CI/CD workflows rely on the following GitHub repository secrets and variables.
+
+### Secrets
+
+| Name | Description |
+|------|-------------|
+| `NUGET_PACKAGE_FEED_API_KEY` | API key for the Azure Artifacts NuGet feed |
+
+### Variables
+
+| Name | Description |
+|------|-------------|
+| `NUGET_PACKAGE_FEED_URL` | NuGet feed URL |
+| `BENCHMARKDOTNET_RUN_OVERRIDE` | Set to `true` to force benchmarks to run on non-release PRs |
+| `BENCHMARKDOTNET_RUNTIMES` | Runtimes to benchmark (e.g. `net8.0 net10.0`) |
+| `BENCHMARKDOTNET_FILTER` | Benchmark filter pattern (e.g. `*`) |
+| `DEFAULT_BUILD_FRAMEWORK` | Default target framework for builds (e.g. `net10.0`) |
+| `SRC_DEFAULT_GLOB_PATTERN` | Glob pattern for source project files (e.g. `**/PolylineAlgorithm.csproj`) |