Fix check run reporting 0 violations when source files can't be resolved

[Copilot]

When SpotBugs violations exist in the XML but their source file paths can't be resolved on the runner, annotations are silently skipped — causing the check run summary to report 0 violation(s) found despite the workflow log correctly showing e.g. has 12 violations.

Root cause

numErrors was derived from annotations.length (successfully annotated violations) rather than the raw violation count from the XML. When source paths don't resolve, all annotations are skipped and the count collapses to 0.

Changes

• src/annotations.ts — annotationsForPath now returns { annotations, violationCount } instead of Annotation[]. violationCount always reflects the BugInstance count from the XML, regardless of source file resolution.

• src/main.ts — Sums violationCount across all result files into totalViolations, passed as numErrors to createCheck. Removes unused chain import.

• dist/index.js — Rebuilt bundle (ncc build) to ship the fix. The bundle is what the action actually executes; the prior fix only updated TypeScript sources.

// Before: collapses to 0 when source files don't resolve
await createCheck(name, title, annotationSet, annotations.length, failOnViolations)

// After: always reflects actual violations in the XML
const totalViolations = results.reduce((sum, r) => sum + r.violationCount, 0)
await createCheck(name, title, annotationSet, totalViolations, failOnViolations)

• __tests__/main.test.ts — Updated for new return shape; added a test asserting violationCount > 0 when existsSync returns false.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

Fixes incorrect check run summaries that reported 0 violation(s) found when SpotBugs XML violations existed but could not be mapped to resolvable source file paths (causing annotations to be skipped).

Changes:

• Update annotationsForPath to return both rendered annotations and the raw SpotBugs BugInstance count (violationCount).
• Update main execution flow to sum violationCount across reports and use it as the check run’s numErrors, independent of annotation generation success.
• Rebuild the bundled action artifact (dist/index.js) and adjust tests for the new return shape, including a case where source files don’t exist.

Reviewed changes

Copilot reviewed 3 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/annotations.ts	Returns { annotations, violationCount } so summary counts reflect XML violations even when annotations are skipped.
src/main.ts	Aggregates violationCount into totalViolations and uses it for check run summary/conclusion; removes unused import.
tests/main.test.ts	Updates existing test for new return shape; adds coverage for unresolved source paths.
package-lock.json	Updates dependency specifiers/lock metadata as part of rebuild/install.
dist/index.js	Rebuilt ncc bundle to ship the fix (includes large regenerated/vendor diffs).
dist/licenses.txt	Regenerated licenses file reflecting bundled dependency set.

Comments suppressed due to low confidence (1)

tests/main.test.ts:32

• This test re-spies on fs.existsSync even though it’s already spied in beforeAll, and it doesn’t restore/reset the mock afterwards. To avoid brittle inter-test coupling, reuse the existing spy and change its return value for this test (e.g. mockReturnValueOnce(false)), and/or add an afterEach that restores mocks.

  )
  jest.spyOn(fs, 'existsSync').mockReturnValue(false)
  const result = annotationsForPath(spotBugsXml)
  expect(result.annotations).toHaveLength(0)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.