ci: coding guidelines: add per-file violation table to SARIF summary

Extend sarif_summary.py to also report the number of violations
broken down by file.

parse_sarif now collects a file_counts Counter by walking each
result's locations[].physicalLocation.artifactLocation.uri field.
The new write_file_summary helper renders a second Markdown table
sorted by descending violation count, with a header showing the
total number of distinct files affected.  The table is appended to
the step summary immediately after the existing per-rule table.

Assisted-by: GitHub Copilot:claude-sonnet-4.6
Signed-off-by: Anas Nashif <anas.nashif@intel.com>

Author: nashif

.github/workflows/coding_guidelines_full.yml

@@ -164,7 +164,7 @@ jobs:
       - name: Summarize SARIF results
         if: always()
         run: |
-          python3 scripts/ci/sarif_summary.py results.sarif
+          python3 scripts/ci/sarif_summary.py results_${GITHUB_SHA}.sarif
 
       # disabled for now
       # - name: Upload Analysis Results

scripts/ci/sarif_summary.py

@@ -24,16 +24,18 @@ def _tag_order(tag):
 
 
 def parse_sarif(path):
-    """Return (counts, rule_meta) from *path*.
+    """Return (counts, rule_meta, file_counts) from *path*.
 
-    counts     -- Counter mapping ruleId -> total violation count
-    rule_meta  -- dict mapping ruleId -> {desc, tag}
+    counts      -- Counter mapping ruleId -> total violation count
+    rule_meta   -- dict mapping ruleId -> {desc, tag}
+    file_counts -- Counter mapping file URI -> total violation count
     """
     with open(path, encoding="utf-8") as fh:
         sarif = json.load(fh)
 
     counts = collections.Counter()
     rule_meta = {}
+    file_counts = collections.Counter()
 
     for run in sarif.get("runs", []):
         for rule in run.get("tool", {}).get("driver", {}).get("rules", []):
@@ -53,11 +55,32 @@ def parse_sarif(path):
         for result in run.get("results", []):
             rid = result.get("ruleId", "unknown")
             counts[rid] += 1
-
-    return counts, rule_meta
-
-
-def write_summary(counts, rule_meta, out):
+            for loc in result.get("locations", []):
+                uri = (
+                    loc.get("physicalLocation", {})
+                    .get("artifactLocation", {})
+                    .get("uri", "")
+                )
+                if uri:
+                    file_counts[uri] += 1
+
+    return counts, rule_meta, file_counts
+
+
+def write_file_summary(file_counts, out):
+    """Write a Markdown table of violation counts per file."""
+    n_files = len(file_counts)
+    out.write(f"## :file_folder: Violations by File\n\n")
+    out.write(f"> **Files with violations:** {n_files:,}\n\n")
+    out.write("| # | File | Violations |\n")
+    out.write("|--:|------|----------:|\n")
+    for idx, (uri, cnt) in enumerate(
+        sorted(file_counts.items(), key=lambda kv: -kv[1]), 1
+    ):
+        out.write(f"| {idx} | `{uri}` | {cnt:,} |\n")
+
+
+def write_summary(counts, rule_meta, file_counts, out):
     total = sum(counts.values())
     n_rules = len(counts)
 
@@ -81,6 +104,9 @@ def write_summary(counts, rule_meta, out):
         desc = m.get("desc", "")
         out.write(f"| {idx} | `{rid}` | {tag} | {cnt:,} | {desc} |\n")
 
+    out.write("\n")
+    write_file_summary(file_counts, out)
+
 
 def emit_annotations(counts, rule_meta):
     """Emit one ``::notice::`` annotation per rule for the Actions log."""
@@ -110,14 +136,14 @@ def main():
     )
     args = ap.parse_args()
 
-    counts, rule_meta = parse_sarif(args.sarif)
+    counts, rule_meta, file_counts = parse_sarif(args.sarif)
 
     summary_file = os.environ.get("GITHUB_STEP_SUMMARY")
     if summary_file:
         with open(summary_file, "a", encoding="utf-8") as fh:
-            write_summary(counts, rule_meta, fh)
+            write_summary(counts, rule_meta, file_counts, fh)
     else:
-        write_summary(counts, rule_meta, sys.stdout)
+        write_summary(counts, rule_meta, file_counts, sys.stdout)
 
     if not args.no_annotations:
         emit_annotations(counts, rule_meta)