Upgrade Codecov upload method #68
Conversation
|
mmmm, tasty binary download and execution. 😛 It certainly would be nice to implement the integrity checking, it would prevent projects which use this uploader getting bitten by a repeat of the codecov bash uploader security issue. It might be a bit of a pain to do on all three OSes though. |
ConorMacBride
force-pushed
the
upgrade-codecov
branch
3 times, most recently
from
1905bd1
to
47e8d8c
Compare
|
@ConorMacBride when you are happy with this, if you want to open a PR to sunpy which swaps the branch of the templates we are using to this one, I will happily merge it and give it a test out. |
|
Thanks @Cadair 👍 I'm still trying to understand how the |
Signed-off-by: Conor MacBride <[email protected]> Use Powershell for Windows Signed-off-by: Conor MacBride <[email protected]> Update CODECOV_TOKEN variable Signed-off-by: Conor MacBride <[email protected]> Access CODECOV_TOKEN as env var Signed-off-by: Conor MacBride <[email protected]> Remove check for no token Signed-off-by: Conor MacBride <[email protected]> Add original token check template exp Signed-off-by: Conor MacBride <[email protected]>
Signed-off-by: Conor MacBride <[email protected]>
ConorMacBride
force-pushed
the
upgrade-codecov
branch
from
0ba204b
to
5f37efc
Compare
|
I've added the integrity check for all OSes and it all appears to be working as expected on SunPy (sunpy/sunpy#5597) so this PR is probably ready to be reviewed and merged.
|
|
@Cadair the issue in the previous comment seems to have resolved itself without any changes on my part. So this PR should be ready to review. |
Signed-off-by: Conor MacBride <[email protected]>
run-tox-env.yml
Outdated
| ${{ if ne(variables.CODECOV_TOKEN, '') }}: | ||
| env: | ||
| CODECOV_TOKEN: $(CODECOV_TOKEN) | ||
| - ${{ if or(eq(env_pair.key, 'macos'), eq(env_pair.key, 'linux')) }}: |
There was a problem hiding this comment.
Coverage is only uploaded if eq(env_pair.key, 'linux'). As for linux env_pair.key can be either linux, manylinux or linux32. This means that reports currently won't be uploaded for Docker containers. I'll update the template.
Signed-off-by: Conor MacBride <[email protected]>
|
@ConorMacBride Am I right in thinking this is good to go now? |
|
Yes, ready to be merged! |
Cadair
force-pushed
the
upgrade-codecov
branch
from
d04a8ec
to
d859b35
Compare
Cadair
force-pushed
the
upgrade-codecov
branch
from
d859b35
to
a52cb9b
Compare
|
I added the
I am now just using your branch to fix the CI 🤣 |
Cadair
force-pushed
the
upgrade-codecov
branch
from
c339f93
to
bc651bd
Compare
|
Thanks a lot @ConorMacBride This is a really nice improvement. |
Codecov has deprecated the Bash uploader (https://docs.codecov.com/docs/about-the-codecov-bash-uploader). This PR upgrades the template's upload method to the new method recommended by Codecov (https://docs.codecov.com/docs/codecov-uploader).
I haven't implemented the script integrity check, however can look into that if you like. This would need to be tested by opening a PR in a project which uses this template (SunPy for example) with the template set to this PR in the
azure-pipelines.yml. I've tested on my own code and it seems to work. https://dev.azure.com/ConorMacBride/mcalf/_build/results?buildId=146&view=results (However due to an unrelated issue, which prompted me to open this PR, the coverage report does not actually get uploaded to Codecov. Not sure what the issue is though.)