Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Code Coverage Reporting via CI #167

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

courtneypacheco
Copy link

This document provides design suggestions for CI code coverage reporting. Initially, the high-level goal is to provide a report in each pull request to highlight:

  • Current code coverage of main for each InstructLab repo
  • The code coverage on the new lines in the PR
  • What the code coverage will become if said PR is merged (e.g., 53% coverage -> 62% coverage)

We can ultimately decide if we want to enforce a minimum coverage % in PRs, but for now, I just want to report the coverage for informational purposes

@courtneypacheco courtneypacheco force-pushed the dev-docs-ci-code-coverage branch 3 times, most recently from 5dc709c to e818651 Compare December 17, 2024 20:53
This document provides design suggestions for CI code coverage reporting, as well as describe high-level goals.

Also, I've added unrecognized words to the spell checking dictionary

Signed-off-by: Courtney Pacheco <[email protected]>
@courtneypacheco courtneypacheco force-pushed the dev-docs-ci-code-coverage branch from e818651 to 06fd0a3 Compare December 17, 2024 21:06

* Code coverage should be reported in PR builds as a GitHub _bot_ comment
* New code:
* Should show % coverage on new lines of code.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we require this explicitly for all repos? There are some repos like instructlab/training which are challenging to test meaningfully for certain aspects due to how we expect them to run (distributed, multi-processed).

Maybe it would make more sense to uphold a certain % of coverage maintained? So that if new changes increase the lines, we are not falling below a certain threshold.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem to be suggesting a requirement, just a communication of how much of the new code is being covered by testing

* Free to use in open source projects.
* Codecov reports all the data on GitHub in a comment. [Example](https://docs.codecov.com/docs/pull-request-comments).
* Cons / Callouts:
* Not applicable at this time, but if we want to use it in >1 private repo, we must purchase a customer plan.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't have any private repos (or plan to), so this shouldn't affect us.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

* Pros:
* Free to use via [MIT license here](https://github.com/coverallsapp/github-action/blob/main/LICENSE.md).
* Appears to be free for open source repos, but like with Codecov, we should validate that the ToS doesn’t have fine print, etc.
* Can report all the data in a GitHub comment. [Example](https://github.com/coverallsapp/coveralls-node-demo/pull/19#issuecomment-1035344985).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a really nice addition.

* Appears to be free for open source repos, but like with Codecov, we should validate that the ToS doesn’t have fine print, etc.
* Can report all the data in a GitHub comment. [Example](https://github.com/coverallsapp/coveralls-node-demo/pull/19#issuecomment-1035344985).
* Cons / Callouts:
* Code coverage visuals, etc. are all viewed through the Coveralls front end (coveralls.io), so if that service were to go down, then we’re technically at their mercy.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it's FOSS/MIT licensed, could we not stand up our own instance?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, but I'd prefer to avoid the overhead (is possible)

Copy link
Member

@RobotSail RobotSail left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this dev-doc, this will be a very positive change to have in our repos. I think ultimately all of the coverage tools will be good to have, so it seems like it's more about preference than necessarily picking the wrong one.

@bjhargrave
Copy link
Contributor

I am not sure the utility of this. Unless it is someone's job to increase the coverage amount, the coverage amount is just a metric no one cares about and is more emails from GitHub for each PR run. I don't think I have ever worked on an open source project where coverage reporting has ever been really helpful.

A lighter weight idea would be to simply upload the coverage data/reports as a build artifact which someone can go get if they really care. For example (the example is test reports, but same basic idea):

https://github.com/bndtools/bnd/blob/ce60cc705bea2ef75126cb17967b34a50ab3b4a6/.github/workflows/cibuild.yml#L103-L111

@courtneypacheco
Copy link
Author

I am not sure the utility of this. Unless it is someone's job to increase the coverage amount, the coverage amount is just a metric no one cares about and is more emails from GitHub for each PR run. I don't think I have ever worked on an open source project where coverage reporting has ever been really helpful.

A lighter weight idea would be to simply upload the coverage data/reports as a build artifact which someone can go get if they really care. For example (the example is test reports, but same basic idea):

https://github.com/bndtools/bnd/blob/ce60cc705bea2ef75126cb17967b34a50ab3b4a6/.github/workflows/cibuild.yml#L103-L111

Yep, I know what you mean about metrics.

I don't think the number itself tells us much about code quality either because in theory, a repo can have "100% code coverage," yet still suffer quality issues. After all, if we write code wrong and then write our unit tests wrong as well, it is possible that the unit tests pass when they shouldn't.

However, if the code coverage is sitting at 53% and a contributor creates a large PR that reduces the overall code coverage to 30% (as a gross exaggeration), then we might want to look at it with more critical eyes. Same if someone creates a PR that adds 200 lines with only 5% code coverage.

Ultimately, my goal is not to bombard anyone with tons of emails, especially from a code coverage bot! But I do want to make it easy for contributors and reviewers to see if a certain file or critical piece of code was accidentally left untested. Yes, contributors can look at the actual code coverage report file instead of us having a bot commenting about untested code lines, but having coverage information summarized right in the PR would likely be helpful for PR reviewers.

What do you think?

@bjhargrave
Copy link
Contributor

having coverage information summarized right in the PR would likely be helpful for PR reviewers.

Yes, but adding the comments sends emails. :-(

In any case, we need to be careful in the GitHub workflows to avoid security issues which can lead to supply chain attacks.

@courtneypacheco
Copy link
Author

having coverage information summarized right in the PR would likely be helpful for PR reviewers.

Yes, but adding the comments sends emails. :-(

In any case, we need to be careful in the GitHub workflows to avoid security issues which can lead to supply chain attacks.

Yep, agreed.

A couple of options off the top of my head to mitigate the number notifications:

For security concerns regarding workflows: Ansible, Santa and other popular open source repos do actively use Codecov or Coveralls to assess code coverage. I can definitely look into how these repos have mitigated security risks via their workflow logic and work to identify any concerns we may have if we were to introduce such workflows in any of our repos.


* Code coverage should be reported in PR builds as a GitHub _bot_ comment
* New code:
* Should show % coverage on new lines of code.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem to be suggesting a requirement, just a communication of how much of the new code is being covered by testing

* Free to use in open source projects.
* Codecov reports all the data on GitHub in a comment. [Example](https://docs.codecov.com/docs/pull-request-comments).
* Cons / Callouts:
* Not applicable at this time, but if we want to use it in >1 private repo, we must purchase a customer plan.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

* Appears to be free for open source repos, but like with Codecov, we should validate that the ToS doesn’t have fine print, etc.
* Can report all the data in a GitHub comment. [Example](https://github.com/coverallsapp/coveralls-node-demo/pull/19#issuecomment-1035344985).
* Cons / Callouts:
* Code coverage visuals, etc. are all viewed through the Coveralls front end (coveralls.io), so if that service were to go down, then we’re technically at their mercy.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, but I'd prefer to avoid the overhead (is possible)

* Explains what isn’t covered and gives detailed suggestions on how to increase code coverage. (Seems better than Codecov, but… it’s also a more refined product?).
* Keeps a running history of your code coverage reporting, if desired.
* Cons / Callouts:
* Appears to be "free to use," but Sonar wants you to store coverage data in their cloud and storage costs will apply unless you agree to host your own Sonar service -- in which case, we'll need to pay for a license. (Not ideal.)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I say we avoid this one

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. It's a great tool, but let's avoid it unless we need those added features down the line.


## Code Coverage Reporting Bot: Options

### [Codecov](https://github.com/marketplace/codecov)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be my preference

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll look into this more to see how we can set it up.

Copy link
Contributor

@cdoern cdoern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is very thorough, I like all of the ideas here. My preference for code coverage is CodeCov

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants