From d060c7f457c2a6effa07e7496115c69a94ba9fed Mon Sep 17 00:00:00 2001 From: Cristhian Garcia Date: Thu, 25 Apr 2024 10:09:44 -0500 Subject: [PATCH 1/2] build: replace codecov with python-coverage-comment-action --- .coveragerc | 1 + .github/workflows/ci.yml | 26 +++++++++++++++++++++--- .github/workflows/coverage.yml | 36 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/coverage.yml diff --git a/.coveragerc b/.coveragerc index adb924a7..33e85bff 100644 --- a/.coveragerc +++ b/.coveragerc @@ -1,5 +1,6 @@ [run] branch = True +relative_files = True data_file = .coverage source=event_routing_backends omit = diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ceb20ed..29ce6806 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,6 +17,14 @@ jobs: os: [ubuntu-20.04] python-version: ['3.8'] toxenv: [quality, docs, pii_check, django32, django42] + permissions: + # Gives the action the necessary permissions for publishing new + # comments in pull requests. + pull-requests: write + # Gives the action the necessary permissions for pushing data to the + # python-coverage-comment-action branch, and for editing existing + # comments (to avoid publishing multiple comments in the same PR) + contents: write steps: - uses: actions/checkout@v4 @@ -38,7 +46,19 @@ jobs: - name: Run Coverage if: matrix.python-version == '3.8' && matrix.toxenv=='django42' - uses: codecov/codecov-action@v3 + uses: py-cov-action/python-coverage-comment-action@v3 with: - flags: unittests - fail_ci_if_error: true + GITHUB_TOKEN: ${{ github.token }} + MINIMUM_GREEN: 90 + MINIMUM_ORANGE: 85 + ANNOTATE_MISSING_LINES: true + ANNOTATION_TYPE: error + + - name: Store Pull Request comment to be posted + uses: actions/upload-artifact@v4 + if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' + with: + # If you use a different name, update COMMENT_ARTIFACT_NAME accordingly + name: python-coverage-comment-action + # If you use a different name, update COMMENT_FILENAME accordingly + path: python-coverage-comment-action.txt diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml new file mode 100644 index 00000000..a36cf242 --- /dev/null +++ b/.github/workflows/coverage.yml @@ -0,0 +1,36 @@ +# .github/workflows/coverage.yml +name: Post coverage comment + +on: + workflow_run: + workflows: ["Python CI"] + types: + - completed + +jobs: + test: + name: Run tests & display coverage + runs-on: ubuntu-latest + if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' + permissions: + # Gives the action the necessary permissions for publishing new + # comments in pull requests. + pull-requests: write + # Gives the action the necessary permissions for editing existing + # comments (to avoid publishing multiple comments in the same PR) + contents: write + # Gives the action the necessary permissions for looking up the + # workflow that launched this workflow, and download the related + # artifact that contains the comment to be published + actions: read + steps: + # DO NOT run actions/checkout here, for security reasons + # For details, refer to https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + - name: Post comment + uses: py-cov-action/python-coverage-comment-action@v3 + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }} + # Update those if you changed the default values: + # COMMENT_ARTIFACT_NAME: python-coverage-comment-action + # COMMENT_FILENAME: python-coverage-comment-action.txt From 800b2011a0f923cef9927d799adac7b6e730a416 Mon Sep 17 00:00:00 2001 From: Cristhian Garcia Date: Thu, 25 Apr 2024 10:24:00 -0500 Subject: [PATCH 2/2] build: update codecov action to use repo-specific tokens --- .coveragerc | 1 - .github/workflows/ci.yml | 27 ++++--------------------- .github/workflows/coverage.yml | 36 ---------------------------------- 3 files changed, 4 insertions(+), 60 deletions(-) delete mode 100644 .github/workflows/coverage.yml diff --git a/.coveragerc b/.coveragerc index 33e85bff..adb924a7 100644 --- a/.coveragerc +++ b/.coveragerc @@ -1,6 +1,5 @@ [run] branch = True -relative_files = True data_file = .coverage source=event_routing_backends omit = diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29ce6806..2b46deef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,14 +17,6 @@ jobs: os: [ubuntu-20.04] python-version: ['3.8'] toxenv: [quality, docs, pii_check, django32, django42] - permissions: - # Gives the action the necessary permissions for publishing new - # comments in pull requests. - pull-requests: write - # Gives the action the necessary permissions for pushing data to the - # python-coverage-comment-action branch, and for editing existing - # comments (to avoid publishing multiple comments in the same PR) - contents: write steps: - uses: actions/checkout@v4 @@ -46,19 +38,8 @@ jobs: - name: Run Coverage if: matrix.python-version == '3.8' && matrix.toxenv=='django42' - uses: py-cov-action/python-coverage-comment-action@v3 + uses: codecov/codecov-action@v4 with: - GITHUB_TOKEN: ${{ github.token }} - MINIMUM_GREEN: 90 - MINIMUM_ORANGE: 85 - ANNOTATE_MISSING_LINES: true - ANNOTATION_TYPE: error - - - name: Store Pull Request comment to be posted - uses: actions/upload-artifact@v4 - if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' - with: - # If you use a different name, update COMMENT_ARTIFACT_NAME accordingly - name: python-coverage-comment-action - # If you use a different name, update COMMENT_FILENAME accordingly - path: python-coverage-comment-action.txt + flags: unittests + fail_ci_if_error: true + token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index a36cf242..00000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,36 +0,0 @@ -# .github/workflows/coverage.yml -name: Post coverage comment - -on: - workflow_run: - workflows: ["Python CI"] - types: - - completed - -jobs: - test: - name: Run tests & display coverage - runs-on: ubuntu-latest - if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' - permissions: - # Gives the action the necessary permissions for publishing new - # comments in pull requests. - pull-requests: write - # Gives the action the necessary permissions for editing existing - # comments (to avoid publishing multiple comments in the same PR) - contents: write - # Gives the action the necessary permissions for looking up the - # workflow that launched this workflow, and download the related - # artifact that contains the comment to be published - actions: read - steps: - # DO NOT run actions/checkout here, for security reasons - # For details, refer to https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ - - name: Post comment - uses: py-cov-action/python-coverage-comment-action@v3 - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }} - # Update those if you changed the default values: - # COMMENT_ARTIFACT_NAME: python-coverage-comment-action - # COMMENT_FILENAME: python-coverage-comment-action.txt