[skip changelog] Remove unnecessary token input from Codecov upload steps of test workflow #886
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, the workflow pinned the outdated v1.0.2 ref. The requirement for an upload token has been removed since the 1.0.2 release. Removing the token input will provide several benefits: - Prevent failures when the workflow is run in forks, which won't have the CODECOV_TOKEN secret defined. - Allow configuring the workflow to be triggered by pull_request events, making it easy to evaluate the impact the pull request has on code coverage. The use of the v1 ref, rather than pinning a specific version allows the workflow to automatically benefit from ongoing development work on the action, while still preventing it from being affected by breaking changes.
…flow With the modern versions of the codecov/codecov-action GitHub Actions action, the upload token is only required for private repositories. Now that we are using a modern version of the action, this input only has a harmful effect by causing the workflow to fail when run in forks and also preventing us from using Codecov to evaluate the impact on code coverage of pull requests.
Merged
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please check if the PR fulfills these requirements
before creating one)
Feature.
An outdated version of the
codecov/codecov-actionGitHub Actions action is pinned in thetestworkflow. This outdated version imposes a requirement for an upload token. This token is defined by a repository secret, which causes two issues:testworkflow fails when run in forks of the repository because they are missing this secret. This spurious failure will cause confusion to contributors who are checking to be sure their contribution will pass CI.pull_requestevents because GitHub Actions disables secrets when a workflow is triggered by an event from a fork.Modern versions of the
codecov/codecov-actionaction do not require the token when used in public repositories.The
v1ref of thecodecov/codecov-actionGitHub Actions action is specified by thetestworkflow. In addition to making the token unnecessary, this will also cause the workflow to automatically use the latest 1.x.x version of the action, so we will continue to benefit from the ongoing development work up to the point where any breaking changes cause them to do a major version bump.The
codecov/codecov-actionaction'stokeninput is not used in thetestworkflow, eliminating the workflow's dependence on repository secrets.No.