Upload code coverage #4996
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow runs as soon as the workflow from `code-coverage.yml` has | |
# successfully finished. It downloads the created artifact and runs the | |
# Codecov uploader. This workflow uses the `workflow_run` trigger. This | |
# means that it will always be run from the master branch, meaning that | |
# the contents of this file will always be taken from the master branch, | |
# even if a PR changes it. Since this approach disallows several attacks | |
# from malicious PR authors, such workflows have access to the secrets | |
# stored on GitHub. For details on the `workflow_run` trigger and this | |
# security measures, see | |
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
name: Upload code coverage | |
on: | |
workflow_run: | |
# This has to be the `name:` of the workflow in `code_coverage.yml`. | |
# Start when this workflow has finished successfully. | |
workflows: [measure-code-coverage] | |
types: | |
- completed | |
jobs: | |
upload: | |
runs-on: ubuntu-latest | |
# Only run on successful pull requests. Merge commits to master upload | |
# their coverage reports directly inside `code-coverage.yml` | |
if: > | |
github.event.workflow_run.event == 'pull_request' && | |
github.event.workflow_run.conclusion == 'success' | |
steps: | |
- name: 'Download artifact' | |
uses: actions/github-script@v7 | |
# The following script is taken from the link stated at the | |
# beginning of this file. It manually downloads an artifact | |
# from another workflow. | |
with: | |
script: | | |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: ${{github.event.workflow_run.id }}, | |
}); | |
var matchArtifact = artifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "coverage-report" | |
})[0]; | |
var download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
var fs = require('fs'); | |
fs.writeFileSync('${{github.workspace}}/coverage-report.zip', Buffer.from(download.data)); | |
- run: unzip coverage-report.zip | |
# Read the metadata into environment variables. | |
- name: "Read PR number" | |
run: echo "pr_number=`cat pr`" >> $GITHUB_ENV | |
- name: "Read Github Ref" | |
run: echo "original_github_ref=`cat github_ref`" >> $GITHUB_ENV; | |
- name: "Read Github Repository" | |
run: echo "original_github_repository=`cat github_repository`" >> $GITHUB_ENV; | |
# We have to check out the source code from the PR, otherwise Codecov | |
# won't process the upload properly. We first check it out into a | |
# subdirectory `qlever-source`, otherwise the coverage report will | |
# be overwritten. We then move all the files back into the working | |
# directory such that Codecov will pick them up properly. | |
- name: "Checkout" | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{env.original_github_repository}} | |
submodules: "recursive" | |
ref: ${{env.original_github_ref}} | |
path: qlever-source | |
- name: "Move qlever sources up" | |
run: shopt -s dotglob && mv qlever-source/* . | |
# For the new version of the codecov action we have to move the coverage file back to its original location, | |
# else several things don't work... | |
- name: "Move coverage file to original location" | |
run: mkdir build && mkdir build/test && mv coverage.lcov build/test | |
- name: "Upload coverage report" | |
uses: codecov/codecov-action@v4 | |
with: | |
file: ${{github.workspace}}/build/test/coverage.lcov | |
# Note: technically, a `token` is not required for codecov.io when | |
# uploading from a public repository, but specifying it avoids the | |
# nasty spurious failures due to Github's rate limit for codecov's | |
# public default token. | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
# Since this workflow runs on the master branch and not in a PR | |
# we have to specify the following settings manually to make Codecov | |
# aware of the "actual" origin of the coverage report. | |
override_branch: ${{github.event.workflow_run.head_branch}} | |
override_build: ${{github.event.workflow_run.workflow_id}} | |
override_commit: ${{github.event.workflow_run.head_commit.id}} | |
override_pr: ${{env.pr_number}} |