Skip to content

Upload code coverage #4996

Upload code coverage

Upload code coverage #4996

# This workflow runs as soon as the workflow from `code-coverage.yml` has
# successfully finished. It downloads the created artifact and runs the
# Codecov uploader. This workflow uses the `workflow_run` trigger. This
# means that it will always be run from the master branch, meaning that
# the contents of this file will always be taken from the master branch,
# even if a PR changes it. Since this approach disallows several attacks
# from malicious PR authors, such workflows have access to the secrets
# stored on GitHub. For details on the `workflow_run` trigger and this
# security measures, see
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
name: Upload code coverage
on:
workflow_run:
# This has to be the `name:` of the workflow in `code_coverage.yml`.
# Start when this workflow has finished successfully.
workflows: [measure-code-coverage]
types:
- completed
jobs:
upload:
runs-on: ubuntu-latest
# Only run on successful pull requests. Merge commits to master upload
# their coverage reports directly inside `code-coverage.yml`
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- name: 'Download artifact'
uses: actions/github-script@v7
# The following script is taken from the link stated at the
# beginning of this file. It manually downloads an artifact
# from another workflow.
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "coverage-report"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/coverage-report.zip', Buffer.from(download.data));
- run: unzip coverage-report.zip
# Read the metadata into environment variables.
- name: "Read PR number"
run: echo "pr_number=`cat pr`" >> $GITHUB_ENV
- name: "Read Github Ref"
run: echo "original_github_ref=`cat github_ref`" >> $GITHUB_ENV;
- name: "Read Github Repository"
run: echo "original_github_repository=`cat github_repository`" >> $GITHUB_ENV;
# We have to check out the source code from the PR, otherwise Codecov
# won't process the upload properly. We first check it out into a
# subdirectory `qlever-source`, otherwise the coverage report will
# be overwritten. We then move all the files back into the working
# directory such that Codecov will pick them up properly.
- name: "Checkout"
uses: actions/checkout@v4
with:
repository: ${{env.original_github_repository}}
submodules: "recursive"
ref: ${{env.original_github_ref}}
path: qlever-source
- name: "Move qlever sources up"
run: shopt -s dotglob && mv qlever-source/* .
# For the new version of the codecov action we have to move the coverage file back to its original location,
# else several things don't work...
- name: "Move coverage file to original location"
run: mkdir build && mkdir build/test && mv coverage.lcov build/test
- name: "Upload coverage report"
uses: codecov/codecov-action@v4
with:
file: ${{github.workspace}}/build/test/coverage.lcov
# Note: technically, a `token` is not required for codecov.io when
# uploading from a public repository, but specifying it avoids the
# nasty spurious failures due to Github's rate limit for codecov's
# public default token.
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
# Since this workflow runs on the master branch and not in a PR
# we have to specify the following settings manually to make Codecov
# aware of the "actual" origin of the coverage report.
override_branch: ${{github.event.workflow_run.head_branch}}
override_build: ${{github.event.workflow_run.workflow_id}}
override_commit: ${{github.event.workflow_run.head_commit.id}}
override_pr: ${{env.pr_number}}