Skip to content

Commit

Permalink
Split off CodeCov upload as separate job (#2590)
Browse files Browse the repository at this point in the history 
* Update Harden Runner
  • Loading branch information
@imnasnainaec
imnasnainaec authored Sep 16, 2023
1 parent 2b090a4 commit 4a1f0fc
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 39 deletions.
59 changes: 38 additions & 21 deletions .github/workflows/backend.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,13 @@ jobs:
aka.ms:443
api.github.com:443
api.nuget.org:443
codecov.io:443
dc.services.visualstudio.com:443
deb.debian.org:80
dotnetbuilds.azureedge.net:443
dotnetcli.azureedge.net:443
github.com:443
md-hdd-t032zjxllntc.z26.blob.storage.azure.net:443
objects.githubusercontent.com:443
storage.googleapis.com:443
uploader.codecov.io:443
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Setup dotnet
uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
Expand All @@ -47,27 +44,16 @@ jobs:
uses: FedericoCarboni/setup-ffmpeg@v2 # v2.0.0

# Coverage.
- name: run coverage tests
- name: Run coverage tests
run: dotnet test Backend.Tests/Backend.Tests.csproj
shell: bash
- name: Upload coverage report
id: uploadCoverage
continue-on-error: true
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
files: Backend.Tests/coverage.cobertura.xml
flags: backend
name: Backend
fail_ci_if_error: true
- name: Upload coverage report - take 2 (if the first attempt fails)
if: steps.uploadCoverage.outcome == 'failure'
id: uploadCoverage2
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
- name: Upload coverage artifact
uses: actions/upload-artifact@v3
with:
files: Backend.Tests/coverage.cobertura.xml
flags: backend
name: Backend
fail_ci_if_error: true
if-no-files-found: error
name: coverage
path: Backend.Tests/coverage.cobertura.xml
retention-days: 7

# Development build.
- run: dotnet build BackendFramework.sln
Expand All @@ -79,6 +65,37 @@ jobs:
- run: dotnet tool install -g dotnet-format
- run: dotnet-format --check

upload_coverage:
needs: test_build
runs-on: ubuntu-latest
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
codecov.io:443
github.com:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Download coverage artifact
uses: actions/download-artifact@v3
with:
name: coverage
- name: Upload coverage report
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
fail_ci_if_error: true
files: coverage.cobertura.xml
flags: backend
name: Backend

CodeQL_build:
permissions:
actions: read # for github/codeql-action/init to get workflow details
Expand Down
53 changes: 35 additions & 18 deletions .github/workflows/frontend.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,8 @@ jobs:
allowed-endpoints: >
*.actions.githubusercontent.com:443
api.github.com:443
codecov.io:443
github.com:443
registry.npmjs.org:443
storage.googleapis.com:443
uploader.codecov.io:443
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
Expand All @@ -44,27 +41,47 @@ jobs:
- run: npm run test-frontend:coverage
env:
CI: true
- name: Upload coverage artifact
uses: actions/upload-artifact@v3
with:
if-no-files-found: error
name: coverage
path: coverage/clover.xml
retention-days: 7

# Release build.
- run: npm run build

upload_coverage:
needs: lint_test_build
runs-on: ubuntu-latest
steps:
# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
# configuring harden-runner and identifying allowed endpoints.
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
codecov.io:443
github.com:443
storage.googleapis.com:443
uploader.codecov.io:443
- name: Checkout repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Download coverage artifact
uses: actions/download-artifact@v3
with:
name: coverage
- name: Upload coverage report
id: uploadCoverage
continue-on-error: true
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
files: coverage/clover.xml
flags: frontend
name: Frontend
fail_ci_if_error: true
- name: Upload coverage report - take 2 (if the first attempt fails)
if: steps.uploadCoverage.outcome == 'failure'
id: uploadCoverage2
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
with:
files: coverage/clover.xml
files: clover.xml
flags: frontend
name: Frontend
fail_ci_if_error: true

# Release build.
- run: npm run build

docker_build:
runs-on: ubuntu-latest
Expand Down

0 comments on commit 4a1f0fc

Please sign in to comment.