From a57e8d40d46bf8a177c7edb202012b74bdf60f7d Mon Sep 17 00:00:00 2001 From: Srijan Saurav <68371686+srijan-deepsource@users.noreply.github.com> Date: Fri, 23 May 2025 12:42:02 +0530 Subject: [PATCH 1/4] use oidc to report coverage Signed-off-by: Srijan Saurav <68371686+srijan-deepsource@users.noreply.github.com> --- .github/workflows/CI.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 74222fae..1b95f82f 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -9,8 +9,6 @@ on: jobs: run-tests: runs-on: ubuntu-latest - env: - DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }} steps: - name: Set up Go 1.x @@ -40,4 +38,4 @@ jobs: - name: Report test coverage to DeepSource run: | curl https://deepsource.io/cli | sh - ./bin/deepsource report --analyzer test-coverage --key go --value-file ./coverage.out + ./bin/deepsource report --analyzer test-coverage --key go --value-file ./coverage.out --use-oidc From d9757b80c75d0f085eb62fc70325a686beb9a550 Mon Sep 17 00:00:00 2001 From: Srijan Saurav <68371686+srijan-deepsource@users.noreply.github.com> Date: Fri, 23 May 2025 12:48:01 +0530 Subject: [PATCH 2/4] add required permission Signed-off-by: Srijan Saurav <68371686+srijan-deepsource@users.noreply.github.com> --- .github/workflows/CI.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 1b95f82f..ae00a797 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -9,6 +9,8 @@ on: jobs: run-tests: runs-on: ubuntu-latest + permissions: + id-token: write # Required to fetch the OIDC token steps: - name: Set up Go 1.x From a779cac439df687569e6b4b0027670b553afbff3 Mon Sep 17 00:00:00 2001 From: Srijan Saurav Date: Fri, 23 May 2025 12:56:08 +0530 Subject: [PATCH 3/4] fix oidc test --- utils/fetch_oidc_token_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utils/fetch_oidc_token_test.go b/utils/fetch_oidc_token_test.go index 84a5b8ae..5d66e10b 100644 --- a/utils/fetch_oidc_token_test.go +++ b/utils/fetch_oidc_token_test.go @@ -284,6 +284,8 @@ func TestGetDSNFromOIDC(t *testing.T) { t.Setenv("GITHUB_ACTIONS", "true") // ACTIONS_ID_TOKEN_REQUEST_TOKEN is missing t.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "url") + // make sure this is missing in when running on github actions too + os.Unsetenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN") t.Cleanup(func() { os.Unsetenv("GITHUB_ACTIONS") os.Unsetenv("ACTIONS_ID_TOKEN_REQUEST_URL") @@ -300,6 +302,7 @@ func TestGetDSNFromOIDC(t *testing.T) { t.Run("error_github_actions_env_vars_missing_url", func(t *testing.T) { t.Setenv("GITHUB_ACTIONS", "true") t.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "token") + os.Unsetenv("ACTIONS_ID_TOKEN_REQUEST_URL") // ACTIONS_ID_TOKEN_REQUEST_URL is missing t.Cleanup(func() { os.Unsetenv("GITHUB_ACTIONS") From 4f62a7209ecc8431b2a5ba18df90c5fa41cef5ef Mon Sep 17 00:00:00 2001 From: Srijan Saurav <68371686+srijan-deepsource@users.noreply.github.com> Date: Fri, 23 May 2025 13:00:26 +0530 Subject: [PATCH 4/4] Update utils/fetch_oidc_token_test.go Signed-off-by: Srijan Saurav <68371686+srijan-deepsource@users.noreply.github.com> --- utils/fetch_oidc_token_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/fetch_oidc_token_test.go b/utils/fetch_oidc_token_test.go index 5d66e10b..b081d881 100644 --- a/utils/fetch_oidc_token_test.go +++ b/utils/fetch_oidc_token_test.go @@ -284,7 +284,7 @@ func TestGetDSNFromOIDC(t *testing.T) { t.Setenv("GITHUB_ACTIONS", "true") // ACTIONS_ID_TOKEN_REQUEST_TOKEN is missing t.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", "url") - // make sure this is missing in when running on github actions too + // make sure this is missing when running on github actions too os.Unsetenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN") t.Cleanup(func() { os.Unsetenv("GITHUB_ACTIONS")