From 239055f98edc9df4f16ed394a970b0db75919a17 Mon Sep 17 00:00:00 2001 From: Rhuan Barreto Date: Mon, 11 May 2026 22:14:37 +0200 Subject: [PATCH] fix(ci): fix Codecov coverage and test results uploads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix multiple issues preventing Codecov from receiving uploads: - Fix report_type input name: codecov-action v6 expects report_type (underscore), not report-type (hyphen). The hyphenated form was silently ignored, causing test results to upload via upload-coverage instead of upload-test-results. - Add disable_search: true to both upload steps to prevent auto-discovery of unrelated files (doc MDX fixtures were being picked up as coverage data). - Add push trigger for main branch to code-pull-request.yml so coverage uploads on every push to main, giving Codecov the base commit data it needs to compute diff coverage on PRs. - Switch to OIDC authentication (use_oidc) which uses GitHub's OpenID Connect provider to authenticate directly with Codecov, bypassing known token-related bugs (codecov/codecov-action#1794, #1839, #1623). OIDC is disabled for fork PRs where id-token is unavailable — those fall back to the repository token. - Add explicit slug (archgate/cli) to prevent auto-detection failures. - Add id-token: write permission to the Validate workflow for OIDC. Note: coverage data uploads currently hit a Codecov server-side 500 error (filed as codecov/codecov-action#1945). Test results uploads work. Coverage will start flowing once Codecov resolves the issue. Signed-off-by: Rhuan Barreto --- .github/workflows/code-pull-request.yml | 12 +++++++++++- .github/workflows/release.yml | 8 +++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/code-pull-request.yml b/.github/workflows/code-pull-request.yml index cd26145f..a812b1d4 100644 --- a/.github/workflows/code-pull-request.yml +++ b/.github/workflows/code-pull-request.yml @@ -1,6 +1,9 @@ name: Validate on: + push: + branches: + - main pull_request: types: [opened, edited, synchronize, reopened] branches: @@ -10,6 +13,7 @@ on: permissions: contents: read + id-token: write concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -61,16 +65,22 @@ jobs: if: always() && steps.validate.outcome == 'success' uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: + use_oidc: ${{ github.event_name != 'pull_request' || !github.event.pull_request.head.repo.fork }} token: ${{ secrets.CODECOV_TOKEN }} + slug: archgate/cli files: coverage/lcov.info + disable_search: true fail_ci_if_error: false - name: Upload test results to Codecov if: always() && steps.validate.outcome != 'skipped' uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: + use_oidc: ${{ github.event_name != 'pull_request' || !github.event.pull_request.head.repo.fork }} token: ${{ secrets.CODECOV_TOKEN }} + slug: archgate/cli files: coverage/junit.xml - report-type: test_results + disable_search: true + report_type: test_results fail_ci_if_error: false - name: Save Bun Cache uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 377997db..b211948a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -157,16 +157,22 @@ jobs: if: always() && steps.validate.outcome == 'success' uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: + use_oidc: true token: ${{ secrets.CODECOV_TOKEN }} + slug: archgate/cli files: coverage/lcov.info + disable_search: true fail_ci_if_error: false - name: Upload test results to Codecov if: always() && steps.validate.outcome != 'skipped' uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: + use_oidc: true token: ${{ secrets.CODECOV_TOKEN }} + slug: archgate/cli files: coverage/junit.xml - report-type: test_results + disable_search: true + report_type: test_results fail_ci_if_error: false - name: Ensure main is up-to-date before release run: git pull --rebase origin main