Skip to content

Commit d928a8d

Browse files
committed
CI: use Codecov OIDC on master
Upload coverage only on master and authenticate via OIDC (no CODECOV_TOKEN secret required).
1 parent 5d15f8e commit d928a8d

File tree

1 file changed

+8
-4
lines changed

1 file changed

+8
-4
lines changed

.github/workflows/drupal-module.yml

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@ jobs:
2020
phpunit:
2121
runs-on: ubuntu-latest
2222
continue-on-error: ${{ matrix.experimental }}
23+
permissions:
24+
contents: read
25+
id-token: write
2326
strategy:
2427
fail-fast: false
2528
matrix:
@@ -80,32 +83,33 @@ jobs:
8083
chmod -R 777 drupal/web/sites/simpletest/browser_output
8184
8285
- name: Run PHPUnit
83-
if: ${{ !matrix.coverage }}
86+
if: ${{ !matrix.coverage || github.ref != 'refs/heads/master' }}
8487
run: |
8588
cd drupal/web
8689
../vendor/bin/phpunit -c core modules/contrib/jsonapi_frontend/tests
8790
8891
- name: Run PHPUnit (coverage)
89-
if: ${{ matrix.coverage }}
92+
if: ${{ matrix.coverage && github.ref == 'refs/heads/master' }}
9093
run: |
9194
cd drupal/web
9295
../vendor/bin/phpunit -c core modules/contrib/jsonapi_frontend/tests \
9396
--coverage-clover "$GITHUB_WORKSPACE/coverage.xml" \
9497
--coverage-filter modules/contrib/jsonapi_frontend
9598
9699
- name: Upload coverage artifact
97-
if: ${{ matrix.coverage }}
100+
if: ${{ matrix.coverage && github.ref == 'refs/heads/master' }}
98101
uses: actions/upload-artifact@v4
99102
with:
100103
name: coverage-jsonapi_frontend
101104
path: coverage.xml
102105
if-no-files-found: error
103106

104107
- name: Upload coverage to Codecov
105-
if: ${{ matrix.coverage }}
108+
if: ${{ matrix.coverage && github.ref == 'refs/heads/master' }}
106109
continue-on-error: true
107110
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de
108111
with:
112+
use_oidc: true
109113
files: coverage.xml
110114
flags: phpunit,drupal
111115
fail_ci_if_error: false

0 commit comments

Comments
 (0)