Post coverage reports on PR runs (#1273)

bpedersen2 · web-flow · commit 996f2c8d02f2 · 2023-12-07T13:03:27.000+01:00
* Post coverage reports on PR runs follows usage in https://github.com/Nef10/SwiftBeanCountModel/tree/main/.github/workflows and uses https://github.com/Nef10/lcov-reporter-action Change-Id: If99e81f21a1b4c2bb803f2ba948175a683387495 * Use current upload artifacts job
diff --git a/.github/workflows/report-coverage.yml b/.github/workflows/report-coverage.yml
@@ -0,0 +1,54 @@
+name: Comment on the pull request
+
+# see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/   
+# read-write repo token
+# access to secrets
+on:
+  workflow_run:
+    workflows: ["Test"]
+    types:
+      - completed
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    if: >
+      github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success'
+    steps:
+      - name: 'Download artifact'
+        uses: actions/github-script@v3.1.0
+        with:
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "coverage"
+            })[0];
+            var download = await github.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data));
+      - run: unzip pr.zip
+      - name: 'get PR number'
+        run: echo "pr_number=$(cat ./PR)">> $GITHUB_ENV
+  
+      - name: report coverage
+        uses: Nef10/lcov-reporter-action@v0.4.0
+        with:
+          lcov-file: lcov.info
+          pr-number: ${{ env.pr_number }}      
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          output-file: comment.html
+      - name: Post code coverage report
+        uses: marocchino/sticky-pull-request-comment@v2.8.0
+        with:
+          path: comment.html
+          number: ${{ env.pr_number }}            
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -82,13 +82,18 @@ jobs:
 
       - name: Test
         run: |
-          npm run test
+          npm run -- test --code-coverage
           npm run build
-
-      - name: Coveralls
-        uses: coverallsapp/github-action@master
+      # save pr number for later use
+      # (see https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
+      - name: Save PR number
+        run: |
+          echo ${{ github.event.number }} > ./coverage/PR
+      - uses: actions/upload-artifact@v3
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          name: coverage
+          path: coverage/
+
 
   e2etests:
     name: Run E2E Tests
