Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure test coverage reports can be uploaded for PRs from forks #3516

Closed
2 tasks done
nscuro opened this issue Mar 1, 2024 · 1 comment
Closed
2 tasks done

Ensure test coverage reports can be uploaded for PRs from forks #3516

nscuro opened this issue Mar 1, 2024 · 1 comment
Labels
ci enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort
Milestone
4.11

Comments

@nscuro
Copy link
Member

nscuro commented Mar 1, 2024

Current Behavior

Uploading test coverage report for PRs from forks currently fails, because pull_request events do not have access to repository secrets, such as the Codacy project token.

Proposed Behavior

Instead of trying to upload coverage report in the Tests CI workflow directly, have it upload the coverage report, and trigger another workflow upon completion that'll take care of the upload.

This is detailed here: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Checklist
@nscuro nscuro added enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk ci size/S Small effort labels Mar 1, 2024
@nscuro nscuro added this to the 4.11 milestone Mar 1, 2024
@nscuro nscuro self-assigned this Mar 1, 2024
nscuro added a commit to nscuro/dependency-track that referenced this issue Mar 1, 2024
@nscuro
Upload test coverage for PRs via separate workflow
08463d2 
Relates to DependencyTrack#3516

Signed-off-by: nscuro <[email protected]>
@nscuro nscuro mentioned this issue Mar 1, 2024
Merged
1 task
@nscuro nscuro closed this as completed Mar 1, 2024
@nscuro nscuro removed their assignment Mar 1, 2024
ellipse2v pushed a commit to ellipse2v/dependency-track that referenced this issue Mar 3, 2024
@nscuro @ellipse2v
Upload test coverage for PRs via separate workflow
e69444c 
Relates to DependencyTrack#3516

Signed-off-by: nscuro <[email protected]>
Signed-off-by: Sylvain <[email protected]>
mikael-carneholm-2-wcar pushed a commit to mikael-carneholm-2-wcar/dependency-track that referenced this issue Mar 15, 2024
@nscuro @mikael-carneholm-2-wcar
Upload test coverage for PRs via separate workflow
b871088 
Relates to DependencyTrack#3516

Signed-off-by: nscuro <[email protected]>
Signed-off-by: Mikael Carneholm <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 1, 2024

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
ci enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort
Projects
None yet
Milestone
4.11
Development

No branches or pull requests
1 participant
@nscuro