CI: add codecov to Azure CI

[tylerjereddy]

• add a codecov upload to Azure CI (32-bit
  Windows)

• I was a bit surprised that we don't
  seem to have a yaml file for codecov
  settings (?), so I didn't add a lint
  stage for our codecov config

• reviewers should check carefully that the upload actually happens because the job passed without uploading on my fork (i.e., the upload utility ran, but then exited with Commit sha does not match Azure build. Please upload with the Codecov repository upload token to resolve issue. , hopefully just because it was on my fork...)

Changes made in this Pull Request:

PR Checklist

• Tests?
• Docs?
• CHANGELOG updated?
• Issue raised/referenced?

[codecov]

Codecov Report

Merging #2720 into develop will increase coverage by 0.74%.
The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #2720      +/-   ##
===========================================
+ Coverage    91.43%   92.18%   +0.74%     
===========================================
  Files          178      183       +5     
  Lines        23479    23977     +498     
  Branches      3090     3090              
===========================================
+ Hits         21469    22104     +635     
- Misses        1421     1808     +387     
+ Partials       589       65     -524     

Impacted Files	Coverage Δ
package/MDAnalysis/topology/tpr/obj.py	96.77% <0.00%> (-3.23%)	⬇️
...onality_reduction/DimensionalityReductionMethod.py	97.05% <0.00%> (-2.95%)	⬇️
package/MDAnalysis/tests/__init__.py	100.00% <0.00%> (ø)
package/MDAnalysis/due.py	61.11% <0.00%> (ø)
package/MDAnalysis/analysis/legacy/x3dna.py	0.00% <0.00%> (ø)
package/MDAnalysis/analysis/legacy/__init__.py	0.00% <0.00%> (ø)
package/MDAnalysis/tests/datafiles.py	21.42% <0.00%> (ø)
package/MDAnalysis/core/selection.py	99.50% <0.00%> (+<0.01%)	⬆️
...sis/analysis/encore/clustering/ClusteringMethod.py	96.92% <0.00%> (+0.04%)	⬆️
package/MDAnalysis/analysis/base.py	95.45% <0.00%> (+0.05%)	⬆️
... and 83 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3192968...497b1b6. Read the comment docs.

[tylerjereddy]

I still see Commit sha does not match Azure build. Please upload with the Codecov repository upload token to resolve issue. I suppose we could use the token if we really have to. The Azure blog suggests we don't have to, but the example is on Linux so..

[orbeckst]

How sensitive is the upload token? The codecov instructions (from the settings) say

Add to your codecov.yml

codecov:
  token:  xxxxx

or Set in your environment variables

CODECOV_TOKEN="xxxx"

On travis we could encrypt the token. Can we add it to Azure encrypted or via configuration?

[tylerjereddy]

I've saved the encrypted codecov token in Azure UI configuration, but I think it does not get automatically decrypted. If the CI fails to upload again this time I'll have to use the mapping techniques they describe to decrypt in the docs for Azure secret vars

[tylerjereddy]

Ok, I need to decrypt the token still it seems

[orbeckst]

Do you have access to the decrypted codecov token, i.e., when you go to https://codecov.io/gh/MDAnalysis/mdanalysis/settings and login with GitHub, can you see it?

[tylerjereddy]

Yeah, I just need to follow the Azure docs to use it properly. I'll be slow, but should get it done. Failing that, the new codecov team is pretty responsive to GitHub pings, but will try on my own first.

[tylerjereddy]

Now it says Provided token is not a UUID. @thomasrockhu Any hints on the Azure + Windows + codecov? I probably have something silly like needing to add quotes around the secret token I pasted in Azure UI or something.

[thomasrockhu]

Hmmm, I'm not sure why that is. I copy and pasted my token into this project here (and actually used your yaml as a template): https://dev.azure.com/tomhu1096/codecov-github-test/_build/results?buildId=8&view=logs&j=e4f8c82b-de6b-5575-3950-14744af47318&t=9fea38d8-bc43-58c0-468d-6e85974c7041

Are you adding quotes or spaces or anything like that?

[thomasrockhu]

As an example, this is what my settings page looks like in Codecov

And this is what I pasted into Azure

[tylerjereddy]

I checked the "Keep this value secret" option, so I think the decryption component of the workflow may be adding some additional complication.

Is there no reason to keep the codecov tokens secret? If not, then I'll just do away with that and maybe it will work like yours does.

[thomasrockhu]

@tylerjereddy apologies, I actually had the Keep this value secret checkbox clicked but wanted you to be able to see what the format looked like

[tylerjereddy]

My setup should have been the same--I've tried deleting and setting up the variable again with a fresh copy-paste of the token.

[tylerjereddy]

Same thing--possible differences with your setup might be:

• yours is a direct push to master branch instead of a PR from a fork
• we are using 32-bit Windows instead of the normal 64-bit used in your example

[thomasrockhu]

@tylerjereddy, I think I'm using 32-bit now and it's in a PR. https://dev.azure.com/tomhu1096/codecov-github-test/_build/results?buildId=13&view=logs&jobId=eb841e9f-6e1e-5c29-3ad5-74ec2c658069&j=d420aaaa-0ae7-5c90-2d94-1e61729d0f21&t=2ebca456-40b1-5871-95d6-ad048e69e584

[thomasrockhu]

@tylerjereddy, I see this is still an issue. Would you be able to echo $CODECOV_TOKEN and see what it's actually trying to spit it out as? (An admin can always and should regenerate that token on the Codecov UI, and leaking this secret has very low impact over a short period of time).

[tylerjereddy]

I'll see what I can do--I should maybe check if the token is used anywhere else first, but I think most CI services don't even need it for public repos. The most recent attempt was with quotes added--the first two had no quotes.

[orbeckst]

I don't think we use the token elsewhere. Just change it when done.

[tylerjereddy]

Ok, I've added an echo for the variable--we'll see what happens I guess

[thomasrockhu]

Hmmm... I'm going to fork the repo and make the change to see why this might be happening sometime tonight or tomorrow. Sorry this is blocking your usage of Codecov on AzureCI

[thomasrockhu]

@tylerjereddy, we did some work on the Azure pipelines side of things which may have helped with this issue. My build now seems to work, and you can see the build report here. Could you try running this again to see if it's been fixed?

[tylerjereddy]

@thomasrockhu Cool, I've rebased and force pushed to trigger the rebuild :)

[thomasrockhu]

Apologies, we fixed an issue with tokenless Azure uploads for public repositories, so you don't have to specify the token at all anymore

[tylerjereddy]

thanks, I committed your suggestions just now

[thomasrockhu]

@tylerjereddy success!

[tylerjereddy]

Great! The PR should be ready to merge when the rest of the CI completes. I assume we can ignore the complaint from curl in there since the upload seems to happen anyway.

[thomasrockhu]

@tylerjereddy, yes the curl complaint is fine (it's actually my fault and I need to find the time to understand why)

[orbeckst]

Well, that increased our coverage by almost 1%!

Thank you @thomasrockhu for helping, much appreciated! (And makes me happy to use codecov for other projects!)

[orbeckst]

I am very happy with getting coverage from Azure, too. Thank you @thomasrockhu and @tylerjereddy for figuring it out.

[orbeckst]

@tylerjereddy I‘ll leave it to you to squash and merge, just in case you want to refine anything.

[thomasrockhu]

@orbeckst happy to help!