Bring back codecov #4836
Bring back codecov #4836
Conversation
* [automation] Auto-update linters version, help and documentation * [MegaLinter] Apply linters fixes * trvy --------- Co-authored-by: nvuillam <17500430+nvuillam@users.noreply.github.com>
nvuillam
requested review from
Kurt-von-Laven,
bdovaz and
echoix
as code owners
|
You'll probably need to have an upload token stored in the repo, anonymous uploads were stopped some time ago. And since it is running inside a container instead of the GitHub runner, maybe some more info on what PR/commit and repo it is would be needed, to know where to store it. |
🦙 MegaLinter status:
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ API | spectral | 1 | 0 | 0 | 1.7s | |
| bash-exec | 6 | 1 | 0 | 0.01s | ||
| ✅ BASH | shellcheck | 6 | 0 | 0 | 0.16s | |
| ✅ BASH | shfmt | 6 | 0 | 0 | 0 | 0.59s |
| ✅ COPYPASTE | jscpd | yes | no | no | 3.03s | |
| ✅ DOCKERFILE | hadolint | 129 | 0 | 0 | 28.81s | |
| ✅ JSON | jsonlint | 20 | 0 | 0 | 0.29s | |
| ✅ JSON | v8r | 22 | 0 | 0 | 13.17s | |
| markdownlint | 267 | 0 | 302 | 0 | 21.74s | |
| ✅ MARKDOWN | markdown-table-formatter | 267 | 0 | 0 | 0 | 167.17s |
| bandit | 215 | 66 | 0 | 3.72s | ||
| ✅ PYTHON | black | 215 | 0 | 0 | 0 | 4.66s |
| ✅ PYTHON | flake8 | 215 | 0 | 0 | 3.08s | |
| ✅ PYTHON | isort | 215 | 0 | 0 | 0 | 1.36s |
| ✅ PYTHON | mypy | 215 | 0 | 0 | 9.87s | |
| ✅ PYTHON | pylint | 215 | 0 | 0 | 29.66s | |
| ✅ PYTHON | ruff | 215 | 0 | 0 | 0 | 0.81s |
| ✅ REPOSITORY | checkov | yes | no | no | 33.77s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.77s | |
| grype | yes | 31 | no | 13.99s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 13.21s | |
| ✅ REPOSITORY | trivy | yes | no | no | 15.29s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.65s | |
| trufflehog | yes | 1 | no | 57.86s | ||
| ✅ SPELL | cspell | 718 | 0 | 0 | 13.14s | |
| lychee | 349 | 18 | 0 | 69.68s | ||
| ✅ XML | xmllint | 3 | 0 | 0 | 0 | 1.07s |
| ✅ YAML | prettier | 160 | 0 | 0 | 0 | 3.67s |
| ✅ YAML | v8r | 103 | 0 | 0 | 13.44s | |
| ✅ YAML | yamllint | 161 | 0 | 0 | 2.94s |
See detailed report in MegaLinter reports
|
If you can install the codecov GitHub app, we'll be able to have a status check for it |
|
I configured CODECOV_TOKEN and installed the GitHub app 🥹 |
|
How do you pass a secret to a docker container to run, and staying safe-ish? |
|
@echoix that's a good question ^^ But even if codecov token is hijacked, the impacts are low 👼 |
echoix
left a comment
echoix
left a comment
There was a problem hiding this comment.
Maybe there would be more to do, but let's try this for now. I saw in the last auto update PR that the upload was about to get done, but failed because there wasn't a valid token, and tokenless upload wasn't enabled.
No description provided.