EvalAI/.github/workflows/upload-coverage.yml at master · Cloud-CV/EvalAI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: upload-coverage

# Runs after ci-cd completes — in the BASE repo's security context so
# CODECOV_TOKEN is always available, including for fork PRs.
on:
  workflow_run:
    workflows: [ci-cd]
    types: [completed]

permissions:
  contents: read
  actions: read    # required to download artifacts from the triggering run
  statuses: write  # required to post commit status back to the triggering PR commit

jobs:
  upload_coverage:
    name: Upload coverage to Codecov
    runs-on: ubuntu-latest
    # Only upload when CI passed; no valid coverage to report on failure.
    if: github.event.workflow_run.conclusion == 'success'

    steps:
      - name: Checkout repository (Codecov CLI reads codecov.yml from default branch)
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.repository.default_branch }}
          fetch-depth: 1

      - name: Download pull request metadata from triggering run
        uses: actions/download-artifact@v4
        with:
          name: pr-metadata
          path: pr-metadata
          run-id: ${{ github.event.workflow_run.id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Download backend artifacts from triggering run
        uses: actions/download-artifact@v4
        with:
          name: ci-backend-reports
          path: codecov-reports
          run-id: ${{ github.event.workflow_run.id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Download frontend artifacts from triggering run
        uses: actions/download-artifact@v4
        with:
          name: ci-frontend-reports
          path: codecov-reports
          run-id: ${{ github.event.workflow_run.id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Resolve pull request number
        id: pr
        run: |
          # pr_number.txt is empty for non-PR runs (push to master/staging/production).
          pr_number="$(tr -d '[:space:]' < pr-metadata/pr_number.txt || true)"
          echo "number=${pr_number}" >> "$GITHUB_OUTPUT"

      - name: List downloaded artifacts
        run: |
          echo "=== codecov-reports tree ==="
          find codecov-reports -type f | sort || echo "(empty or missing)"

      - name: Verify coverage files exist
        run: |
          set -euo pipefail
          test -f codecov-reports/coverage-backend.xml
          test -f codecov-reports/lcov.info

      - name: Upload combined JUnit test reports
        uses: actions/upload-artifact@v4
        with:
          name: junit-test-reports
          path: |
            codecov-reports/junit-backend.xml
            codecov-reports/TEST-frontend.xml
          if-no-files-found: warn

      - name: Upload backend coverage to Codecov
        uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: codecov-reports/coverage-backend.xml
          flags: backend
          disable_search: true
          fail_ci_if_error: true
          verbose: true
          override_commit: ${{ github.event.workflow_run.head_sha }}
          override_branch: ${{ github.event.workflow_run.head_branch }}
          override_pr: ${{ steps.pr.outputs.number }}

      - name: Upload frontend coverage to Codecov
        uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: codecov-reports/lcov.info
          flags: frontend
          disable_search: true
          fail_ci_if_error: true
          verbose: true
          override_commit: ${{ github.event.workflow_run.head_sha }}
          override_branch: ${{ github.event.workflow_run.head_branch }}
          override_pr: ${{ steps.pr.outputs.number }}

      # Report the final status of this workflow back to the commit that triggered ci-cd.
      # This makes the Codecov upload a visible, blockable check on PRs even though
      # it runs in a separate workflow_run context.
      - name: Report coverage upload status to triggering commit
        if: always()
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SHA: ${{ github.event.workflow_run.head_sha }}
          CONCLUSION: ${{ job.status }}
        run: |
          if [ "${CONCLUSION}" = "success" ]; then
            state="success"
            description="Coverage uploaded to Codecov successfully."
          else
            state="failure"
            description="Coverage upload to Codecov failed."
          fi
          gh api \
            --method POST \
            "/repos/${{ github.repository }}/statuses/${SHA}" \
            --field state="${state}" \
            --field description="${description}" \
            --field context="upload-coverage / Codecov" \
            --field target_url="https://app.codecov.io/gh/${{ github.repository }}"