Skip to content

update setup-just, move scorecard to an env, and use oidc for codecov…#218

Merged
bckohan merged 2 commits intomainfrom
gha_updates
May 1, 2026
Merged

update setup-just, move scorecard to an env, and use oidc for codecov…#218
bckohan merged 2 commits intomainfrom
gha_updates

Conversation

@bckohan
Copy link
Copy Markdown
Owner

@bckohan bckohan commented Apr 30, 2026

… uploads

Copilot AI review requested due to automatic review settings April 30, 2026 23:30
Copilot AI reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates CI/security tooling and coverage upload configuration by bumping the pinned setup-just action, adjusting Scorecard job configuration, and switching Codecov uploads to OIDC-based auth.

Changes:

  • Bump extractions/setup-just pin across CI workflows.
  • Update Codecov upload step to use OIDC instead of a repository secret token.
  • Add a dedicated GitHub Actions environment for the Scorecard workflow job; tweak local just zizmor invocation.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
justfile Adjusts zizmor invocation to run with an explicit persona when generating SARIF output.
.github/workflows/test.yml Updates setup-just pin and switches Codecov uploads to OIDC.
.github/workflows/scorecard.yml Adds an environment assignment to the Scorecard analysis job.
.github/workflows/release.yml Updates setup-just pin in the release workflow.
.github/workflows/lint.yml Updates setup-just pin in the lint workflow.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/test.yml
Comment thread .github/workflows/scorecard.yml
@codecov
Copy link
Copy Markdown

codecov Bot commented May 1, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.88%. Comparing base (81b4dbe) to head (f7f2394).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #218   +/-   ##
=======================================
  Coverage   99.88%   99.88%           
=======================================
  Files          25       25           
  Lines        1810     1810           
  Branches      278      278           
=======================================
  Hits         1808     1808           
  Partials        2        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@bckohan bckohan merged commit 00a9510 into main May 1, 2026
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bckohan