Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
6e43ad6
feat(tests): add pytest-cov for coverage reporting and integrate Codecov
m-xim May 18, 2026
f1e2056
chore: add badge for Codecov
m-xim May 18, 2026
1bc6a0f
refactor: web
m-xim May 18, 2026
9d36d2e
refactor: security
m-xim May 18, 2026
5acee70
refactor: standardize terminology in CONTRIBUTING.md
m-xim May 18, 2026
2b456f0
feat(route): add new one Route
m-xim May 18, 2026
e24764b
feat(route): add BotIdParam and BotTokenParam
m-xim May 18, 2026
83d3081
feat(route): add test
m-xim May 18, 2026
fcefadf
feat(security): add test
m-xim May 18, 2026
7596d51
feat(tasks): add TaskTracker
m-xim May 18, 2026
4648ded
feat(errors): add logs and errors
m-xim May 18, 2026
c33d410
feat(engine): big refactor webhook engine
m-xim May 18, 2026
21a3c3f
feat(docs): update README for improved clarity and feature description
m-xim May 18, 2026
4b98ec9
chore: simplify installation instructions in README
m-xim May 18, 2026
78f0bda
feat(route)!: enhance query normalization and improve error handling
m-xim May 18, 2026
5371e89
fix(token): on_shutdown tasks
m-xim May 18, 2026
1e5c426
fix(aiohttp): client_ip type
m-xim May 18, 2026
c18250c
fix(security): add set `secret_token`
m-xim May 18, 2026
51e30b8
fix(webhook)!: set default values for omitted parameters
m-xim May 18, 2026
86666f8
fix(import): add dataclass_config_to_kwargs utility function
m-xim May 18, 2026
230e1dd
chore: update security example with StaticSecretToken usage
m-xim May 18, 2026
313bdd5
fix: handle ModuleNotFoundError for non-fastapi imports
m-xim May 18, 2026
f0b2bb5
fix(errors): correct typo in error message variable name
m-xim May 19, 2026
03d0088
feat(webhook): add support multipart
m-xim May 25, 2026
c9c3ad2
refactor: simplify import statements and enhance lifecycle data struc…
m-xim May 25, 2026
e0e80d7
feat(web): add support payload_response in fastapi
m-xim May 26, 2026
aed1f9d
refactor: tests
m-xim May 26, 2026
6ace3e1
test(webhook): add tests for building webhook payload
m-xim May 26, 2026
4a22cea
fix(token): handle TokenValidationError in bot ID extraction
m-xim May 26, 2026
9b86554
feat(tests): refactoring and add new tests
m-xim May 27, 2026
cc6010a
feat(route)!: big refactor
m-xim May 27, 2026
53e5158
refactor(tasks): improve type annotations and error logging in TaskTr…
m-xim May 27, 2026
3c35a17
fix(errors): improve error messages for query and path parameter mism…
m-xim May 27, 2026
b5535f6
fix(query): correct isinstance checks for value types in query normal…
m-xim May 27, 2026
2e3d882
docs(README): add badges for Ruff and Ty
m-xim May 27, 2026
8cd1896
fix(response): update headers in payload_response and improve error m…
m-xim May 27, 2026
9596c89
fix(security): enhance warning message
m-xim May 27, 2026
7ac6e9e
feat(fastapi): implement lifespan management for FastAPI adapter
m-xim May 28, 2026
0b7763a
fix(errors): update log levels and status codes
m-xim May 28, 2026
e638707
feat(engine): implement graceful shutdown handling and update startup…
m-xim May 28, 2026
08485c2
fix(webhook): remove unused webhook_config parameter from SingleBotEn…
m-xim May 28, 2026
a6586a6
fix(dependencies): update httpx to httpx2 for fastapi testing
m-xim May 28, 2026
d504772
fix(route): update route_params type to Any
m-xim May 28, 2026
ba933d3
test: refactoring
m-xim May 28, 2026
d62fd09
fix(ci): update versions
m-xim May 30, 2026
54f8d08
fix(gitignore): add node_modules to ignore list
m-xim May 30, 2026
c0b9355
fix(ci): update setup-uv action to version 8.1.0
m-xim Jun 1, 2026
f5a89eb
feat: docs
m-xim Jun 1, 2026
c1dff56
fix: docs
m-xim Jun 1, 2026
48f8513
fix: deps
m-xim Jun 1, 2026
2d8bf15
fix(docs): action
m-xim Jun 1, 2026
5872a10
fix(docs): action
m-xim Jun 1, 2026
b77975f
fix(action): docs
m-xim Jun 2, 2026
b9b3e6e
fix(docs): vcs
m-xim Jun 2, 2026
b0d195c
fix(docs): vcs
m-xim Jun 2, 2026
0dbde68
fix(docs): action
m-xim Jun 2, 2026
b2bc6e3
fix(docs): action
m-xim Jun 2, 2026
af8a457
fix(docs): remove js file
m-xim Jun 2, 2026
a0235e1
fix(docs): .yfm
m-xim Jun 2, 2026
15b14bd
feat(docs): update diplodoc-cli realisation
m-xim Jun 2, 2026
de0bd74
feat(docs): update diplodoc-cli realisation 2
m-xim Jun 2, 2026
e84fd05
feat(docs): add 404
m-xim Jun 2, 2026
9cde3a1
feat(docs): new logo
m-xim Jun 2, 2026
f536d81
feat(docs): update
m-xim Jun 6, 2026
54e116d
fix(docs): ci
m-xim Jun 6, 2026
a0b1f54
fix: fixed
m-xim Jun 6, 2026
fc1e857
fix: fixed
m-xim Jun 6, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: Build and deploy Diplodoc docs

on:
push:
branches:
- main
paths:
- "docs/**"
- "docs/.yfm"
- "package.json"
- "package-lock.json"
- ".github/workflows/docs.yml"

pull_request:
paths:
- "docs/**"
- "docs/.yfm"
- "package.json"
- "package-lock.json"
- ".github/workflows/docs.yml"

workflow_dispatch:

permissions:
contents: read
pages: write
id-token: write
Comment on lines +24 to +27

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Reduce workflow-level token scope to least privilege.

pages: write and id-token: write at workflow scope are broader than necessary; only deploy needs them.

Suggested fix
 permissions:
   contents: read
-  pages: write
-  id-token: write
🧰 Tools
🪛 zizmor (1.25.2)

[error] 26-26: overly broad permissions (excessive-permissions): pages: write is overly broad at the workflow level

(excessive-permissions)


[error] 27-27: overly broad permissions (excessive-permissions): id-token: write is overly broad at the workflow level

(excessive-permissions)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docs.yml around lines 24 - 27, The workflow-level
permissions currently grant pages: write and id-token: write too broadly; remove
those from the top-level permissions block (leave contents: read) and add a
narrower permissions block to the specific deploy job (e.g., the job named
"deploy" or whatever job runs the deployment) with pages: write and id-token:
write so only that job gets elevated rights; update the deploy job's permissions
entry to include pages: write and id-token: write and leave other jobs using the
default or the workflow-level contents: read.

Source: Linters/SAST tools


concurrency:
group: github-pages-${{ github.ref }}
cancel-in-progress: false

jobs:
build:
name: Build Diplodoc
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/docs.yml"
echo "== File: $FILE =="
[ -f "$FILE" ] || { echo "Missing $FILE"; exit 1; }
nl -ba "$FILE" | sed -n '1,140p'

echo
echo "== Extract all uses: lines =="
rg -n "^\s*uses:\s*" "$FILE" || true

echo
echo "== Check for SHA-pinned format (actions/*@<40-hex>) =="
python3 - <<'PY'
import re, pathlib
p = pathlib.Path(".github/workflows/docs.yml")
txt = p.read_text()
uses = []
for m in re.finditer(r'(?m)^\s*uses:\s*([^\s#]+)', txt):
    uses.append((m.group(0).split(':',1)[0].strip(), m.group(1)))
pat = re.compile(r'@([0-9a-f]{40})$')
for full, ref in uses:
    if '@' in ref and pat.search(ref):
        print("SHA pinned:", ref)
    else:
        print("NOT SHA pinned:", ref)
PY

Repository: m-xim/aiogram-webhook

Length of output: 165


🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/docs.yml"
echo "== File exists? $FILE =="
[ -f "$FILE" ] && echo "YES" || { echo "NO"; exit 1; }

echo
echo "== Show lines 1-140 (numbered) =="
cat -n "$FILE" | sed -n '1,140p'

echo
echo "== uses: entries =="
rg -n "^[[:space:]]*uses:[[:space:]]*" "$FILE" || true

echo
echo "== SHA-pinning check for actions/*@<40-hex> =="
python3 - <<'PY'
import re, pathlib
p = pathlib.Path(".github/workflows/docs.yml")
txt = p.read_text()
uses = []
for m in re.finditer(r'(?m)^\s*uses:\s*([^\s#]+)', txt):
    uses.append(m.group(1).strip())

sha_pat = re.compile(r'@([0-9a-f]{40})$')
for ref in uses:
    m = sha_pat.search(ref)
    if m:
        print(f"SHA pinned: {ref}")
    else:
        print(f"NOT SHA pinned: {ref}")
PY

echo
echo "== Show referenced lines (40,45,53,69,90) =="
for L in 40 45 53 69 90; do
  echo "--- $L ---"
  sed -n "${L}p" "$FILE" | cat -n
done

Repository: m-xim/aiogram-webhook

Length of output: 3577


Pin GitHub Actions by commit SHA in .github/workflows/docs.yml.

uses: entries are version-tagged (not immutable refs): actions/checkout@v4 (40), actions/setup-node@v4 (45), actions/configure-pages@v5 (53), actions/upload-pages-artifact@v3 (69), actions/deploy-pages@v4 (90). Pin each to a full 40-hex commit SHA and keep a comment with the human-readable version/tag for maintenance.

🧰 Tools
🪛 zizmor (1.25.2)

[error] 40-40: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docs.yml at line 40, Update each `uses:` entry that
currently references a tag (e.g., `actions/checkout@v4`,
`actions/setup-node@v4`, `actions/configure-pages@v5`,
`actions/upload-pages-artifact@v3`, `actions/deploy-pages@v4`) to use the
corresponding full 40-character commit SHA instead of the tag, and add a
trailing comment preserving the human-readable tag (e.g., `#
actions/checkout@v4`) for maintainability; ensure you replace all occurrences in
the workflow and verify the SHA values match the respective GitHub Actions
repository commits.

Source: Linters/SAST tools

with:
fetch-depth: 0
Comment on lines +39 to +42

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Disable persisted checkout credentials in the build job.

Use persist-credentials: false unless a later step must push with the checkout token.

Suggested fix
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
🧰 Tools
🪛 zizmor (1.25.2)

[warning] 39-42: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[error] 40-40: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docs.yml around lines 39 - 42, Update the GitHub Actions
checkout step that uses actions/checkout@v4 to disable persisting repository
credentials by adding persist-credentials: false to the step (alongside the
existing fetch-depth: 0); keep this change only if no later job needs to push
with the checkout token, otherwise leave as-is.

Source: Linters/SAST tools


- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 24

- name: Install project dependencies
run: npm ci

- name: Configure GitHub Pages
uses: actions/configure-pages@v5

- name: Build docs
env:
GITHUB_OWNER: ${{ github.repository_owner }}
GITHUB_REPO: ${{ github.event.repository.name }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_BASE_URL: https://api.github.com
VCS_CONNECTOR_TYPE: github
VCS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npm run build

- name: Disable Jekyll
run: touch ./docs-html/.nojekyll

- name: Upload GitHub Pages artifact
uses: actions/upload-pages-artifact@v3
with:
path: "./docs-html"

deploy:
name: Deploy to GitHub Pages
needs: build
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'

permissions:
pages: write
id-token: write

environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}

steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
Comment thread
m-xim marked this conversation as resolved.
108 changes: 54 additions & 54 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,54 +1,54 @@
name: Release & Publish

on: workflow_dispatch

jobs:
release:
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-release-${{ github.ref_name }}
cancel-in-progress: true

permissions:
id-token: write
contents: write

steps:
- name: 🛎️ Checkout repository
uses: actions/checkout@v6
with:
ref: ${{ github.ref_name }}
fetch-depth: 0

- name: 🏷️ Semantic Version Release
id: release
uses: python-semantic-release/python-semantic-release@v10.5.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
git_committer_name: "github-actions"
git_committer_email: "actions@users.noreply.github.com"

- name: 🐍 Setup uv & venv
if: steps.release.outputs.released == 'true'
uses: astral-sh/setup-uv@v7

- name: 📦 Update uv.lock
if: steps.release.outputs.released == 'true'
run: uv lock

- name: 🏗️ Build package (sdist & wheel)
if: steps.release.outputs.released == 'true'
run: uv build --no-sources

- name: 🚀 Publish | Upload to GitHub Release Assets
if: steps.release.outputs.released == 'true'
uses: python-semantic-release/publish-action@v10.5.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.release.outputs.tag }}

- name: 🐍 Publish to PyPI
if: steps.release.outputs.released == 'true'
env:
UV_PUBLISH_TOKEN: ${{ secrets.PYPI_TOKEN }}
run: uv publish
name: Release & Publish
Comment thread
coderabbitai[bot] marked this conversation as resolved.
on: workflow_dispatch
jobs:
release:
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-release-${{ github.ref_name }}
cancel-in-progress: true
permissions:
id-token: write
contents: write
steps:
- name: 🛎️ Checkout repository
uses: actions/checkout@v6

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/release.yml"
echo "== File = $FILE =="
if [ ! -f "$FILE" ]; then
  echo "Missing: $FILE"
  exit 1
fi

nl -ba "$FILE" | sed -n '1,200p'

echo
echo "== uses: entries =="
rg -n --no-heading "uses:\s*[^@]+@(.+)$" "$FILE" || true

echo
echo "== uses: entries with non-SHA refs =="
# Heuristic: commit SHAs are typically 40 hex chars (or shorter if tags), so flag refs that aren't 40-hex.
rg -n --no-heading "uses:\s*[^@]+@([0-9a-fA-F]{40})\b" "$FILE" || true
# Print all uses again with ref values
rg -n --no-heading "uses:\s*([^@]+)@(.+)$" "$FILE" | sed -E 's/uses:[[:space:]]*([^@]+)@(.+)/\1@\2/' || true

Repository: m-xim/aiogram-webhook

Length of output: 170


🏁 Script executed:

#!/bin/bash
set -euo pipefail

FILE=".github/workflows/release.yml"
echo "== Check file exists =="
ls -la "$FILE" || { echo "Missing: $FILE"; exit 1; }

echo
echo "== File head (with line numbers) =="
cat -n "$FILE" | sed -n '1,200p'

echo
echo "== All uses: entries =="
rg -n --no-heading '^\s*uses:\s*[^@]+@(.+)$' "$FILE" || true

echo
echo "== uses: entries with refs that look like commit SHAs (40 hex) =="
rg -n --no-heading '^\s*uses:\s*[^@]+@[0-9a-fA-F]{40}\b' "$FILE" || true

Repository: m-xim/aiogram-webhook

Length of output: 2530


Pin workflow actions to immutable SHAs.

The workflow uses version tags (not commit SHAs) for multiple actions—e.g., actions/checkout@v6 (line 18), plus python-semantic-release/python-semantic-release@v10.5.3 (25), astral-sh/setup-uv@v8.1.0 (33), and python-semantic-release/publish-action@v10.5.3 (45). Replace these uses: refs with the corresponding commit SHA(s) to meet the release-chain integrity policy.

🧰 Tools
🪛 zizmor (1.25.2)

[error] 18-18: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release.yml at line 18, The workflow uses floating tags
like actions/checkout@v6 and several action refs
(python-semantic-release/python-semantic-release@v10.5.3,
astral-sh/setup-uv@v8.1.0, python-semantic-release/publish-action@v10.5.3);
replace each `uses:` reference in .github/workflows/release.yml with the
corresponding commit SHA for that exact release (find the SHA on the action's
GitHub releases or with git ls-remote) so the workflow is pinned to an immutable
commit, update all occurrences (e.g., the lines referencing actions/checkout,
python-semantic-release, astral-sh/setup-uv,
python-semantic-release/publish-action), and verify the workflow still runs
before merging.

Source: Linters/SAST tools

with:
ref: ${{ github.ref_name }}
fetch-depth: 0
Comment on lines +17 to +21

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Harden checkout by disabling credential persistence.

Set persist-credentials: false to avoid leaving an authenticated token in git config when it is not required for later steps.

Suggested fix
       - name: 🛎️ Checkout repository
         uses: actions/checkout@v6
         with:
           ref: ${{ github.ref_name }}
           fetch-depth: 0
+          persist-credentials: false
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: 🛎️ Checkout repository
uses: actions/checkout@v6
with:
ref: ${{ github.ref_name }}
fetch-depth: 0
- name: 🛎️ Checkout repository
uses: actions/checkout@v6
with:
ref: ${{ github.ref_name }}
fetch-depth: 0
persist-credentials: false
🧰 Tools
🪛 zizmor (1.25.2)

[warning] 17-21: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[error] 18-18: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release.yml around lines 17 - 21, The checkout step "🛎️
Checkout repository" using actions/checkout@v6 leaves credentials in git config;
update that step (the step with name "🛎️ Checkout repository" and uses:
actions/checkout@v6) to set persist-credentials: false in its with: block so the
runner does not retain the authenticated token after checkout.

Source: Linters/SAST tools

- name: 🏷️ Semantic Version Release
id: release
uses: python-semantic-release/python-semantic-release@v10.5.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
git_committer_name: "github-actions"
git_committer_email: "actions@users.noreply.github.com"
- name: 🐍 Setup uv & venv
if: steps.release.outputs.released == 'true'
uses: astral-sh/setup-uv@v8.1.0
- name: 📦 Update uv.lock
if: steps.release.outputs.released == 'true'
run: uv lock
- name: 🏗️ Build package (sdist & wheel)
if: steps.release.outputs.released == 'true'
run: uv build --no-sources
- name: 🚀 Publish | Upload to GitHub Release Assets
if: steps.release.outputs.released == 'true'
uses: python-semantic-release/publish-action@v10.5.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.release.outputs.tag }}
- name: 🐍 Publish to PyPI
if: steps.release.outputs.released == 'true'
env:
UV_PUBLISH_TOKEN: ${{ secrets.PYPI_TOKEN }}
run: uv publish
89 changes: 47 additions & 42 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -1,42 +1,47 @@
name: Tests

on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false

permissions:
contents: read

jobs:
lint-and-test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
fail-fast: false

steps:
- uses: actions/checkout@v6

- name: Install uv and set the python version
uses: astral-sh/setup-uv@v7
with:
python-version: ${{ matrix.python-version }}

- name: Install the project
run: uv sync --all-extras

- name: Run Ruff
run: uv run ruff check --output-format=github .

- name: Run Ty (type checker)
run: uv run ty check --output-format=github .

- name: Run pytest
run: uv run pytest
name: Tests

on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false

permissions:
contents: read

jobs:
lint-and-test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
fail-fast: false

steps:
- uses: actions/checkout@v6

- name: Install uv and set the python version
uses: astral-sh/setup-uv@v8.1.0
with:
python-version: ${{ matrix.python-version }}

- name: Install the project
run: uv sync --all-extras

- name: Run Ruff
run: uv run ruff check --output-format=github .

- name: Run Ty (type checker)
run: uv run ty check --output-format=github .

- name: Run pytest
run: uv run pytest --cov --cov-branch --cov-report=xml

- name: Upload results to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
Loading
Loading