Skip to content

Task/#458 move code coverage to its own workflow #459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
StuartFerguson merged 2 commits into from
Feb 27, 2026
Merged

Task/#458 move code coverage to its own workflow #459

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7fea2a4
Remove LCOV merger and Codacy coverage upload steps
StuartFerguson Feb 27, 2026
b684705
Add GitHub Actions workflow for code coverage
StuartFerguson Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions .github/workflows/codecoverage.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Code Coverage

on:
push:
# branches to consider in the event; optional, defaults to all
branches:
- main
workflow_dispatch:

jobs:
codecoverage:
name: "Code Coverage"
env:
ASPNETCORE_ENVIRONMENT: "Production"

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2.3.4

- name: Restore Nuget Packages
run: dotnet restore EstateReportingAPI.sln --source ${{ secrets.PUBLICFEEDURL }} --source ${{ secrets.PRIVATEFEED_URL }}

- name: Build Code
run: dotnet build EstateReportingAPI.sln --configuration Release

- name: Run Unit Tests
run: |
echo "ASPNETCORE_ENVIRONMENT are > ${ASPNETCORE_ENVIRONMENT}"
dotnet test "EstateReportingAPI.Tests\EstateReportingAPI.Tests.csproj" /p:CollectCoverage=true /p:Exclude="[xunit*]*" /p:ExcludeByAttribute="Obsolete" /p:ExcludeByAttribute="GeneratedCodeAttribute" /p:ExcludeByAttribute="CompilerGeneratedAttribute" /p:ExcludeByAttribute="ExcludeFromCodeCoverageAttribute" /p:CoverletOutput="../lcov1.info" /maxcpucount:1 /p:CoverletOutputFormat="lcov"

- name: Build Docker Image
run: docker build . --file EstateReportingAPI/Dockerfile --tag estatereportingapi:latest

- name: Run Integration Tests
run: |
dotnet test "EstateReportingAPI.IntegrationTests\EstateReportingAPI.IntegrationTests.csproj" /p:CollectCoverage=true /p:Exclude="[xunit*]*" /p:ExcludeByAttribute="Obsolete" /p:ExcludeByAttribute="GeneratedCodeAttribute" /p:ExcludeByAttribute="CompilerGeneratedAttribute" /p:ExcludeByAttribute="ExcludeFromCodeCoverageAttribute" /p:CoverletOutput="../lcov2.info" /maxcpucount:1 /p:CoverletOutputFormat="lcov"

- name: Install LCOV merger
run: npm install -g lcov-result-merger

- name: Merge LCOV reports
run: |
mkdir -p coverage
lcov-result-merger "*.info" > lcov.info

- name: Upload merged coverage to Codacy
uses: codacy/codacy-coverage-reporter-action@v1
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: ./lcov.info
Comment on lines +12 to +51

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 2 months ago

To fix the problem, explicitly define minimal GITHUB_TOKEN permissions in the workflow. Since this job only checks out the code and uploads coverage to Codacy (an external service) without modifying anything in the GitHub repository (no pushes, PR changes, issue edits, etc.), it only needs read access to repository contents. The best fix is to add a permissions block at the workflow root level (so it applies to all jobs) with contents: read. This documents the required permissions and prevents unintended write access if the org/repo default is broad.

Concretely, in .github/workflows/codecoverage.yml, insert:

permissions:
  contents: read

between the on: block (ending at line 8) and the jobs: block (line 10). No other steps or functionality need to change, and no new imports or methods are required.

Suggested changeset 1
.github/workflows/codecoverage.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/codecoverage.yml b/.github/workflows/codecoverage.yml
--- a/.github/workflows/codecoverage.yml
+++ b/.github/workflows/codecoverage.yml
@@ -7,6 +7,9 @@
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:  
   codecoverage:
     name: "Code Coverage"
EOF
@@ -7,6 +7,9 @@
- main
workflow_dispatch:

permissions:
contents: read

jobs:
codecoverage:
name: "Code Coverage"
Copilot is powered by AI and may make mistakes. Always verify output.
14 changes: 0 additions & 14 deletions .github/workflows/nightlybuild.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,20 +37,6 @@ jobs:
run: |
dotnet test "EstateReportingAPI.IntegrationTests\EstateReportingAPI.IntegrationTests.csproj" /p:CollectCoverage=true /p:Exclude="[xunit*]*" /p:ExcludeByAttribute="Obsolete" /p:ExcludeByAttribute="GeneratedCodeAttribute" /p:ExcludeByAttribute="CompilerGeneratedAttribute" /p:ExcludeByAttribute="ExcludeFromCodeCoverageAttribute" /p:CoverletOutput="../lcov2.info" /maxcpucount:1 /p:CoverletOutputFormat="lcov"

- name: Install LCOV merger
run: npm install -g lcov-result-merger

- name: Merge LCOV reports
run: |
mkdir -p coverage
lcov-result-merger "*.info" > lcov.info

- name: Upload merged coverage to Codacy
uses: codacy/codacy-coverage-reporter-action@v1
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: ./lcov.info

- uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
Expand Down
Loading