Task Summary
Phase 2 follow-up to #4645. Wire CODECOV_TOKEN to the four Codecov upload steps in .github/workflows/build.yml (frontend, scala, python, agent-service) so coverage reports from push events on protected branches (main, release/**) actually land on Codecov.
Why this is needed — Phase 1 deferred the INFRA token wiring, betting on Codecov's tokenless flow. In practice the tokenless flow only authenticates fork PR uploads. Push events on the Codecov-protected default branch get rejected with:
Upload queued for processing failed: {"message":"Token required because branch is protected"}
This has been silent because fail_ci_if_error: false. As a result Codecov has zero reports on apache:main (https://codecov.io/api/v2/github/apache/repos/texera/branches/main → 404) and every branch listed there is a fork PR. Without main reports Codecov has no baseline to diff PR coverage against, and a coverage badge would render "unknown".
Plan — Add token: ${{ secrets.CODECOV_TOKEN }} to each of the four codecov/codecov-action uses. The CODECOV_TOKEN secret has been added at the repo level.
Still out of scope (deferred to a later phase):
- Flipping
fail_ci_if_error to true — once Phase 2 is verified working, otherwise we'd just turn the silent failure into a noisy one.
- PR comments / commit status / quality-gate (
codecov.yml) configuration.
- Fixing Codecov's stale "default branch = master" repo setting.
- Adding a coverage badge to README.
Task Type
Task Summary
Phase 2 follow-up to #4645. Wire
CODECOV_TOKENto the four Codecov upload steps in.github/workflows/build.yml(frontend, scala, python, agent-service) so coverage reports frompushevents on protected branches (main,release/**) actually land on Codecov.Why this is needed — Phase 1 deferred the INFRA token wiring, betting on Codecov's tokenless flow. In practice the tokenless flow only authenticates fork PR uploads. Push events on the Codecov-protected default branch get rejected with:
This has been silent because
fail_ci_if_error: false. As a result Codecov has zero reports onapache:main(https://codecov.io/api/v2/github/apache/repos/texera/branches/main→ 404) and every branch listed there is a fork PR. Withoutmainreports Codecov has no baseline to diff PR coverage against, and a coverage badge would render "unknown".Plan — Add
token: ${{ secrets.CODECOV_TOKEN }}to each of the fourcodecov/codecov-actionuses. TheCODECOV_TOKENsecret has been added at the repo level.Still out of scope (deferred to a later phase):
fail_ci_if_errortotrue— once Phase 2 is verified working, otherwise we'd just turn the silent failure into a noisy one.codecov.yml) configuration.Task Type