fix(codecov-for-dependabot): use oidc when uploading test results to codecov

[saltenasl]

Fixes failing ci build job Upload test results to Codecov and Upload coverage to Codecov.

Summary by CodeRabbit

• Chores

  • Enhanced CI security by switching coverage and test result uploads to OpenID Connect, removing token-based credentials.
  • Updated workflow permissions to support secure artifact uploads.
  • Standardized the test results filename for consistency across pipelines.

• Tests

  • No changes to test logic; improved reliability of reporting by updating the upload mechanism and file path used for test results.

[coderabbitai]

📝 Walkthrough

Walkthrough

The CI workflow (.github/workflows/ci.yml) updates the Build & Test job permissions to include id-token: write and contents: read. Codecov integrations are switched to OpenID Connect by setting use_oidc: true for both coverage (coverage/lcov.info) and test results uploads. Token-based authentication for Codecov is removed. The test results artifact path is changed from test-report.xml to test-results.xml.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant GH as GitHub Actions (Build & Test)
    participant OIDC as GitHub OIDC Provider
    participant CC as Codecov

    Dev->>GH: Push/PR triggers workflow
    note over GH: Permissions: id-token: write<br/>contents: read

    GH->>OIDC: Request OIDC ID token
    OIDC-->>GH: OIDC token (JWT)

    GH->>GH: Run tests, generate coverage (coverage/lcov.info)<br/>and test results (test-results.xml)

    GH->>CC: Upload coverage with use_oidc: true
    CC-->>GH: Acknowledge coverage upload

    GH->>CC: Upload test results with use_oidc: true
    CC-->>GH: Acknowledge test results upload

    note over GH,CC: No explicit Codecov token used

Loading

Possibly related PRs

• feat: add codecov integration with test results upload #35: Also modifies .github/workflows/ci.yml for Codecov uploads, previously using token and lcov reporter.
• deepnote/deepnote-toolkit#187: Updates Codecov upload steps and aligns artifact names similar to switching to OIDC and test-results.xml.
• feat: add codecov integration with test results upload jupyterlab-deepnote#13: Adjusts CI Codecov integration and file paths for coverage/test results, paralleling this change.

Suggested reviewers

• andyjakubowski
• Artmann

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly states that the pull request fixes the Codecov upload of test results using OIDC, which aligns with a key change in the updates. It is concise and directly reflects part of the modifications made in the CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f59e68f and b53d3d2.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (2 hunks)

🔇 Additional comments (2)

.github/workflows/ci.yml (2)

96-98: OIDC permissions wired correctly.

This grants the GitHub token scopes Codecov expects. Nicely done.

---

135-136: Confirm JUnit output filename. No references to test-report.xml or test-results.xml in package.json or project config—ensure your test runner is actually emitting JUnit XML to test-results.xml (or rename the output to match the workflow).

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70%. Comparing base (3851a54) to head (41fbc4a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main     #45   +/-   ##
=====================================
  Coverage     70%     70%           
=====================================
  Files        512     512           
  Lines      37506   37506           
  Branches    4811    4811           
=====================================
  Hits       26473   26473           
  Misses      9441    9441           
  Partials    1592    1592           

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[saltenasl]

https://github.com/deepnote/vscode-deepnote/actions/runs/18408169266/job/52453078649?pr=26#step:8:34

[jamesbhobbs]

I think you can omit the line entirely and it'd be fine.