Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pull in bash script and bump to 1.5.0 #299

Merged
merged 4 commits into from May 3, 2021
Merged

Pull in bash script and bump to 1.5.0 #299

merged 4 commits into from May 3, 2021

Conversation

thomasrockhu
Copy link
Contributor

@thomasrockhu thomasrockhu commented Apr 29, 2021
edited

Remove bash script curl dependency

  • Removes SHASUM verification (the script has been checked)
  • Removes request to codecov.io for the bash script
  • Bumps to 1.5.0

@codecov
Copy link

codecov bot commented Apr 29, 2021
edited

Codecov Report

Merging #299 (2332a73) into master (31d2c8f) will increase coverage by 0.11%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #299      +/-   ##
==========================================
+ Coverage   97.02%   97.14%   +0.11%     
==========================================
  Files           4        3       -1     
  Lines         168      140      -28     
  Branches       47       43       -4     
==========================================
- Hits          163      136      -27     
+ Misses          5        4       -1
Flag Coverage Δ
demo 87.50% <ø> (ø)
script 98.38% <ø> (+0.36%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/buildExec.ts 98.38% <0.00%> (+0.80%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 31d2c8f...2332a73. Read the comment docs.

@thomasrockhu thomasrockhu requested a review from a team April 29, 2021 21:41
@thomasrockhu thomasrockhu changed the title Pull in bash script Pull in bash script and bump to 1.5.0 Apr 29, 2021
@thomasrockhu thomasrockhu marked this pull request as ready for review April 29, 2021 23:09
@thomasrockhu thomasrockhu merged commit a1ed4b3 into master May 3, 2021
@thomasrockhu thomasrockhu deleted the pull-in-bash branch May 3, 2021 13:49
@briansmith
Copy link

I love this idea.

It does seem strange that two different copies of the codecov bash script have to be checked into the repo at once. git diff dist/codecov src/codecov && echo same shows they are exactly the same. If you could find a way to avoid this duplication then it would be easier for users to audit the action.

@thomasrockhu
Copy link
Contributor Author

@briansmith yeah I noticed this at publishing time, and it definitely is a little strange. I'll work on making it more DRY and automated.

@recursivelycurious
Copy link

@thomasrockhu -- in light of the bash uploader security issue (https://about.codecov.io/security-update/), looking for a bit more detail on if this change set is related to / part of the remediation in any way?

Basically just trying to confirm if GitHub actions for uploading coverage results were impacted.

@thomasrockhu
Copy link
Contributor Author

@recursivelycurious, this change set is in fact related and is part of the remediation. The Codecov Action for uploading coverage results was impacted. I would recommend reaching out to security@codecov.io for any specific questions.

@fxamacker fxamacker mentioned this pull request May 13, 2021
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drazisil-codecov drazisil-codecov drazisil-codecov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@thomasrockhu @briansmith @recursivelycurious @drazisil-codecov