ci: fix failing code-coverage job

[0xbrayo]

Important

Fixes failing code-coverage job by installing OpenSSL 1.1 in build-coverage-tarpaulin job in build.yml.

• CI Workflow:
  • Adds a step to install OpenSSL 1.1 in build-coverage-tarpaulin job in build.yml.
  • Uses wget to download and dpkg to install libssl1.1_1.1.1f-1ubuntu2_amd64.deb.

^{This description was created by for 6eb8e97. It will automatically update as commits are pushed.}

[ellipsis-dev]

❌ Changes requested. Reviewed everything up to 6eb8e97 in 2 minutes and 19 seconds

More details

• Looked at 16 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. .github/workflows/build.yml:91

• Draft comment:
  Consider using HTTPS for wget; HTTP is insecure and may lead to MITM attacks. Also, prefer installing libssl1.1 via apt (e.g., apt-get install libssl1.1) to properly handle dependencies.
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 30% vs. threshold = 50%
  This is a GitHub Actions workflow file running in a controlled CI environment. While using HTTPS is generally better practice, this is downloading from Ubuntu's official archive mirror. The package will be verified by dpkg's signature checking. The apt-get suggestion is technically better practice but the current approach works fine for a single package.
  The security concern is valid - using HTTP could theoretically allow package tampering. Also, apt would handle dependencies better.
  However, this is in a disposable CI environment, the package comes from an official Ubuntu mirror, and dpkg verifies packages. The risk is minimal in this specific context.
  While the suggestions are technically correct, the security risk is minimal in this context and the current approach works reliably. The comment is not important enough to keep.

Workflow ID: wflow_hHz3easIjCFYGMpJ

---

Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

Use HTTPS and verify package integrity. The wget call uses HTTP which might expose you to man-in-the-middle attacks. Consider using an HTTPS URL, adding a checksum/hash verification for the downloaded .deb file, and possibly cleaning up the file afterwards.

Suggested change

	wget http://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb
	wget https://nz2.archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.18%. Comparing base (656f3c9) to head (020c095).
Report is 6 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #526      +/-   ##
==========================================
- Coverage   70.81%   70.18%   -0.64%     
==========================================
  Files          51       51              
  Lines        2916     2941      +25     
==========================================
- Hits         2065     2064       -1     
- Misses        851      877      +26     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[0xbrayo]

@ErikBjare ping