Drop write permissions in coverage workflow #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ******************************************************************************* | |
| # Copyright (c) 2025 Contributors to the Eclipse Foundation | |
| # | |
| # See the NOTICE file(s) distributed with this work for additional | |
| # information regarding copyright ownership. | |
| # | |
| # This program and the accompanying materials are made available under the | |
| # terms of the Apache License Version 2.0 which is available at | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # ******************************************************************************* | |
| name: Coverage Report | |
| on: | |
| pull_request: | |
| types: [ opened, reopened, synchronize ] | |
| workflow_call: | |
| outputs: | |
| artifact-name: | |
| description: 'Name of the coverage report artifact' | |
| value: ${{ jobs.coverage-report.outputs.artifact-name }} | |
| jobs: | |
| coverage-report: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| artifact-name: ${{ steps.set-artifact-name.outputs.artifact-name }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4.2.2 | |
| - name: Free Disk Space (Ubuntu) | |
| uses: ./actions/free_disk_space | |
| - name: Install lcov | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y lcov | |
| - name: Setup Bazel with shared caching | |
| uses: bazel-contrib/setup-bazel@0.15.0 | |
| with: | |
| bazelisk-cache: true | |
| disk-cache: ${{ github.workflow }} | |
| repository-cache: true | |
| - name: Allow linux-sandbox | |
| uses: ./actions/unblock_user_namespace_for_linux_sandbox | |
| - name: Run Unit Test with Coverage for C++ | |
| run: | | |
| bazel coverage //... --build_tests_only | |
| - name: Generate HTML Coverage Report | |
| run: | | |
| genhtml "$(bazel info output_path)/_coverage/_coverage_report.dat" \ | |
| -o=cpp_coverage \ | |
| --show-details \ | |
| --legend \ | |
| --function-coverage \ | |
| --branch-coverage | |
| - name: Create archive of test report | |
| run: | | |
| mkdir -p artifacts | |
| find bazel-testlogs/score/ -name 'test.xml' -print0 | xargs -0 -I{} cp --parents {} artifacts/ | |
| cp -r cpp_coverage artifacts/ | |
| zip -r ${{ github.event.repository.name }}_coverage_report_${{ github.sha }}.zip artifacts/ | |
| shell: bash | |
| - name: Set artifact name | |
| id: set-artifact-name | |
| run: | | |
| echo "artifact-name=${{ github.event.repository.name }}_coverage_report_${{ github.sha }}" >> $GITHUB_OUTPUT | |
| - name: Upload coverage artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.set-artifact-name.outputs.artifact-name }} | |
| path: ${{ github.event.repository.name }}_coverage_report_${{ github.sha }}.zip | |