Assess use of external addon codecov v3 in Mozilla's GitHub organization mozilla/sccache
Categories
(mozilla.org :: Github: Administration, task)
Tracking
(Not tracked)
People
(Reporter: Sylvestre, Assigned: cknowles)
References
Details
+++ This bug was initially created as a clone of Bug #1743848 +++
+++ This bug was initially created as a clone of Bug #1684536 +++
codecov v3 isn't activated
codecov/codecov-action@v3 is not allowed to be used in mozilla/sccache. Actions in this workflow must be: within a repository that belongs to your Enterprise account, created by GitHub, or matching the following: !/mozilla/, !mozilla/, ./**, 10up/wpcs-action@, aws-actions/, codecov/codecov-action@v2, docker/, pypa/gh-action-pypi-publish@v1.4.2, slackapi/slack-github-action@, google-github-actions/, erlef/setup-beam@v1, yesolutions/mirror-action@.
Assignee | ||
Comment 1•2 years ago
|
||
Correct, per the bug 1743848 secops only allowed @v2 to be enabled.
NI'd Secops - Can I remove the restriction to v2, or should I add another line explicitly allowing v3? (Or some other scheme?)
Go ahead and remove the version restriction -- codecov
is a known commodity. When we did the first round of approval, I wasn't sure how actions were going to play out, so went with ultra conservatism.
Assignee | ||
Comment 3•2 years ago
|
||
codecov/codecov-action@v2,
changed to codecov/codecov-action,
In the allow actions list
You should be good to go. Let me know if there's problems.
Reporter | ||
Comment 4•2 years ago
|
||
Are you sure? I still see:
codecov/codecov-action@v3 is not allowed to be used in mozilla/sccache. Actions in this workflow must be: within a repository that belongs to your Enterprise account, created by GitHub, or matching the following: !/mozilla/**, !mozilla/**, ./**, 10up/wpcs-action@*, aws-actions/*, docker/*, pypa/gh-action-pypi-publish@v1.4.2, slackapi/slack-github-action@*, google-github-actions/*, erlef/setup-beam@v1, yesolutions/mirror-action@*, codecov/codecov-action.
Reporter | ||
Updated•2 years ago
|
Reporter | ||
Comment 5•2 years ago
|
||
started 3 minutes ago:
https://github.com/mozilla/sccache/actions/runs/2866029256
Assignee | ||
Comment 6•2 years ago
|
||
While I'm certain that is what I changed, I assumed not mentioning the version would mean any is allowed - I have now modified it to explicitly allow any version.
codecov/codecov-action,
-> codecov/codecov-action@*,
This does match some other action permit string styles I see - so I'm much more confident this will work.
Apologies for the runaround.
Let me know if that starts working, or if we need to adjust further.
Reporter | ||
Comment 7•2 years ago
|
||
yeah, fixed, thanks :)
Comment 8•2 years ago
|
||
Just a quick follow-up. I have it integrated now but when Codecov posts a report on a PR it says:
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more
Example PR here: https://github.com/mozmeao/basket/pull/1024
In that "Learn more" link, it says, "If you see this notification and you are not an administrator, we ask that you inform your organization administrator of the need to install the Codecov GitHub App Integration." and "Once we are confident that a switch would negatively impact less than 5% of our user base, we will announce a timeline for full deprecation of the GitHub Oauth App."
Thanks!
Comment 9•2 years ago
|
||
Sorry, the above comment was intended to be a comment on bug 1827707 for mozmeao/basket.
Assignee | ||
Comment 10•2 years ago
|
||
(Responded in the intended bug)
Description
•