Skip to content

ci: onboard Codecov with OIDC auth and org-standard config#65

Merged
kdacosta0 merged 1 commit into
mainfrom
add-codecov-coverage
May 18, 2026
Merged

ci: onboard Codecov with OIDC auth and org-standard config#65
kdacosta0 merged 1 commit into
mainfrom
add-codecov-coverage

Conversation

@kdacosta0
Copy link
Copy Markdown
Member

@kdacosta0 kdacosta0 commented May 7, 2026
edited
Loading

Summary

  • Add codecov.yml with coverage status thresholds:
    • Patch: 70% target with 5% threshold — new code in each PR must have at least 70% coverage (with 5% tolerance)
    • Project: auto target, informational only — tracks overall project coverage trend without blocking PRs
  • Enable OIDC token auth (id-token: write, use_oidc: true) in the existing unit-tests.yml workflow for Codecov uploads — no separate coverage workflow needed

Prerequisites

CODECOV_TOKEN must be configured as a repository secret in GitHub (Settings > Secrets and variables > Actions). Obtain the token from codecov.io after adding the repository.

Test Plan

  • Verify the existing Unit Tests workflow uploads coverage to Codecov via OIDC
  • Verify coverage.out is ignored by git (covered by existing *.out pattern in .gitignore)
  • Verify Codecov receives the coverage report after a workflow run
  • Verify PR status checks appear for both patch and project coverage

Implements SECURESIGN-4377

Based on the doc

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 7, 2026

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

@kdacosta0 kdacosta0 marked this pull request as draft May 14, 2026 11:31
@kdacosta0 kdacosta0 force-pushed the add-codecov-coverage branch 2 times, most recently from e7ed5f8 to dd160b8 Compare May 15, 2026 13:53
@kdacosta0 kdacosta0 marked this pull request as ready for review May 15, 2026 14:24
@kdacosta0 kdacosta0 marked this pull request as draft May 15, 2026 15:00
@kdacosta0 kdacosta0 force-pushed the add-codecov-coverage branch from dd160b8 to 4bd4f3b Compare May 18, 2026 09:31
@kdacosta0 kdacosta0 changed the title Enable codecov coverage checks ci: onboard Codecov with OIDC auth and org-standard config May 18, 2026
@kdacosta0 kdacosta0 force-pushed the add-codecov-coverage branch from 4bd4f3b to 124b157 Compare May 18, 2026 09:34
@kdacosta0 @claude
ci: onboard Codecov with OIDC auth and org-standard config [SECURESIG…
e90df45 
…N-4377]

Add codecov.yml with patch (70%) and project (auto/informational)
thresholds. Enable OIDC token auth and use_oidc flag in the existing
unit-tests workflow instead of adding a separate coverage workflow.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@kdacosta0 kdacosta0 force-pushed the add-codecov-coverage branch from 124b157 to e90df45 Compare May 18, 2026 10:10
@kdacosta0 kdacosta0 marked this pull request as ready for review May 18, 2026 10:30
@kdacosta0 kdacosta0 merged commit 50e6202 into main May 18, 2026
28 of 45 checks passed
@kdacosta0 kdacosta0 deleted the add-codecov-coverage branch May 18, 2026 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SequeI SequeI SequeI approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kdacosta0 @codecov-commenter @SequeI