Closed SteveBush closed 2 years ago
I'm going to add codecov tool integrity checks to this before merging.
Makes sense. I didn’t add them because the original bash script didn’t validate the integrity of the downloaded script.
From: Andrew Arnott @.> Sent: Saturday, June 18, 2022 11:24 AM To: AArnott/Library.Template @.> Cc: Steve Bush @.>; Author @.> Subject: Re: [AArnott/Library.Template] CodeCov binary uploader (PR #164)
I'm going to add codecov tool integrity checks to this before merging.
— Reply to this email directly, view it on GitHubhttps://github.com/AArnott/Library.Template/pull/164#issuecomment-1159532474, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAVLFOXQ6YPCMBO2OW37J43VPYH5LANCNFSM5Y327BOQ. You are receiving this because you authored the thread.Message ID: @.**@.>>
the original bash script didn’t validate the integrity of the downloaded script.
Totally understandable. You were going for parity. I just figured as long as we're developing this area and giving it a script, we ought to account for the latest best practices.
The original bash script comes from the same untrusted server, so it validating itself or what it downloads would be kinda pointless. In the past, this bash script (or the uploader?) was compromised and servers that used that script ran evil code. This validation step is the best practice now so that even if their server is compromised in the future, only code signed by their private key will ever be executed.
Replaces the bash CodeCov uploader with the latest binary version. A PowerShell script downloads the latest codecov binary. Another PowerShell script collects and uploads code coverage artifact files to CodeCov.io. You can pass flags and a coverage report name as parameters.