Add force-commit-sha input

[yoanm]

Simple PR adding a force-commit-sha input.

While the workaround proposed there (=relying on the CLI directly) actually works when you have to deal with workflow_run executions, it has at least one major downside. In case I want to keep the CLI version up to date, I need to either

• pin the version and manually update it. While dependabot is able to automatically detect a GitHub action
• always use the latest version but it would imply that builds won't be repeatable. A re-run may use a different version, which would decrease debugging capability

Also, workflow_run seems the most secure/reliable way to deal with forked PR, but as stated on #78 the CLI uploader doesn't correctly handle that case. So adding the input would bring a nice workaround for issues like #33, #67 or #69 for instance.

Another way to cover the case would be to update the GitHubActionProvider from the CLI uploader directly (like did there https://github.com/codacy/codacy-coverage-reporter/pull/492), in order to manage workflow_run events, but I guess it would require way more than just the few lines added there.

Feel free to suggest any updates (input name/description, etc).

[yoanm]

FYI, PR is ready for review, I opened it as draft to avoid bothering people in case you don't want it 😉 Also, I tested the update on my project (not saying I covered every cases, but most basic ones most likely)

[lolgab]

Hi @yoanm, I implemented the support for run_workflow workflows in GitHub Actions. Can you check if it works for you? If it does, I would rather not add the support to pass custom commit SHAs if possible.

[yoanm]

Hello 👋 Thanks for your work, I just checked and it now works as expected 🚀

However, I'm pretty sure adding that option would be worth the extra maintenance cost and may help people in specific cases. Including you folks 🙂, by avoiding issues like those I mentioned above, or at least by providing a quick & easy workaround to the end-user, so less work for you.

It's ultimately up to you though 😉 I let you close the PR if you believe it's not worthwhile

[yoanm]

Taking advantage of the PR to say that latest repo tag is more than 2 years old and doesn't include latest updates, not sure if it's expected or not.

I had hard time figuring out the Warning: Unexpected input(s) 'coverage-reporter-version', valid inputs are ['project-token', 'api-token', 'coverage-reports', 'language', 'force-coverage-parser'] error :|

EDIT: It doesn't even seem to be linked to anything currently on master branch actually => https://github.com/codacy/codacy-coverage-reporter-action/tree/89d6c85cfafaec52c72b6c5e8b2878d33104c699 => "This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.", a bit scary 😨