Closed dependabot[bot] closed 5 months ago
Like https://github.com/python/bedevere/pull/623#issuecomment-1920971321:
This has a breaking change which affects us, requiring setting a token due to rate limiting:
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 100.00%. Comparing base (
9521cbd
) to head (d0ba01c
). Report is 15 commits behind head on main.
@@ Coverage Diff @@
## main #681 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 6 6
Lines 357 357
Branches 29 29
=========================================
Hits 357 357
Flag | Coverage Δ | |
---|---|---|
Python_3.11 | 100.00% <ø> (ø) |
|
Python_3.12 | 100.00% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
I already merged a couple of Dependabot PRs with the token set via with:
instead of env:
(for example, https://github.com/python/cherry-picker/pull/113).
https://github.com/codecov/feedback/issues/112#issuecomment-1919917567 says only env:
works, but those PRs did work. Maybe they showed as working because I did the last commit, or because it was read from org Dependabot secrets not org actions secrets?
Well, let's use env:
for the future PRs and we can change the old with:
ones later if needed.
Well, let's use
env:
for the future PRs and we can change the oldwith:
ones later if needed.
It might not matter here, but IIRC using env
exposes the token globally (see https://docs.github.com/en/actions/learn-github-actions/variables#about-variables), so with
might be better.
These are secrets rather than plain variables.
The value is masked at https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:13 :
env:
FORCE_COLOR: 1
pythonLocation: /opt/hostedtoolcache/Python/3.11.9/x[6](https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:6)4
PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.11.9/x64/lib/pkgconfig
Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.11.9/x64
Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.11.[9](https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:9)/x64
Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.11.9/x64
LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.[11](https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:11).9/x64/lib
CODECOV_TOKEN: ***
In org settings (https://github.com/organizations/hugovk-test-org/settings/secrets/actions) there are separate boxes for secret and variables, and it says:
Secrets and variables allow you to manage reusable configuration data. Secrets are encrypted and are used for sensitive data. Learn more about encrypted secrets. Variables are shown as plain text and are used for non-sensitive data. Learn more about variables.
Anyone with collaborator access to the repositories with access to a secret or variable can use it for Actions. They are not passed to workflows that are triggered by a pull request from a fork.
For Dependabot (https://github.com/organizations/hugovk-test-org/settings/secrets/dependabot) there are only secrets:
Secrets are credentials that are encrypted. Anyone with collaborator access to the repositories with access to each secret can use it for Dependabot.
Secrets are not passed to forks.
Bumps codecov/codecov-action from 3 to 4.
Release notes
Sourced from codecov/codecov-action's releases.
... (truncated)
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
f30e495
fix: update action.yml (#1240)a7b945c
fix: allow for other archs (#1239)98ab2c5
Update package.json (#1238)43235cc
Update README.md (#1237)0cf8684
chore(ci): bump to node20 (#1236)8e1e730
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 6.19.1 to 6.20.0 ...61293af
build(deps-dev): bump@typescript-eslint/parser
from 6.19.1 to 6.20.0 (#1235)7a070cb
build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#1231)9097165
build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#1232)ac042ea
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 6.19.0 to 6.19.1 ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show