hugovk
commented
7 months ago Like https://github.com/python/bedevere/pull/623#issuecomment-1920971321:
This has a breaking change which affects us, requiring setting a token due to rate limiting:
Closed dependabot[bot] closed 5 months ago
hugovk
commented
7 months ago Like https://github.com/python/bedevere/pull/623#issuecomment-1920971321:
This has a breaking change which affects us, requiring setting a token due to rate limiting:
codecov[bot]
commented
5 months ago All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 100.00%. Comparing base (
9521cbd) to head (d0ba01c). Report is 15 commits behind head on main.
@@ Coverage Diff @@
## main #681 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 6 6
Lines 357 357
Branches 29 29
=========================================
Hits 357 357 | Flag | Coverage Δ | |
|---|---|---|
| Python_3.11 | 100.00% <ø> (ø) |
|
| Python_3.12 | 100.00% <ø> (ø) |
Flags with carried forward coverage won't be shown. Click here to find out more.
hugovk
commented
5 months ago I already merged a couple of Dependabot PRs with the token set via with: instead of env: (for example, https://github.com/python/cherry-picker/pull/113).
https://github.com/codecov/feedback/issues/112#issuecomment-1919917567 says only env: works, but those PRs did work. Maybe they showed as working because I did the last commit, or because it was read from org Dependabot secrets not org actions secrets?
Well, let's use env: for the future PRs and we can change the old with: ones later if needed.
ezio-melotti
commented
5 months ago Well, let's use
env:for the future PRs and we can change the oldwith:ones later if needed.
It might not matter here, but IIRC using env exposes the token globally (see https://docs.github.com/en/actions/learn-github-actions/variables#about-variables), so with might be better.
hugovk
commented
5 months ago These are secrets rather than plain variables.
The value is masked at https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:13 :
env:
FORCE_COLOR: 1
pythonLocation: /opt/hostedtoolcache/Python/3.11.9/x[6](https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:6)4
PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.11.9/x64/lib/pkgconfig
Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.11.9/x64
Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.11.[9](https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:9)/x64
Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.11.9/x64
LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.[11](https://github.com/python/miss-islington/actions/runs/8633628202/job/23667136003?pr=681#step:6:11).9/x64/lib
CODECOV_TOKEN: ***In org settings (https://github.com/organizations/hugovk-test-org/settings/secrets/actions) there are separate boxes for secret and variables, and it says:
Secrets and variables allow you to manage reusable configuration data. Secrets are encrypted and are used for sensitive data. Learn more about encrypted secrets. Variables are shown as plain text and are used for non-sensitive data. Learn more about variables.
Anyone with collaborator access to the repositories with access to a secret or variable can use it for Actions. They are not passed to workflows that are triggered by a pull request from a fork.
For Dependabot (https://github.com/organizations/hugovk-test-org/settings/secrets/dependabot) there are only secrets:
Secrets are credentials that are encrypted. Anyone with collaborator access to the repositories with access to each secret can use it for Dependabot.
Secrets are not passed to forks.
Bumps codecov/codecov-action from 3 to 4.
Release notes
Sourced from codecov/codecov-action's releases.
... (truncated)
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
f30e495fix: update action.yml (#1240)a7b945cfix: allow for other archs (#1239)98ab2c5Update package.json (#1238)43235ccUpdate README.md (#1237)0cf8684chore(ci): bump to node20 (#1236)8e1e730build(deps-dev): bump@typescript-eslint/eslint-pluginfrom 6.19.1 to 6.20.0 ...61293afbuild(deps-dev): bump@typescript-eslint/parserfrom 6.19.1 to 6.20.0 (#1235)7a070cbbuild(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#1231)9097165build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#1232)ac042eabuild(deps-dev): bump@typescript-eslint/eslint-pluginfrom 6.19.0 to 6.19.1 ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show