search

salesforce / TransmogrifAI

TransmogrifAI (pronounced trăns-mŏgˈrə-fī) is an AutoML library for building modular, reusable, strongly typed machine learning workflows on Apache Spark with minimal hand-tuning
https://transmogrif.ai
BSD 3-Clause "New" or "Revised" License
2.24k stars 392 forks source link

Cr/fixed codecov ver #552

Closed crupley closed 3 years ago

crupley commented 3 years ago

Related issues Refer to issue(s) addressed in this pull request from Issues page.

As the result of the recent CodeCov security breach, it would be preferred to use a fixed version rather than automatically upgrade to another potentially insecure version.

Describe the proposed solution A clear and concise description of what the changes are.

Add the CodeCov script to repo and execute the static version.

This is the advised solution from CodeCov in response to my email request:

We are working on a new version that will compile into binaries. For now you can vendor the bash script into your repo and execute it there. That way it will not change until/unless you update it.
Ticket: https://codecov.freshdesk.com/helpdesk/tickets/4907

The script added here was obtained from curl -s https://codecov.io/bash on 4/22/21

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context about the changes here.

codecov[bot] commented 3 years ago

Codecov Report

Merging #552 (8b19420) into master (44a5dce) will decrease coverage by 9.77%. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #552      +/-   ##
==========================================
- Coverage   86.79%   77.02%   -9.78%     
==========================================
  Files         347      347              
  Lines       12026    12026              
  Branches      403      403              
==========================================
- Hits        10438     9263    -1175     
- Misses       1588     2763    +1175
Impacted Files Coverage Δ
.../main/scala/com/salesforce/op/FeatureHistory.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...in/scala/com/salesforce/op/utils/table/Table.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...ala/com/salesforce/op/readers/CSVAutoReaders.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...salesforce/op/utils/json/EnumEntrySerializer.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...sforce/op/aggregators/CustomMonoidAggregator.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...sforce/op/stages/base/binary/BinaryEstimator.scala 0.00% <0.00%> (-100.00%) :arrow_down:
.../op/stages/impl/feature/TextMapNullEstimator.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...orce/op/stages/base/ternary/TernaryEstimator.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...stages/impl/feature/TimePeriodMapTransformer.scala 0.00% <0.00%> (-100.00%) :arrow_down:
...sql/execution/datasources/csv/CSVSchemaUtils.scala 0.00% <0.00%> (-100.00%) :arrow_down:
... and 76 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 44a5dce...8b19420. Read the comment docs.

tovbinm commented 3 years ago

@crupley is this the official bash script? It's worth mentioning in the ticket where the script is coming from.

crupley commented 3 years ago

@crupley is this the official bash script? It's worth mentioning in the ticket where the script is coming from.

@tovbinm Yes, this is the same script that was being used previously. I've updated the PR description to reflect this.