Closed yuxincs closed 1 month ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 87.60%. Comparing base (
8ff8105
) to head (49f33ac
). Report is 1 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
We did not see the Golden Test comment because the 2nd job has to be in main branch in order for this to take effect. I have run it in my forked repository as an example https://github.com/yuxincs/nilaway/pull/2
We were facing permission issues for
GITHUB_TOKEN
in our Golden Test CI job for forked repository. This is because theGITHUB_TOKEN
by default does not have permissions to post comments by design for security reasons.The recommended way from GitHub is to break this into two parts: (1) the first job that executes the (potentially malicious) code from forked repository with limited default permission, and upload the results as a non-executable artifact, and (2) the second job that is triggered by the completion of the first job via
workflow_run
trigger. This job always runs on main branch, and has proper permissions to post comments. It downloads the artifact from (1) and posts the comment.