search

uber-go / nilaway

Static analysis tool to detect potential nil panics in Go code
Apache License 2.0
3.06k stars 60 forks source link

Fix golden test for forked repository #273

Closed yuxincs closed 1 month ago

yuxincs commented 1 month ago

We were facing permission issues for GITHUB_TOKEN in our Golden Test CI job for forked repository. This is because the GITHUB_TOKEN by default does not have permissions to post comments by design for security reasons.

The recommended way from GitHub is to break this into two parts: (1) the first job that executes the (potentially malicious) code from forked repository with limited default permission, and upload the results as a non-executable artifact, and (2) the second job that is triggered by the completion of the first job via workflow_run trigger. This job always runs on main branch, and has proper permissions to post comments. It downloads the artifact from (1) and posts the comment.

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 87.60%. Comparing base (8ff8105) to head (49f33ac). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #273 +/- ## ======================================= Coverage 87.60% 87.60% ======================================= Files 63 63 Lines 7916 7916 ======================================= Hits 6935 6935 Misses 799 799 Partials 182 182 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

yuxincs commented 1 month ago

We did not see the Golden Test comment because the 2nd job has to be in main branch in order for this to take effect. I have run it in my forked repository as an example https://github.com/yuxincs/nilaway/pull/2