From cf9ba0ee2394b28fe775670b747f6fbb565d5549 Mon Sep 17 00:00:00 2001
From: Miguel Guthridge <hdsq@outlook.com.au>
Date: Fri, 29 Sep 2023 17:05:48 +1000
Subject: [PATCH 1/5] Add coverage comment to workflow

---
 .github/workflows/python-app.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 2e92302..37175bb 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -26,9 +26,19 @@ jobs:
     - name: Test with pytest
       run: |
         poetry run coverage run -m pytest
-    - name: Generate code coverage report
+    - name: Print coverage output
       run: |
         poetry run coverage report
+    - name: Generate code coverage report
+      if: ${{ github.event_name == 'pull_request' }}
+      run: |
+        poetry run coverage xml
+    - name: Create code coverage comment
+      if: ${{ github.event_name == 'pull_request' }}
+      uses: orgoro/coverage@v3
+      with:
+          coverageFile: coverage.xml
+          token: ${{ secrets.GITHUB_TOKEN }}
 
   Flake8:
     runs-on: ubuntu-latest

From 06572cb195aa243bf53e3304430eea06d78e7bce Mon Sep 17 00:00:00 2001
From: Miguel Guthridge <hdsq@outlook.com.au>
Date: Fri, 29 Sep 2023 17:07:22 +1000
Subject: [PATCH 2/5] Update cache actions

---
 .github/workflows/python-app.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 37175bb..c8f611c 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -17,7 +17,7 @@ jobs:
       with:
         python-version: 3.11
     - uses: Gr1N/setup-poetry@v8
-    - uses: actions/cache@v2
+    - uses: actions/cache@v3
       with:
         path: ~/.cache/pypoetry/virtualenvs
         key: ${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }}
@@ -51,7 +51,7 @@ jobs:
       with:
         python-version: 3.11
     - uses: Gr1N/setup-poetry@v8
-    - uses: actions/cache@v2
+    - uses: actions/cache@v3
       with:
         path: ~/.cache/pypoetry/virtualenvs
         key: ${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }}
@@ -72,7 +72,7 @@ jobs:
       with:
         python-version: 3.11
     - uses: Gr1N/setup-poetry@v8
-    - uses: actions/cache@v2
+    - uses: actions/cache@v3
       with:
         path: ~/.cache/pypoetry/virtualenvs
         key: ${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }}

From f96b4684126ec6c8d5393fbd096b697d235b143a Mon Sep 17 00:00:00 2001
From: Miguel Guthridge <hdsq@outlook.com.au>
Date: Fri, 29 Sep 2023 17:08:49 +1000
Subject: [PATCH 3/5] Make workflow run on pull request

---
 .github/workflows/python-app.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index c8f611c..44d4a94 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -3,7 +3,11 @@
 
 name: Test and Lint
 
-on: [push]
+on:
+  pull_request:
+      branches:
+        - main
+  push:
 
 jobs:
   Pytest:

From 553968dd28667e0a222e7843c1ec22b4dd135ad0 Mon Sep 17 00:00:00 2001
From: Miguel Guthridge <hdsq@outlook.com.au>
Date: Fri, 29 Sep 2023 17:09:35 +1000
Subject: [PATCH 4/5] Only run on pushes to main

---
 .github/workflows/python-app.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 44d4a94..841d1d5 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -5,9 +5,11 @@ name: Test and Lint
 
 on:
   pull_request:
-      branches:
-        - main
+    branches:
+      - main
   push:
+    branches:
+      - main
 
 jobs:
   Pytest:

From 769c024e5d72b5ff2a5ed9fd14ab5e07b956688d Mon Sep 17 00:00:00 2001
From: Miguel Guthridge <hdsq@outlook.com.au>
Date: Fri, 29 Sep 2023 17:11:36 +1000
Subject: [PATCH 5/5] Add permissions to write to PRs

---
 .github/workflows/python-app.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 841d1d5..7135624 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -11,6 +11,14 @@ on:
     branches:
       - main
 
+# Yoinked from https://github.com/MTES-MCT/apilos/pull/854/files
+# Explicitely set permissions to allow Dependabot workflow runs to write in the PR
+# for coverage's reporting.
+# By default, these are read-only when the actions are ran by Dependabot
+# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions
+permissions:
+  pull-requests: write
+
 jobs:
   Pytest:
     runs-on: ubuntu-latest