From 2f0ad06b4d311106f28d9c503387c1ea791c9532 Mon Sep 17 00:00:00 2001 From: Dilum Aluthge Date: Fri, 8 Mar 2024 06:43:10 -0500 Subject: [PATCH 1/3] Codecov: set `fail_ci_if_error` to `false` iff the PR is made from a fork --- .github/workflows/ci.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74e4c14c..c3dd3057 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,9 +38,21 @@ jobs: - uses: codecov/codecov-action@v4 with: file: lcov.info - fail_ci_if_error: true - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + # This is a public repo. + # We are using v4 of the codecov-action. + # If the PR is from a fork, then Codecov allows us to use + # tokenless Codecov uploads. + # If the PR is not from a fork, then Codecov does not allow + # us to use tokenless Codecov uploads, and thus we must use + # the token. + # Tokenless Codcov uploads are prone to random failures, + # due to Codecov's servers hitting GitHub rate limits. + # Therefore: + # 1. If this CI run is not a PR run, we set `fail_ci_if_error` to `true`. + # 2. If this CI run is a PR run and the PR is not from a fork, we set `fail_ci_if_error` to `true`. + # 3. If this CI run is a PR run and the PR is from a fork, we set `fail_ci_if_error` to `false`. + fail_ci_if_error: ${{ (github.event_name != 'pull_request') || (github.repository == github.event.pull_request.head.repo.full_name) }} + token: ${{ secrets.CODECOV_TOKEN }} docs: permissions: contents: write From 97609e51520c5f09de84fa67bb406bc751c5b536 Mon Sep 17 00:00:00 2001 From: Dilum Aluthge Date: Fri, 8 Mar 2024 07:02:12 -0500 Subject: [PATCH 2/3] Edit some comments --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3dd3057..dcc88935 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,11 +41,11 @@ jobs: # This is a public repo. # We are using v4 of the codecov-action. # If the PR is from a fork, then Codecov allows us to use - # tokenless Codecov uploads. + # tokenless Codecov uploads (because the repo is public). # If the PR is not from a fork, then Codecov does not allow # us to use tokenless Codecov uploads, and thus we must use - # the token. - # Tokenless Codcov uploads are prone to random failures, + # the `CODECOV_TOKEN` token. + # Tokenless Codecov uploads are prone to random failures, # due to Codecov's servers hitting GitHub rate limits. # Therefore: # 1. If this CI run is not a PR run, we set `fail_ci_if_error` to `true`. From 868cb052f8177d93d963ed02552559ee630a03dc Mon Sep 17 00:00:00 2001 From: Dilum Aluthge Date: Fri, 8 Mar 2024 07:21:33 -0500 Subject: [PATCH 3/3] Add another comment --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dcc88935..00722b0e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,6 +52,9 @@ jobs: # 2. If this CI run is a PR run and the PR is not from a fork, we set `fail_ci_if_error` to `true`. # 3. If this CI run is a PR run and the PR is from a fork, we set `fail_ci_if_error` to `false`. fail_ci_if_error: ${{ (github.event_name != 'pull_request') || (github.repository == github.event.pull_request.head.repo.full_name) }} + # `${{ secrets.CODECOV_TOKEN }}` will be empty if the PR is from a fork, + # because GitHub does not make secrets available if the PR is from a fork + # and the base repo is public. token: ${{ secrets.CODECOV_TOKEN }} docs: permissions: