fix: add test#3980
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }} | ||
| run: | | ||
| codecovcli -v -u ${{ secrets.CODECOV_STAGING_URL }} create-commit -t ${{ secrets.CODECOV_ORG_TOKEN_STAGING }} | ||
| codecovcli -v -u ${{ secrets.CODECOV_STAGING_URL }} create-report -t ${{ secrets.CODECOV_ORG_TOKEN_STAGING }} |
There was a problem hiding this comment.
Staging step missing --fail-on-error flag
Medium Severity
The "Run Startup Staging" step is missing --fail-on-error on both create-commit and create-report commands, while all other environment steps ("Run Startup", "Run Startup QA", "Run Startup Public QA") consistently include it. This means staging failures will be silently ignored and won't fail the CI job, making it impossible to detect staging environment issues.
Reviewed by Cursor Bugbot for commit 089c49f. Configure here.
Bundle ReportBundle size has no change ✅ |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 406d4ab. Configure here.
| curl -sS -o /dev/null \ | ||
| -w "HTTP=%{http_code} ip=%{remote_ip} dns=%{time_namelookup}s conn=%{time_connect}s total=%{time_total}s\n" \ | ||
| --max-time 10 -X POST "$URL/upload/github/codecov::::gazebo/commits" \ | ||
| -H 'Authorization: token abc' || echo "curl exit=$?" |
There was a problem hiding this comment.
Debug network diagnostics step appears accidentally committed
Medium Severity
The "Debug CODECOV_STAGING_URL network" step looks like temporary debugging infrastructure (DNS lookups, TLS handshake checks, curl diagnostics) that was used to troubleshoot a staging connectivity issue. It also lacks the if guard present on all other steps, meaning it runs unconditionally — including on fork PRs where the secret is empty. This step exposes the derived staging hostname in public CI logs since GitHub Actions only auto-masks the original secret value, not substrings derived from it.
Reviewed by Cursor Bugbot for commit 406d4ab. Configure here.
1 participant
Description
Code Example
Notable Changes
Screenshots
Link to Sample Entry
Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.
Note
Low Risk
Low risk: changes are limited to GitHub Actions CI workflow, mainly adding a new diagnostic/startup job; primary impact is potential CI noise/time and exposure of basic network metadata in logs.
Overview
Adds a new CI job,
codecov-startup-test, to validate Codecov CLI “startup” calls across production/staging/QA/public-QA and to debug connectivity toCODECOV_STAGING_URL(DNS resolution, TLS handshake, and simple HTTP GET/POST timing).The new job runs only for non-fork PRs under the
codecovorg and installs the CLI before executingcreate-commit/create-reportagainst the configured endpoints.Reviewed by Cursor Bugbot for commit 406d4ab. Bugbot is set up for automated code reviews on this repo. Configure here.