Skip to content

fix: add test #3980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
thomasrockhu-codecov wants to merge 5 commits into
base: main
Choose a base branch
from
+66 −0
Open

fix: add test #3980

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8e4f56c
fix: add test
thomasrockhu-codecov May 20, 2026
089c49f
fix: remove secrets
thomasrockhu-codecov May 20, 2026
7b8755e
fix: debug STAGING_URL
thomasrockhu-codecov May 21, 2026
9ddacae
fix: debug network
thomasrockhu-codecov May 21, 2026
406d4ab
fix: tabs
thomasrockhu-codecov May 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,72 @@ jobs:
uses: codecov/gha-workflows/.github/workflows/codecov-startup.yml@v1.2.14
secrets: inherit

codecov-startup-test:
name: Codecov Startup - Test
needs: install
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 2
submodules: 'recursive'
- name: Install CLI
if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }}
run: |
make test_env.install_cli
- name: Debug CODECOV_STAGING_URL network
run: |
URL='${{ secrets.CODECOV_STAGING_URL }}'
HOST="$(printf '%s' "$URL" | sed -E 's|^https?://||; s|[/:].*$||')"
echo "host = $HOST"

echo "=== getent (libc resolver) ==="
getent hosts "$HOST" || echo "getent: NXDOMAIN"

echo "=== dig system resolver ==="
dig +short "$HOST" || true

echo "=== dig @8.8.8.8 ==="
dig +short @8.8.8.8 "$HOST" || true

echo "=== TCP/TLS handshake ==="
timeout 5 openssl s_client -servername "$HOST" -connect "$HOST:443" </dev/null 2>&1 \
| grep -E 'CONNECTED|subject=|issuer=|Verify return|errno' | head

echo "=== HTTPS GET / ==="
curl -sS -o /dev/null \
-w "HTTP=%{http_code} ip=%{remote_ip} dns=%{time_namelookup}s conn=%{time_connect}s total=%{time_total}s\n" \
--max-time 10 "$URL/" || echo "curl exit=$?"

echo "=== HTTPS POST /upload/... ==="
curl -sS -o /dev/null \
-w "HTTP=%{http_code} ip=%{remote_ip} dns=%{time_namelookup}s conn=%{time_connect}s total=%{time_total}s\n" \
--max-time 10 -X POST "$URL/upload/github/codecov::::gazebo/commits" \
-H 'Authorization: token abc' || echo "curl exit=$?"

@cursor cursor Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debug network diagnostics step appears accidentally committed

Medium Severity

The "Debug CODECOV_STAGING_URL network" step looks like temporary debugging infrastructure (DNS lookups, TLS handshake checks, curl diagnostics) that was used to troubleshoot a staging connectivity issue. It also lacks the if guard present on all other steps, meaning it runs unconditionally — including on fork PRs where the secret is empty. This step exposes the derived staging hostname in public CI logs since GitHub Actions only auto-masks the original secret value, not substrings derived from it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 406d4ab. Configure here.

- name: Run Startup
if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }}
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN }}
run: |
codecovcli -u ${{ secrets.CODECOV_URL }} create-commit --fail-on-error
codecovcli -u ${{ secrets.CODECOV_URL }} create-report --fail-on-error
- name: Run Startup Staging
if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }}
run: |
codecovcli -v -u ${{ secrets.CODECOV_STAGING_URL }} create-commit -t ${{ secrets.CODECOV_ORG_TOKEN_STAGING }}
codecovcli -v -u ${{ secrets.CODECOV_STAGING_URL }} create-report -t ${{ secrets.CODECOV_ORG_TOKEN_STAGING }}

@cursor cursor Bot May 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Staging step missing --fail-on-error flag

Medium Severity

The "Run Startup Staging" step is missing --fail-on-error on both create-commit and create-report commands, while all other environment steps ("Run Startup", "Run Startup QA", "Run Startup Public QA") consistently include it. This means staging failures will be silently ignored and won't fail the CI job, making it impossible to detect staging environment issues.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 089c49f. Configure here.

Comment thread
cursor[bot] marked this conversation as resolved.
- name: Run Startup QA
if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }}
run: |
codecovcli -u ${{ secrets.CODECOV_QA_URL }} create-commit -t ${{ secrets.CODECOV_QA_TOKEN }} --fail-on-error
codecovcli -u ${{ secrets.CODECOV_QA_URL }} create-report -t ${{ secrets.CODECOV_QA_TOKEN }} --fail-on-error
- name: Run Startup Public QA
if: ${{ !github.event.pull_request.head.repo.fork && github.repository_owner == 'codecov' }}
run: |
codecovcli -u ${{ secrets.CODECOV_PUBLIC_QA_URL }} create-commit -t ${{ secrets.CODECOV_PUBLIC_QA_TOKEN }} --fail-on-error
codecovcli -u ${{ secrets.CODECOV_PUBLIC_QA_URL }} create-report -t ${{ secrets.CODECOV_PUBLIC_QA_TOKEN }} --fail-on-error

runner-indexes-vitest:
runs-on: ubuntu-latest
name: Generate runner indexes Vitest
Expand Down
Loading