build: Upload Nuxt and SvelteKit example stats #138
Conversation
![codecov[bot]](https://avatars.githubusercontent.com/in/254?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overall, it seems like there isn't too much altering of the functionality of the code but instead removal of options. As such, my primary concerns are regarding the removed 'dryRun' settings in both the nuxt and sveltekit configurations. Also, I see process.env being used to access environment variables, which is not secure for sensitive data such as tokens. This could be improved greatly with a configuration file or using a secure vault service.
| @@ -5,7 +5,6 @@ export default defineNuxtConfig({ | |||
| [ | |||
| "@codecov/nuxt-plugin", | |||
| { | |||
| dryRun: true, | |||
There was a problem hiding this comment.
The dryRun option is removed from here. Should it be added to the environment config or is it not required anymore for the @codecov/nuxt-plugin?
| @@ -6,7 +6,6 @@ export default defineConfig({ | |||
| plugins: [ | |||
| sveltekit(), | |||
| codecovSvelteKitPlugin({ | |||
| dryRun: true, | |||
There was a problem hiding this comment.
The dryRun option is removed from here. Should it be added to the environment config or is it not required anymore for the codecovSvelteKitPlugin?
examples/nuxt/nuxt.config.ts
Outdated
| @@ -5,7 +5,6 @@ | |||
| [ | |||
| "@codecov/nuxt-plugin", | |||
| { | |||
| dryRun: true, | |||
| enableBundleAnalysis: true, | |||
| bundleName: "@codecov/example-nuxt-app", | |||
| uploadToken: process.env.VITE_UPLOAD_TOKEN, | |||
There was a problem hiding this comment.
process.env is used directly to access environment variables, which is not safe for sensitive data such as tokens. I suggest either using a configuration file that can be ignored in version control, or a secure vault service to store and access sensitive data like tokens.
Codecov ReportAll modified and coverable lines are covered by tests ✅ ✅ All tests successful. No failed tests found.
📢 Thoughts on this report? Let us know! |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files
☔ View full report in Codecov by Sentry. |
| @@ -390,8 +394,12 @@ jobs: | |||
| env: | |||
| NEXT_UPLOAD_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN_STAGING }} | |||
| NEXT_API_URL: ${{ secrets.CODECOV_STAGING_API_URL }} | |||
There was a problem hiding this comment.
For the NUXT_UPLOAD_TOKEN, it seems like we're using the production token (CODECOV_ORG_TOKEN) instead of the staging token (CODECOV_ORG_TOKEN_STAGING). If this block is for a staging environment, we might need to use the staging token.
| @@ -390,8 +394,12 @@ | |||
| env: | |||
| NEXT_UPLOAD_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN_STAGING }} | |||
| NEXT_API_URL: ${{ secrets.CODECOV_STAGING_API_URL }} | |||
| NUXT_UPLOAD_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN }} | |||
| NUXT_API_URL: ${{ secrets.CODECOV_API_URL }} | |||
| ROLLUP_UPLOAD_TOKEN: ${{ secrets.CODECOV_ORG_TOKEN_STAGING }} | |||
| ROLLUP_API_URL: ${{ secrets.CODECOV_STAGING_API_URL }} | |||
There was a problem hiding this comment.
For the SVELTEKIT_UPLOAD_TOKEN, it seems like we're using the production token (CODECOV_ORG_TOKEN) instead of the staging token (CODECOV_ORG_TOKEN_STAGING). If this block is for a staging environment, we might need to use the staging token.
| enableBundleAnalysis: true, | ||
| bundleName: "@codecov/example-nuxt-app", | ||
| uploadToken: process.env.VITE_UPLOAD_TOKEN, | ||
| apiUrl: process.env.VITE_API_URL, | ||
| uploadToken: process.env.NUXT_UPLOAD_TOKEN, |
There was a problem hiding this comment.
Good change to avoid hardcoding the uploadToken and apiUrl. Using environment variables improves security and maintains consistency with other configurations.
| bundleName: "@codecov/example-sveltekit-app", | ||
| uploadToken: process.env.SVELTEKIT_UPLOAD_TOKEN, | ||
| apiUrl: process.env.SVELTEKIT_API_URL, |
There was a problem hiding this comment.
Good change to avoid hardcoding the uploadToken. Using environment variables improves security and keeps consistency with other configurations.
Bundle ReportChanges will increase total bundle size by 2.37MB ⬆️
|
nicholas-codecov
deleted the
build-actually-upload-nuxt-and-sveltekit-stats
branch
Description
Welp forgot to remove these
dryRunsettings in the Nuxt, and SvelteKit example apps, this PR just removes those and actually uploads the stats.