chore: Remove requirements for upload tokens #153
Conversation
Codecov ReportAttention: Patch coverage is ✅ All tests successful. No failed tests found.
📢 Thoughts on this report? Let us know! |
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found. Additional details and impacted files
☔ View full report in Codecov by Sentry. |
Bundle ReportChanges will increase total bundle size by 234.48kB ⬆️
|
Bundle ReportChanges will increase total bundle size by 154.85kB ⬆️
|
nicholas-codecov
requested review from
AbhiPrasad
and removed request for
AbhiPrasad
| "@codecov/webpack-plugin": patch | ||
| --- | ||
|
|
||
| Remove requirement for uploadToken being present adding support for tokenless uploads. |
There was a problem hiding this comment.
h: We need to update the README of the packages as well
There was a problem hiding this comment.
Hrrm trying to think of a nice way to word "this", do you think having two examples or just adjusting the current codeblock to have the same options but just commenting around the differences would be better?
There was a problem hiding this comment.
I think we should make tokenless the default snippet, and then add an extra section below about what to do if you need to use the token, but keep that at the bottom.
| * | ||
| * Example `gitService: 'github'` | ||
| */ | ||
| gitService?: ValidGitService; |
There was a problem hiding this comment.
If you add an uploadToken, you don't need a gitService right? We should update the types + docstrings for this accordingly.
There was a problem hiding this comment.
Are you talking about like a discriminated union type of sorts?
There was a problem hiding this comment.
Union would be nice, but I'm fine with only adjusting the docstring as well
| } | ||
| } else if (uploadToken) { | ||
| headers.set("Authorization", `token ${uploadToken}`); | ||
| } else { |
There was a problem hiding this comment.
these nested conditionals feel like a code smell to me, but I can't figure out a better way to address this so I wouldn't worry about it for now. Something to think about if we come back to this file
nicholas-codecov
force-pushed
the
gh-eng-2208-remove-requirements-for-upload-tokens
branch
from
c1db25d to
189178c
Compare
| codecovVitePlugin({ | ||
| enableBundleAnalysis: true, | ||
| bundleName: "@codecov/example-tokenless-app", | ||
| uploadToken: process.env.TOKENLESS_UPLOAD_TOKEN, |
There was a problem hiding this comment.
It is a little confusing to me that this tokenless example includes the token here - would it make sense to omit it?
There was a problem hiding this comment.
So tokenless only works on forked branches forkOwner:branchName, so when you're running it "locally" i.e. I make a PR and open it here, there's no forkOwner in the branch name so tokenless functionality doesn't work, but the token secret will be present. However when a user forks a repo and makes an upstream pull request the secrets aren't shared for obvious reason so that's when tokenless kicks in. It's a confusing thing that I still barely know anything about 😂
There was a problem hiding this comment.
Oooh okay I see! Got it - thanks for breaking that down!!
There was a problem hiding this comment.
(un-resolving so the thread is not hidden, good context for people)
nicholas-codecov
deleted the
gh-eng-2208-remove-requirements-for-upload-tokens
branch
Description
This PR removes the requirement for upload tokens in the plugin-core which will affect all of the plugins downstream. It also introduces some new functionality to detect the VCS provider being used, and will append that to the request body, while request the pre-signed URL.
The logic for parsing the Git Service from the CLI was sourced from: https://github.com/codecov/codecov-cli/blob/main/codecov_cli/helpers/git.py
Details for the new request body field, and requirement for the
git_servicebody param is from this PR: codecov/codecov-api#741Closes codecov/engineering-team#2208
Notable Changes