Skip to content

ci: pin codecov action to SHA and add timeout to PR title validation#189

Merged
askpt merged 1 commit intomainfrom
repo-assist/ci-harden-codecov-timeout-dd57dd1bed4cd106
Mar 8, 2026
Merged

ci: pin codecov action to SHA and add timeout to PR title validation#189
askpt merged 1 commit intomainfrom
repo-assist/ci-harden-codecov-timeout-dd57dd1bed4cd106

Conversation

@askpt
Copy link
Owner

@askpt askpt commented Mar 8, 2026

  • Pin codecov/codecov-action from floating @v5 tag to commit SHA
    671740ac38dd9b0130fbe1cec585b89eea48d3de (v5.5.2) for supply chain security
  • Add timeout-minutes: 5 to validate_pr_title job to prevent stuck runs

Closes #188

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

@askpt
ci: pin codecov action to SHA and add timeout to PR title validation
a5052f1 
- Pin codecov/codecov-action from floating @v5 tag to commit SHA
  671740ac38dd9b0130fbe1cec585b89eea48d3de (v5.5.2) for supply chain security
- Add timeout-minutes: 5 to validate_pr_title job to prevent stuck runs

Closes #187

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings March 8, 2026 07:59
@askpt askpt enabled auto-merge (squash) March 8, 2026 08:00
@askpt askpt merged commit 138828c into main Mar 8, 2026
16 checks passed
@askpt askpt deleted the repo-assist/ci-harden-codecov-timeout-dd57dd1bed4cd106 branch March 8, 2026 08:00
Copilot AI reviewed Mar 8, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

CI hardening update for the VS Code extension repo’s GitHub Actions workflows, aligning Codecov with the repo’s supply-chain pinning approach and preventing potential indefinite CI hangs in PR title validation.

Changes:

  • Pin codecov/codecov-action from a floating @v5 tag to a specific commit SHA (v5.5.2).
  • Add timeout-minutes: 5 to the PR title validation job.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/ci.yml Pins the Codecov action to a commit SHA to reduce supply-chain risk.
.github/workflows/validate_pr_title.yml Adds a job timeout to avoid stuck runs consuming runners indefinitely.

@codecov
Copy link

codecov bot commented Mar 8, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.17%. Comparing base (d3d4a1c) to head (a5052f1).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #189   +/-   ##
=======================================
  Coverage   59.17%   59.17%           
=======================================
  Files           6        6           
  Lines        1984     1984           
  Branches      143      143           
=======================================
  Hits         1174     1174           
  Misses        810      810

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@askpt askpt linked an issue Mar 8, 2026 that may be closed by this pull request
[ci-coach] ci: pin codecov action to SHA and add timeout to PR title validation #187
Closed
4 tasks
@github-actions github-actions bot mentioned this pull request Mar 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@askpt