Skip to content

feat: enable codecov coverage checks for PRs#72

Merged
ompushkara merged 2 commits intomainfrom
SECURESIGN-4382-Enable-code-coverage
May 6, 2026
Merged

feat: enable codecov coverage checks for PRs#72
ompushkara merged 2 commits intomainfrom
SECURESIGN-4382-Enable-code-coverage

Conversation

@ompushkara
Copy link
Copy Markdown
Contributor

@ompushkara ompushkara commented May 5, 2026
edited
Loading

Summary

  • Add Codecov integration to enable automated code coverage reporting on pull requests
  • Add a GitHub Actions workflow (.github/workflows/code-coverage.yml) that runs tests with coverage on PRs and pushes to main
  • Add make test and make coverage targets to the Makefile for local development

Coverage checks enabled

Patch coverage (new/changed code)

  • Target: 70%
  • Threshold: 5% (so 65%+ passes)
  • Behavior: Will report a failing status check if new code in a PR has less than 65% coverage

Project coverage (overall repository)

  • Target: auto (tracks the existing coverage level)
  • Informational only — will never fail a build, just reports the current state

Setup required

CODECOV_TOKEN must be configured in repository secrets

  1. Go to https://app.codecov.io and sign in with your GitHub account
  2. Add the securesign/rhtas-console repository
  3. Copy the upload token from the repository settings page
  4. In GitHub, go to Settings → Secrets and variables → Actions → New repository secret
  5. Create a secret named CODECOV_TOKEN with the token value

Without this token, the coverage upload step will be skipped (it is configured with fail_ci_if_error: false so it won't block PRs).

Files changed

File Change
codecov.yml New — Codecov status check configuration
.github/workflows/code-coverage.yml New — CI workflow for test coverage
Makefile Added test and coverage targets
.gitignore Added coverage.out

Test plan

  • Verify the code-coverage workflow triggers on this PR
  • Verify make test runs locally without errors
  • Verify make coverage generates a coverage.out file locally
  • Confirm coverage.out is excluded by .gitignore
  • After configuring CODECOV_TOKEN, verify coverage reports appear on the Codecov dashboard
  • Open a test PR with new code and confirm patch coverage status check appears

🤖 Generated with Claude Code

@ompushkara
feat: enable codecov coverage checks for PRs
c6420e8 
Add Codecov integration with the following configuration:
- Patch coverage: 70% target with 5% threshold (65%+ passes)
- Project coverage: auto target, informational only (won't fail builds)

New files:
- codecov.yml: Codecov coverage status check configuration
- .github/workflows/code-coverage.yml: GitHub Actions workflow that runs
  tests with coverage on PRs and pushes to main, then uploads to Codecov

Also adds Running tests...
go test ./...
?   	github.com/securesign/rhtas-console/cmd/rhtas_console	[no test files]
?   	github.com/securesign/rhtas-console/internal/api	[no test files]
?   	github.com/securesign/rhtas-console/internal/errors	[no test files]
?   	github.com/securesign/rhtas-console/internal/models	[no test files]
?   	github.com/securesign/rhtas-console/internal/services	[no test files]
?   	github.com/securesign/rhtas-console/internal/services/verify	[no test files] and Running tests with coverage...
go test -coverprofile=coverage.out ./...
	github.com/securesign/rhtas-console/cmd/rhtas_console		coverage: 0.0% of statements
	github.com/securesign/rhtas-console/internal/api		coverage: 0.0% of statements
?   	github.com/securesign/rhtas-console/internal/errors	[no test files]
	github.com/securesign/rhtas-console/internal/models		coverage: 0.0% of statements
	github.com/securesign/rhtas-console/internal/services		coverage: 0.0% of statements
	github.com/securesign/rhtas-console/internal/services/verify		coverage: 0.0% of statements
go tool cover -func=coverage.out
github.com/securesign/rhtas-console/cmd/rhtas_console/main.go:24:		main						0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:28:		NewHandler					0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:36:		GetHealthz					0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:41:		PostApiV1ArtifactsVerify			0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:60:		GetApiV1RekorEntriesUuid			0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:74:		GetApiV1RekorPublicKey				0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:83:		GetApiV1ArtifactsArtifactPolicies		0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:97:		GetApiV1TrustConfig				0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:107:		GetApiV1TrustRootMetadata			0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:117:		GetApiV1TrustTargets				0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:127:		GetApiV1TrustTarget				0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:138:		GetApiV1TrustTargetsCertificates		0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:148:		GetApiV1TrustCoverage				0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:157:		GetApiV1SystemHealth				0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:166:		ServeSwaggerUI					0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:203:		ServeOpenAPIFile				0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:211:		writeJSON					0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:221:		writeError					0.0%
github.com/securesign/rhtas-console/internal/api/handlers.go:225:		GetApiV1ArtifactsImage				0.0%
github.com/securesign/rhtas-console/internal/api/routes.go:8:			RegisterRoutes					0.0%
github.com/securesign/rhtas-console/internal/models/models.go:639:		GetApiV1ArtifactsImage				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:645:		PostApiV1ArtifactsVerify			0.0%
github.com/securesign/rhtas-console/internal/models/models.go:651:		GetApiV1ArtifactsArtifactPolicies		0.0%
github.com/securesign/rhtas-console/internal/models/models.go:657:		GetApiV1RekorEntriesUuid			0.0%
github.com/securesign/rhtas-console/internal/models/models.go:663:		GetApiV1RekorPublicKey				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:669:		GetApiV1SystemHealth				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:675:		GetApiV1TrustConfig				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:681:		GetApiV1TrustCoverage				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:687:		GetApiV1TrustRootMetadataInfo			0.0%
github.com/securesign/rhtas-console/internal/models/models.go:693:		GetApiV1TrustTarget				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:699:		GetApiV1TrustTargets				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:705:		GetApiV1TrustTargetsCertificates		0.0%
github.com/securesign/rhtas-console/internal/models/models.go:710:		GetHealthz					0.0%
github.com/securesign/rhtas-console/internal/models/models.go:724:		GetApiV1ArtifactsImage				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:764:		PostApiV1ArtifactsVerify			0.0%
github.com/securesign/rhtas-console/internal/models/models.go:778:		GetApiV1ArtifactsArtifactPolicies		0.0%
github.com/securesign/rhtas-console/internal/models/models.go:803:		GetApiV1RekorEntriesUuid			0.0%
github.com/securesign/rhtas-console/internal/models/models.go:828:		GetApiV1RekorPublicKey				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:842:		GetApiV1SystemHealth				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:856:		GetApiV1TrustConfig				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:883:		GetApiV1TrustCoverage				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:897:		GetApiV1TrustRootMetadataInfo			0.0%
github.com/securesign/rhtas-console/internal/models/models.go:924:		GetApiV1TrustTarget				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:966:		GetApiV1TrustTargets				0.0%
github.com/securesign/rhtas-console/internal/models/models.go:993:		GetApiV1TrustTargetsCertificates		0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1020:		GetHealthz					0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1038:		Error						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1042:		Unwrap						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1051:		Error						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1055:		Unwrap						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1063:		Error						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1072:		Error						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1076:		Unwrap						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1085:		Error						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1089:		Unwrap						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1098:		Error						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1103:		Handler						0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1115:		HandlerFromMux					0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1121:		HandlerFromMuxWithBaseURL			0.0%
github.com/securesign/rhtas-console/internal/models/models.go:1129:		HandlerWithOptions				0.0%
github.com/securesign/rhtas-console/internal/services/artifact.go:21:		NewArtifactService				0.0%
github.com/securesign/rhtas-console/internal/services/artifact.go:25:		VerifyArtifact					0.0%
github.com/securesign/rhtas-console/internal/services/artifact.go:88:		GetArtifactPolicies				0.0%
github.com/securesign/rhtas-console/internal/services/artifact.go:125:		GetImageMetadata				0.0%
github.com/securesign/rhtas-console/internal/services/rekor.go:16:		NewRekorService					0.0%
github.com/securesign/rhtas-console/internal/services/rekor.go:20:		GetRekorEntry					0.0%
github.com/securesign/rhtas-console/internal/services/rekor.go:25:		GetRekorPublicKey				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:93:		NewTrustService					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:150:		GetTrustConfig					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:165:		GetTrustRootMetadataInfo			0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:220:		GetTarget					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:250:		GetCertificatesInfo				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:304:		GetAllTargets					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:337:		GetTrustCoverage				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:346:		getMockTrustCoverage				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:359:		GetSystemHealth					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:368:		getMockSystemHealth				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:382:		getOrCreateUpdater				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:439:		runBackgroundRefresh				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:511:		CloseDB						0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:520:		buildTufOptions					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:534:		fetchRootJSON					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:611:		setOptsRoot					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:622:		buildTufConfig					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:645:		extractRootMetadataInfo				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:684:		extractTargetMetadataInfo			0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:714:		extractCertDetails				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:751:		urlsEqual					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:758:		GetTargetFromTUFRepo				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:808:		syncDatabaseWithTargets				0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:859:		runMigrations					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:882:		storeTarget					0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:911:		Error						0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:915:		Unwrap						0.0%
github.com/securesign/rhtas-console/internal/services/trust.go:920:		populateTargets					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:55:	isNotFoundError					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:129:	NewVerifyOptions				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:139:	VerifyArtifact					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:249:	VerifyLayer					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:374:	VerifyAndGetSignatureView			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:430:	VerifyAndGetAttestationView			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:525:	GetImageMetadata				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:597:	extractSignatureViewFromLayer			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:724:	extractAttestationViewFromLayer			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:873:	ValidAtTime					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:877:	trustedPublicKeyMaterial			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:892:	bundleFromSigningLayer				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:930:	bundleFromSigstoreBundleLayer			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:995:	extractCertificateChainFromBundle		0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1031:	extractCertificateFromBundle			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1074:	extractDigestFromDSSE				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1123:	fetchLayerBlob					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1159:	signingLayersFromOCIImage			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1217:	getSigningLayersFromReferrers			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1255:	isBundleSignature				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1293:	fetchManifestLayers				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1343:	getBundleVerificationMaterial			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1377:	getVerificationMaterialTlogEntries		0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1465:	getVerificationMaterialTimestampEntries		0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1494:	getVerificationMaterialX509CertificateChain	0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1514:	getBundleMsgSignature				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1547:	setOptsRoot					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1572:	urlsEqual					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1579:	bundleFromAttestationLayer			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1623:	attestationLayersFromOCIImage			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1685:	getAttestationLayersFromReferrers		0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1720:	fetchAttestationManifestLayers			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1771:	getBundleDSSEEnvelope				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1809:	getSubjectDigestFromDSSE			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1874:	getSANFromCert					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1903:	isNotFound					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1913:	isAuthError					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1923:	isConnectionError				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1932:	isTransparencyLogError				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1949:	parsePEMCertificates				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:1976:	identifyCertRole				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:2005:	mergeSANs					0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:2028:	classifyIdentity				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:2063:	dedupeIdentities				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:2085:	ComputeTimeCoherenceSummary			0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:2137:	isCertChainValid				0.0%
github.com/securesign/rhtas-console/internal/services/verify/verify.go:2209:	extractTransparencyLogEntry			0.0%
total:										(statements)					0.0% targets to the Makefile,
and adds coverage.out to .gitignore.

Note: CODECOV_TOKEN must be configured in repository secrets for the
upload to work. Get the token from https://app.codecov.io.
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 5, 2026

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

@lance lance requested a review from fghanmi May 6, 2026 12:58
@ompushkara ompushkara merged commit 23bb4f7 into main May 6, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fghanmi fghanmi fghanmi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ompushkara @codecov-commenter @fghanmi