Skip to content

Commit 37931e8

Browse files
ci: add coverage workflows (per-module + global gcovr, two-stage) (nasa#5167)
* ci: add coverage workflows (per-module + global gcovr) Adds two GitHub Actions workflows under .github/workflows/ that call the shared nasa/fprime-actions/coverage-common composite action: coverage-check.yml - PR job. Triggers on pull_request to devel. Computes per-module + global coverage on the PR head, then writes a sticky comment to the PR with the delta vs. the baseline stored at nasa/fprime-coverage's coverage/<base_ref> branch. coverage-update.yml - Push job. Triggers on push to devel. Computes coverage on the new tip and mirrors it into nasa/fprime-coverage at coverage/devel for future PR-jobs to baseline against. Both workflows pin runs-on: ubuntu-24.04 because gcov-11 (the default on ubuntu-22.04) has counter-overflow bugs (gcc#68080) and pathological slowness on heavily-templated test code; gcov-13 (the default on ubuntu-24.04) fixes both regressions. See the runner-version section in nasa/fprime-actions/coverage-common/README.md for details. For v1 the workflows are comment-only -- no merge gating, no required status check. The sticky PR comment surfaces global headline coverage + per-module table + Largest Changes table so reviewers and the PR author can see the impact of their changes without leaving the PR. The PR comment renders module rows for every register_fprime_module(...) directory that also declares register_fprime_ut(...). Modules whose UT build fails (or whose gcovr run fails) surface as 'no coverage' rows rather than killing the job (lenient by default; the action exposes a 'strict: true' input for callers that want hard gating). Touches only the .github/ tree and the spell-check expect list. No runtime code or tests are modified. * ci(coverage): split into pull_request + workflow_run stages Cross-fork PRs (e.g. JPL-Devin/fprime -> nasa/fprime) cannot post a sticky coverage comment from the pull_request workflow: GitHub strips write permissions from GITHUB_TOKEN on fork-triggered pull_request events, so the POST returns 403 'Resource not accessible by integration' regardless of what permissions: block requests. Adopt the GitHub-recommended two-stage pattern matching the upstream nasa/fprime-actions split (coverage-check + coverage-comment): coverage-check.yml (event: pull_request) Runs on fork content with permissions: contents: read only. coverage-check@devel now generates the comment + regressions data and uploads them as a workflow artifact (also writes the body to GITHUB_STEP_SUMMARY so reviewers see the data on the Actions run page). Drop pull-requests: write from the permissions block since it is no longer needed and is silently ignored on fork PRs anyway. coverage-comment.yml (event: workflow_run) [new file] Triggered when Coverage Check completes successfully on a pull_request event. Runs under the base repo's elevated token with permissions: actions: read + pull-requests: write. Calls coverage-comment@devel, which downloads the artifact from the triggering run and upserts the sticky comment. Safe to grant write because no fork code executes here. The two-stage pattern means coverage-comment.yml must itself be on nasa/fprime's default branch before workflow_run can fire it. For this PR that means: the artifact-upload + step-summary path will run on every push, but the actual PR comment will start posting only on PRs landing AFTER this change merges to devel. This is an unavoidable consequence of workflow_run requiring the listener workflow file to exist on the default branch. --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
1 parent 6a9b2c6 commit 37931e8

3 files changed

Lines changed: 139 additions & 0 deletions

File tree

.github/actions/spelling/expect.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -294,6 +294,7 @@ FWCASSERT
294294
gcda
295295
gcgandhi
296296
gcov
297+
gcovr
297298
gdiplus
298299
GENHUB
299300
gettime
Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
# Per-module + global code coverage check for pull requests.
2+
#
3+
# Generates coverage for every module that calls register_fprime_module(),
4+
# compares against the matching coverage/<base_ref> baseline branch, and
5+
# uploads the resulting comment body as a workflow artifact. The
6+
# sticky PR comment itself is posted by a separate workflow_run job
7+
# (.github/workflows/coverage-comment.yml) that runs with
8+
# pull-requests: write under the base repo's token.
9+
#
10+
# This two-stage split is the GitHub-recommended pattern for
11+
# commenting on PRs opened from forks: GitHub strips write permissions
12+
# from GITHUB_TOKEN on fork-triggered pull_request events, so this
13+
# workflow (which runs on fork content) only ever needs read access.
14+
# See nasa/fprime-actions/coverage-comment/README.md for the rationale.
15+
#
16+
# The push-side counterpart that writes the baseline branch lives in
17+
# .github/workflows/coverage-update.yml and runs with contents: write.
18+
#
19+
# See nasa/fprime-actions/coverage-check/README.md for input documentation.
20+
21+
name: "Coverage Check"
22+
23+
on:
24+
pull_request:
25+
branches: [ devel, release/** ]
26+
paths-ignore:
27+
- 'docs/**'
28+
- '**.md'
29+
- '.github/ISSUE_TEMPLATE/**'
30+
31+
permissions:
32+
contents: read
33+
34+
concurrency:
35+
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
36+
cancel-in-progress: true
37+
38+
jobs:
39+
coverage-check:
40+
name: "Coverage [PR]"
41+
# ubuntu-24.04 ships gcov-13, which is required: gcov-11 (Ubuntu
42+
# 22.04 default) has counter-overflow bugs and pathological slowness
43+
# on heavily-templated test code that can turn a 30 s coverage run
44+
# into a 30+ min one. See nasa/fprime-actions/coverage-common's
45+
# README for details.
46+
runs-on: ubuntu-24.04
47+
timeout-minutes: 90
48+
steps:
49+
- name: "Checkout F' Repository"
50+
uses: actions/checkout@v4
51+
with:
52+
fetch-depth: 0
53+
submodules: true
54+
- name: "Setup F' Tools"
55+
uses: nasa/fprime-actions/setup@devel
56+
with:
57+
location: ${{ github.workspace }}
58+
- name: "Generate + Build UTs"
59+
uses: nasa/fprime-actions/run-unit-tests@devel
60+
with:
61+
run-check: 'false'
62+
jobs: random
63+
- name: "Coverage (common)"
64+
id: cov
65+
uses: nasa/fprime-actions/coverage-common@devel
66+
with:
67+
working-directory: ${{ github.workspace }}
68+
- name: "Coverage check"
69+
uses: nasa/fprime-actions/coverage-check@devel
70+
with:
71+
working-directory: ${{ github.workspace }}
72+
modules-jsonl: ${{ steps.cov.outputs.modules-jsonl }}
Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
# Per-module + global code coverage update for pushes / tags.
2+
#
3+
# Generates coverage for every module that calls register_fprime_module()
4+
# and writes the outputs to a per-base-branch orphan branch named
5+
# coverage/<ref-name> (e.g. coverage/devel, coverage/release/v4.2.0,
6+
# coverage/v4.2.0). This branch is what the PR-side workflow
7+
# (coverage-check.yml) compares against.
8+
#
9+
# Top-level permissions are scoped to exactly what the action needs:
10+
# contents: write — push commits to the baseline branch
11+
#
12+
# The PR-side counterpart that posts the comment lives in
13+
# .github/workflows/coverage-check.yml and runs with contents: read.
14+
#
15+
# See nasa/fprime-actions/coverage-update/README.md for input documentation.
16+
17+
name: "Coverage Update"
18+
19+
on:
20+
push:
21+
branches: [ devel, release/** ]
22+
tags: [ 'v*' ]
23+
workflow_dispatch:
24+
25+
permissions:
26+
contents: write
27+
28+
concurrency:
29+
group: ${{ github.workflow }}-${{ github.ref }}
30+
cancel-in-progress: true
31+
32+
jobs:
33+
coverage-update:
34+
name: "Coverage [push]"
35+
# ubuntu-24.04 ships gcov-13, which is required: gcov-11 (Ubuntu
36+
# 22.04 default) has counter-overflow bugs and pathological slowness
37+
# on heavily-templated test code that can turn a 30 s coverage run
38+
# into a 30+ min one. See nasa/fprime-actions/coverage-common's
39+
# README for details.
40+
runs-on: ubuntu-24.04
41+
timeout-minutes: 90
42+
steps:
43+
- name: "Checkout F' Repository"
44+
uses: actions/checkout@v4
45+
with:
46+
fetch-depth: 0
47+
submodules: true
48+
- name: "Setup F' Tools"
49+
uses: nasa/fprime-actions/setup@devel
50+
with:
51+
location: ${{ github.workspace }}
52+
- name: "Generate + Build UTs"
53+
uses: nasa/fprime-actions/run-unit-tests@devel
54+
with:
55+
run-check: 'false'
56+
jobs: random
57+
- name: "Coverage (common)"
58+
id: cov
59+
uses: nasa/fprime-actions/coverage-common@devel
60+
with:
61+
working-directory: ${{ github.workspace }}
62+
- name: "Coverage update"
63+
uses: nasa/fprime-actions/coverage-update@devel
64+
with:
65+
working-directory: ${{ github.workspace }}
66+
modules-jsonl: ${{ steps.cov.outputs.modules-jsonl }}

0 commit comments

Comments
 (0)