Task/#364 move code coverage to its own workflow by StuartFerguson · Pull Request #365 · TransactionProcessing/Messaging

StuartFerguson · 2026-02-27T13:31:50Z

No description provided.

Removed LCOV report merging and upload steps from nightly build workflow.

This workflow runs code coverage checks on push events to the master branch and allows manual triggering. It restores NuGet packages, builds the solution, runs unit tests with coverage, merges coverage reports, and uploads them to Codacy.

+    name: "Code Coverage"
+    env:
+        ASPNETCORE_ENVIRONMENT: "Production"
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2.3.4    
+
+    - name: Restore Nuget Packages
+      run: dotnet restore MessagingService.sln --source ${{ secrets.PUBLICFEEDURL }} --source ${{ secrets.PRIVATEFEED_URL }}
+
+    - name: Build Code
+      run: dotnet build MessagingService.sln --configuration Release
+
+    - name: Run Unit Tests
+      run: |
+        echo "ASPNETCORE_ENVIRONMENT are > ${ASPNETCORE_ENVIRONMENT}"
+        dotnet test "MessagingService.BusinessLogic.Tests\MessagingService.BusinessLogic.Tests.csproj" /p:CollectCoverage=true /p:Exclude="[xunit*]*" /p:ExcludeByAttribute="Obsolete" /p:ExcludeByAttribute="GeneratedCodeAttribute" /p:ExcludeByAttribute="CompilerGeneratedAttribute" /p:ExcludeByAttribute="ExcludeFromCodeCoverageAttribute" /p:CoverletOutput="../lcov1.info" /maxcpucount:1 /p:CoverletOutputFormat="lcov"
+        dotnet test "MessagingService.EmailAggregate.Tests\MessagingService.EmailAggregate.Tests.csproj" /p:CollectCoverage=true /p:Exclude="[xunit*]*" /p:ExcludeByAttribute="Obsolete" /p:ExcludeByAttribute="GeneratedCodeAttribute" /p:ExcludeByAttribute="CompilerGeneratedAttribute" /p:ExcludeByAttribute="ExcludeFromCodeCoverageAttribute" /p:CoverletOutput="../lcov2.info" /maxcpucount:1 /p:CoverletOutputFormat="lcov"        
+        dotnet test "MessagingService.SMSAggregate.Tests\MessagingService.SMSAggregate.Tests.csproj" /p:CollectCoverage=true /p:Exclude="[xunit*]*" /p:ExcludeByAttribute="Obsolete" /p:ExcludeByAttribute="GeneratedCodeAttribute" /p:ExcludeByAttribute="CompilerGeneratedAttribute" /p:ExcludeByAttribute="ExcludeFromCodeCoverageAttribute" /p:CoverletOutput="../lcov3.info" /maxcpucount:1 /p:CoverletOutputFormat="lcov"        
+        dotnet test "MessagingService.Tests\MessagingService.Tests.csproj" /p:CollectCoverage=true /p:Exclude="[xunit*]*" /p:ExcludeByAttribute="Obsolete" /p:ExcludeByAttribute="GeneratedCodeAttribute" /p:ExcludeByAttribute="CompilerGeneratedAttribute" /p:ExcludeByAttribute="ExcludeFromCodeCoverageAttribute" /p:CoverletOutput="../lcov4.info" /maxcpucount:1 /p:CoverletOutputFormat="lcov"               
+
+    - name: Install LCOV merger
+      run: npm install -g lcov-result-merger
+
+    - name: Merge LCOV reports
+      run: |
+        mkdir -p coverage
+        lcov-result-merger "*.info" > lcov.info
+
+    - name: Upload merged coverage to Codacy
+      uses: codacy/codacy-coverage-reporter-action@v1
+      with:
+        project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+        coverage-reports: ./lcov.info  


In general, this issue is fixed by explicitly declaring a permissions: block either at the workflow root (to apply to all jobs) or inside each job, setting the minimum required scopes, typically contents: read for a build/test job that just needs to check out the code. This overrides potentially broader repository defaults and documents the workflow’s needs.

For this specific workflow, the job only checks out code, runs dotnet tests, installs an npm package, merges coverage files, and uploads to Codacy using a project token secret. None of these steps require write access to the repository via GITHUB_TOKEN. The safest minimal fix is therefore to add a root-level permissions block with contents: read so it applies to jobs.build (and any future jobs that don’t override it), without changing existing steps or behavior.

You should edit .github/workflows/codecoverage.yml near the top of the file, adding a permissions: section after the name: (line 1) and before the on: block (line 3). No imports or additional definitions are required; this is pure YAML configuration.

StuartFerguson added 2 commits February 27, 2026 13:31

Remove LCOV report steps from nightlybuild.yml

161495b

Removed LCOV report merging and upload steps from nightly build workflow.

Add code coverage workflow for CI

66ae911

This workflow runs code coverage checks on push events to the master branch and allows manual triggering. It restores NuGet packages, builds the solution, runs unit tests with coverage, merges coverage reports, and uploads them to Codacy.

StuartFerguson added the workflows label Feb 27, 2026

StuartFerguson linked an issue Feb 27, 2026 that may be closed by this pull request

Move Code Coverage to its own workflow #364

Closed

github-advanced-security AI found potential problems Feb 27, 2026

View reviewed changes

StuartFerguson merged commit 4079ece into master Feb 27, 2026
9 checks passed

github-actions Bot deleted the task/#364-move-code-coverage-to-its-own-workflow branch April 29, 2026 01:53

@@ -1,5 +1,8 @@
             name: Code Coverage
+            permissions:
+              contents: read
             on:
               push:
                 # branches to consider in the event; optional, defaults to all

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Task/#364 move code coverage to its own workflow#365

Task/#364 move code coverage to its own workflow#365
StuartFerguson merged 2 commits intomasterfrom
task/#364-move-code-coverage-to-its-own-workflow

StuartFerguson commented Feb 27, 2026

Uh oh!

Check warning

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

StuartFerguson commented Feb 27, 2026

Uh oh!

Check warning

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants