The dependabot PRs (and likely pre-commit PRs) are now set up to auto-merge, but the codecov action now fails, probably as of codecov/codecov-action@v4.4.1?
- The CODECOV_TOKEN is set in the repo Dependabot secrets
- The
test job codecov upload step does contain: token: ${{ secrets.CODECOV_TOKEN }}
One solution - implemented over in this repo - seems to be to use the workflow-call mechanism and explicitly pass secrets in to the jobs:
ImperialCollegeLondon/SWMManywhere#304
But, we'd need to refactor our current workflows into reusable jobs and calling workflows. The issue still seems to be open, so some other solution may appear:
codecov/codecov-action#1463
In the meantime, the plan is to just turn off the codecov step for bot authors. They aren't adding code, so low impact.
The
dependabotPRs (and likelypre-commitPRs) are now set up to auto-merge, but thecodecovaction now fails, probably as ofcodecov/codecov-action@v4.4.1?testjob codecov upload step does contain:token: ${{ secrets.CODECOV_TOKEN }}One solution - implemented over in this repo - seems to be to use the
workflow-callmechanism and explicitly pass secrets in to the jobs:ImperialCollegeLondon/SWMManywhere#304
But, we'd need to refactor our current workflows into reusable jobs and calling workflows. The issue still seems to be open, so some other solution may appear:
codecov/codecov-action#1463
In the meantime, the plan is to just turn off the codecov step for bot authors. They aren't adding code, so low impact.