Integrate using GitLab CI

Description

I did tried to read the docs, but I am still not able to understand from where to get started.

How to integrate CodeCov with Gitlab CI?

In your test stage in the gitlab-ci.yml add in

after_script:
    - bash <(curl -s https://codecov.io/bash)

This will send the code coverage to Codecov after the script section has run

1 Like

What about the token?

Just by adding token as environment variable, will it work?

Yep. Either use the environment variable, or pass in the token to the script via -t <TOKEN>

bash <(curl -s https://codecov.io/bash) -t <TOKEN>

Hmm… seems like it worked.

But it didn’t upload any reports to the codecov dashboard.

image

Has your test runner produced the coverage reports?

It is not showing any kind of reports inside the dashboard.

msedge_phj2KsZBpg

What are you using to generate the coverage report? In JavaScript there is Istanbul, NYC and some others. Jest also comes with it built in.

For example, to cover you code using Jest:

jest --coverage

I am using this config file to run codecov in CI

codecov:
  notify:
    require_ci_to_pass: yes

coverage:
  precision: 2
  round: down
  range: "70...100"

  status:
    project: yes
    patch: yes
    changes: no

parsers:
  gcov:
    branch_detection:
      conditional: yes
      loop: yes
      method: no
      macro: no

comment:
  layout: "header, diff"
  behavior: default
  require_changes: no

I found this file content in the codecov docs.

Even after using the above file doesn’t give any results in the CodeCov dashboard.

You need to reread @eddiemoore’s last two commends.

If there is no coverage data generated by your test-suite there is nothing to upload to codecov.io and therefore nothing to show on the website.

Check the examples linked from https://docs.codecov.io/docs/supported-languages

In one of our GitLab projects, we have an issue - we’ve installed the token with the project but the token is not visible to non-maintainers of the project, so everybody who submits a Merge Request gets a failed pipeline.

The variable is configured in GitLab’s CI/CD Settings Variables without protection or masking.

It’s not clear to me how protected that token should be. What is the harm if a non-maintainer gains access to that token? Are you aware of any way to allow codecov to run in a GitLab pipeline for a merge request from a non-maintainer?

@jaraco

As long as we’re talking about the project’s " Repository Upload Token", there are no real security concerns.

With the token someone can push reports to the project on codecov, this could potentially mess-up your coverage history.

Such issues are most likely to occur with forked projects. Any commit to a fork could be added to the coverage history of the original project.
But since the commit hashes are different and not present in the main repository they should just show up as unknown commits. (At least that is what happens with GitHub hosted projects.)


GitLab
I have no experience with GitLab pipelines, but as long as they are run for the merge request, there should be no codecov specific issues.

p.s. There are three ways to supply the token.

  • Hard-coded (or as variable) supplied to the upload script (or bash uploader)
    -t xxxxxxx-xxxxxx....

  • By setting it in an environment variable called CODECOV_TOKEN.

  • Or in the codecov.yml file as:

    codecov:
      token: xxxxxxx-xxxxxx...
    

Maybe one of these works better for your situation.

1 Like