Skip to content

ci(codecov): complete Codecov integration#168

Merged
EffortlessSteven merged 6 commits into
mainfrom
claude/fix-codecov-shipper-SNm1l
May 7, 2026
Merged

ci(codecov): complete Codecov integration#168
EffortlessSteven merged 6 commits into
mainfrom
claude/fix-codecov-shipper-SNm1l

Conversation

@EffortlessSteven

@EffortlessSteven EffortlessSteven commented May 7, 2026

Copy link
Copy Markdown
Member

Summary

Implements Codecov for shipper through six focused, SRP commits:

  1. Extract coverage from required CI into dedicated advisory workflow
  2. Add quiet Codecov config (advisory-only, no comments)
  3. Add README badges (CI, Codecov, MSRV, License)
  4. Add coverage documentation with claim boundaries
  5. Add coverage receipt artifact for audit trail
  6. Fix security vulnerability (rustls-webpki RUSTSEC-2026-0104)

Coverage is now opt-in for ordinary PRs (labeled coverage or full-ci), reducing CI cost while preserving execution-surface visibility on main and dispatch.

CI economics

  • Default PR LEM impact: 0 → Coverage no longer required
  • Main branch impact: Consistent; runs on every push
  • Branch protection impact: None — Codecov is advisory-only
  • Failure mode caught: Coverage regressions visible on demand
  • Cost reduction: ~15 min per ordinary PR (llvm-cov + instrumentation)
  • Rollback path: Delete coverage.yml and codecov.yml; restore job to ci.yml

Technical details

Extract coverage workflow

  • Triggers: main push, workflow_dispatch, labeled PRs
  • Path filters prevent spurious runs (Cargo files, workflows, codecov config)
  • Preserves PROPTEST_CASES=16 (instrumentation cost control)
  • Uses cargo-llvm-cov nextest with structured output
  • Conditional Codecov upload: required on main, optional on PRs
  • Produces: coverage.json, coverage.txt, lcov.info, coverage-receipt.json

Configuration

  • codecov.yml: Advisory project status (5% threshold), patch coverage 70% target, no comments/annotations
  • docs/ci/coverage.md: Clear claim boundary documentation
  • coverage-receipt.json: Local audit evidence (schema v1, artifact presence, claim boundary markers)

Security

  • Upgraded rustls-webpki 0.103.12 → 0.103.13 to fix RUSTSEC-2026-0104
  • All security checks pass

Claim boundary

Codecov coverage is execution-surface evidence only. It answers: "Did tests exercise this surface?"

Coverage does NOT prove:

  • Publish execution correctness
  • Registry visibility reconciliation correctness
  • Ambiguous cargo publish recovery correctness
  • Token redaction safety
  • Encrypted state safety
  • Full-strength crypto property adequacy
  • Fuzz robustness
  • Release readiness

Those are separate proof lanes, tracked independently per MISSION.md.

What's not included (by design)

  • PR 6: Policy file registration (awaits policy structure)
  • PR 7: Threshold ratcheting (awaits real main-branch data)
  • Making Codecov required (left as advisory)

Validation

  • ✓ All YAML validates
  • cargo check --workspace --all-features passes
  • cargo audit passes (security patch applied)
  • git diff --check passes
  • ✓ All 6 commits have clear SRP scope

Codecov implementation for EffortlessMetrics/shipper
Branch: claude/fix-codecov-shipper-SNm1l
Commits: 6 | Changes: +281 lines, -51 lines | Files: 6

Move coverage from ci.yml into a dedicated .github/workflows/coverage.yml workflow.
Coverage now runs only on: main, workflow_dispatch, and PRs labeled 'coverage' or 'full-ci'.
This removes coverage cost from every ordinary PR while preserving existing behavior.

Preserve PROPTEST_CASES=16 and codecov-action@v6 as in the original job.
Use new cargo-llvm-cov nextest flow with structured output (json, text, lcov).

https://claude.ai/code/session_01KeuUGea7S4baTiEMtPZc5N
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@coderabbitai

coderabbitai Bot commented May 7, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 40 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0f8734e2-a015-43bf-b33c-d587480249da

📥 Commits

Reviewing files that changed from the base of the PR and between 72270fd and 10855e8.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (5)
  • .github/workflows/ci.yml
  • .github/workflows/coverage.yml
  • README.md
  • codecov.yml
  • docs/ci/coverage.md
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/fix-codecov-shipper-SNm1l

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

claude added 5 commits May 7, 2026 22:31
Add codecov.yml with:
- Advisory (informational: true) project and patch status
- Comments disabled (comment: false)
- Annotations disabled (github_checks.annotations: false)
- Precision 2, range 50..85 for visibility

Coverage is execution-surface evidence only.
Does not prove publish correctness, registry reconciliation,
token redaction safety, encrypted state safety, full-strength crypto,
fuzz robustness, or release readiness.

https://claude.ai/code/session_01KeuUGea7S4baTiEMtPZc5N
Add compact badge block under title for:
- CI status (ci.yml workflow)
- Codecov coverage (main branch)
- MSRV 1.92
- License (MIT OR Apache-2.0)

https://claude.ai/code/session_01KeuUGea7S4baTiEMtPZc5N
Add docs/ci/coverage.md explaining:
- What coverage answers (execution-surface signal)
- What coverage does not answer (publish correctness, reconciliation, safety, etc.)
- Workflow triggers (main, dispatch, labeled PRs only)
- Durable receipts (json, text, lcov, artifact, dashboard)
- Safety boundary and claim limits

https://claude.ai/code/session_01KeuUGea7S4baTiEMtPZc5N
Add to coverage workflow:
- Write coverage-receipt.json with schema version, claim boundary,
  artifact presence markers, and repo/lane/flag metadata
- Summarize coverage artifacts in GitHub step summary
  (shows presence of json/text/lcov/receipt)

Coverage receipt is local audit evidence for shipper's audit-trail mission.

https://claude.ai/code/session_01KeuUGea7S4baTiEMtPZc5N
Upgrade rustls-webpki from 0.103.12 to 0.103.13 to resolve:
  RUSTSEC-2026-0104: Reachable panic in certificate revocation list parsing

This is a pre-existing dependency issue unrelated to Codecov implementation.
Fixes Security Audit blocker for PR #168.

https://claude.ai/code/session_01KeuUGea7S4baTiEMtPZc5N
@EffortlessSteven EffortlessSteven changed the title ci(coverage): extract coverage into advisory workflow ci(codecov): complete Codecov integration May 7, 2026
@EffortlessSteven EffortlessSteven marked this pull request as ready for review May 7, 2026 22:57
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@EffortlessSteven EffortlessSteven merged commit 9f75a30 into main May 7, 2026
17 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants