ci: add weekly coverage run against main branch [PLT-103678]#552
ci: add weekly coverage run against main branch [PLT-103678]#552Sarath1018 wants to merge 3 commits into
Conversation
Coverage and the SonarCloud scan were gated on `github.base_ref == 'main'`, so they only ran on PRs targeting main and never against main itself. Extract the coverage pipeline (unit + integration + SonarCloud) into a reusable workflow (coverage.yml, on: workflow_call) so the integration-test secret mapping lives in exactly one place. pr-checks.yml now calls it via `secrets: inherit`, and a new weekly-coverage.yml calls the same workflow on a Monday cron, giving SonarCloud main-branch coverage analysis. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
| TASKS_TEST_USER_ID=${{ steps.config.outputs.tasks_test_user_id }} | ||
| EOF | ||
|
|
||
| - name: Run Integration Tests |
There was a problem hiding this comment.
The integration-test steps (setup, .env creation, and this run step) have no if: guard in the reusable workflow. The original pr-checks.yml gated every integration-test step with if: github.base_ref == 'main', so integration tests only ran on PRs targeting main. Now that pr-checks.yml calls this reusable workflow unconditionally, integration tests will run on every PR regardless of target branch.
If this is intentional (always run integration tests on all PRs), no change needed — but worth confirming. If you want to preserve the original selective behavior, accept a boolean input and gate the three integration steps on it:
# in workflow_call inputs:
run_integration:
description: Whether to run integration tests and SonarCloud
type: boolean
required: false
default: true# on each integration step:
if: inputs.run_integrationThen in pr-checks.yml:
with:
ref_label: ${{ github.base_ref }}
run_integration: ${{ github.base_ref == 'main' }}| permissions: | ||
| contents: read | ||
|
|
||
| jobs: |
There was a problem hiding this comment.
Without a concurrency group, a manual workflow_dispatch trigger can overlap with the scheduled Monday run, wasting API quota and potentially causing credential conflicts. Consider adding before jobs::
| jobs: | |
| concurrency: | |
| group: weekly-coverage | |
| cancel-in-progress: false | |
| jobs: |
cancel-in-progress: false preserves already-running complete coverage passes rather than killing them mid-flight.
Review summaryTwo findings from this run: 1. Integration tests now run on all PRs (coverage.yml:102). 2. No concurrency group in 🤖 Generated with Claude Code |
Prevents a manual workflow_dispatch from overlapping the scheduled Monday run against the same dev tenant's integration data. Uses cancel-in-progress: false so an in-flight coverage pass is allowed to finish. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
✅ No issues found. Checked for bugs and CLAUDE.md compliance. |
A job that uses a reusable workflow reports its check as `test-and-build / coverage`, which the main ruleset's required `test-and-build` context does not match — blocking every PR that lacks the new workflow. Split into a `coverage` job (the reusable call) and a thin `test-and-build` gate job that needs it and fails if it didn't succeed. This preserves the flat `test-and-build` check name required by the ruleset while keeping the integration-test secret mapping defined only once. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
✅ No issues found. Checked for bugs and CLAUDE.md compliance. |
|



What
Coverage and the SonarCloud scan were gated on
github.base_ref == 'main', so they only ran on PRs targeting main — never against main itself. This adds a scheduled weekly coverage run on main.How
To avoid duplicating the ~50-line integration-test secret mapping across two workflows, the coverage pipeline is extracted into a reusable workflow:
.github/workflows/coverage.yml(new) —on: workflow_call. Holds the full pipeline: install → typecheck → unit coverage → build → integration.envgeneration (the secrets block) → integration coverage → SonarCloud scan → summaries. Single source of truth for the env-variable mapping..github/workflows/weekly-coverage.yml(new) — runs Mondays 06:00 UTC (cron: '0 6 * * 1') + manualworkflow_dispatch, callingcoverage.ymlwithsecrets: inherit. Scheduled runs check out the default branch (main), so SonarCloud performs main-branch analysis..github/workflows/pr-checks.yml—test-and-buildnow callscoverage.ymlviasecrets: inherit;test-packagesmatrix job unchanged.Notes
secrets.*directly without re-listing every secret as an input — recreating the duplication.github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false.🤖 Generated with Claude Code