build(ci): add codecov for unit test coverage reporting (#43)

.github/codecov.yaml

@@ -0,0 +1,11 @@
+coverage:
+  status:
+    project:
+      default:
+        informational: true
+        target: auto
+        threshold: 0.5%
+        base: auto
+
+github_checks:
+  annotations: false

.github/workflows/unit-tests.yaml

@@ -17,3 +17,8 @@ jobs:
         run: npm install
       - name: ⚙️ Run tests
         run: npm run test --coverage
+      - name: Upload coverage reports to Codecov
+        uses: codecov/[email protected]
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          slug: securesign/rekor-search-ui

README.md

@@ -1,18 +1,26 @@
+[![🧪 Unit Tests (Jest) 🧪](https://github.com/securesign/rekor-search-ui/actions/workflows/unit-tests.yaml/badge.svg)](https://github.com/securesign/rekor-search-ui/actions/workflows/unit-tests.yaml)
+[![codecov](https://codecov.io/gh/securesign/rekor-search-ui/graph/badge.svg?token=1QS2BK1PQL)](https://codecov.io/gh/securesign/rekor-search-ui)
+
 This repo contains a simple UI for searching Search the Rekor public transparency log.
 
 https://securesign.github.io/rekor-search-ui/
 
 ![Rekor UI Screenshot](assets/screenshot.png)
 
+## Requirements
+
+- [Node.js](https://nodejs.org/en) 18.x+
+- Access to a [Rekor server](https://github.com/securesign/rekor), or a full deployment of [Trusted Artifact Signer (TAS)](https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/2024-q1/html/deployment_guide/verify_the_trusted_artifact_signer_installation)
+
 ## Getting Started
 
-Install dependencies:
+First, install the dependencies:
 
 ```bash
 npm install
 ```
 
-First, run the development server:
+Then, run the development server:
 
 ```bash
 npm run dev
@@ -32,17 +40,17 @@ npm run test
 
 Launches the test runner in the interactive watch mode.
 
-Tests are colocated and live as closely to corresponding code as possible.
+Tests are co-located and live as closely to corresponding code as possible.
 
 ## Deploy
 
 The app is based on [Next.JS](https://nextjs.org/) and is automatically built & deployed to GitHub Pages when pushing to the `main` branch.
 
 ## Internal Server Configuration
 
-This app supports overriding of the default rekor server instance for those running private instances of the sigstore stack.
+This app supports overriding of the default rekor server instance for those running private instances of the Trusted Artifact Signer (TAS) stack.
 Create a `.env.local` file at the root and include in it this environment variable
 
 ```properties
-NEXT_PUBLIC_REKOR_DEFAULT_DOMAIN=https://privaterekor.sigstore.dev
+NEXT_PUBLIC_REKOR_DEFAULT_DOMAIN=https://privaterekor.example.com
 ```

next.config.js

@@ -1,3 +1,5 @@
+const { codecovWebpackPlugin } = require("@codecov/webpack-plugin");
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
 	reactStrictMode: true,
@@ -14,6 +16,21 @@ const nextConfig = {
 		"@patternfly/react-icons",
 		"@patternfly/react-styles",
 	],
+	webpack: config => {
+		config.plugins = [
+			...config.plugins,
+
+			// keep codecov webpack plugin after all other plugins
+			codecovWebpackPlugin({
+				enableBundleAnalysis: process.env.CODECOV_TOKEN !== undefined,
+				bundleName: "rekor-search-ui-webpack-bundle",
+				uploadToken: process.env.CODECOV_TOKEN,
+			}),
+		];
+
+		// important: return the modified config
+		return config;
+	},
 };
 
 module.exports = nextConfig;