Retry converting GitHubAction coveralls to NUKE with coveralls.net#2095
Retry converting GitHubAction coveralls to NUKE with coveralls.net#2095IT-VBFK wants to merge 6 commits into
coveralls to NUKE with coveralls.net#2095Conversation
abc7ebb to
ed8a261
Compare
|
@jnyrup or @dennisdoomen |
c583cbd to
7576b8e
Compare
|
The token is correct and properly passed to the script. So something else is not right. |
|
Hmm.. that odd.. I can't figure out what the problem is.. |
|
csMACnz/coveralls.net#108 indicates that we're passing the wrong kind of token.
https://github.com/csMACnz/coveralls.net/blob/main/src/csmacnz.Coveralls/MainArgs.cs |
|
Thank you for digging into this I fear I cannot help with the token ;) |
|
I've just added a new Coveralls-specific token under the name |
7576b8e to
ccf0d9c
Compare
|
There must be an issue with permissions or something, because if I add a repo secret in my fork and use that instead.. it works see this latest workflow run: https://github.com/IT-VBFK/fluentassertions/actions/runs/3919802757/jobs/6701153117 |
|
New best guess about what's confusing us
|
|
uhh.. that's stupid.. that means we can't use that? What a pity |
It's for security. Giving this a second thought, we didn't provide the |
But this didn't work either.. See the very first commits/workflow runs of this PR |
8c4e088 to
7f5d376
Compare
|
What about using NUKE's secret parameter feature by storing the encrypted value in https://nuke.build/docs/fundamentals/parameters/#secret-parameters |
|
Locally this works for me:
the only draw-back is, that you have to provide (or commit directly to this PR) the changed parameters.json, which holds the encrypted token |
This means that the secret is not available from a build that is part of the fork. And that makes total sense. We're running builds from the main repo. And we're also passing the Nuget push key in the exact same way. And that works.
That was my thought as well. I suspect that the GHA action for Coverall works in a different way than the .NET library |
That is not an option. |
7f5d376 to
0318ad0
Compare
I have already guessed something like this :) |
fa682ad to
5cc6d0b
Compare
But this does not work either (see latest workflow runs). Both nuget api key and coveralls token are empty.. Have introduced the |
|
I think I will close this PR soon, because I think we're stuck here.. Sorry |
|
Just to recap:
Apparently, if merged into |
5cc6d0b to
f234295
Compare
f234295 to
f6b706f
Compare
|
An other possibility could be to use an external key vault or AzureKeyVault (which is also supported by NUKE) like proposed here: https://stackoverflow.com/a/67543604 |
Not an option. If we cannot find a way to inject some secret (github-token or coveralls token) into NUKE, then I say we keep it as it is right now. |
|
Maybe this only works if me or @jnyrup trigger the build.... |
Is this what we really want? Seems like a bad "hack" |
|
As I don't have no ideas left.. I would close this.. Or do you have any ideas @jnyrup @dennisdoomen ? |
|
I also out of ideas. |
|
Ok.. seems we stick with yaml 🤔 |
|
Something is off. I've used repository secrets many times before. But looking at the flaky behavior we see with Coveralls right now, I'm starting to think we're facing the same problem there. When a contributor creates a PR, that PR won't get the right token and doesn't produce a Coveralls report. It always requires us to manually rebuild it. But maybe I'm imagining things. |



IMPORTANT
./build.sh --target spellcheckor.\build.ps1 --target spellcheckbefore pushing and check the good outcome