Skip to content

Wire CodeScene coverage upload on main and prepare the PR gate#72

Merged
leynos merged 1 commit into
mainfrom
codescene-coverage-gate
Jul 9, 2026
Merged

Wire CodeScene coverage upload on main and prepare the PR gate#72
leynos merged 1 commit into
mainfrom
codescene-coverage-gate

Conversation

@leynos

@leynos leynos commented Jul 9, 2026

Copy link
Copy Markdown
Owner

Summary

Onboards this repository to the CodeScene coverage pipeline, following the
estate rollout recipe (proven on mxd#362
and modelled on ddlint#287).

The CodeScene GitHub App posts a CodeScene Code Coverage check on every
pull-request head and waits for coverage to be uploaded for that commit;
repositories that never upload leave the check waiting until it times out, and
a timed-out check poisons the whole status rollup — which the shared Dependabot
automerge gate reads in full, so automerge stalls even when every required
check is green. This wiring feeds CodeScene the coverage it expects.

cs-coverage upload is accepted only for branches CodeScene analyses (main),
so the upload lives in a dedicated push-to-main workflow. The pull-request job
generates line-level LCOV coverage and advances the ratchet baseline.

The changed-line PR gate (mode: check) is deliberately deferred: CodeScene
project 70676 has no coverage-gates configuration yet, so cs-coverage check
fails every run with "the received project-config isn't valid. Lacks the gates
configuration." — a CodeScene-side per-project setting, not a CI defect. A
comment in ci.yml records this; the step lands in a fast-follow once the gate
is enabled. Note the CodeScene coverage check is not a repository-required
check — it blocks only through the status rollup, so reviewers will not find it
in the branch ruleset.

Review walkthrough

  • .github/workflows/ci.yml
    — bumps the shared-actions pins to 927edd4, checks out with
    fetch-depth: 0 (so a later changed-line gate can reach the merge base),
    runs generate-coverage with format: lcov, use-cargo-nextest: 'false'
    (preserves the existing plain cargo llvm-cov behaviour) and
    with-ratchet: 'true', and carries the deferred-gate comment in place of the
    removed upload step.
  • .github/workflows/coverage-main.yml
    — new; on push to main, regenerates coverage (ratchet on, writing the
    authoritative baseline every PR compares against) and uploads it to CodeScene
    under the empty-token guard.
  • .github/workflows/mutation-testing.yml
    and dependabot-automerge.yml
    — pins bumped to the single repo-wide 927edd4 SHA.
  • tests/workflows.rs
    — relocates the guarded-upload contract from ci.yml to coverage-main.yml,
    where the upload step now lives (job-level token, step-level if guard).
  • tests/workflow_contracts/mutation_testing_test.py
    — bumps the pinned-SHA contract to match the workflow.

Validation

  • python3 -c "import yaml; ..." parses all four workflow files.
  • make test-workflow-contracts (pytest) passes: 6 passed.
  • The relocated Rust workflow contract runs under make test in the
    build-test job.
  • CS_ACCESS_TOKEN set in both the Actions and Dependabot secret stores; a
    read-only probe of GET /v2/projects/70676 returns 200 with the estate PAT.

The ratchet baseline is written by the first coverage-main.yml run on main
after merge; the ratchet may report no stored baseline on this PR until then.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @leynos, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Summary

  • Onboarded the repository to the CodeScene coverage pipeline by switching the PR workflow to generate LCOV coverage with ratcheting enabled.
  • Added a new coverage-main workflow that runs on pushes to main and uploads coverage to CodeScene from the authoritative branch.
  • Deferred the changed-line gate for now, with the workflow and tests documenting the empty-secret fallback until CodeScene-side coverage-gates is configured.
  • Pinned shared workflow/action references to the new shared-actions SHA across CI, mutation testing, and Dependabot automerge.
  • Updated workflow contracts and test coverage to reflect the moved upload step, the new workflow layout, and the coverage-main upload gating behaviour.

Walkthrough

This PR restructures CI coverage generation and CodeScene upload gating: the CI workflow drops its inline coverage upload in favour of a new dedicated coverage-main.yml workflow, updates a corresponding Rust workflow contract test, and separately bumps pinned shared-action commit SHAs for dependabot-automerge and mutation-testing workflows along with their contract test.

Changes

Coverage workflow restructuring

Layer / File(s) Summary
Coverage generation and CodeScene disable in ci.yml
.github/workflows/ci.yml
Adds empty-string env defaults for CS_ACCESS_TOKEN/CODESCENE_CLI_SHA256, bumps the Setup Rust pin, and replaces the coverage upload step with a "Generate coverage" step producing lcov.info, disabling the CodeScene upload with explanatory comments.
New coverage-main.yml workflow
.github/workflows/coverage-main.yml
Adds a workflow triggered on push to main that generates ratcheted lcov coverage and conditionally uploads it to CodeScene when CS_ACCESS_TOKEN is set.
Workflow contract test updated for coverage-main
tests/workflows.rs
Renames the WorkflowFile::Ci variant to CoverageMain, retargets the CodeScene upload-gating test to the coverage-upload job, and asserts the fallback env expression and updated if condition form.

Pinned shared-action SHA updates

Layer / File(s) Summary
Update pinned commit SHAs and contract test
.github/workflows/dependabot-automerge.yml, .github/workflows/mutation-testing.yml, tests/workflow_contracts/mutation_testing_test.py
Bumps the reusable-workflow commit reference in both workflows to a new SHA and updates the PINNED_SHA constant in the contract test to match.

Sequence Diagram(s)

sequenceDiagram
  participant GitHub as GitHub push to main
  participant Workflow as coverage-main.yml
  participant Rust as Setup Rust action
  participant Coverage as Generate coverage action
  participant CodeScene as CodeScene upload

  GitHub->>Workflow: trigger on push
  Workflow->>Rust: setup toolchain
  Workflow->>Coverage: generate lcov.info with ratchet
  Coverage-->>Workflow: lcov.info produced
  Workflow->>CodeScene: upload if CS_ACCESS_TOKEN set
Loading

Possibly related PRs

  • leynos/lag-complexity#54: Modifies the same CodeScene upload gating around CS_ACCESS_TOKEN in .github/workflows/ci.yml.
  • leynos/ddlint#211: Refactors CI coverage generation to the same shared "generate coverage" action producing lcov.info.
  • leynos/lag-complexity#67: Updates the same pinned mutation-cargo revision and matching tests/workflow_contracts/mutation_testing_test.py expectation.

Suggested reviewers: codescene-access

Poem

A workflow hopped to a brand-new file,
CodeScene waits, gated with a smile.
SHAs get bumped, tests fall in line,
lcov.info ticks the coverage sign.
🐇 Onward to main, one pinned commit at a time!


Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

  • Ignore

❌ Failed checks (2 errors, 5 warnings)

Check name Status Explanation Resolution
Testing (Overall) ❌ Error Current tests cover upload gating and pin drift, but leave ci.yml’s new coverage-generation behaviour unguarded. Add assertions for ci.yml’s Generate coverage step (LCOV, nextest off, ratchet on, secret envs) and the new workflow trigger/permissions so plausible regressions fail.
Security And Privacy ❌ Error ci.yml and coverage-main.yml expose CS_ACCESS_TOKEN at job scope, and both use actions/checkout@v4 without persist-credentials:false, broadening credential exposure. Move CS_ACCESS_TOKEN to the upload step only, add persist-credentials: false, and pin actions/checkout to a commit SHA.
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Developer Documentation ⚠️ Warning No docs/ADR/roadmap files changed; docs/developers-guide.md still describes the old CI upload step, not the new coverage-main workflow. Update docs/developers-guide.md or an ADR to cover the new coverage-main upload path and deferred gate; check off any tracked roadmap item.
Observability ⚠️ Warning The new coverage path only has generic step status/comments; no explicit signal covers skipped uploads, ratchet writes, or main-branch races. Add workflow concurrency and emit concise notices/summary fields for coverage generation, upload skip, and upload success/failure with branch and SHA.
Performance And Resource Use ⚠️ Warning coverage-main.yml triggers on every main push and lacks concurrency, so overlapping pushes can rerun the expensive coverage job and race the ratchet baseline. Add a concurrency group such as coverage-main-${{ github.ref }} with cancel-in-progress: false, mirroring mutation-testing, so only one coverage run per ref executes at a time.
Concurrency And State ⚠️ Warning coverage-main.yml writes shared ratchet state on push to main but has no concurrency block; only mutation-testing.yml serialises runs and tests that path. Add a per-ref concurrency group for coverage-main and contract tests that assert it, then cover overlapping push behaviour for the shared baseline.
✅ Passed checks (13 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the PR’s main change: CodeScene coverage upload on main and PR gate preparation.
Description check ✅ Passed The description clearly covers the CodeScene coverage onboarding and workflow changes in the PR.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
User-Facing Documentation ✅ Passed PASS: The PR only changes CI workflows and contract tests; no user-facing functionality changed, and the repo has no docs/users-guide.md to update.
Module-Level Documentation ✅ Passed Accept it: the Rust and Python modules both carry top-level docstrings, and the Python docstring clearly sets out the shared-actions relationship.
Testing (Unit And Behavioural) ✅ Passed The PR adds contract-style behavioural tests for the workflow boundary, pinning YAML invariants like trigger rules, permissions, refs, and CodeScene gating without mocks or private seams.
Testing (Property / Proof) ✅ Passed The PR only changes declarative workflow pins and exact-contract tests; it introduces no range-based invariant or proof assumption that would warrant property testing or a formal proof.
Testing (Compile-Time / Ui) ✅ Passed No compile-time Rust/TS behaviour was added, and the new workflow contracts already assert the changed YAML semantics directly; snapshot coverage is unnecessary here.
Unit Architecture ✅ Passed PASS: The PR only changes workflow/test orchestration, with explicit Result-based file I/O in tests and no production unit that obscures queries, commands, or dependencies.
Domain Architecture ✅ Passed PASS: The PR only edits GitHub Actions workflows and their contract tests; no domain code, business invariants, or adapter boundaries were changed.
Architectural Complexity And Maintainability ✅ Passed The PR adds explicit workflow wiring and contract tests only; no new traits, layers, registries, generators, or indirection were introduced.
Rust Compiler Lint Integrity ✅ Passed Only Rust diff is tests/workflows.rs, which just retargets the workflow contract test; no #[allow(...)] suppressions or new clone() calls were added.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codescene-coverage-gate

Comment @coderabbitai help to get the list of available commands.

codescene-access[bot]

This comment was marked as outdated.

Onboard the repository to the CodeScene coverage pipeline. Pull-request
runs generate line-level LCOV coverage and advance the ratchet baseline;
a new push-to-main workflow uploads that coverage to CodeScene, which
accepts uploads only for analysed branches.

- Bump every leynos/shared-actions reference (setup-rust,
  generate-coverage, upload-codescene-coverage, mutation-cargo and
  dependabot-automerge callers) to 927edd45ae77be4251a8a18ca9eb5613a2e32cbd,
  which carries the coverage-action fixes and the mode: check support.
- Pass use-cargo-nextest: 'false' to preserve the existing plain
  cargo llvm-cov behaviour, and format: lcov for line-level records.
- Enable with-ratchet: 'true' in both the main-push upload workflow
  (writes the authoritative baseline) and the pull-request coverage job
  (compares against it).
- Check out with fetch-depth: 0 on the pull-request job so a later
  changed-line gate can reach the merge base.
- Defer the mode: check gate: CodeScene project 70676 has no
  coverage-gates configuration yet, so cs-coverage check fails every run.
  A comment in ci.yml records the deferral; the step lands in a
  fast-follow once the gate is enabled CodeScene-side.
- Move the workflow contract that guards the guarded upload from ci.yml
  to coverage-main.yml, and bump the mutation-testing contract pin.
@leynos leynos force-pushed the codescene-coverage-gate branch from 3d9a9e2 to b6cb53e Compare July 9, 2026 18:56

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 18-19: The job-level env in the CI workflow is exposing
CS_ACCESS_TOKEN even though it is not used by the current flow; remove that
secret from the global environment and keep only CODESCENE_CLI_SHA256 there.
Update the Generate coverage / upload-check area in the ci workflow so
CS_ACCESS_TOKEN is added back only when the deferred mode: check step is
introduced, using the existing generate coverage step context to place it where
it is actually consumed.
- Around line 21-23: The ci workflow’s actions/checkout step is using a mutable
tag and still persists credentials. Update the checkout step to use the same
SHA-pinned style as the other actions in this job, and set persist-credentials
to false in the actions/checkout configuration. Keep fetch-depth: 0 if needed,
but ensure checkout is pinned and does not leave repository credentials on the
runner.

In @.github/workflows/coverage-main.yml:
- Around line 12-20: The coverage-main workflow currently has no concurrency
control, so overlapping pushes to main can race while updating the shared
ratchet baseline. Add a concurrency group to this workflow (for example at the
workflow level or within the coverage-upload job) so only one main-branch run
can update the baseline at a time, and ensure the setting targets the
coverage-upload job that writes the shared coverage cache/baseline.
- Line 27: The workflow step using actions/checkout in coverage-main.yml should
be updated to match ci.yml by pinning the checkout action to a full commit SHA
instead of the v4 tag and explicitly disabling credential persistence. Locate
the checkout step in the job definition and change the uses reference to the
pinned actions/checkout entry already used elsewhere, then set
persist-credentials to false so the checkout does not retain GitHub credentials.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 32de8471-ef5c-4b1c-a18b-85e11446ce89

📥 Commits

Reviewing files that changed from the base of the PR and between 57cdefc and b6cb53e.

📒 Files selected for processing (6)
  • .github/workflows/ci.yml
  • .github/workflows/coverage-main.yml
  • .github/workflows/dependabot-automerge.yml
  • .github/workflows/mutation-testing.yml
  • tests/workflow_contracts/mutation_testing_test.py
  • tests/workflows.rs
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • leynos/shared-actions (auto-detected)

Comment thread .github/workflows/ci.yml
Comment on lines +18 to +19
CS_ACCESS_TOKEN: ${{ secrets.CS_ACCESS_TOKEN || '' }}
CODESCENE_CLI_SHA256: ${{ vars.CODESCENE_CLI_SHA256 || '' }}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

Secret sits idle in job env — strip it out until it's actually used.

CS_ACCESS_TOKEN gets injected into the job env at Lines 18-19, but the "Generate coverage" step (Lines 57-63) never references it — the upload/check step is deliberately deferred. Exposing a live secret to every step in the job (including third-party actions like cargo binstall, astral-sh/setup-uv) with no consumer widens the blast radius for zero benefit right now.

Pull the secret env vars back out and reintroduce them alongside the mode: check step when it actually lands.

🔒 Proposed fix
     env:
       CARGO_TERM_COLOR: always
       BUILD_PROFILE: debug
       WHITAKER_INSTALLER_VERSION: '0.2.5'
-      CS_ACCESS_TOKEN: ${{ secrets.CS_ACCESS_TOKEN || '' }}
-      CODESCENE_CLI_SHA256: ${{ vars.CODESCENE_CLI_SHA256 || '' }}

Also applies to: 57-63

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 18 - 19, The job-level env in the CI
workflow is exposing CS_ACCESS_TOKEN even though it is not used by the current
flow; remove that secret from the global environment and keep only
CODESCENE_CLI_SHA256 there. Update the Generate coverage / upload-check area in
the ci workflow so CS_ACCESS_TOKEN is added back only when the deferred mode:
check step is introduced, using the existing generate coverage step context to
place it where it is actually consumed.

Source: Linters/SAST tools

Comment thread .github/workflows/ci.yml
Comment on lines 21 to +23
- uses: actions/checkout@v4
with:
fetch-depth: 0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Pin actions/checkout and disable credential persistence.

Every other action reference in this job is pinned to a commit SHA (setup-rust@927edd4…, actions/cache@005785…, setup-uv@fac544c…), yet actions/checkout@v4 here is left on a mutable tag, and persist-credentials isn't disabled. Flagged by zizmor as both unpinned-uses (error) and artipacked (warning) — the latter matters more now that fetch-depth: 0 pulls full history into the runner.

🔒 Proposed fix
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@<pinned-sha>  # vX.Y.Z
         with:
           fetch-depth: 0
+          persist-credentials: false
🧰 Tools
🪛 zizmor (1.26.1)

[warning] 21-23: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[error] 21-21: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 21 - 23, The ci workflow’s
actions/checkout step is using a mutable tag and still persists credentials.
Update the checkout step to use the same SHA-pinned style as the other actions
in this job, and set persist-credentials to false in the actions/checkout
configuration. Keep fetch-depth: 0 if needed, but ensure checkout is pinned and
does not leave repository credentials on the runner.

Source: Linters/SAST tools

Comment on lines +12 to +20
on:
push:
branches: [main]

jobs:
coverage-upload:
runs-on: ubuntu-latest
permissions:
contents: read

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Add a concurrency group — overlapping pushes to main can race the ratchet baseline.

This workflow triggers on every push to main with no concurrency limit. Rapid successive pushes (e.g. a squash-merge queue) can run two coverage-generation/upload jobs in parallel, both writing to the same ratchet cache/baseline that PR runs compare against — the loser's write is a lost update, corrupting the baseline PR gates rely on.

🔒 Proposed fix
 on:
   push:
     branches: [main]

+concurrency:
+  group: coverage-main-${{ github.ref }}
+  cancel-in-progress: false
+
 jobs:
   coverage-upload:
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
on:
push:
branches: [main]
jobs:
coverage-upload:
runs-on: ubuntu-latest
permissions:
contents: read
on:
push:
branches: [main]
concurrency:
group: coverage-main-${{ github.ref }}
cancel-in-progress: false
jobs:
coverage-upload:
runs-on: ubuntu-latest
permissions:
contents: read
🧰 Tools
🪛 zizmor (1.26.1)

[info] 17-17: workflow or action definition without a name (anonymous-definition): this job

(anonymous-definition)


[warning] 12-14: insufficient job-level concurrency limits (concurrency-limits): workflow is missing concurrency setting

(concurrency-limits)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage-main.yml around lines 12 - 20, The coverage-main
workflow currently has no concurrency control, so overlapping pushes to main can
race while updating the shared ratchet baseline. Add a concurrency group to this
workflow (for example at the workflow level or within the coverage-upload job)
so only one main-branch run can update the baseline at a time, and ensure the
setting targets the coverage-upload job that writes the shared coverage
cache/baseline.

Source: Linters/SAST tools

CS_ACCESS_TOKEN: ${{ secrets.CS_ACCESS_TOKEN || '' }}
CODESCENE_CLI_SHA256: ${{ vars.CODESCENE_CLI_SHA256 || '' }}
steps:
- uses: actions/checkout@v4

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Pin actions/checkout and disable credential persistence, same as ci.yml.

Same gap as the PR workflow: actions/checkout@v4 is unpinned while every other action in this file is pinned to a SHA, and persist-credentials is left at its default true. Zizmor flags both unpinned-uses and artipacked here.

🔒 Proposed fix
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@<pinned-sha>  # vX.Y.Z
+        with:
+          persist-credentials: false
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- uses: actions/checkout@v4
- uses: actions/checkout@<pinned-sha> # vX.Y.Z
with:
persist-credentials: false
🧰 Tools
🪛 zizmor (1.26.1)

[warning] 27-27: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)


[error] 27-27: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/coverage-main.yml at line 27, The workflow step using
actions/checkout in coverage-main.yml should be updated to match ci.yml by
pinning the checkout action to a full commit SHA instead of the v4 tag and
explicitly disabling credential persistence. Locate the checkout step in the job
definition and change the uses reference to the pinned actions/checkout entry
already used elsewhere, then set persist-credentials to false so the checkout
does not retain GitHub credentials.

Source: Linters/SAST tools

@leynos leynos merged commit b8fd795 into main Jul 9, 2026
6 checks passed
@leynos leynos deleted the codescene-coverage-gate branch July 9, 2026 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant