Comparing version 3.0.4 to 3.1.0
@@ -5,2 +5,3 @@ var fs = require('fs') | ||
var urlgrey = require('urlgrey') | ||
var jsYaml = require('js-yaml') | ||
var walk = require('ignore-walk') | ||
@@ -160,3 +161,3 @@ var execSync = require('child_process').execSync | ||
}, | ||
function(err, response, result) { | ||
function(err, response) { | ||
if (err || response.statusCode !== 200) { | ||
@@ -215,3 +216,3 @@ console.log(' ' + (err || response.body)) | ||
}, | ||
function(err, response, result) { | ||
function(err) { | ||
if (err) { | ||
@@ -246,2 +247,7 @@ sendToCodecovV2( | ||
var debug = [] | ||
var yamlFile = | ||
args.options.yml || | ||
process.env.codecov_yml || | ||
process.env.CODECOV_YML || | ||
'codecov.yml' | ||
@@ -260,9 +266,2 @@ console.log( | ||
query.yaml = ['codecov.yml', '.codecov.yml'].reduce(function(result, file) { | ||
return ( | ||
result || | ||
(fs.existsSync(path.resolve(process.cwd(), file)) ? file : undefined) | ||
) | ||
}, undefined) | ||
if ((args.options.disable || '').split(',').indexOf('detect') === -1) { | ||
@@ -275,2 +274,11 @@ console.log('==> Detecting CI Provider') | ||
query.yaml = [yamlFile, '.codecov.yml'].reduce(function(result, file) { | ||
return ( | ||
result || | ||
(fs.existsSync(path.resolve(process.cwd(), file)) | ||
? path.resolve(process.cwd(), file) | ||
: undefined) | ||
) | ||
}, undefined) | ||
if (args.options.build) { | ||
@@ -298,4 +306,14 @@ query.build = args.options.build | ||
var yamlToken | ||
try { | ||
var loadedYamlFile = jsYaml.safeLoad(fs.readFileSync(query.yaml, 'utf8')) | ||
yamlToken = loadedYamlFile && loadedYamlFile.codecov && loadedYamlFile.codecov.token | ||
} catch (e) { | ||
// silently fail | ||
} | ||
var token = | ||
args.options.token || process.env.codecov_token || process.env.CODECOV_TOKEN | ||
args.options.token || | ||
yamlToken || | ||
process.env.codecov_token || | ||
process.env.CODECOV_TOKEN | ||
if (token) { | ||
@@ -302,0 +320,0 @@ query.token = token |
{ | ||
"name": "codecov", | ||
"version": "3.0.4", | ||
"version": "3.1.0", | ||
"description": "Uploading report to Codecov: https://codecov.io", | ||
@@ -8,4 +8,4 @@ "main": "index.js", | ||
"precommit": "lint-staged", | ||
"test": | ||
"./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha -- -R spec" | ||
"pretest": "eslint .", | ||
"test": "nyc mocha -R spec" | ||
}, | ||
@@ -32,2 +32,3 @@ "repository": { | ||
"ignore-walk": "^3.0.1", | ||
"js-yaml": "^3.12.0", | ||
"request": "^2.87.0", | ||
@@ -37,7 +38,10 @@ "urlgrey": "^0.4.4" | ||
"devDependencies": { | ||
"eslint": "^4.19.1", | ||
"eslint-config-prettier": "^2.9.0", | ||
"expect.js": "^0.3.1", | ||
"husky": "^0.14.3", | ||
"istanbul": "^0.4.5", | ||
"lint-staged": "^7.2.0", | ||
"mocha": "^5.2.0", | ||
"mock-fs": "^4.6.0", | ||
"nyc": "^12.0.2", | ||
"prettier": "^1.13.7" | ||
@@ -44,0 +48,0 @@ }, |
@@ -98,1 +98,2 @@ # Codecov NodeJS Uploader | ||
- v3.0.3 Support non-git/hg root dirs | ||
- v3.0.4 Security fixes |
var fs = require('fs') | ||
var mockFs = require('mock-fs') | ||
var codecov = require('../lib/codecov') | ||
var execSync = require('child_process').execSync | ||
@@ -33,2 +33,3 @@ var isWindows = | ||
) | ||
delete process.env.CODECOV_TOKEN | ||
}) | ||
@@ -42,2 +43,65 @@ | ||
it('can read a codecov.yml file', function() { | ||
mockFs({ | ||
'codecov.yml': 'codecov:\n token: fake-token', | ||
}) | ||
expect(codecov.upload({ options: { dump: true } }).query.token).to.eql( | ||
'fake-token' | ||
) | ||
mockFs.restore() | ||
}) | ||
it('can read a .codecov.yml file', function() { | ||
mockFs({ | ||
'.codecov.yml': 'codecov:\n token: fake-token-dotfile', | ||
}) | ||
expect(codecov.upload({ options: { dump: true } }).query.token).to.eql( | ||
'fake-token-dotfile' | ||
) | ||
mockFs.restore() | ||
}) | ||
it('should have no token if yaml file does not supplied', function() { | ||
mockFs({ | ||
'.codecov.yml': 'codecov:\n noconfig: true', | ||
}) | ||
expect(codecov.upload({ options: { dump: true } }).query.token).to.eql( | ||
undefined | ||
) | ||
mockFs.restore() | ||
}) | ||
it('token precedence should be respected', function() { | ||
// options.token || .codecov.yml/codecov.yml file || codecov_token || CODECOV_TOKEN | ||
mockFs({ | ||
'.codecov.yml': 'codecov:\n token: fake-token-dotfile', | ||
}) | ||
var upload = codecov.upload({ options: { dump: true, token: 'qwerty' } }) | ||
expect(upload.query.token).to.eql('qwerty') | ||
mockFs.restore() | ||
process.env.codecov_token = 'abc123' | ||
upload = codecov.upload({ options: { dump: true, token: 'qwerty2' } }) | ||
expect(upload.query.token).to.eql('qwerty2') | ||
delete process.env.codecov_token | ||
process.env.CODECOV_TOKEN = 'ABC123' | ||
upload = codecov.upload({ options: { dump: true, token: 'qwerty3' } }) | ||
expect(upload.query.token).to.eql('qwerty3') | ||
delete process.env.CODECOV_TOKEN | ||
mockFs({ | ||
'.codecov.yml': 'codecov:\n token: fake-token-dotfile', | ||
}) | ||
process.env.codecov_token = 'abc123' | ||
upload = codecov.upload({ options: { dump: true } }) | ||
expect(upload.query.token).to.eql('fake-token-dotfile') | ||
mockFs.restore() | ||
process.env.codecov_token = 'abc123' | ||
process.env.CODECOV_TOKEN = 'ABC123' | ||
upload = codecov.upload({ options: { dump: true } }) | ||
expect(upload.query.token).to.eql('abc123') | ||
delete process.env.codecov_token | ||
delete process.env.CODECOV_TOKEN | ||
}) | ||
it('can auto detect reports', function() { | ||
@@ -131,2 +195,3 @@ var res = codecov.upload({ options: { dump: true } }) | ||
expect(res.body).to.contain('VAR1=\n') | ||
delete process.env.HELLO | ||
}) | ||
@@ -141,2 +206,4 @@ | ||
expect(res.body).to.contain('VAR2=\n') | ||
delete process.env.HELLO | ||
delete process.env.CODECOV_ENV | ||
}) | ||
@@ -169,2 +236,40 @@ | ||
}) | ||
it('Should use codecov.yml via env variable', function() { | ||
var CWD = process.cwd() | ||
expect( | ||
codecov.upload({ options: { dump: true, disable: 'detect' } }).query.yaml | ||
).to.eql(CWD + '/codecov.yml') | ||
mockFs({ | ||
'foo.yml': '', | ||
}) | ||
process.env.codecov_yml = 'foo.yml' | ||
expect( | ||
codecov.upload({ options: { dump: true, disable: 'detect' } }).query.yaml | ||
).to.eql(CWD + '/foo.yml') | ||
mockFs.restore() | ||
delete process.env.codecov_yml | ||
mockFs({ | ||
'FOO.yml': '', | ||
}) | ||
process.env.CODECOV_YML = 'FOO.yml' | ||
expect( | ||
codecov.upload({ options: { dump: true, disable: 'detect' } }).query.yaml | ||
).to.eql(CWD + '/FOO.yml') | ||
mockFs.restore() | ||
delete process.env.CODECOV_YML | ||
}) | ||
it('can get config from cli args', function() { | ||
mockFs({ | ||
'foo.yml': '', | ||
}) | ||
var res = codecov.upload({ | ||
options: { dump: true, yml: 'foo.yml', disable: 'detect' }, | ||
}) | ||
expect(res.query.yaml).to.eql(process.cwd() + '/foo.yml') | ||
mockFs.restore() | ||
}) | ||
}) |
@@ -9,2 +9,7 @@ var gitlab = require('../../lib/services/gitlab') | ||
it('cannot detect gitlab', function() { | ||
delete process.env.GITLAB_CI | ||
expect(gitlab.detect()).to.be(false) | ||
}) | ||
it('can get service env info', function() { | ||
@@ -24,3 +29,22 @@ process.env.CI_BUILD_ID = '1234' | ||
}) | ||
delete process.env.CI_BUILD_REPO | ||
process.env.CI_REPOSITORY_URL = 'https://gitlab.com/owner/repo2.git' | ||
expect(gitlab.configuration()).to.eql({ | ||
service: 'gitlab', | ||
build: '1234', | ||
root: '/', | ||
commit: '5678', | ||
slug: 'owner/repo2', | ||
branch: 'master', | ||
}) | ||
delete process.env.CI_REPOSITORY_URL | ||
expect(gitlab.configuration()).to.eql({ | ||
service: 'gitlab', | ||
build: '1234', | ||
root: '/', | ||
commit: '5678', | ||
slug: '', | ||
branch: 'master', | ||
}) | ||
}) | ||
}) |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 3 instances in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Telemetry
Supply chain riskThis package contains telemetry which tracks how it is used.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
59542
1659
99
0
4
5
9
181
+ Addedjs-yaml@^3.12.0
+ Addedargparse@1.0.10(transitive)
+ Addedesprima@4.0.1(transitive)
+ Addedjs-yaml@3.14.1(transitive)
+ Addedsprintf-js@1.0.3(transitive)