Update codecov.yml (#67)

[Dargon789]

Summary by Sourcery

Revise CI/CD configurations across GitHub workflows, CircleCI, and Codecov, add Dependabot updates, and fix a regex escaping issue in tx tests

Bug Fixes:

• Escape transactionRunner file names in tests using lodash.escapeRegExp

Enhancements:

• Configure Dependabot for weekly dependency updates
• Adjust Codecov YAML to require CI success, tighten thresholds, and enable GitHub checks and Slack notifications

CI:

• Revamp vm-build workflow: switch to pull_request and manual triggers, add permissions, rename jobs, set up test matrices and conditional extended hardfork jobs
• Streamline vm-benchmarks job by removing branch guard and disabling auto-push
• Add contents read permission to browser workflow
• Tidy CodeQL workflow indentation, quoting, and branch filters

Chores:

• Add lodash to tx package, bump lockfile-lint-api and body-parser versions
• Introduce CircleCI custom executor and project job, remove placeholder hello job
• Add Dependabot configuration files

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[sourcery-ai]

Reviewer's Guide

This PR consolidates and enhances CI workflows across GitHub Actions and CircleCI, introduces dynamic test matrices for VM and blockchain forks, refines code scanning and coverage settings, adds Dependabot support, and updates key project dependencies.

Flow diagram for dynamic VM and blockchain test matrices in CI

flowchart TD
  Start["Start VM Workflow"]
  MatrixCheck["Check for 'Test all hardforks' label"]
  ForkMatrix["Run tests for forks: Berlin, London, Paris, Shanghai, Cancun"]
  ExtendedForkMatrix["Run extended tests for all hardforks"]
  BlockchainMatrix["Run blockchain tests for forks: Berlin, London, Paris, Shanghai, Cancun"]
  BlockchainExtendedMatrix["Run extended blockchain tests for all hardforks and transitions"]
  End["End Workflow"]

  Start --> MatrixCheck
  MatrixCheck -- No label --> ForkMatrix
  MatrixCheck -- No label --> BlockchainMatrix
  MatrixCheck -- Label present --> ExtendedForkMatrix
  MatrixCheck -- Label present --> BlockchainExtendedMatrix
  ForkMatrix --> End
  ExtendedForkMatrix --> End
  BlockchainMatrix --> End
  BlockchainExtendedMatrix --> End

Loading

File-Level Changes

Change	Details	Files
Overhauled VM build GitHub Actions pipeline	Changed trigger from push to pull_request and added manual dispatch Renamed jobs and applied matrix strategies for forks and blockchains Added conditional extended jobs based on PR labels Updated test commands to include --verify-test-amount-alltests and disabled browser API tests	.github/workflows/vm-build.yml
Standardized CodeQL workflow YAML formatting	Uniformized quote styles and indentation Consolidated matrix include list formatting Adjusted step indentation for checkout and init/analyze actions	.github/workflows/codeql.yml
Enhanced code coverage and reporting via codecov	Enforced CI pass requirement and wait_for_ci notifications Adjusted precision, range, and coverage threshold rules Enabled GitHub check annotations and Slack app integration	codecov.yml
Introduced custom executor in CircleCI config	Defined auth-enabled Docker executor and removed placeholder job Updated workflow to use new executor and streamlined job definition	.circleci/config.yml
Added Dependabot version updates configuration	Created dependabot.yml at repo root and under workflows Configured weekly update schedule and ecosystem placeholders	.github/dependabot.yml .github/workflows/dependabot.yml
Bumped and added project dependencies	Upgraded lockfile-lint-api and body-parser versions Added lodash to tx package and updated test to use escapeRegExp	package.json packages/tx/package.json packages/client/package.json packages/tx/test/transactionRunner.spec.ts
Granted read permissions in browser workflow	Added contents: read permission block to workflow	.github/workflows/browser.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[snyk-io]

⚠️ Snyk checks are incomplete.

Status	Scanner	Critical	High	Medium	Low	Total (0)
⚠️	Open Source Security	0	0	0	0	See details

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the project's continuous integration, code quality, and dependency management infrastructure. It introduces a more tailored CircleCI setup, integrates Dependabot for automated dependency updates, and significantly upgrades the Codecov configuration for more precise and integrated coverage reporting. Additionally, it includes routine dependency updates and a minor improvement to test file filtering for increased robustness.

Highlights

• CI/CD Configuration Refactor: The CircleCI configuration has been significantly refactored, introducing a custom executor, renaming jobs and workflows, and removing a generic 'hello world' step to set up a more specific project build process.
• Code Coverage Enhancement: The Codecov configuration has been extensively updated to include detailed settings for notifications, CI pass requirements, comment behavior, coverage precision, range, status rules, GitHub checks, and Slack integration, providing more robust coverage reporting.
• Automated Dependency Updates: A new Dependabot configuration file has been added to enable automated weekly dependency updates, improving maintenance and security.
• Dependency Management: Several dependencies have been updated, including 'lockfile-lint-api' and 'body-parser', and 'lodash' has been added as a new dependency to the 'packages/tx' module.
• Test Robustness Improvement: The 'transactionRunner.spec.ts' file now uses 'lodash.escapeRegExp' to safely handle special characters when filtering test files, enhancing the robustness of test execution.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/browser.yml
  • .github/workflows/codeql.yml
  • .github/workflows/dependabot.yml
  • .github/workflows/vm-build.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The vm-build workflow has become very large and repetitive—consider refactoring common steps into a reusable workflow or composite action to reduce duplication and improve maintainability.
• Pulling in all of lodash just for escapeRegExp seems heavy; consider inlining a small regex‐escape helper or using a more lightweight utility instead.
• The if: contains(join(...), 'Test all hardforks') label check is a bit brittle—using a dedicated action or the built-in labels context to match labels more explicitly might be more reliable.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The vm-build workflow has become very large and repetitive—consider refactoring common steps into a reusable workflow or composite action to reduce duplication and improve maintainability.
- Pulling in all of lodash just for escapeRegExp seems heavy; consider inlining a small regex‐escape helper or using a more lightweight utility instead.
- The `if: contains(join(...), 'Test all hardforks')` label check is a bit brittle—using a dedicated action or the built-in `labels` context to match labels more explicitly might be more reliable.

## Individual Comments

### Comment 1
<location> `.github/dependabot.yml:8` </location>
<code_context>
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
</code_context>

<issue_to_address>
**issue (bug_risk):** The package-ecosystem field is left empty, which will prevent Dependabot from functioning.

Specify a valid package-ecosystem value (e.g., 'npm', 'yarn', 'docker') to ensure Dependabot can perform updates.
</issue_to_address>

### Comment 2
<location> `.github/workflows/dependabot.yml:8` </location>
<code_context>
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
</code_context>

<issue_to_address>
**issue (bug_risk):** The package-ecosystem field is empty, which will prevent Dependabot from running.

Update the package-ecosystem field with the appropriate value for your project's package manager.
</issue_to_address>

### Comment 3
<location> `.github/workflows/vm-build.yml:67` </location>
<code_context>

-  test-vm-blockchain:
+  vm-state-extended:
+    if: contains(join(github.event.pull_request.labels.*.name, ' '), 'Test all hardforks')
     runs-on: ubuntu-latest
+    strategy:
</code_context>

<issue_to_address>
**suggestion:** The conditional for extended jobs relies on a specific label string, which may be brittle.

If the label is missing or slightly different, the jobs will be skipped. Please make the label check more flexible or clearly document the required label for contributors.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request updates the Codecov configuration, adds a Dependabot configuration, updates several dependencies, and refactors the CircleCI pipeline. While the changes to codecov.yml and most dependency updates are fine, there are a few issues that need attention. The new Dependabot configuration is invalid because it's missing the package-ecosystem. The CircleCI configuration contains a hardcoded URL from another project and uses an unconventional job name. Additionally, the lodash dependency has been added to production dependencies but is only used for testing, and could potentially be replaced with a small helper function to avoid a new dependency.