Update CI coverage actions

[leynos]

Summary

• switch to the shared ratchet-coverage action for coverage
• upload CodeScene coverage using the new upload-codescene-coverage action
• document the new coverage workflow

Testing

• make fmt
• make lint
• make test
• markdownlint *.md **/*.md
• mdformat-all
• nixie *.md **/*.md (fails: RuntimeError: Event loop is closed)

---

https://chatgpt.com/codex/tasks/task_e_6869243cbb0483229d3ae9c1dae7deb7

Summary by Sourcery

Consolidate CI coverage steps by adopting shared GitHub Actions for coverage measurement and CodeScene uploads, and update project docs to reflect the new coverage pipeline.

CI:

• Switch CI coverage job to use shared ratchet-coverage action with lcov output
• Replace manual CodeScene CLI installation with shared upload-codescene-coverage action

Documentation:

• Update documentation to reference cargo llvm-cov, ratchet-coverage, and upload-codescene-coverage workflows

[sourcery-ai]

Reviewer's Guide

Replaces manual cargo-tarpaulin and CodeScene CLI steps with centralized GitHub actions for coverage collection (ratchet-coverage) and reporting (upload-codescene-coverage), and updates the documentation to reflect the new workflow.

File-Level Changes

Change	Details	Files
Replace manual coverage commands with shared coverage actions	Removed cargo-tarpaulin installation step Replaced direct tarpaulin run with ratchet-coverage action Swapped scripted CodeScene tool install and upload for upload-codescene-coverage action	.github/workflows/ci.yml
Update documentation to describe new coverage tooling	Switched description from cargo tarpaulin to cargo llvm-cov Documented use of ratchet-coverage and upload-codescene-coverage actions	docs/multi-layered-testing-strategy.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Summary by CodeRabbit

• Documentation

  • Updated documentation to reflect the switch from cargo tarpaulin to cargo llvm-cov for code coverage and the use of new GitHub Actions for coverage reporting.

• Chores

  • Streamlined CI workflow by replacing manual coverage tool installation and execution with reusable GitHub Actions for generating and uploading coverage reports.

Summary by CodeRabbit

• Chores
  • Streamlined continuous integration workflow by replacing manual coverage tool setup with reusable GitHub Actions for coverage generation and uploads.
• Documentation
  • Updated documentation to reflect the switch to new coverage tools and reporting actions in the CI process.

Walkthrough

The CI workflow was updated to use reusable GitHub Actions for code coverage generation and upload, replacing manual installation and execution steps. Documentation was revised to reflect the switch from cargo-tarpaulin to cargo llvm-cov and the adoption of the ratchet-coverage and upload-codescene-coverage actions.

Changes

File(s)	Change Summary
.github/workflows/ci.yml	Replaced manual coverage tool installation and execution with ratchet-coverage and upload actions.
docs/multi-layered-testing-strategy.md	Updated documentation to describe new coverage tools and workflow actions.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant ratchet-coverage Action
    participant upload-codescene-coverage Action
    participant Codecov
    participant CodeScene

    GitHub Actions->>ratchet-coverage Action: Run coverage (cargo llvm-cov)
    ratchet-coverage Action-->>GitHub Actions: Produce lcov.info
    GitHub Actions->>Codecov: Upload lcov.info
    GitHub Actions->>upload-codescene-coverage Action: Upload lcov.info
    upload-codescene-coverage Action->>CodeScene: Send coverage data

Loading

Possibly related PRs

• Switch coverage upload to CodeScene mdtablefix#12: Both PRs update the CI workflow to use reusable actions for coverage generation and upload, including CodeScene integration.
• Switch coverage to llvm-cov lille#106: Both PRs switch from cargo-tarpaulin to cargo-llvm-cov and adjust coverage report handling in the CI workflow.
• Update coverage workflow mxd#194: Both PRs replace manual CodeScene coverage tool steps with a GitHub Action for uploading coverage data.

Suggested reviewers

• codescene-delta-analysis

Poem

In the warren of code, a new path we pave,
With Actions that scurry, so nimble and brave.
No more manual hops, just a streamlined run,
Coverage and uploads—efficiently done!
🐇✨
The burrow is cleaner, the carrots well-earned,
For every green check, a lesson well-learned!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7caa7e3 and 0011c8e.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (1 hunks)

🧰 Additional context used

🪛 GitHub Check: CodeQL

.github/workflows/ci.yml

[warning] 45-45: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'CI' step Uses Step: coverage uses 'leynos/shared-actions/.github/actions/ratchet-coverage' with ref 'v1.2.1', not a pinned commit hash

---

[warning] 50-50: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'CI' step Uses Step uses 'leynos/shared-actions/.github/actions/upload-codescene-coverage' with ref 'v1.2.1', not a pinned commit hash

✨ Finishing Touches

🧪 Generate Unit Tests

• Create PR with Unit Tests
• Post Copyable Unit Tests in a Comment
• Commit Unit Tests in branch codex/update-ci-with-ratchet-coverage-and-upload-codescene-coverag

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codescene-delta-analysis]

Gates Passed
6 Quality Gates Passed

See analysis details in CodeScene

Quality Gate Profile: Pay Down Tech Debt
Want more control? Customize Code Health rules or catch issues early with our IDE extension and CLI tool.

[sourcery-ai]

Hey @leynos - I've reviewed your changes - here's some feedback:

• Pin the shared actions to immutable SHA digests instead of loose version tags to ensure reproducible CI runs.
• In your docs, explicitly note whether ratchet-coverage uses cargo llvm-cov or cargo-tarpaulin to avoid confusion about the underlying coverage tool.
• Confirm that passing installer-checksum to upload-codescene-coverage still performs the expected integrity check now that the install script is handled by the action itself.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- Pin the shared actions to immutable SHA digests instead of loose version tags to ensure reproducible CI runs.
- In your docs, explicitly note whether `ratchet-coverage` uses `cargo llvm-cov` or `cargo-tarpaulin` to avoid confusion about the underlying coverage tool.
- Confirm that passing `installer-checksum` to `upload-codescene-coverage` still performs the expected integrity check now that the install script is handled by the action itself.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4330cd2 and 692b881.

📒 Files selected for processing (2)

• .github/workflows/ci.yml (1 hunks)
• docs/multi-layered-testing-strategy.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (7)

`docs/**/*.md`: Documentation must use en-GB-oxendict spelling and grammar (with the exception of "license" which is to be left unchanged for community consistency).

docs/**/*.md: Documentation must use en-GB-oxendict spelling and grammar (with the exception of "license" which is to be left unchanged for community consistency).

📄 Source: CodeRabbit Inference Engine (AGENTS.md)

List of files the instruction was applied to:

• docs/multi-layered-testing-strategy.md

`**/*.md`: Validate Markdown files using `markdownlint *.md **/*.md`. Run `mdfor...

**/*.md: Validate Markdown files using markdownlint *.md **/*.md.
Run mdformat-all after any documentation changes to format all Markdown files and fix table markup.
Validate Markdown Mermaid diagrams using the nixie CLI. The tool is already installed; run nixie *.md **/*.md directly instead of using npx.
Markdown paragraphs and bullet points must be wrapped at 80 columns.
Code blocks must be wrapped at 120 columns.
Tables and headings must not be wrapped.

📄 Source: CodeRabbit Inference Engine (AGENTS.md)

List of files the instruction was applied to:

• docs/multi-layered-testing-strategy.md

`docs/**/*.md`: Provide user guides and examples demonstrating server-initiated messaging.

docs/**/*.md: Provide user guides and examples demonstrating server-initiated messaging.

📄 Source: CodeRabbit Inference Engine (docs/asynchronous-outbound-messaging-roadmap.md)

List of files the instruction was applied to:

• docs/multi-layered-testing-strategy.md

`docs/**/*.md`: Conventions for writing project documentation should follow the rules outlined in the documentation style guide.

docs/**/*.md: Conventions for writing project documentation should follow the rules outlined in the documentation style guide.

📄 Source: CodeRabbit Inference Engine (docs/contents.md)

List of files the instruction was applied to:

• docs/multi-layered-testing-strategy.md

`docs/**/*.md`: Use British English based on the Oxford English Dictionary (en-o...

docs/**/*.md: Use British English based on the Oxford English Dictionary (en-oxendict) for documentation.
The word "outwith" is acceptable in documentation.
Keep US spelling when used in an API, for example color.
Use the Oxford comma in documentation.
Company names are treated as collective nouns (e.g., "Lille Industries are expanding").
Write headings in sentence case in documentation.
Use Markdown headings (#, ##, ###, etc.) in order without skipping levels.
Follow markdownlint recommendations for Markdown files.
Provide code blocks and lists using standard Markdown syntax.
Always use fenced code blocks with a language identifier; use plaintext for non-code text.
Use - as the first level bullet and renumber lists when items change.
Prefer inline links using [text](url) or angle brackets around the URL in Markdown.
Expand any uncommon acronym on first use, for example, Continuous Integration (CI).
Wrap paragraphs at 80 columns in documentation.
Wrap code at 120 columns in documentation.
Do not wrap tables in documentation.
Use footnotes referenced with [^label] in documentation.
Include Mermaid diagrams in documentation where it adds clarity.
When embedding figures in documentation, use ![alt text](path/to/image) and provide concise alt text describing the content.
Add a short description before each Mermaid diagram in documentation so screen readers can understand it.

📄 Source: CodeRabbit Inference Engine (docs/documentation-style-guide.md)

List of files the instruction was applied to:

• docs/multi-layered-testing-strategy.md

`docs/**/*.md`: Write the official documentation for the new features. Create se...

docs/**/*.md: Write the official documentation for the new features. Create separate guides for "Duplex Messaging & Pushes", "Streaming Responses", and "Message Fragmentation". Each guide must include runnable examples and explain the relevant concepts and APIs.

📄 Source: CodeRabbit Inference Engine (docs/wireframe-1-0-detailed-development-roadmap.md)

List of files the instruction was applied to:

• docs/multi-layered-testing-strategy.md

`**/*.md`: * Avoid 2nd person or 1st person pronouns ("I", "you", "we") * Use en...

**/*.md: * Avoid 2nd person or 1st person pronouns ("I", "you", "we")

• Use en-oxendic spelling and grammar.
• Paragraphs and bullets must be wrapped to 80 columns, except where a long URL would prevent this (in which case, silence MD013 for that line)
• Code blocks should be wrapped to 120 columns.
• Headings must not be wrapped.

⚙️ Source: CodeRabbit Configuration File

List of files the instruction was applied to:

• docs/multi-layered-testing-strategy.md

🪛 GitHub Check: CodeQL

.github/workflows/ci.yml

[warning] 45-45: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'CI' step Uses Step: coverage uses 'leynos/shared-actions/.github/actions/ratchet-coverage' with ref 'v1.2.0', not a pinned commit hash

---

[warning] 50-50: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'CI' step Uses Step uses 'leynos/shared-actions/.github/actions/upload-codescene-coverage' with ref 'v1.2.0', not a pinned commit hash

⏰ Context from checks skipped due to timeout of 240000ms (1)

• GitHub Check: build-test

[coderabbitai]

⚠️ Potential issue

Pin third-party Actions to immutable commit SHAs.

ratchet-coverage@v1.2.0 and upload-codescene-coverage@v1.2.0 reference moving tags.
CodeQL has already flagged this. Unpinned Actions are a supply-chain risk and can
silently change behaviour.

Proposed fix:

-        uses: leynos/shared-actions/.github/actions/ratchet-coverage@v1.2.0
+        # TODO: replace with the exact commit SHA corresponding to v1.2.0
+        uses: leynos/shared-actions/.github/actions/ratchet-coverage@<commit-sha>
...
-        uses: leynos/shared-actions/.github/actions/upload-codescene-coverage@v1.2.0
+        # TODO: replace with the exact commit SHA corresponding to v1.2.0
+        uses: leynos/shared-actions/.github/actions/upload-codescene-coverage@<commit-sha>

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 GitHub Check: CodeQL

[warning] 45-45: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'CI' step Uses Step: coverage uses 'leynos/shared-actions/.github/actions/ratchet-coverage' with ref 'v1.2.0', not a pinned commit hash

---

[warning] 50-50: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'CI' step Uses Step uses 'leynos/shared-actions/.github/actions/upload-codescene-coverage' with ref 'v1.2.0', not a pinned commit hash

🤖 Prompt for AI Agents

In .github/workflows/ci.yml around lines 44 to 55, the GitHub Actions use
version tags like v1.2.0 for third-party actions, which are mutable and pose a
supply-chain risk. To fix this, replace the version tags with immutable commit
SHAs for both ratchet-coverage and upload-codescene-coverage actions to ensure
the workflow uses a fixed, verified version of these actions.

[codescene-delta-analysis]

Gates Passed
6 Quality Gates Passed

See analysis details in CodeScene

Quality Gate Profile: Pay Down Tech Debt
Want more control? Customize Code Health rules or catch issues early with our IDE extension and CLI tool.

[codescene-delta-analysis]

Gates Passed
6 Quality Gates Passed

See analysis details in CodeScene

Quality Gate Profile: Pay Down Tech Debt
Want more control? Customize Code Health rules or catch issues early with our IDE extension and CLI tool.