[Numpy-discussion] Re: Enabling Code Coverage using Codecov/Actions

Thu, 05 Feb 2026 02:41:06 -0800 


On 05/02/2026 20:46, Ganesh Kathiresan via NumPy-Discussion wrote:

Hi all,
Currently Codecov reports for coverage is disabled and last run shows 2 years ago (ref <https://app.codecov.io/gh/numpy>). I was hoping to re-enable this by following this tutorial <https://docs.codecov.com/docs/quick-start>. 

As part of this, the following changes will be made:
1. New repository token will be added to NumPy repo
2. A new/edited CI workflow YAML to generate and uploadĀ reports using `spin`
CircleCI/Codecov already has the permissions and no changes will be made there.
Since I will be */adding a new token/*, I want to */inform the team and get a `go/no-go` before proceeding/*. (I have the necessary access to both Codecov and GitHub to implement this.).
Alternatively, I would also like to try GitHub actions (inbuilt)(ref <https://github.com/marketplace/actions/python-coverage-comment>). This approach can use the existing token, so I would not need any permissions. 

---

Alternatives Considered:
- Travis CI: Originally removedĀ as part of this issue <https://github.com/numpy/numpy/issues/24410>, it's partially paid (we can get free credits), still a viable option but subject to future change in pricing <https://www.travis-ci.com/faq/> 

Thanks,
Ganesh
(https://github.com/ganesh-k13)
I would vote "nogo". Codecov has had various security problems [0], and I dislike the model of running complicated third-party closed-source services in our CI system. What is the motivation for enabling this again? Was the output ever really helpful enough to justify running it as part of CI? Note this is only about the codecov service as part of our CI workflow. It might make sense to have a spin codecov command to run code coverage offline (requires some clang/gcc instrumentation in the build). 

Matti


[0] https://blog.gitguardian.com/codecov-supply-chain-breach/

_______________________________________________
NumPy-Discussion mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/numpy-discussion.python.org
Member address: [email protected]

Reply via email to