Skip to content

Enable TUnit test report artifact upload in GitHub Actions #902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BenjaminMichaelis merged 2 commits into from
Mar 9, 2026
Merged

Enable TUnit test report artifact upload in GitHub Actions #902

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e6a44d
Initial plan
Copilot Mar 6, 2026
6d3c7c3
Add Expose GitHub Actions Runtime step before test runs for TUnit art…
Copilot Mar 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/workflows/Build-Test-And-Deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,13 @@ jobs:
- name: Build with dotnet
run: dotnet build -p:ContinuousIntegrationBuild=True -p:ReleaseDateAttribute=True --configuration Release --no-restore

- name: Expose GitHub Actions Runtime
uses: actions/github-script@v7
with:
script: |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']);
core.exportVariable('ACTIONS_RESULTS_URL', process.env['ACTIONS_RESULTS_URL']);

Comment on lines +50 to +52
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

process.env['ACTIONS_RUNTIME_TOKEN'] can be undefined/empty depending on runner/event context; exporting an empty value can lead downstream tooling to treat the runtime as available but fail later. Consider guarding the export (only export when the value is truthy) and calling core.setSecret(...) for the token before exporting so it’s masked if anything logs environment variables.

Suggested change
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']);
core.exportVariable('ACTIONS_RESULTS_URL', process.env['ACTIONS_RESULTS_URL']);
const runtimeToken = process.env['ACTIONS_RUNTIME_TOKEN'];
if (runtimeToken) {
core.setSecret(runtimeToken);
core.exportVariable('ACTIONS_RUNTIME_TOKEN', runtimeToken);
}
const resultsUrl = process.env['ACTIONS_RESULTS_URL'];
if (resultsUrl) {
core.exportVariable('ACTIONS_RESULTS_URL', resultsUrl);
}

Copilot uses AI. Check for mistakes.
- name: Run .NET Tests
run: dotnet test --no-build --configuration Release

Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/PR-Build-And-Test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,13 @@ jobs:
- name: Build with dotnet
run: dotnet build --configuration Release --no-restore /p:AccessToNugetFeed=false

- name: Expose GitHub Actions Runtime
uses: actions/github-script@v7
with:
script: |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']);
core.exportVariable('ACTIONS_RESULTS_URL', process.env['ACTIONS_RESULTS_URL']);
Comment on lines +37 to +42
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exporting ACTIONS_RUNTIME_TOKEN into the shell environment makes it accessible to any code executed during dotnet test (including test code from PRs), which increases the blast radius if someone prints/exfiltrates env vars. If this workflow runs on fork PRs, consider restricting this step to trusted contexts (e.g., only when github.event.pull_request.head.repo.full_name == github.repository) or otherwise documenting/accepting the risk explicitly.

Copilot uses AI. Check for mistakes.

Comment on lines +41 to +43
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

process.env['ACTIONS_RUNTIME_TOKEN'] may be undefined/empty on some events or runner contexts; exporting an empty value can make downstream tools think the runtime token is present but invalid. Consider guarding the export (only call core.exportVariable when the value is truthy) and calling core.setSecret(...) for the token before exporting to ensure it’s masked if any step logs environment variables.

Suggested change
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN']);
core.exportVariable('ACTIONS_RESULTS_URL', process.env['ACTIONS_RESULTS_URL']);
const runtimeToken = process.env['ACTIONS_RUNTIME_TOKEN'];
if (runtimeToken) {
core.setSecret(runtimeToken);
core.exportVariable('ACTIONS_RUNTIME_TOKEN', runtimeToken);
}
const resultsUrl = process.env['ACTIONS_RESULTS_URL'];
if (resultsUrl) {
core.exportVariable('ACTIONS_RESULTS_URL', resultsUrl);
}

Copilot uses AI. Check for mistakes.
- name: Run .NET Tests
run: dotnet test --no-build --configuration Release --report-trx --coverage --results-directory ${{ runner.temp }}

Expand Down
Loading