ci: Upload coverage to GitHub Code Quality

[Aaron ("AJ") Steers (aaronsteers)]

Summary

• Add actions/upload-code-coverage@v1 uploads for the Python CDK's existing Cobertura XML reports from Pytest Fast and the representative full pytest matrix job.
• Scope code-quality: write to only the pytest jobs that upload coverage while preserving checks: write for jobs that publish test result check runs.
• Limit uploaded coverage XML to airbyte_cdk/* package files so GitHub Code Quality does not report stdlib or test-helper paths.
• Checkout the PR head SHA before generating coverage so GitHub Code Quality maps uploaded reports to the reviewed commit.
• Disable checkout credential persistence in coverage-producing jobs.
• Add workflow_dispatch to both coverage-producing pytest workflows so maintainers can manually refresh coverage from main or a PR branch.
• Guard Code Quality uploads on htmlcov/coverage.xml existing so failed/skipped coverage generation does not produce noisy upload errors.
• Keep existing GitHub artifact uploads intact and make Code Quality uploads best-effort with fail-on-error: false.
• Include the pytest matrix workflow itself in its path filter so edits to the coverage upload configuration run that workflow.

Review & Testing Checklist for Human

• Confirm GitHub Code Quality is enabled for this repository so uploaded coverage appears on PRs.
• Confirm the two coverage labels, code-coverage/pytest-fast and code-coverage/pytest-matrix, are useful and not too noisy in the PR coverage UI.
• After merge, confirm both pytest workflows expose a manual "Run workflow" option and that manual runs from main upload coverage.
• Confirm Code Quality compares PR coverage against main after a main coverage upload is available.
• Confirm the Publish Test Results check-run summaries still appear after the explicit permissions change.

Notes

• Requested by AJ Steers in Slack.
• Lessons incorporated from PyAirbyte and airbyte-ops-mcp validation: checkout head SHA, preserve checks: write, gate uploads on coverage XML, add manual dispatch, ensure manual dispatch bypasses path-filter skips, and disable checkout credential persistence.
• Local validation: yq e '.' .github/workflows/pytest_fast.yml, yq e '.' .github/workflows/pytest_matrix.yml, yq e '.on.workflow_dispatch' for both workflows, and git diff --check.

---

Devin session

Requested by: Aaron ("AJ") Steers (@aaronsteers)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[github-actions]

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

💡 Show Tips and Tricks

Testing This CDK Version

You can test this version of the CDK using the following:

# Run the CLI from this branch:
uvx 'git+https://github.com/airbytehq/airbyte-python-cdk.git@devin/1779860596-github-coverage-upload#egg=airbyte-python-cdk[dev]' --help

# Update a connector to use the CDK from this branch ref:
cd airbyte-integrations/connectors/source-example
poe use-cdk-branch devin/1779860596-github-coverage-upload

PR Slash Commands

Airbyte Maintainers can execute the following slash commands on your PR:

• /autofix - Fixes most formatting and linting issues
• /poetry-lock - Updates poetry.lock file
• /test - Runs connector tests with the updated CDK
• /prerelease - Triggers a prerelease publish with default arguments
• /poe build - Regenerate git-committed build artifacts, such as the pydantic models which are generated from the manifest JSON schema in YAML.
• /poe <command> - Runs any poe command in the CDK environment

📚 Show Repo Guidance

Helpful Resources

• CDK API Reference

📝 Edit this welcome message.

[github-code-quality]

Code Coverage Overview

Languages: Python

Python / code-coverage/pytest-fast

The overall coverage in the devin/1779860596-git... branch is 90%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	devin/1779860596-git... f2a8aea	+/-
airbyte_cdk/sou...onent_schema.py	—	100%	—
airbyte_cdk/sou...s/csv_parser.py	—	98%	—
airbyte_cdk/sou...streams/core.py	—	96%	—
airbyte_cdk/sou...ms/http/http.py	—	96%	—
airbyte_cdk/sou...ition_cursor.py	—	95%	—
airbyte_cdk/sou...orchestrator.py	—	94%	—
airbyte_cdk/sou...ative_source.py	—	92%	—
airbyte_cdk/sou...nent_factory.py	—	90%	—
airbyte_cdk/sou...rrent/cursor.py	—	89%	—
airbyte_cdk/sou...ms/call_rate.py	—	86%	—

Python / code-coverage/pytest-matrix

The overall coverage in the devin/1779860596-git... branch is 90%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	devin/1779860596-git... f2a8aea	+/-
airbyte_cdk/sou...onent_schema.py	—	100%	—
airbyte_cdk/sou...s/csv_parser.py	—	98%	—
airbyte_cdk/sou...streams/core.py	—	96%	—
airbyte_cdk/sou...ms/http/http.py	—	96%	—
airbyte_cdk/sou...ition_cursor.py	—	95%	—
airbyte_cdk/sou...orchestrator.py	—	94%	—
airbyte_cdk/sou...ative_source.py	—	92%	—
airbyte_cdk/sou...nent_factory.py	—	91%	—
airbyte_cdk/sou...rrent/cursor.py	—	89%	—
airbyte_cdk/sou...ms/call_rate.py	—	86%	—

---

_{Updated May 27, 2026 16:31 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[Copilot]

Pull request overview

This PR adds GitHub Code Quality coverage uploads to the existing Python CDK pytest workflows while keeping existing coverage artifacts and test result publishing.

Changes:

• Adds actions/upload-code-coverage@v1 steps for fast pytest and representative matrix coverage XML.
• Narrows generated Cobertura XML to airbyte_cdk/*.
• Adds explicit workflow/job permissions and includes the matrix workflow file in its path filters.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/pytest_fast.yml	Adds scoped permissions, filters coverage XML, and uploads fast-test coverage to GitHub Code Quality.
.github/workflows/pytest_matrix.yml	Adds scoped permissions, updates matrix path filters, filters coverage XML, and uploads representative matrix coverage to GitHub Code Quality.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

[coderabbitai]

📝 Walkthrough

Walkthrough

Two GitHub Actions workflows (pytest_fast and pytest_matrix) add workflow/job permissions, enable manual dispatch, scope coverage XML generation to airbyte_cdk/*, and upload htmlcov/coverage.xml to GitHub Code Quality with uploads allowed to fail.

Changes

GitHub Code Quality Coverage Reporting

Layer / File(s)	Summary
Permissions setup across workflows .github/workflows/pytest_fast.yml, .github/workflows/pytest_matrix.yml	Workflow-level and job-level permissions blocks added: contents: read, pull-requests: read, and checks/code-quality: write where required.
Checkout and manual dispatch gating .github/workflows/pytest_matrix.yml	Adds workflow_dispatch, updates job if: guards to run on manual dispatch or path filter, and uses PR head SHA for checkout when applicable.
Coverage generation scoped to airbyte_cdk .github/workflows/pytest_fast.yml, .github/workflows/pytest_matrix.yml	Coverage XML generation commands changed to include only airbyte_cdk/* when producing htmlcov/coverage.xml.
Coverage upload to GitHub Code Quality .github/workflows/pytest_fast.yml, .github/workflows/pytest_matrix.yml	New steps upload htmlcov/coverage.xml via actions/upload-code-coverage (pinned), with fail-on-error: false and matrix/exists gating for pytest_matrix.

---

🎯 3 (Moderate) | ⏱️ ~20 minutes

Would you like me to suggest a brief consolidated snippet showing the permissions and upload step to reuse across both workflows, wdyt?

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding GitHub Code Quality coverage uploads to CI workflows, which is the core objective of this PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch devin/1779860596-github-coverage-upload

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/pytest_fast.yml (1)

51-52: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Checkout PR head SHA for accurate coverage mapping: On pull_request, should we set actions/checkout@v4 to ref: ${{ github.event.pull_request.head.sha || github.sha }} so coverage maps to the PR head commit (not the synthetic merge commit)? (docs.github.com) wdyt?

Suggested patch

       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pytest_fast.yml around lines 51 - 52, Update the checkout
step to use the PR head SHA instead of the default merge commit by adding the
with.ref setting to the actions/checkout@v4 step, specifically set ref: ${{
github.event.pull_request.head.sha || github.sha }} so coverage and other
tooling run against the PR head commit (modify the "Checkout code" step that
uses actions/checkout@v4 to include this with.ref).

🧹 Nitpick comments (1)

.github/workflows/pytest_matrix.yml (1)

59-60: ⚡ Quick win

Consider checking out the PR head SHA for more accurate Code Quality coverage mapping

• For pull_request runs, does it make sense to check out ${{ github.event.pull_request.head.sha || github.sha }} instead of the default merge/as-merged commit, so the coverage is mapped to the PR HEAD? wdyt?

Suggested patch

       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}

• actions/upload-code-coverage@v1 already uses the correct file: input and the step has if: always(), so the earlier concerns about the input key and upload being skipped on failures don’t apply.
• Would you like to pin actions/checkout@v4 / actions/upload-code-coverage@v1 to commit SHAs per your supply-chain policy?

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pytest_matrix.yml around lines 59 - 60, Update the
"Checkout code" step (uses: actions/checkout@v4) to checkout the PR head SHA for
pull_request events by adding a with: ref: ${{
github.event.pull_request.head.sha || github.sha }} so coverage maps to the PR
HEAD rather than the merge commit; optionally consider pinning the
actions/checkout and actions/upload-code-coverage actions to specific commit
SHAs per your supply-chain policy.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/pytest_fast.yml:
- Line 99: Replace the floating reference uses: actions/upload-code-coverage@v1
with a pinned full commit SHA (e.g., uses:
actions/upload-code-coverage@<full-commit-sha>) so the action cannot change
unexpectedly; update this in both occurrences (the one in pytest_fast.yml and
the one in pytest_matrix.yml) by finding the desired commit SHA from the
actions/upload-code-coverage repository and substituting it for `@v1`, committing
the change.

In @.github/workflows/pytest_matrix.yml:
- Line 125: Replace the mutable tag "actions/upload-code-coverage@v1" with a
pinned immutable commit SHA: locate the desired release commit SHA from the
actions/upload-code-coverage repository (e.g., the latest stable commit), and
update the uses entry to "actions/upload-code-coverage@<COMMIT_SHA>" so the
workflow references that exact commit; ensure you commit the change and run the
workflow to verify behavior remains the same.

---

Outside diff comments:
In @.github/workflows/pytest_fast.yml:
- Around line 51-52: Update the checkout step to use the PR head SHA instead of
the default merge commit by adding the with.ref setting to the
actions/checkout@v4 step, specifically set ref: ${{
github.event.pull_request.head.sha || github.sha }} so coverage and other
tooling run against the PR head commit (modify the "Checkout code" step that
uses actions/checkout@v4 to include this with.ref).

---

Nitpick comments:
In @.github/workflows/pytest_matrix.yml:
- Around line 59-60: Update the "Checkout code" step (uses: actions/checkout@v4)
to checkout the PR head SHA for pull_request events by adding a with: ref: ${{
github.event.pull_request.head.sha || github.sha }} so coverage maps to the PR
HEAD rather than the merge commit; optionally consider pinning the
actions/checkout and actions/upload-code-coverage actions to specific commit
SHAs per your supply-chain policy.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a8f887c6-d74a-4488-9a2b-dda0645defc8

📥 Commits

Reviewing files that changed from the base of the PR and between f4c0779 and 5356486.

📒 Files selected for processing (2)

• .github/workflows/pytest_fast.yml
• .github/workflows/pytest_matrix.yml

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/pytest_fast.yml:
- Around line 54-55: Update the actions/checkout@v4 step to explicitly disable
credential persistence by adding the input key persist-credentials: false
alongside the existing with.ref setting; locate the checkout step
(actions/checkout@v4) and add persist-credentials: false under its with block so
the runtime token is not written to local git config.

In @.github/workflows/pytest_matrix.yml:
- Around line 63-64: Set the checkout action to avoid persisting the runner
token by adding persist-credentials: false to the actions/checkout@v4 step;
locate the checkout step referencing "actions/checkout@v4" and update its with:
block to include the key "persist-credentials" with value false so the token is
not left in git config after checkout.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8d723ef5-1c64-4c3b-9760-adb2d60f042c

📥 Commits

Reviewing files that changed from the base of the PR and between 5356486 and fc07ac3.

📒 Files selected for processing (2)

• .github/workflows/pytest_fast.yml
• .github/workflows/pytest_matrix.yml