From ab541ac545a04e010ef2430596da589be445f964 Mon Sep 17 00:00:00 2001
From: Brian Scholer <1260690+briantist@users.noreply.github.com>
Date: Sun, 2 Jul 2023 17:07:03 -0400
Subject: [PATCH] update coverage report locations, remove duplicate filenames
 (#1024)

* update coverage report locations, remove duplicate filenames

* coverage least-privilege

* reduce retention on reports

* least privilege on everything

* restore checkout for codecov.yml contents
---
 .github/workflows/lint-and-test.yml | 19 +++++++++++++------
 .gitignore                          |  1 +
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml
index 3eb0252f3..e138fd058 100644
--- a/.github/workflows/lint-and-test.yml
+++ b/.github/workflows/lint-and-test.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     name: Lint
@@ -143,15 +146,16 @@ jobs:
       run: |
         poetry run pytest \
           --cov=hvac \
-          --cov-report=xml \
+          --cov-report=xml:reports/coverage_py${{ matrix.python-version }}.xml \
           tests/unit_tests
 
     - name: Upload unit tests coverage artifacts
       uses: actions/upload-artifact@v3
       with:
-        name: unit_tests-coverage.xml
-        path: coverage.xml
+        name: coverage_reports
+        path: reports/*.xml
         if-no-files-found: error
+        retention-days: 1
 
   integration-tests:
     name: Integration Tests
@@ -215,18 +219,21 @@ jobs:
         sudo setcap cap_ipc_lock= /usr/bin/vault
 
     - name: pytest tests/integration_tests
+      env:
+        COVFILE: coverage_py${{ matrix.python-version }}_${{ matrix.vault-version }}.xml
       run: |
         poetry run pytest \
           --cov=hvac \
-          --cov-report=xml \
+          --cov-report=xml:reports/${COVFILE//[^A-Za-z0-9\-_\.]/_} \
           tests/integration_tests
 
     - name: Upload integration tests coverage artifacts
       uses: actions/upload-artifact@v3
       with:
-        name: integration_tests-coverage.xml
-        path: coverage.xml
+        name: coverage_reports
+        path: reports/*.xml
         if-no-files-found: error
+        retention-days: 1
 
   upload-to-codecov:
     name: Upload to Codecov
diff --git a/.gitignore b/.gitignore
index af2a5264b..97fdaea95 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@
 test/*.log
 /.coverage
 /cover
+/reports
 *~
 
 # sphinx build folder