Skip to content

feat: Inject runtime configuration for GH_APP in NGINX startup script#3962

Open
jason-ford-codecov wants to merge 3 commits intomainfrom
fix/enable-name-change-in-github-app
Open

feat: Inject runtime configuration for GH_APP in NGINX startup script#3962
jason-ford-codecov wants to merge 3 commits intomainfrom
fix/enable-name-change-in-github-app

Conversation

@jason-ford-codecov
Copy link
Contributor

@jason-ford-codecov jason-ford-codecov commented Jan 15, 2026
edited by cursor bot
Loading

Description

This enables changing the github app url from the env

Code Example

Notable Changes

Screenshots

Link to Sample Entry

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

Note

Adds runtime configuration injection for the GitHub App.

  • Updates docker/start-nginx.sh to inject window.configEnv.GH_APP into gazebo/index.html if CODECOV_GH_APP is set
  • Uses base64 encoding to safely embed the value and checks for existing injection to remain idempotent
  • No changes to existing URL rewrite logic or NGINX templating

Written by Cursor Bugbot for commit fb8f75a. This will update automatically on new commits. Configure here.

@jason-ford-codecov
Copy link
Contributor Author

jason-ford-codecov commented Jan 15, 2026

@sentry review

cursor[bot]
cursor bot reviewed Jan 15, 2026
View reviewed changes
docker/start-nginx.sh Outdated
# Inject runtime config via window.configEnv
if [[ -n "${CODECOV_GH_APP}" ]]; then
echo "Setting GH_APP to ${CODECOV_GH_APP}"
sed -i 's|<head>|<head><script>window.configEnv=window.configEnv||{};window.configEnv.GH_APP="'"${CODECOV_GH_APP}"'";</script>|' /var/www/app/gazebo/index.html
Copy link

@cursor cursor bot Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unescaped special characters in env variable break sed

Medium Severity

The ${CODECOV_GH_APP} value is inserted directly into the sed replacement without escaping special characters. In sed replacement text, & means "insert matched pattern," so a value like my&app becomes my<head>app. Additionally, values containing ", \, or </script> would break the JavaScript syntax or HTML structure. The environment variable value needs to be sanitized or escaped before being used in the sed command.

Fix in Cursor Fix in Web

@sentry
Copy link

sentry bot commented Jan 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.73%. Comparing base (8bbe472) to head (fb8f75a).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3962   +/-   ##
=======================================
  Coverage   98.73%   98.73%           
=======================================
  Files         826      826           
  Lines       14983    14983           
  Branches     4287     4287           
=======================================
  Hits        14793    14793           
  Misses        182      182           
  Partials        8        8
Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 99.71% <ø> (ø)
Pages 98.34% <ø> (ø)
Services 99.32% <ø> (ø)
Shared 99.00% <ø> (ø)
UI 99.01% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8bbe472...fb8f75a. Read the comment docs.

@codecov-notifications
Copy link

codecov-notifications bot commented Jan 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

@@           Coverage Diff           @@
##             main    #3962   +/-   ##
=======================================
  Coverage   98.73%   98.73%           
=======================================
  Files         826      826           
  Lines       14983    14983           
  Branches     4292     4287    -5     
=======================================
  Hits        14793    14793           
  Misses        182      182           
  Partials        8        8
Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 99.71% <ø> (ø)
Pages 98.34% <ø> (ø)
Services 99.32% <ø> (ø)
Shared 99.00% <ø> (ø)
UI 99.01% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8bbe472...fb8f75a. Read the comment docs.

@codecov-public-qa
Copy link

codecov-public-qa bot commented Jan 15, 2026
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.73%. Comparing base (8bbe472) to head (fb8f75a).

✅ All tests successful. No failed tests found.

@@           Coverage Diff           @@
##             main    #3962   +/-   ##
=======================================
  Coverage   98.73%   98.73%           
=======================================
  Files         826      826           
  Lines       14983    14983           
  Branches     4287     4292    +5     
=======================================
  Hits        14793    14793           
  Misses        182      182           
  Partials        8        8
Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 99.71% <ø> (ø)
Pages 98.34% <ø> (ø)
Services 99.32% <ø> (ø)
Shared 99.00% <ø> (ø)
UI 99.01% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8bbe472...fb8f75a. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

sentry[bot]
sentry bot reviewed Jan 15, 2026
View reviewed changes
@jason-ford-codecov
Copy link
Contributor Author

jason-ford-codecov commented Jan 15, 2026

@sentry review

@codecov-releaser
Copy link
Collaborator

codecov-releaser commented Jan 15, 2026
edited
Loading

✅ Deploy preview for gazebo ready!

Previews expire after 1 month automatically.

Storybook

Commit Created Cloud Enterprise
70f590c Thu, 15 Jan 2026 16:01:06 GMT Expired Expired
70f590c Thu, 15 Jan 2026 16:02:54 GMT Expired Expired
fb8f75a Thu, 15 Jan 2026 16:11:25 GMT Cloud Enterprise

cursor[bot]
cursor bot reviewed Jan 15, 2026
View reviewed changes
@codecov-qa
Copy link

codecov-qa bot commented Jan 15, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.73%. Comparing base (8bbe472) to head (fb8f75a).

@@            Coverage Diff             @@
##             main    #3962      +/-   ##
==========================================
+ Coverage   95.34%   98.73%   +3.39%     
==========================================
  Files         826      826              
  Lines       14983    14983              
  Branches     4287     4292       +5     
==========================================
+ Hits        14285    14793     +508     
+ Misses        618      182     -436     
+ Partials       80        8      -72

see 54 files with indirect coverage changes

Components Coverage Δ
Assets 100.00% <ø> (ø)
Layouts 99.71% <ø> (ø)
Pages 98.34% <ø> (ø)
Services 99.32% <ø> (+0.06%) ⬆️
Shared 99.00% <ø> (+33.59%) ⬆️
UI 99.01% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8bbe472...fb8f75a. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jason-ford-codecov
Copy link
Contributor Author

jason-ford-codecov commented Jan 15, 2026

@sentry review

@sentry
Copy link

sentry bot commented Jan 16, 2026

Bundle Report

Bundle size has no change ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@calvin-codecov calvin-codecov calvin-codecov approved these changes

Assignees

@spalmurray spalmurray

@calvin-codecov calvin-codecov

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jason-ford-codecov @codecov-releaser @calvin-codecov @spalmurray