Implement code coverage in GitHub actions

This overwrites the `codecov.yml` file in the root of the repository with
`codecov-upstream.yml` file (which contains the code-cov token)´, so PRs
and branches on the repository can upload coverage.

Suggestion from here:

#6421 (comment)

Security concerns: the token might be misused, but only to upload bogus coverage
to `codecov.io`, so the team believe this is harmless. If we decide to fallback
from this decision , we just need to revoke the token.

Related to #6369

Author: nicoddemus

.github/codecov-upstream.yml

@@ -0,0 +1,13 @@
+# this file replaces <root>/codecov.yml when building on the main repository and PRs
+coverage:
+  status:
+    project: true
+    patch: true
+    changes: true
+
+comment: off
+
+codecov:
+  # token from: https://codecov.io/gh/pytest-dev/pytest/settings
+  # use same URL to regenerate it if needed
+  token: "1eca3b1f-31a2-4fb8-a8c3-138b441b50a7"

.github/workflows/main.yml

@@ -1,8 +1,7 @@
-# evaluating GitHub actions for CI, disconsider failures when evaluating PRs
+# evaluating GitHub actions for CI, disregard failures when evaluating PRs
 #
 # this is still missing:
 # - deploy
-# - coverage
 # - upload github notes
 #
 name: main
@@ -17,6 +16,10 @@ on:
 
 jobs:
   build:
+    env:
+      _PYTEST_TOX_COVERAGE_RUN: "coverage run -m"
+      COVERAGE_PROCESS_START: ".coveragerc"
+      _PYTEST_TOX_EXTRA_DEP: "coverage-enable-subprocess"
 
     runs-on: ${{ matrix.os }}
 
@@ -86,6 +89,8 @@ jobs:
             python: "3.7"
             os: ubuntu-latest
             tox_env: "py37-freeze"
+            # coverage does not apply for freeze test, skip it
+            skip_coverage: true
           - name: "ubuntu-py38"
             python: "3.8"
             os: ubuntu-latest
@@ -94,6 +99,8 @@ jobs:
             python: "pypy3"
             os: ubuntu-latest
             tox_env: "pypy3-xdist"
+            # coverage too slow with pypy3, skip it
+            skip_coverage: true
 
           - name: "macos-py37"
             python: "3.7"
@@ -118,6 +125,32 @@ jobs:
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install tox
+        pip install tox coverage
     - name: Test
-      run: tox -e ${{ matrix.tox_env }}
+      shell: bash
+      run: |
+        if [[ "${{ matrix.skip_coverage }}" = "true" ]]; then
+          export _PYTEST_TOX_COVERAGE_RUN=
+        fi
+        tox -e ${{ matrix.tox_env }}
+
+    - name: Prepare coverage token
+      if: success() && !matrix.skip_coverage && ( github.repository == 'pytest-dev/pytest' || github.event_name == 'pull_request' )
+      run: |
+        cp .github/codecov-upstream.yml codecov.yml
+
+    - name: Combine coverage
+      if: success() && !matrix.skip_coverage
+      run: |
+        python -m coverage combine
+        python -m coverage xml
+
+    - name: Codecov upload
+      if: success() && !matrix.skip_coverage
+      uses: codecov/codecov-action@v1
+      with:
+        token: ${{ secrets.codecov }}
+        file: ./coverage.xml
+        flags: ${{ runner.os }}
+        fail_ci_if_error: false
+        name: ${{ matrix.name }}

codecov.yml

@@ -1,3 +1,5 @@
+# note: `.github/codecov-upstream.yml` is basically a copy of this file, please propagate
+# changes as needed
 coverage:
   status:
     project: true