Add coverage data to MOC about CI-PR Coverage

[Rosyrain]

User description

What type of PR is this?

• API-change
• BUG
• Improvement
• Documentation
• Feature
• Test and CI
• Code Refactoring

Which issue(s) this PR fixes:

issue #

What this PR does / why we need it:

Add the coverage data of the PR Coverage in the MOC and compare it with the coverage history record every time when PR Coverage process start.

---

PR Type

tests, enhancement

---

Description

• Added new environment variables for database configuration in the entrypoint.yaml file to support extended functionality.
• Introduced a new GitHub Actions workflow merge-update-moc.yaml to update the MOC when a pull request is merged. This workflow is triggered on pull request closure for the main and version branches.

---

Changes walkthrough 📝

	Relevant files
Configuration changes	entrypoint.yaml Add database configuration environment variables                  .github/workflows/entrypoint.yaml Added new environment variables for database configuration. Included EE_DB_ADDR, EE_DB_PORT, EE_DB_USER, EE_DB_PASSWORD, and EE_DB_DB. +5/-0
Enhancement	merge-update-moc.yaml Introduce workflow for MOC update on PR merge                        .github/workflows/merge-update-moc.yaml Created a new workflow for updating MOC on PR merge. Triggered on pull request closure for main and version branches. Utilizes an existing workflow from matrixorigin/CI. +11/-0

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[codiumai-pr-agent-pro]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The PR introduces new environment variables for database configuration (EE_DB_ADDR, EE_DB_PORT, EE_DB_USER, EE_DB_PASSWORD, EE_DB_DB) in the entrypoint.yaml file. While these are set using GitHub secrets, which is a good practice, extra caution should be taken to ensure these sensitive credentials are not accidentally logged or exposed during the workflow execution. Additionally, the new merge-update-moc.yaml workflow inherits all secrets, which might grant unnecessary access to sensitive information if not all secrets are required for this specific workflow.

⚡ Recommended focus areas for review Sensitive Information The PR adds new environment variables for database configuration. Ensure that these variables are properly secured and not exposed in logs or outputs. Workflow Permissions The new workflow uses secrets inheritance. Verify that the inherited secrets are necessary and that the workflow has appropriate permissions.

[codiumai-pr-agent-pro]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Enhancement	✅ Optimize workflow execution by adding a conditional check for merged pull requests Suggestion Impact: The commit added a conditional check to run the workflow only when a pull request is merged, as suggested. code diff: + if: ${{ github.event.pull_request.merged == true }} Consider adding a conditional check to ensure the workflow only runs when a pull request is actually merged, not just closed. This can prevent unnecessary workflow runs and save on GitHub Actions minutes. .github/workflows/merge-update-moc.yaml [2-11] on: pull_request_target: branches: [ main,'[0-9]+.[0-9]+*' ] types: - closed +jobs: + merge-update-moc: + if: github.event.pull_request.merged == true + uses: matrixorigin/CI/.github/workflows/merge-update-moc.yaml@main + secrets: inherit + Apply this suggestion Suggestion importance[1-10]: 8 Why: Adding a conditional check to ensure the workflow only runs when a pull request is merged is a valuable enhancement. It optimizes resource usage by preventing unnecessary runs, making it a significant improvement.	8
Security	Enhance security by implementing built-in secret masking for sensitive data in GitHub Actions Consider using GitHub Actions' built-in masking for sensitive information instead of directly referencing secrets in the environment. This can provide an additional layer of security by preventing accidental exposure of sensitive data in logs. .github/workflows/entrypoint.yaml [75-79] EE_DB_ADDR: ${{ secrets.EE_DB_ADDR }} EE_DB_PORT: ${{ secrets.EE_DB_PORT }} EE_DB_USER: ${{ secrets.EE_DB_USER }} EE_DB_PASSWORD: ${{ secrets.EE_DB_PASSWORD }} EE_DB_DB: ${{ secrets.EE_DB_DB }} +env: + MASKED_DB_PASSWORD: ${{ secrets.EE_DB_PASSWORD }} Apply this suggestion Suggestion importance[1-10]: 3 Why: The suggestion to use built-in masking for secrets is valid for enhancing security, but the improved code does not effectively implement this change. The suggestion lacks clarity on how to properly apply masking, resulting in a low score.	3

💡 Need additional feedback ? start a PR chat

[Rosyrain]

test link:
https://github.com/Rosyrain/matrixone/actions/runs/11303791900/job/31442860309
https://github.com/Rosyrain/matrixone/actions/runs/11304829352/job/31443772997
https://github.com/Rosyrain/matrixone/actions/runs/11304921619/job/31443858426