ci: setup code coverage #22

	name: Code PushUp (fork)

	# separated from code-pushup.yml for security reasons
	# => requires permissions to create PR comment
	# => for PRs from forks, needs to run on `pull_request_target`, not `pull_request`
	# => `pull_request_target` is a security risk when secrets are being used
	# => secrets needed for code-pushup upload
	# => code-pushup for forks runs in separate workflow with no secrets access

	on:
	pull_request_target:
	branches: [main]

	env:
	NX_NON_NATIVE_HASHER: true

	permissions:
	pull-requests: write

	jobs:
	code-pushup:
	runs-on: ubuntu-latest
	name: Code PushUp
	if: github.event.pull_request.head.repo.fork
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: .nvmrc
	cache: npm
	- name: Install dependencies
	run: npm ci
	- name: Run Code PushUp action
	uses: code-pushup/github-action@v0
	with:
	bin: npx nx code-pushup -- --verbose

Provide feedback