Investigate usage of CodeCov integration

[coreydaley]

We should investigate/trial on a repository using CodeCov to ensure that:

• We have adequate unit test coverage
• That pull requests do not lower our coverage
• That new features/code have adequate coverage

https://github.com/marketplace/codecov

[qu1queee]

From refinement, this is helpful but as this is a 3rd vendor product, it can weakness our security (from some internal experiences). Would be good to understand if coverage applies for both integration and e2e tests. @coreydaley you might want to bring this one to the community meeting?

[coreydaley]

As far as I understand, CodeCov only covers unit tests, it uses the coverage profile that is generated by using the -coverprofile flag when running the unit tests such as go test -race -cover -coverprofile=coverage -covermode=atomic -v ./.... There is then a command that is run that uploads the file referenced by the -coverprofile flag to determine if coverage will change if that pull request is merged.

I do not see how that would cause a weakness in our security? If whoever had a concern with the security of this could elaborate on the reasoning I would appreciate it. Apologies for missing the meeting this morning where this was discussed.