ci: adopt GitHub Code Quality coverage in ci-go (drop Codecov)

[devantler]

What

Updates the ci-go caller (the push-to-main validate-go-project invocation) for the coverage migration:

• Bumps validate-go-project.yaml from v3.1.4 → v4.0.0 (GitHub Code Quality coverage; Codecov removed).
• Adds code-quality: write to the job — required by v4.0.0, or the reusable-workflow run fails at startup.
• Drops the CODECOV_TOKEN secret passthrough (the org secret has been deleted; the Codecov app is uninstalled).
• Removes the Codecov badge from the README.

Coverage on PRs already runs via the org ruleset (validate-go-project@main); this aligns the repo's own push-to-main ci-go job and removes its last Codecov dependency.

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR completes the repository-side migration away from Codecov by updating the ci-go push-to-main workflow call to use the reusable workflow version that reports coverage via GitHub Code Quality, and by removing the remaining Codecov references in the repo.

Changes:

• Bump validate-go-project.yaml reusable workflow reference from v3.1.4 to v4.0.0.
• Update ci-go job permissions to include code-quality: write and remove the CODECOV_TOKEN secret passthrough.
• Remove the Codecov badge from the README.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
README.md	Removes the Codecov badge now that Codecov is no longer used.
.github/workflows/ci.yaml	Updates the ci-go reusable workflow version, adds required code-quality: write permission, and drops CODECOV_TOKEN.

[github-actions]

❌MegaLinter analysis: Error

❌ COPYPASTE / jscpd - 7 errors

Clone found (typescript):
 - vsce/src/mcp/schemaClient.ts [325:18 - 332:33] (7 lines, 56 tokens)
   vsce/src/mcp/schemaClient.ts [309:20 - 316:26]

Clone found (typescript):
 - vsce/src/ksail/clusters.ts [381:34 - 390:46] (9 lines, 59 tokens)
   vsce/src/ksail/clusters.ts [361:35 - 370:47]

Clone found (typescript):
 - vsce/src/ksail/clusters.ts [406:44 - 415:46] (9 lines, 61 tokens)
   vsce/src/ksail/clusters.ts [341:33 - 350:48]

Clone found (typescript):
 - vsce/src/ksail/clusters.ts [426:36 - 435:48] (9 lines, 59 tokens)
   vsce/src/ksail/clusters.ts [361:35 - 370:47]

Clone found (typescript):
 - vsce/src/commands/prompts.ts [658:29 - 669:3] (11 lines, 55 tokens)
   vsce/src/commands/prompts.ts [201:8 - 211:3]

Clone found (go):
 - pkg/svc/tenant/argocd.go [400:61 - 413:37] (13 lines, 99 tokens)
   pkg/fsutil/configmanager/talos/manager.go [231:64 - 244:37]

Clone found (typescript):
 - vsce/src/extension.ts [162:46 - 173:18] (11 lines, 59 tokens)
   vsce/src/extension.ts [140:39 - 151:5]

┌────────────┬────────────────┬─────────────┬──────────────┬──────────────┬──────────────────┬───────────────────┐
│ Format     │ Files analyzed │ Total lines │ Total tokens │ Clones found │ Duplicated lines │ Duplicated tokens │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ toml       │ 6              │ 64          │ 277          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ go         │ 592            │ 98002       │ 641993       │ 1            │ 13 (0.01%)       │ 99 (0.02%)        │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ markdown   │ 7              │ 302         │ 638          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ typescript │ 23             │ 4084        │ 22492        │ 6            │ 56 (1.37%)       │ 349 (1.55%)       │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ javascript │ 15             │ 1108        │ 9310         │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ tsx        │ 12             │ 1781        │ 14802        │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ css        │ 2              │ 45          │ 148          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ smarty     │ 1              │ 63          │ 1039         │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ bash       │ 2              │ 52          │ 164          │ 0            │ 0 (0%)           │ 0 (0%)            │
├────────────┼────────────────┼─────────────┼──────────────┼──────────────┼──────────────────┼───────────────────┤
│ Total:     │ 660            │ 105501      │ 690863       │ 7            │ 69 (0.07%)       │ 448 (0.06%)       │
└────────────┴────────────────┴─────────────┴──────────────┴──────────────┴──────────────────┴───────────────────┘
Found 7 clones.
HTML report saved to megalinter-reports/copy-paste/html/
ERROR: jscpd found too many duplicates (0.07%) over threshold (0%)
Error: ERROR: jscpd found too many duplicates (0.07%) over threshold (0%)
    at ThresholdReporter.report (/node-deps/node_modules/@jscpd/finder/dist/index.js:615:13)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:109:18
    at Array.forEach (<anonymous>)
    at /node-deps/node_modules/@jscpd/finder/dist/index.js:108:22
    at async /node-deps/node_modules/jscpd/dist/bin/jscpd.js:9:5

❌ REPOSITORY / osv-scanner - 1 error

Scanning dir .
Starting filesystem walk for root: /
Scanned docs/package-lock.json file and found 549 packages
Scanned desktop/go.mod file and found 401 packages
Scanned web/ui/package-lock.json file and found 187 packages
Scanned go.mod file and found 965 packages
Scanned vsce/package-lock.json file and found 592 packages
End status: 306 dirs visited, 2035 inodes visited, 5 Extract calls, 196.328609ms elapsed, 196.328839ms wall time
Filtered 1 local/unscannable package/s from the scan.
Failed to run code analysis (govulncheck) on 'desktop/go.mod' because govulncheck: loading packages: 
There are errors with the provided package patterns:

-: # github.com/webview/webview_go
# [pkg-config --cflags  -- gtk+-3.0 webkit2gtk-4.0]
Package gtk+-3.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `gtk+-3.0.pc'
to the PKG_CONFIG_PATH environment variable
Package 'gtk+-3.0' not found
Package 'webkit2gtk-4.0' not found
/go/pkg/mod/github.com/webview/webview_go@v0.0.0-20240831120633-6173450d4dd6/webview.go:26:8: could not import C (no metadata for C)
desktop/main.go:64:42: cannot use webview.HintNone (constant unknown with invalid type) as webview.Hint value in argument to view.SetSize

For details on package patterns, see https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.

(the Go toolchain is required)

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'artipacked' audit failed on file://.github/workflows/cd.yaml

Caused by:
    0: error in 'artipacked' audit
    1: couldn't list tags for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

✅ Linters with no issues

actionlint, bash-exec, git_diff, hadolint, jsonlint, lychee, markdown-table-formatter, markdownlint, prettier, prettier, shellcheck, shfmt, stylelint, syft, trivy-sbom, trufflehog, v8r, v8r, yamllint

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Show us your support by starring ⭐ the repository

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

[github-actions]

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.50.

Benchmark suite	Current: a894792	Previous: b60e971	Ratio
BenchmarkCluster_MarshalYAML/Minimal (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	198134 ns/op 18369 B/op 442 allocs/op	75769 ns/op 18368 B/op 442 allocs/op	2.61
BenchmarkCluster_MarshalYAML/Minimal (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	198134 ns/op	75769 ns/op	2.61
BenchmarkCluster_MarshalYAML/WithBasicConfig (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	201076 ns/op 18368 B/op 442 allocs/op	122067 ns/op 18368 B/op 442 allocs/op	1.65
BenchmarkCluster_MarshalYAML/WithBasicConfig (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	201076 ns/op	122067 ns/op	1.65
BenchmarkCluster_MarshalYAML/FullProductionCluster (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	214071 ns/op 21592 B/op 473 allocs/op	133913 ns/op 21592 B/op 473 allocs/op	1.60
BenchmarkCluster_MarshalYAML/FullProductionCluster (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	214071 ns/op	133913 ns/op	1.60
BenchmarkCluster_MarshalJSON/Minimal (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	201541 ns/op 18581 B/op 448 allocs/op	117904 ns/op 18580 B/op 448 allocs/op	1.71
BenchmarkCluster_MarshalJSON/Minimal (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	201541 ns/op	117904 ns/op	1.71
BenchmarkCluster_MarshalJSON/FullProductionCluster (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	240209 ns/op 24659 B/op 547 allocs/op	85388 ns/op 24649 B/op 547 allocs/op	2.81
BenchmarkCluster_MarshalJSON/FullProductionCluster (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	240209 ns/op	85388 ns/op	2.81
BenchmarkYAMLEncode/Minimal (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	225118 ns/op 25304 B/op 470 allocs/op	66926 ns/op 25304 B/op 470 allocs/op	3.36
BenchmarkYAMLEncode/Minimal (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	225118 ns/op	66926 ns/op	3.36
BenchmarkYAMLEncode/FullProductionCluster (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	292129 ns/op 36432 B/op 515 allocs/op	74118 ns/op 36432 B/op 515 allocs/op	3.94
BenchmarkYAMLEncode/FullProductionCluster (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	292129 ns/op	74118 ns/op	3.94
BenchmarkJSONEncode (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	210873 ns/op 19820 B/op 466 allocs/op	64859 ns/op 19816 B/op 466 allocs/op	3.25
BenchmarkJSONEncode (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	210873 ns/op	64859 ns/op	3.25
BenchmarkPruneClusterDefaults/MostlyDefaults (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1)	63180 ns/op 9792 B/op 265 allocs/op	30949 ns/op 9792 B/op 265 allocs/op	2.04
BenchmarkPruneClusterDefaults/MostlyDefaults (github.com/devantler-tech/ksail/v7/pkg/apis/cluster/v1alpha1) - ns/op	63180 ns/op	30949 ns/op	2.04
BenchmarkProgressGroup_NoOp (github.com/devantler-tech/ksail/v7/pkg/notify)	15875 ns/op 2816 B/op 58 allocs/op	10130 ns/op 2816 B/op 58 allocs/op	1.57
BenchmarkProgressGroup_NoOp (github.com/devantler-tech/ksail/v7/pkg/notify) - ns/op	15875 ns/op	10130 ns/op	1.57

This comment was automatically generated by workflow using github-action-benchmark.