fix(python-ci): include hidden files in coverage-artifact upload

[williaby]

Summary

• Add include-hidden-files: true to the coverage-reports upload step in python-ci.yml.
• Fixes silent artifact-upload failure for caller repos whose name starts with a dot (currently only ByronWilliamsCPA/.claude, the sole dot-prefix repo in the fleet that calls this template).
• One-line change, no behavior change for any non-dot-prefix caller.

Root cause

actions/upload-artifact@v7 uses @actions/glob internally, whose default excludeHiddenFiles: true causes the traversal to skip any directory whose basename matches ^\.. For a caller named .claude, the runner workspace lives at /home/runner/work/.claude/.claude — the search root itself matches the hidden-file pattern, so the entire workspace is skipped before any file is examined.

The upload step then logs:

##[warning]No files were found with the provided path: coverage.xml / coverage-*.xml / junit-*.xml / htmlcov/. No artifacts will be uploaded.

…and exits success. gh api repos/ByronWilliamsCPA/.claude/actions/runs/<id>/artifacts confirmed total_count: 0 — the artifact has never been successfully uploaded since this repo was created. The downstream Coverage (Qlty) workflow has been failing every run as a consequence.

Note: this is not a v7 regression. actions/upload-artifact@v4 has the same excludeHiddenFiles default; downgrading would not fix the bug.

Fix

       - name: Upload coverage artifacts
         if: steps.detect.outputs.state == 'uv-locked' || steps.detect.outputs.state == 'uv-no-lock'
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
           name: coverage-reports
+          include-hidden-files: true
           path: |
             coverage.xml
             coverage-*.xml
             junit-*.xml
             htmlcov/
           retention-days: 7

Setting include-hidden-files: true flips excludeHiddenFiles to false, so the globber traverses into the dot-prefix workspace and finds the coverage outputs as expected.

Blast radius

• Dot-prefix callers (1 repo: .claude): fixes the silent upload failure.
• Non-dot-prefix callers (13 repos): no behavior change. Workspace paths never match ^\., so the flag is inert.
• No security implication: this flag controls whether dot-prefixed files (e.g. .coverage) are included, not whether secrets/credentials are uploaded. The path: list already restricts what gets uploaded to coverage outputs only.

Test plan

• Merge this PR.
• Trigger CI on ByronWilliamsCPA/.claude main (any push or workflow_dispatch).
• Verify gh api repos/ByronWilliamsCPA/.claude/actions/runs/<id>/artifacts --jq '.artifacts[].name' lists coverage-reports.
• Verify the downstream Coverage (Qlty) workflow run for that SHA concludes success.

References

• actions/upload-artifact@v7.0.1 source: src/shared/search.ts:25 (excludeHiddenFiles: !includeHiddenFiles).
• actions/toolkit @actions/glob internal-globber.ts filter: if (options.excludeHiddenFiles && path.basename(item.path).match(/^\\./)) { continue }.
• Failing downstream run (pre-fix): https://github.com/ByronWilliamsCPA/.claude/actions/runs/26478773707

Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated coverage artifact upload configuration to include hidden files in coverage reports.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eca0d52c-43df-4d84-87aa-8ab85b55cd53

📥 Commits

Reviewing files that changed from the base of the PR and between d3bc5c8 and 1921dfd.

📒 Files selected for processing (1)

• .github/workflows/python-ci.yml

---

📝 Walkthrough

Walkthrough

GitHub Actions workflow updated to include hidden files in coverage artifact uploads by adding include-hidden-files: true to the coverage-reports artifact upload configuration.

Changes

Coverage Artifact Configuration

Layer / File(s)	Summary
Coverage artifact upload configuration .github/workflows/python-ci.yml	The Upload coverage artifacts step is updated to include hidden files in the coverage-reports artifact by setting include-hidden-files: true.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

Hidden files emerge from shadow's keep,
Coverage secrets no longer sleep,
One line of config, simple and true,
Makes all the coverage files shine through! 🐰✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/upload-artifact-include-hidden-files

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates the reusable Python CI workflow to ensure coverage artifacts are uploaded even when the caller repository name starts with a dot, which makes the runner workspace path “hidden” to the globber by default.

Changes:

• Adds include-hidden-files: true to the actions/upload-artifact step that uploads coverage-reports.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud