CI: Re-enable FOSSA scan and add Codecov

[mattlord]

Description

This re-enables the FOSSA license scan after getting a new API key (removed in #14119).

It also re-adds code coverage reporting after it was removed in #13000.

Note
Testing done on my fork here: https://github.com/mattlord/vitess/pull/2/files

• Test run: https://github.com/mattlord/vitess/actions/runs/6607147903/job/17944166445?pr=2
• Updated badge: https://github.com/mattlord/vitess/blob/codecov/README.md
• Full results: https://app.codecov.io/github/mattlord/vitess/tree/codecov

Related Issue(s)

• Fixes: Question: Is there a unit test coverage metric for vitess? #14326
• Fixes: Task: reimplement FOSSA check in CI  #14216

Checklist

• "Backport to:" labels have been added if this change should be back-ported
• Tests were added or are not required
• Did the new or modified tests pass consistently locally and on the CI
• Documentation was added or is not required

[vitess-bot]

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

• Ensure that the Pull Request has a descriptive title.
• Ensure there is a link to an issue (except for internal cleanup and flaky test fixes), new features should have an RFC that documents use cases and test cases.

Tests

• Bug fixes should have at least one unit or end-to-end test, enhancement and new features should have a sufficient number of tests.

Documentation

• Apply the release notes (needs details) label if users need to know about this change.
• New features should be documented.
• There should be some code comments as to why things are implemented the way they are.
• There should be a comment at the top of each new or modified test to explain what the test does.

New flags

• Is this flag really necessary?
• Flag names must be clear and intuitive, use dashes (-), and have a clear help text.

If a workflow is added or modified:

• Each item in Jobs should be named in order to mark it as required.
• If the workflow needs to be marked as required, the maintainer team must be notified.

Backward compatibility

• Protobuf changes should be wire-compatible.
• Changes to _vt tables and RPCs need to be backward compatible.
• RPC changes should be compatible with vitess-operator
• If a flag is removed, then it should also be removed from vitess-operator and arewefastyet, if used there.
• vtctl command output order should be stable and awk-able.

[mattlord]

This was required, at least for now, for the pull request action to pass:

• https://github.com/fossa-contrib/fossa-action#push-only-api-token
• https://docs.fossa.com/docs/api-reference#push-only-api-token

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

❗ No coverage uploaded for pull request base (main@b0f6fa2). Click here to learn what that means.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #14333   +/-   ##
=======================================
  Coverage        ?   47.25%           
=======================================
  Files           ?     1136           
  Lines           ?   238160           
  Branches        ?        0           
=======================================
  Hits            ?   112543           
  Misses          ?   117018           
  Partials        ?     8599           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[frouioui]

LGTM asides to the comments I left! Thank you!

Already two-approvals, dismissing my review until the suggestions are applied so we don't merge it by accident

[frouioui]

@mattlord, I think it might be a good idea to backport this to release branches.

Moreover, we need to add the new workflow to the list of required checks in the branch protection rules once merged.