From cd4e7cf31ae2a4bcefb694e31a62869ebbd161af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 11:00:30 -0700 Subject: [PATCH 01/30] build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 (#1786) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.10 to 3.28.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.28.10...v3.28.11) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c6d76f2ba..bb99995a9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.10 + uses: github/codeql-action/init@v3.28.11 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.10 + uses: github/codeql-action/autobuild@v3.28.11 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.10 + uses: github/codeql-action/analyze@v3.28.11 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 68c3c4d9a..989f5c0d6 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.28.10 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.28.11 # v1.0.26 with: sarif_file: results.sarif From 3440e5ef70c638a9f44602a80ab017feee1309fe Mon Sep 17 00:00:00 2001 From: "codecov-releaser-app[bot]" <182812899+codecov-releaser-app[bot]@users.noreply.github.com> Date: Tue, 11 Mar 2025 09:12:54 -0700 Subject: [PATCH 02/30] chore(release): wrapper -0.2.1 (#1788) chore(release): wrapper-0.2.1 Co-authored-by: codecov-releaser --- src/scripts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts b/src/scripts index 96f8531c8..be39e7f9e 160000 --- a/src/scripts +++ b/src/scripts @@ -1 +1 @@ -Subproject commit 96f8531c88a811b53ea0b4ea7bbd691400d369c9 +Subproject commit be39e7f9eb833a3a031858e4bff2424e97000630 From 13d0469d01f6a59fcfbc75f685ac31aa0cae3aef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Mar 2025 17:56:35 -0700 Subject: [PATCH 03/30] build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 (#1798) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 989f5c0d6..d3bf0f7a5 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif From ea99328d1c4d5f39fda7cbffe104afd6906c50b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Mar 2025 17:56:45 -0700 Subject: [PATCH 04/30] build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 (#1797) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.11 to 3.28.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.28.11...v3.28.12) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bb99995a9..dc446ce1e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.11 + uses: github/codeql-action/init@v3.28.12 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.11 + uses: github/codeql-action/autobuild@v3.28.12 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.11 + uses: github/codeql-action/analyze@v3.28.12 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index d3bf0f7a5..369d23cce 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.28.11 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.28.12 # v1.0.26 with: sarif_file: results.sarif From f95a404f9265da16dee374e6e9dcb76d3eee88b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:09:00 -0700 Subject: [PATCH 05/30] build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 (#1803) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.12 to 3.28.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.28.12...v3.28.13) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index dc446ce1e..0542b070e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.12 + uses: github/codeql-action/init@v3.28.13 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.12 + uses: github/codeql-action/autobuild@v3.28.13 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.12 + uses: github/codeql-action/analyze@v3.28.13 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 369d23cce..16c520e3d 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.28.12 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.28.13 # v1.0.26 with: sarif_file: results.sarif From e4cdaba82f2510a623b98430c48d84b0d8764a4f Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Mon, 14 Apr 2025 11:34:33 -0700 Subject: [PATCH 06/30] fix: use the github core methods (#1807) --- action.yml | 16 +++-- dist/codecov.sh | 160 ++++++++++++++++++++++++------------------------ 2 files changed, 92 insertions(+), 84 deletions(-) diff --git a/action.yml b/action.yml index aa709a1c8..e484450dc 100644 --- a/action.yml +++ b/action.yml @@ -202,16 +202,23 @@ runs: GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }} GITHUB_REPOSITORY: ${{ github.repository }} + - name: Get OIDC token + if: ${{ inputs.use_oidc }} + uses: actions/github-script@v7 + id: oidc + with: + script: | + const id_token = await core.getIDToken(process.env.CC_OIDC_AUDIENCE) + return id_token + env: + CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }} - name: Get and set token shell: bash run: | if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ]; then - # {"count":1984,"value":"***"} - echo -e "\033[0;32m==>\033[0m Requesting OIDC token from '$ACTIONS_ID_TOKEN_REQUEST_URL'" - CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$CC_OIDC_AUDIENCE" | cut -d\" -f6) - echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV" + echo "CC_TOKEN=$CC_OIDC_TOKEN" >> "$GITHUB_ENV" elif [ -n "${{ env.CODECOV_TOKEN }}" ]; then echo -e "\033[0;32m==>\033[0m Token set from env" @@ -225,6 +232,7 @@ runs: fi fi env: + CC_OIDC_TOKEN: ${{ steps.oidc.outputs.result }} CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }} - name: Override branch for forks diff --git a/dist/codecov.sh b/dist/codecov.sh index f2bc8e44c..b82fa723c 100755 --- a/dist/codecov.sh +++ b/dist/codecov.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -CC_WRAPPER_VERSION="0.2.0" +CC_WRAPPER_VERSION="0.2.1" set +u say() { echo -e "$1" @@ -52,8 +52,8 @@ if [ -n "$CC_BINARY" ]; then if [ -f "$CC_BINARY" ]; then - cc_filename=$CC_BINARY - cc_command=$CC_BINARY + c_filename=$CC_BINARY + c_command=$CC_BINARY else exit_if_error "Could not find binary file $CC_BINARY" fi @@ -63,7 +63,7 @@ then exit_if_error "Could not install via pypi." exit fi - cc_command="codecovcli" + c_command="codecovcli" else if [ -n "$CC_OS" ]; then @@ -79,17 +79,17 @@ else [[ $(arch) == "aarch64" && $family == "linux" ]] && CC_OS+="-arm64" say "$g==>$x Detected $b${CC_OS}$x" fi - cc_filename="codecov" - [[ $CC_OS == "windows" ]] && cc_filename+=".exe" - cc_command="./$cc_filename" + c_filename="codecov" + [[ $CC_OS == "windows" ]] && c_filename+=".exe" + c_command="./$c_filename" [[ $CC_OS == "macos" ]] && \ ! command -v gpg 2>&1 >/dev/null && \ HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg - cc_url="https://cli.codecov.io" - cc_url="$cc_url/${CC_VERSION}" - cc_url="$cc_url/${CC_OS}/${cc_filename}" - say "$g ->$x Downloading $b${cc_url}$x" - curl -O --retry 5 --retry-delay 2 "$cc_url" + c_url="https://cli.codecov.io" + c_url="$c_url/${CC_VERSION}" + c_url="$c_url/${CC_OS}/${c_filename}" + say "$g ->$x Downloading $b${c_url}$x" + curl -O --retry 5 --retry-delay 2 "$c_url" say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x" version_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}" version=$(curl -s "$version_url" -H "Accept:application/json" | tr \{ '\n' | tr , '\n' | tr \} '\n' | grep "\"version\"" | awk -F'"' '{print $4}' | tail -1) @@ -107,44 +107,44 @@ CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc) say "$g==>$x Verifying GPG signature integrity" sha_url="https://cli.codecov.io" sha_url="${sha_url}/${CC_VERSION}/${CC_OS}" - sha_url="${sha_url}/${cc_filename}.SHA256SUM" + sha_url="${sha_url}/${c_filename}.SHA256SUM" say "$g ->$x Downloading $b${sha_url}$x" say "$g ->$x Downloading $b${sha_url}.sig$x" say " " curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "$sha_url" curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "${sha_url}.sig" - if ! gpg --verify "${cc_filename}.SHA256SUM.sig" "${cc_filename}.SHA256SUM"; + if ! gpg --verify "${c_filename}.SHA256SUM.sig" "${c_filename}.SHA256SUM"; then exit_if_error "Could not verify signature. Please contact Codecov if problem continues" fi - if ! (shasum -a 256 -c "${cc_filename}.SHA256SUM" 2>/dev/null || \ - sha256sum -c "${cc_filename}.SHA256SUM"); + if ! (shasum -a 256 -c "${c_filename}.SHA256SUM" 2>/dev/null || \ + sha256sum -c "${c_filename}.SHA256SUM"); then exit_if_error "Could not verify SHASUM. Please contact Codecov if problem continues" fi say "$g==>$x CLI integrity verified" say - chmod +x "$cc_command" + chmod +x "$c_command" fi if [ -n "$CC_BINARY_LOCATION" ]; then - mkdir -p "$CC_BINARY_LOCATION" && mv "$cc_filename" $_ + mkdir -p "$CC_BINARY_LOCATION" && mv "$c_filename" $_ say "$g==>$x Codecov binary moved to ${CC_BINARY_LOCATION}" fi if [ "$CC_DOWNLOAD_ONLY" = "true" ]; then say "$g==>$x Codecov download only called. Exiting..." fi -cc_cli_args=() -cc_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM)) -cc_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL)) +c_cli_args=() +c_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM)) +c_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL)) if [ -n "$CC_YML_PATH" ] then - cc_cli_args+=( "--codecov-yml-path" ) - cc_cli_args+=( "$CC_YML_PATH" ) + c_cli_args+=( "--codecov-yml-path" ) + c_cli_args+=( "$CC_YML_PATH" ) fi -cc_cli_args+=( $(write_bool_args CC_DISABLE_TELEM) ) -cc_cli_args+=( $(write_bool_args CC_VERBOSE) ) +c_cli_args+=( $(write_bool_args CC_DISABLE_TELEM) ) +c_cli_args+=( $(write_bool_args CC_VERBOSE) ) if [ -n "$CC_TOKEN_VAR" ]; then token="$(eval echo \$$CC_TOKEN_VAR)" @@ -159,101 +159,101 @@ then token_str+=" -t " token_arg+=( " -t " "$token") fi +c_args=() if [ "$CC_RUN_CMD" == "upload-coverage" ]; then -cc_args=() # Args for create commit -cc_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) -cc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) -cc_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) -cc_args+=( $(k_arg PR) $(v_arg PR)) -cc_args+=( $(k_arg SHA) $(v_arg SHA)) -cc_args+=( $(k_arg SLUG) $(v_arg SLUG)) +c_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) +c_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) +c_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) +c_args+=( $(k_arg PR) $(v_arg PR)) +c_args+=( $(k_arg SHA) $(v_arg SHA)) +c_args+=( $(k_arg SLUG) $(v_arg SLUG)) # Args for create report -cc_args+=( $(k_arg CODE) $(v_arg CODE)) +c_args+=( $(k_arg CODE) $(v_arg CODE)) # Args for do upload -cc_args+=( $(k_arg ENV) $(v_arg ENV)) +c_args+=( $(k_arg ENV) $(v_arg ENV)) OLDIFS=$IFS;IFS=, -cc_args+=( $(k_arg BRANCH) $(v_arg BRANCH)) -cc_args+=( $(k_arg BUILD) $(v_arg BUILD)) -cc_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL)) -cc_args+=( $(k_arg DIR) $(v_arg DIR)) -cc_args+=( $(write_bool_args CC_DISABLE_FILE_FIXES) ) -cc_args+=( $(write_bool_args CC_DISABLE_SEARCH) ) -cc_args+=( $(write_bool_args CC_DRY_RUN) ) +c_args+=( $(k_arg BRANCH) $(v_arg BRANCH)) +c_args+=( $(k_arg BUILD) $(v_arg BUILD)) +c_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL)) +c_args+=( $(k_arg DIR) $(v_arg DIR)) +c_args+=( $(write_bool_args CC_DISABLE_FILE_FIXES) ) +c_args+=( $(write_bool_args CC_DISABLE_SEARCH) ) +c_args+=( $(write_bool_args CC_DRY_RUN) ) if [ -n "$CC_EXCLUDES" ]; then for directory in $CC_EXCLUDES; do - cc_args+=( "--exclude" "$directory" ) + c_args+=( "--exclude" "$directory" ) done fi if [ -n "$CC_FILES" ]; then for file in $CC_FILES; do - cc_args+=( "--file" "$file" ) + c_args+=( "--file" "$file" ) done fi if [ -n "$CC_FLAGS" ]; then for flag in $CC_FLAGS; do - cc_args+=( "--flag" "$flag" ) + c_args+=( "--flag" "$flag" ) done fi -cc_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS)) -cc_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE)) -cc_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE)) -cc_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE)) -cc_args+=( $(write_bool_args CC_HANDLE_NO_REPORTS_FOUND) ) -cc_args+=( $(write_bool_args CC_RECURSE_SUBMODULES) ) -cc_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE)) -cc_args+=( $(write_bool_args CC_LEGACY) ) +c_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS)) +c_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE)) +c_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE)) +c_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE)) +c_args+=( $(write_bool_args CC_HANDLE_NO_REPORTS_FOUND) ) +c_args+=( $(write_bool_args CC_RECURSE_SUBMODULES) ) +c_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE)) +c_args+=( $(write_bool_args CC_LEGACY) ) if [ -n "$CC_NAME" ]; then - cc_args+=( "--name" "$CC_NAME" ) + c_args+=( "--name" "$CC_NAME" ) fi -cc_args+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER)) -cc_args+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX)) -cc_args+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER)) +c_args+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER)) +c_args+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX)) +c_args+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER)) if [ -n "$CC_PLUGINS" ]; then for plugin in $CC_PLUGINS; do - cc_args+=( "--plugin" "$plugin" ) + c_args+=( "--plugin" "$plugin" ) done fi -cc_args+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE)) -cc_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT)) +c_args+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE)) +c_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT)) IFS=$OLDIFS elif [ "$CC_RUN_CMD" == "empty-upload" ]; then -cc_args=() -cc_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) -cc_args+=( $(write_bool_args CC_FORCE) ) -cc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) -cc_args+=( $(k_arg SHA) $(v_arg SHA)) -cc_args+=( $(k_arg SLUG) $(v_arg SLUG)) +c_args+=( $(k_arg BRANCH) $(v_arg BRANCH)) +c_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) +c_args+=( $(write_bool_args CC_FORCE) ) +c_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) +c_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) +c_args+=( $(k_arg PR) $(v_arg PR)) +c_args+=( $(k_arg SHA) $(v_arg SHA)) +c_args+=( $(k_arg SLUG) $(v_arg SLUG)) elif [ "$CC_RUN_CMD" == "pr-base-picking" ]; then -cc_args=() -cc_args+=( $(k_arg BASE_SHA) $(v_arg BASE_SHA)) -cc_args+=( $(k_arg PR) $(v_arg PR)) -cc_args+=( $(k_arg SLUG) $(v_arg SLUG)) -cc_args+=( $(k_arg SERVICE) $(v_arg SERVICE)) +c_args+=( $(k_arg BASE_SHA) $(v_arg BASE_SHA)) +c_args+=( $(k_arg PR) $(v_arg PR)) +c_args+=( $(k_arg SLUG) $(v_arg SLUG)) +c_args+=( $(k_arg SERVICE) $(v_arg SERVICE)) elif [ "$CC_RUN_CMD" == "send-notifications" ]; then -cc_args=() -cc_args+=( $(k_arg SHA) $(v_arg SHA)) -cc_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) -cc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) -cc_args+=( $(k_arg SLUG) $(v_arg SLUG)) +c_args+=( $(k_arg SHA) $(v_arg SHA)) +c_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) +c_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) +c_args+=( $(k_arg SLUG) $(v_arg SLUG)) else exit_if_error "Invalid run command specified: $CC_RUN_CMD" exit fi unset NODE_OPTIONS -# https://github.com/codecov/uploader/issues/475 +# github.com/codecov/uploader/issues/475 say "$g==>$x Running $CC_RUN_CMD" -say " $b$cc_command $(echo "${cc_cli_args[@]}") $CC_RUN_CMD$token_str $(echo "${cc_args[@]}")$x" -if ! $cc_command \ - ${cc_cli_args[*]} \ +say " $b$c_command $(echo "${c_cli_args[@]}") $CC_RUN_CMD$token_str $(echo "${c_args[@]}")$x" +if ! $c_command \ + ${c_cli_args[*]} \ ${CC_RUN_CMD} \ ${token_arg[*]} \ - "${cc_args[@]}"; + "${c_args[@]}"; then exit_if_error "Failed to run $CC_RUN_CMD" fi From cf3f51a67d2820f7a7cefa0831889fbbef41ca57 Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Mon, 14 Apr 2025 11:42:48 -0700 Subject: [PATCH 07/30] chore(release): 5.4.1 (#1810) --- CHANGELOG.md | 14 ++++++++++++++ src/version | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45dc685e7..560f27306 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +## v5.4.1 + +### What's Changed +* fix: use the github core methods by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1807 +* build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1803 +* build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1797 +* build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1798 +* chore(release): wrapper -0.2.1 by @app/codecov-releaser-app in https://github.com/codecov/codecov-action/pull/1788 +* build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1786 + + +**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1 + + ## v5.4.0 ### What's Changed diff --git a/src/version b/src/version index 8a30e8f94..ade65226e 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -5.4.0 +5.4.1 From ad3126e916f78f00edff4ed0317cf185271ccc2d Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Mon, 14 Apr 2025 13:01:35 -0700 Subject: [PATCH 08/30] fix: hotfix oidc (#1813) --- CHANGELOG.md | 10 +++++++++- action.yml | 2 +- src/version | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 560f27306..84f90e63d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## v5.4.2 + +### What's Changed + + +**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2 + + ## v5.4.1 ### What's Changed @@ -1074,4 +1082,4 @@ for the full list. ### Dependencies and Misc - #166 Bump requestretry from 4.1.1 to 4.1.2 - #169 Bump typescript from 4.0.5 to 4.1.2 -- #178 Bump @types/jest from 26.0.15 to 26.0.19 \ No newline at end of file +- #178 Bump @types/jest from 26.0.15 to 26.0.19 diff --git a/action.yml b/action.yml index e484450dc..3a6ee3070 100644 --- a/action.yml +++ b/action.yml @@ -203,7 +203,7 @@ runs: GITHUB_REPOSITORY: ${{ github.repository }} - name: Get OIDC token - if: ${{ inputs.use_oidc }} + if: ${{ inputs.use_oidc == 'true' }} uses: actions/github-script@v7 id: oidc with: diff --git a/src/version b/src/version index ade65226e..8ae03c119 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -5.4.1 +5.4.2 From b203f00e21e8678aa5d26b967170503dbb855a18 Mon Sep 17 00:00:00 2001 From: joseph-sentry <136376984+joseph-sentry@users.noreply.github.com> Date: Wed, 14 May 2025 12:00:29 -0400 Subject: [PATCH 09/30] fix: OIDC on forks (#1823) --- action.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 3a6ee3070..f99bba61b 100644 --- a/action.yml +++ b/action.yml @@ -203,15 +203,17 @@ runs: GITHUB_REPOSITORY: ${{ github.repository }} - name: Get OIDC token - if: ${{ inputs.use_oidc == 'true' }} uses: actions/github-script@v7 id: oidc with: script: | - const id_token = await core.getIDToken(process.env.CC_OIDC_AUDIENCE) - return id_token + if (process.env.CC_USE_OIDC === 'true' && process.env.CC_FORK != 'true') { + const id_token = await core.getIDToken(process.env.CC_OIDC_AUDIENCE) + return id_token + } env: CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }} + CC_USE_OIDC: ${{ inputs.use_oidc }} - name: Get and set token shell: bash From 525fcbf8a05e5933b1ef3c7885da8fd1d7231920 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 May 2025 09:50:31 -0700 Subject: [PATCH 10/30] build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 (#1822) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.13 to 3.28.17. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.28.13...v3.28.17) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0542b070e..4d36fe89b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.13 + uses: github/codeql-action/init@v3.28.17 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.13 + uses: github/codeql-action/autobuild@v3.28.17 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.13 + uses: github/codeql-action/analyze@v3.28.17 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 16c520e3d..fae91ecc0 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.28.13 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.28.17 # v1.0.26 with: sarif_file: results.sarif From 18283e04ce6e62d37312384ff67231eb8fd56d24 Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Thu, 15 May 2025 13:38:33 -0700 Subject: [PATCH 11/30] chore(release): 5.4.3 (#1827) --- CHANGELOG.md | 12 +++++++++++- src/version | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 84f90e63d..682d1ddac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## v5.4.3 + +### What's Changed +* build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1822 +* fix: OIDC on forks by @joseph-sentry in https://github.com/codecov/codecov-action/pull/1823 + + +**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3 + + ## v5.4.2 ### What's Changed @@ -1082,4 +1092,4 @@ for the full list. ### Dependencies and Misc - #166 Bump requestretry from 4.1.1 to 4.1.2 - #169 Bump typescript from 4.0.5 to 4.1.2 -- #178 Bump @types/jest from 26.0.15 to 26.0.19 +- #178 Bump @types/jest from 26.0.15 to 26.0.19 \ No newline at end of file diff --git a/src/version b/src/version index 8ae03c119..6ffbe8ba8 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -5.4.2 +5.4.3 From 15559ed290fa727036809b67ab0f646ffa6c5158 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 13:38:52 -0700 Subject: [PATCH 12/30] build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 (#1829) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.17 to 3.28.18. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.28.17...v3.28.18) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.18 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4d36fe89b..54c8a6bc4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.17 + uses: github/codeql-action/init@v3.28.18 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.17 + uses: github/codeql-action/autobuild@v3.28.18 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.17 + uses: github/codeql-action/analyze@v3.28.18 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index fae91ecc0..bec4d3df2 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.28.17 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.28.18 # v1.0.26 with: sarif_file: results.sarif From 5ecdce83a10f65564326e55f58a575ae0516fbf5 Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Tue, 3 Jun 2025 17:03:20 -0400 Subject: [PATCH 13/30] docs: Refine OIDC docs (#1837) * Refine OIDC docs and format * Unformat table --- README.md | 110 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 65 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 79008bf37..502612f2e 100644 --- a/README.md +++ b/README.md @@ -3,16 +3,19 @@ [![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v5-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield) [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml) + ### Easily upload coverage reports to Codecov from GitHub Actions ## v5 Release + `v5` of the Codecov GitHub Action will use the [Codecov Wrapper](https://github.com/codecov/wrapper) to encapsulate the [CLI](https://github.com/codecov/codecov-cli). This will help ensure that the Action gets updates quicker. ### Migration Guide + The `v5` release also coincides with the opt-out feature for tokens for public repositories. In the `Global Upload Token` section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see [how to upload without a token](https://docs.codecov.com/docs/codecov-tokens#uploading-without-a-token). -> [!WARNING] -> **The following arguments have been changed** +> [!WARNING] > **The following arguments have been changed** +> > - `file` (this has been deprecated in favor of `files`) > - `plugin` (this has been deprecated in favor of `plugins`) @@ -30,13 +33,16 @@ The following arguments have been added: You can see their usage in the `action.yml` [file](https://github.com/codecov/codecov-action/blob/main/action.yml). ## v4 Release + `v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov. ### Breaking Changes + - Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OSS projects do not need the upstream repo's Codecov token). For details, [see our docs](https://docs.codecov.com/docs/codecov-uploader#supporting-token-less-uploads-for-forks-of-open-source-repos-using-codecov) - Various arguments to the Action have been removed ### Dependabot + - For repositories using `Dependabot`, users will need to ensure that it has access to the Codecov token for PRs from Dependabot to upload coverage. To do this, please add your `CODECOV_TOKEN` as a Dependabot Secret. For more information, see ["Configuring access to private registries for Dependabot."](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use) `v3` versions and below will not have access to CLI features (e.g. global upload token, ATS). @@ -51,6 +57,7 @@ To integrate Codecov with your Actions pipeline, specify the name of this reposi This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`). Currently, the Action will identify linux, macos, and windows runners. However, the Action may misidentify other architectures. The OS can be specified as + - alpine - alpine-arm64 - linux @@ -62,37 +69,39 @@ Inside your `.github/workflows/workflow.yml` file: ```yaml steps: -- uses: actions/checkout@main -- uses: codecov/codecov-action@v5 - with: - fail_ci_if_error: true # optional (default = false) - files: ./coverage1.xml,./coverage2.xml # optional - flags: unittests # optional - name: codecov-umbrella # optional - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true # optional (default = false) + - uses: actions/checkout@main + - uses: codecov/codecov-action@v5 + with: + fail_ci_if_error: true # optional (default = false) + files: ./coverage1.xml,./coverage2.xml # optional + flags: unittests # optional + name: codecov-umbrella # optional + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true # optional (default = false) ``` The Codecov token can also be passed in via environment variables: ```yaml steps: -- uses: actions/checkout@main -- uses: codecov/codecov-action@v5 - with: - fail_ci_if_error: true # optional (default = false) - files: ./coverage1.xml,./coverage2.xml # optional - flags: unittests # optional - name: codecov-umbrella # optional - verbose: true # optional (default = false) - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + - uses: actions/checkout@main + - uses: codecov/codecov-action@v5 + with: + fail_ci_if_error: true # optional (default = false) + files: ./coverage1.xml,./coverage2.xml # optional + flags: unittests # optional + name: codecov-umbrella # optional + verbose: true # optional (default = false) + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} ``` + > [!NOTE] -> This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories. +> This assumes that you've set your Codecov token inside _Settings > Secrets_ as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are _not_ available to forks of repositories. ### Using OIDC -For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect), the Codecov token is not necessary. You can use OIDC with the `use_oidc` argument as following. + +As an alternative to Codecov upload tokens, you can choose to use OIDC as your upload authentication method by setting the `use_oidc` argument: ```yaml - uses: codecov/codecov-action@v5 @@ -102,6 +111,16 @@ For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions Any token supplied will be ignored, as Codecov will default to the OIDC token for verification. +Note that the codecov action must have write permission for `id-token` for this to work: + +```yaml +permissions: + id-token: write +``` + +This can be set at either the workflow or job level. See GitHub's [docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with- +openid-connect) for more details. + ## Arguments Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below: @@ -171,30 +190,31 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] env: OS: ${{ matrix.os }} - PYTHON: '3.10' + PYTHON: "3.10" steps: - - uses: actions/checkout@main - - name: Setup Python - uses: actions/setup-python@main - with: - python-version: '3.10' - - name: Generate coverage report - run: | - pip install pytest - pip install pytest-cov - pytest --cov=./ --cov-report=xml - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 - with: - directory: ./coverage/reports/ - env_vars: OS,PYTHON - fail_ci_if_error: true - files: ./coverage1.xml,./coverage2.xml,!./cache - flags: unittests - name: codecov-umbrella - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true + - uses: actions/checkout@main + - name: Setup Python + uses: actions/setup-python@main + with: + python-version: "3.10" + - name: Generate coverage report + run: | + pip install pytest + pip install pytest-cov + pytest --cov=./ --cov-report=xml + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v5 + with: + directory: ./coverage/reports/ + env_vars: OS,PYTHON + fail_ci_if_error: true + files: ./coverage1.xml,./coverage2.xml,!./cache + flags: unittests + name: codecov-umbrella + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true ``` + ## Contributing Contributions are welcome! Check out the [Contribution Guide](CONTRIBUTING.md). From 78f372e97e6e2f82dc51b004c5fb646501ee30ae Mon Sep 17 00:00:00 2001 From: Spencer Murray Date: Tue, 3 Jun 2025 17:16:25 -0400 Subject: [PATCH 14/30] fix: Typo in README (#1838) * Fix oops * Fix oops for real tho --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 502612f2e..302bbc8a3 100644 --- a/README.md +++ b/README.md @@ -118,8 +118,7 @@ permissions: id-token: write ``` -This can be set at either the workflow or job level. See GitHub's [docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with- -openid-connect) for more details. +This can be set at either the workflow or job level. See GitHub's [docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) for more details. ## Arguments From 2db07e317924c76f654a414629d71c65876882e2 Mon Sep 17 00:00:00 2001 From: joseph-sentry <136376984+joseph-sentry@users.noreply.github.com> Date: Wed, 25 Jun 2025 11:58:52 -0400 Subject: [PATCH 15/30] fix: check reqs exist (#1835) * fix: check reqs * fix * docs: update README to reflect dependency needs --- .github/workflows/main.yml | 115 ++++++++++++++++++++++++++++++++++--- README.md | 7 ++- action.yml | 20 +++++++ 3 files changed, 132 insertions(+), 10 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 695b50852..73f0c1790 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,11 +14,12 @@ jobs: - name: Checkout uses: actions/checkout@v4.2.2 with: - submodules: 'true' + submodules: "true" - name: Install dependencies run: pip install -r src/scripts/app/requirements.txt - name: Run tests and collect coverage run: pytest src/scripts/app/ --cov + - name: Upload coverage to Codecov (script) uses: ./ with: @@ -55,7 +56,7 @@ jobs: - name: Checkout uses: actions/checkout@v4.2.2 with: - submodules: 'true' + submodules: "true" - name: Install dependencies run: pip install -r src/scripts/app/requirements.txt - name: Run tests and collect coverage @@ -104,15 +105,16 @@ jobs: - name: Checkout uses: actions/checkout@v4.2.2 with: - submodules: 'true' + submodules: "true" - name: Install deps run: | - apt-get install git + apt-get update && apt-get install -y git + - name: Upload coverage to Codecov (script) uses: ./ with: files: ./coverage/script/coverage-final.json - flags: script-${{ matrix.os }} + flags: script-container name: codecov-script verbose: true token: ${{ secrets.CODECOV_TOKEN }} @@ -120,7 +122,7 @@ jobs: uses: ./ with: files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json - flags: demo-${{ matrix.os }} + flags: demo-container name: codecov-demo verbose: true token: ${{ secrets.CODECOV_TOKEN }} @@ -128,8 +130,107 @@ jobs: uses: ./ with: files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json - flags: version-${{ matrix.os }} + flags: version-container name: codecov-version version: v9.1.0 verbose: true token: ${{ secrets.CODECOV_TOKEN }} + + run-alpine-missing-deps: + runs-on: ubuntu-latest + container: alpine:latest + steps: + - name: Install only some deps (missing gpg and bash) + run: | + apk add git + - name: Checkout + uses: actions/checkout@v4.2.2 + with: + submodules: "true" + - name: Upload coverage to Codecov (should fail due to missing dependencies) + id: codecov-upload + continue-on-error: true + uses: ./ + with: + files: ./coverage/script/coverage-final.json + flags: script-alpine-missing-deps + name: codecov-script + verbose: true + token: ${{ secrets.CODECOV_TOKEN }} + - name: Verify dependency check failed + run: | + if [ "${{ steps.codecov-upload.outcome }}" = "failure" ]; then + echo "✓ Action correctly failed due to missing dependencies" + exit 0 + else + echo "✗ Action should have failed but didn't" + exit 1 + fi + + run-alpine-success: + runs-on: ubuntu-latest + container: alpine:latest + steps: + - name: Install all required deps + run: | + apk add git curl gnupg bash + - name: Checkout + uses: actions/checkout@v4.2.2 + with: + submodules: "true" + - name: Upload coverage to Codecov (should succeed) + uses: ./ + with: + files: ./coverage/script/coverage-final.json + flags: script-alpine-success + name: codecov-script + verbose: true + token: ${{ secrets.CODECOV_TOKEN }} + - name: Upload coverage to Codecov (demo) + uses: ./ + with: + files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json + flags: demo-alpine-success + name: codecov-demo + verbose: true + token: ${{ secrets.CODECOV_TOKEN }} + - name: Upload coverage to Codecov (version) + uses: ./ + with: + files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json + flags: version-alpine-success + name: codecov-version + version: v9.1.0 + verbose: true + token: ${{ secrets.CODECOV_TOKEN }} + + run-alpine-partial-deps: + runs-on: ubuntu-latest + container: alpine:latest + steps: + - name: Install only some deps (missing gpg and bash) + run: | + apk add git curl + - name: Checkout + uses: actions/checkout@v4.2.2 + with: + submodules: "true" + - name: Upload coverage to Codecov (should fail due to missing gpg and bash) + id: codecov-upload + continue-on-error: true + uses: ./ + with: + files: ./coverage/script/coverage-final.json + flags: script-alpine-partial-deps + name: codecov-script + verbose: true + token: ${{ secrets.CODECOV_TOKEN }} + - name: Verify dependency check failed + run: | + if [ "${{ steps.codecov-upload.outcome }}" = "failure" ]; then + echo "✓ Action correctly failed due to missing dependencies (gpg and bash)" + exit 0 + else + echo "✗ Action should have failed but didn't" + exit 1 + fi diff --git a/README.md b/README.md index 302bbc8a3..f342d82f6 100644 --- a/README.md +++ b/README.md @@ -49,10 +49,11 @@ You can see their usage in the `action.yml` [file](https://github.com/codecov/co ## Usage +> [!CAUTION] +> In order for the Action to work seamlessly, you will need to have `bash`, `curl`, `git`, and `gpg` installed on your runner. You will also need to run [actions/checkout](https://github.com/actions/checkout) before calling the Codecov action. If these are not present, the Action will fail. Github Actions runners will have these installed by default. If you are using a custom runner or running in a container, you will need to ensure that these are installed. + To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v5` is recommended) as a `step` within your `workflow.yml` file. -> [!WARNING] -> In order for the Action to work seamlessly, you will need to have `curl`, `git`, and `gpg` installed on your runner. You will also need to run the [actions/checkout](https://github.com/actions/checkout) before calling the Codecov action. This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`). @@ -96,7 +97,7 @@ steps: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} ``` -> [!NOTE] +> [!IMPORTANT] > This assumes that you've set your Codecov token inside _Settings > Secrets_ as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are _not_ available to forks of repositories. ### Using OIDC diff --git a/action.yml b/action.yml index f99bba61b..375b8b0fe 100644 --- a/action.yml +++ b/action.yml @@ -175,6 +175,26 @@ branding: runs: using: "composite" steps: + - name: Check system dependencies + shell: sh + run: | + missing_deps="" + + # Check for required commands + for cmd in bash git curl gpg; do + if ! command -v "$cmd" >/dev/null 2>&1; then + missing_deps="$missing_deps $cmd" + fi + done + + # Report missing required dependencies + if [ -n "$missing_deps" ]; then + echo "Error: The following required dependencies are missing:$missing_deps" + echo "Please install these dependencies before using this action." + exit 1 + fi + + echo "All required system dependencies are available." - name: Action version shell: bash run: | From 39a2af19d997be74586469d4062e173ecae614f6 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Sun, 17 Aug 2025 22:17:04 +0100 Subject: [PATCH 16/30] Pin actions/github-script by Git SHA (#1859) Resolves #1858. --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 375b8b0fe..db668d416 100644 --- a/action.yml +++ b/action.yml @@ -223,7 +223,7 @@ runs: GITHUB_REPOSITORY: ${{ github.repository }} - name: Get OIDC token - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 id: oidc with: script: | From 2b79379983e7d676a56df559c092169759268f36 Mon Sep 17 00:00:00 2001 From: James Viall Date: Tue, 19 Aug 2025 12:49:35 -0700 Subject: [PATCH 17/30] feat: upgrade wrapper to 0.2.4 (#1864) --- dist/codecov.sh | 29 +++++++++++++++-------------- src/scripts | 2 +- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/dist/codecov.sh b/dist/codecov.sh index b82fa723c..fa24d55ab 100755 --- a/dist/codecov.sh +++ b/dist/codecov.sh @@ -1,5 +1,4 @@ #!/usr/bin/env bash -CC_WRAPPER_VERSION="0.2.1" set +u say() { echo -e "$1" @@ -37,6 +36,11 @@ b="\033[0;36m" # variables/constants g="\033[0;32m" # info/debug r="\033[0;31m" # errors x="\033[0m" +retry="--retry 5 --retry-delay 2" +CC_WRAPPER_VERSION="0.2.4" +CC_VERSION="${CC_VERSION:-latest}" +CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}" +CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}" say " _____ _ / ____| | | | | ___ __| | ___ ___ _____ __ @@ -44,10 +48,7 @@ say " _____ _ | |___| (_) | (_| | __/ (_| (_) \\ V / \\_____\\___/ \\__,_|\\___|\\___\\___/ \\_/ $r Wrapper-$CC_WRAPPER_VERSION$x - " -CC_VERSION="${CC_VERSION:-latest}" -CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}" -CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}" + " if [ -n "$CC_BINARY" ]; then if [ -f "$CC_BINARY" ]; @@ -85,22 +86,22 @@ else [[ $CC_OS == "macos" ]] && \ ! command -v gpg 2>&1 >/dev/null && \ HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg - c_url="https://cli.codecov.io" + c_url="${CC_CLI_URL:-https://cli.codecov.io}" c_url="$c_url/${CC_VERSION}" c_url="$c_url/${CC_OS}/${c_filename}" say "$g ->$x Downloading $b${c_url}$x" - curl -O --retry 5 --retry-delay 2 "$c_url" + curl -O $retry "$c_url" say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x" - version_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}" - version=$(curl -s "$version_url" -H "Accept:application/json" | tr \{ '\n' | tr , '\n' | tr \} '\n' | grep "\"version\"" | awk -F'"' '{print $4}' | tail -1) - say " Version: $b$version$x" + v_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}" + v=$(curl $retry --retry-all-errors -s "$v_url" -H "Accept:application/json" | tr \{ '\n' | tr , '\n' | tr \} '\n' | grep "\"version\"" | awk -F'"' '{print $4}' | tail -1) + say " Version: $b$v$x" say " " fi if [ "$CC_SKIP_VALIDATION" == "true" ] || [ -n "$CC_BINARY" ] || [ "$CC_USE_PYPI" == "true" ]; then say "$r==>$x Bypassing validation..." else -CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc) + CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc) echo "${CC_PUBLIC_PGP_KEY}" | \ gpg --no-default-keyring --import # One-time step @@ -111,8 +112,8 @@ CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc) say "$g ->$x Downloading $b${sha_url}$x" say "$g ->$x Downloading $b${sha_url}.sig$x" say " " - curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "$sha_url" - curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "${sha_url}.sig" + curl -Os $retry --connect-timeout 2 "$sha_url" + curl -Os $retry --connect-timeout 2 "${sha_url}.sig" if ! gpg --verify "${c_filename}.SHA256SUM.sig" "${c_filename}.SHA256SUM"; then exit_if_error "Could not verify signature. Please contact Codecov if problem continues" @@ -151,7 +152,7 @@ then else token="$(eval echo $CC_TOKEN)" fi -say "$g ->$x Token of length ${#token} detected" +say "$g ->$x Token length: ${#token}" token_str="" token_arg=() if [ -n "$token" ]; diff --git a/src/scripts b/src/scripts index be39e7f9e..23a73c9a0 160000 --- a/src/scripts +++ b/src/scripts @@ -1 +1 @@ -Subproject commit be39e7f9eb833a3a031858e4bff2424e97000630 +Subproject commit 23a73c9a0454e8175859b79cb678b7ddd1fd3d84 From fdcc8476540edceab3de004e990f80d881c6cc00 Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Tue, 19 Aug 2025 22:38:54 +0200 Subject: [PATCH 18/30] chore(release): 5.5.0 (#1865) --- CHANGELOG.md | 14 ++++ dist/codecov.sh | 205 +++++++++++++++++++++++++----------------------- src/scripts | 2 +- src/version | 2 +- 4 files changed, 123 insertions(+), 100 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 682d1ddac..2ce09b126 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +## v5.5.0 + +### What's Changed +* feat: upgrade wrapper to 0.2.4 by @jviall in https://github.com/codecov/codecov-action/pull/1864 +* Pin actions/github-script by Git SHA by @martincostello in https://github.com/codecov/codecov-action/pull/1859 +* fix: check reqs exist by @joseph-sentry in https://github.com/codecov/codecov-action/pull/1835 +* fix: Typo in README by @spalmurray in https://github.com/codecov/codecov-action/pull/1838 +* docs: Refine OIDC docs by @spalmurray in https://github.com/codecov/codecov-action/pull/1837 +* build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1829 + + +**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0 + + ## v5.4.3 ### What's Changed diff --git a/dist/codecov.sh b/dist/codecov.sh index fa24d55ab..0b7717197 100755 --- a/dist/codecov.sh +++ b/dist/codecov.sh @@ -37,10 +37,11 @@ g="\033[0;32m" # info/debug r="\033[0;31m" # errors x="\033[0m" retry="--retry 5 --retry-delay 2" -CC_WRAPPER_VERSION="0.2.4" +CC_WRAPPER_VERSION="0.2.7" CC_VERSION="${CC_VERSION:-latest}" CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}" CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}" +CC_CLI_TYPE=${CC_CLI_TYPE:-"codecov-cli"} say " _____ _ / ____| | | | | ___ __| | ___ ___ _____ __ @@ -49,22 +50,26 @@ say " _____ _ \\_____\\___/ \\__,_|\\___|\\___\\___/ \\_/ $r Wrapper-$CC_WRAPPER_VERSION$x " +if [[ "$CC_CLI_TYPE" != "codecov-cli" && "$CC_CLI_TYPE" != "sentry-prevent-cli" ]]; then + echo "Invalid CC_CLI_TYPE: '$CC_CLI_TYPE'. Must be 'codecov-cli' or 'sentry-prevent-cli'" + exit 1 +fi if [ -n "$CC_BINARY" ]; then if [ -f "$CC_BINARY" ]; then - c_filename=$CC_BINARY - c_command=$CC_BINARY + CC_FILENAME=$CC_BINARY + CC_COMMAND=$CC_BINARY else exit_if_error "Could not find binary file $CC_BINARY" fi elif [ "$CC_USE_PYPI" == "true" ]; then - if ! pip install codecov-cli"$([ "$CC_VERSION" == "latest" ] && echo "" || echo "==$CC_VERSION" )"; then + if ! pip install "${CC_CLI_TYPE}$([ "$CC_VERSION" == "latest" ] && echo "" || echo "==$CC_VERSION")"; then exit_if_error "Could not install via pypi." exit fi - c_command="codecovcli" + CC_COMMAND="${CC_CLI_TYPE}" else if [ -n "$CC_OS" ]; then @@ -80,17 +85,17 @@ else [[ $(arch) == "aarch64" && $family == "linux" ]] && CC_OS+="-arm64" say "$g==>$x Detected $b${CC_OS}$x" fi - c_filename="codecov" - [[ $CC_OS == "windows" ]] && c_filename+=".exe" - c_command="./$c_filename" + CC_FILENAME="${CC_CLI_TYPE%-cli}" + [[ $CC_OS == "windows" ]] && CC_FILENAME+=".exe" + CC_COMMAND="./$CC_FILENAME" [[ $CC_OS == "macos" ]] && \ ! command -v gpg 2>&1 >/dev/null && \ HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg - c_url="${CC_CLI_URL:-https://cli.codecov.io}" - c_url="$c_url/${CC_VERSION}" - c_url="$c_url/${CC_OS}/${c_filename}" - say "$g ->$x Downloading $b${c_url}$x" - curl -O $retry "$c_url" + CC_URL="${CC_CLI_URL:-https://cli.codecov.io}" + CC_URL="$CC_URL/${CC_VERSION}" + CC_URL="$CC_URL/${CC_OS}/${CC_FILENAME}" + say "$g ->$x Downloading $b${CC_URL}$x" + curl -O $retry "$CC_URL" say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x" v_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}" v=$(curl $retry --retry-all-errors -s "$v_url" -H "Accept:application/json" | tr \{ '\n' | tr , '\n' | tr \} '\n' | grep "\"version\"" | awk -F'"' '{print $4}' | tail -1) @@ -100,161 +105,165 @@ fi if [ "$CC_SKIP_VALIDATION" == "true" ] || [ -n "$CC_BINARY" ] || [ "$CC_USE_PYPI" == "true" ]; then say "$r==>$x Bypassing validation..." + if [ "$CC_SKIP_VALIDATION" == "true" ]; + then + chmod +x "$CC_COMMAND" + fi else - CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc) - echo "${CC_PUBLIC_PGP_KEY}" | \ + echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \ gpg --no-default-keyring --import # One-time step say "$g==>$x Verifying GPG signature integrity" sha_url="https://cli.codecov.io" sha_url="${sha_url}/${CC_VERSION}/${CC_OS}" - sha_url="${sha_url}/${c_filename}.SHA256SUM" + sha_url="${sha_url}/${CC_FILENAME}.SHA256SUM" say "$g ->$x Downloading $b${sha_url}$x" say "$g ->$x Downloading $b${sha_url}.sig$x" say " " curl -Os $retry --connect-timeout 2 "$sha_url" curl -Os $retry --connect-timeout 2 "${sha_url}.sig" - if ! gpg --verify "${c_filename}.SHA256SUM.sig" "${c_filename}.SHA256SUM"; + if ! gpg --verify "${CC_FILENAME}.SHA256SUM.sig" "${CC_FILENAME}.SHA256SUM"; then exit_if_error "Could not verify signature. Please contact Codecov if problem continues" fi - if ! (shasum -a 256 -c "${c_filename}.SHA256SUM" 2>/dev/null || \ - sha256sum -c "${c_filename}.SHA256SUM"); + if ! (shasum -a 256 -c "${CC_FILENAME}.SHA256SUM" 2>/dev/null || \ + sha256sum -c "${CC_FILENAME}.SHA256SUM"); then exit_if_error "Could not verify SHASUM. Please contact Codecov if problem continues" fi say "$g==>$x CLI integrity verified" say - chmod +x "$c_command" + chmod +x "$CC_COMMAND" fi if [ -n "$CC_BINARY_LOCATION" ]; then - mkdir -p "$CC_BINARY_LOCATION" && mv "$c_filename" $_ - say "$g==>$x Codecov binary moved to ${CC_BINARY_LOCATION}" + mkdir -p "$CC_BINARY_LOCATION" && mv "$CC_FILENAME" $_ + say "$g==>$x ${CC_CLI_TYPE} binary moved to ${CC_BINARY_LOCATION}" fi if [ "$CC_DOWNLOAD_ONLY" = "true" ]; then - say "$g==>$x Codecov download only called. Exiting..." + say "$g==>$x ${CC_CLI_TYPE} download only called. Exiting..." + exit fi -c_cli_args=() -c_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM)) -c_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL)) +CC_CLI_ARGS=() +CC_CLI_ARGS+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM)) +CC_CLI_ARGS+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL)) if [ -n "$CC_YML_PATH" ] then - c_cli_args+=( "--codecov-yml-path" ) - c_cli_args+=( "$CC_YML_PATH" ) -fi -c_cli_args+=( $(write_bool_args CC_DISABLE_TELEM) ) -c_cli_args+=( $(write_bool_args CC_VERBOSE) ) -if [ -n "$CC_TOKEN_VAR" ]; -then - token="$(eval echo \$$CC_TOKEN_VAR)" -else - token="$(eval echo $CC_TOKEN)" -fi -say "$g ->$x Token length: ${#token}" -token_str="" -token_arg=() -if [ -n "$token" ]; -then - token_str+=" -t " - token_arg+=( " -t " "$token") + CC_CLI_ARGS+=( "--codecov-yml-path" ) + CC_CLI_ARGS+=( "$CC_YML_PATH" ) fi -c_args=() +CC_CLI_ARGS+=( $(write_bool_args CC_DISABLE_TELEM) ) +CC_CLI_ARGS+=( $(write_bool_args CC_VERBOSE) ) +CC_ARGS=() if [ "$CC_RUN_CMD" == "upload-coverage" ]; then # Args for create commit -c_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) -c_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) -c_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) -c_args+=( $(k_arg PR) $(v_arg PR)) -c_args+=( $(k_arg SHA) $(v_arg SHA)) -c_args+=( $(k_arg SLUG) $(v_arg SLUG)) +CC_ARGS+=( $(write_bool_args CC_FAIL_ON_ERROR) ) +CC_ARGS+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) +CC_ARGS+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) +CC_ARGS+=( $(k_arg PR) $(v_arg PR)) +CC_ARGS+=( $(k_arg SHA) $(v_arg SHA)) +CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG)) # Args for create report -c_args+=( $(k_arg CODE) $(v_arg CODE)) +CC_ARGS+=( $(k_arg CODE) $(v_arg CODE)) # Args for do upload -c_args+=( $(k_arg ENV) $(v_arg ENV)) +CC_ARGS+=( $(k_arg ENV) $(v_arg ENV)) OLDIFS=$IFS;IFS=, -c_args+=( $(k_arg BRANCH) $(v_arg BRANCH)) -c_args+=( $(k_arg BUILD) $(v_arg BUILD)) -c_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL)) -c_args+=( $(k_arg DIR) $(v_arg DIR)) -c_args+=( $(write_bool_args CC_DISABLE_FILE_FIXES) ) -c_args+=( $(write_bool_args CC_DISABLE_SEARCH) ) -c_args+=( $(write_bool_args CC_DRY_RUN) ) +CC_ARGS+=( $(k_arg BRANCH) $(v_arg BRANCH)) +CC_ARGS+=( $(k_arg BUILD) $(v_arg BUILD)) +CC_ARGS+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL)) +CC_ARGS+=( $(k_arg DIR) $(v_arg DIR)) +CC_ARGS+=( $(write_bool_args CC_DISABLE_FILE_FIXES) ) +CC_ARGS+=( $(write_bool_args CC_DISABLE_SEARCH) ) +CC_ARGS+=( $(write_bool_args CC_DRY_RUN) ) if [ -n "$CC_EXCLUDES" ]; then for directory in $CC_EXCLUDES; do - c_args+=( "--exclude" "$directory" ) + CC_ARGS+=( "--exclude" "$directory" ) done fi if [ -n "$CC_FILES" ]; then for file in $CC_FILES; do - c_args+=( "--file" "$file" ) + CC_ARGS+=( "--file" "$file" ) done fi if [ -n "$CC_FLAGS" ]; then for flag in $CC_FLAGS; do - c_args+=( "--flag" "$flag" ) + CC_ARGS+=( "--flag" "$flag" ) done fi -c_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS)) -c_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE)) -c_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE)) -c_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE)) -c_args+=( $(write_bool_args CC_HANDLE_NO_REPORTS_FOUND) ) -c_args+=( $(write_bool_args CC_RECURSE_SUBMODULES) ) -c_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE)) -c_args+=( $(write_bool_args CC_LEGACY) ) +CC_ARGS+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS)) +CC_ARGS+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE)) +CC_ARGS+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE)) +CC_ARGS+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE)) +CC_ARGS+=( $(write_bool_args CC_HANDLE_NO_REPORTS_FOUND) ) +CC_ARGS+=( $(write_bool_args CC_RECURSE_SUBMODULES) ) +CC_ARGS+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE)) +CC_ARGS+=( $(write_bool_args CC_LEGACY) ) if [ -n "$CC_NAME" ]; then - c_args+=( "--name" "$CC_NAME" ) + CC_ARGS+=( "--name" "$CC_NAME" ) fi -c_args+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER)) -c_args+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX)) -c_args+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER)) +CC_ARGS+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER)) +CC_ARGS+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX)) +CC_ARGS+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER)) if [ -n "$CC_PLUGINS" ]; then for plugin in $CC_PLUGINS; do - c_args+=( "--plugin" "$plugin" ) + CC_ARGS+=( "--plugin" "$plugin" ) done fi -c_args+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE)) -c_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT)) +CC_ARGS+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE)) +CC_ARGS+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT)) IFS=$OLDIFS elif [ "$CC_RUN_CMD" == "empty-upload" ]; then -c_args+=( $(k_arg BRANCH) $(v_arg BRANCH)) -c_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) -c_args+=( $(write_bool_args CC_FORCE) ) -c_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) -c_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) -c_args+=( $(k_arg PR) $(v_arg PR)) -c_args+=( $(k_arg SHA) $(v_arg SHA)) -c_args+=( $(k_arg SLUG) $(v_arg SLUG)) +CC_ARGS+=( $(k_arg BRANCH) $(v_arg BRANCH)) +CC_ARGS+=( $(write_bool_args CC_FAIL_ON_ERROR) ) +CC_ARGS+=( $(write_bool_args CC_FORCE) ) +CC_ARGS+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) +CC_ARGS+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) +CC_ARGS+=( $(k_arg PR) $(v_arg PR)) +CC_ARGS+=( $(k_arg SHA) $(v_arg SHA)) +CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG)) elif [ "$CC_RUN_CMD" == "pr-base-picking" ]; then -c_args+=( $(k_arg BASE_SHA) $(v_arg BASE_SHA)) -c_args+=( $(k_arg PR) $(v_arg PR)) -c_args+=( $(k_arg SLUG) $(v_arg SLUG)) -c_args+=( $(k_arg SERVICE) $(v_arg SERVICE)) +CC_ARGS+=( $(k_arg BASE_SHA) $(v_arg BASE_SHA)) +CC_ARGS+=( $(k_arg PR) $(v_arg PR)) +CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG)) +CC_ARGS+=( $(k_arg SERVICE) $(v_arg SERVICE)) elif [ "$CC_RUN_CMD" == "send-notifications" ]; then -c_args+=( $(k_arg SHA) $(v_arg SHA)) -c_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) -c_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) -c_args+=( $(k_arg SLUG) $(v_arg SLUG)) +CC_ARGS+=( $(k_arg SHA) $(v_arg SHA)) +CC_ARGS+=( $(write_bool_args CC_FAIL_ON_ERROR) ) +CC_ARGS+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) +CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG)) else exit_if_error "Invalid run command specified: $CC_RUN_CMD" exit fi unset NODE_OPTIONS # github.com/codecov/uploader/issues/475 +if [ -n "$CC_TOKEN_VAR" ]; +then + token="$(eval echo \$$CC_TOKEN_VAR)" +else + token="$(eval echo $CC_TOKEN)" +fi +say "$g ->$x Token length: ${#token}" +token_str="" +token_arg=() +if [ -n "$token" ]; +then + token_str+=" -t " + token_arg+=( " -t " "$token") +fi say "$g==>$x Running $CC_RUN_CMD" -say " $b$c_command $(echo "${c_cli_args[@]}") $CC_RUN_CMD$token_str $(echo "${c_args[@]}")$x" -if ! $c_command \ - ${c_cli_args[*]} \ +say " $b$CC_COMMAND $(echo "${CC_CLI_ARGS[@]}") $CC_RUN_CMD$token_str $(echo "${CC_ARGS[@]}")$x" +if ! $CC_COMMAND \ + ${CC_CLI_ARGS[*]} \ ${CC_RUN_CMD} \ ${token_arg[*]} \ - "${c_args[@]}"; + "${CC_ARGS[@]}"; then exit_if_error "Failed to run $CC_RUN_CMD" fi diff --git a/src/scripts b/src/scripts index 23a73c9a0..473e29246 160000 --- a/src/scripts +++ b/src/scripts @@ -1 +1 @@ -Subproject commit 23a73c9a0454e8175859b79cb678b7ddd1fd3d84 +Subproject commit 473e2924695f5dbe1cca4a5f6f8a7182c2ddadc5 diff --git a/src/version b/src/version index 6ffbe8ba8..d50359de1 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -5.4.3 +5.5.0 From 3139621497004e9dc1af906e47f2a634047e7bb3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Aug 2025 17:18:38 +0200 Subject: [PATCH 19/30] build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#1833) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index bec4d3df2..bc96d7d18 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 with: results_file: results.sarif results_format: sarif From a4803c1f8dbe35cac65c28a290b50a809965b471 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Aug 2025 17:18:57 +0200 Subject: [PATCH 20/30] build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 (#1861) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.18 to 3.29.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.28.18...v3.29.9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.9 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 54c8a6bc4..294a6d0b9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.18 + uses: github/codeql-action/init@v3.29.9 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.18 + uses: github/codeql-action/autobuild@v3.29.9 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.18 + uses: github/codeql-action/analyze@v3.29.9 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index bc96d7d18..7f55d8cc3 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.28.18 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.29.9 # v1.0.26 with: sarif_file: results.sarif From 3cb13a12348ef4ffcf9783ac0f74954f92113e33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=87=BA=F0=9F=87=A6=20Sviatoslav=20Sydorenko=20=28?= =?UTF-8?q?=D0=A1=D0=B2=D1=8F=D1=82=D0=BE=D1=81=D0=BB=D0=B0=D0=B2=20=D0=A1?= =?UTF-8?q?=D0=B8=D0=B4=D0=BE=D1=80=D0=B5=D0=BD=D0=BA=D0=BE=29?= Date: Wed, 20 Aug 2025 17:21:20 +0200 Subject: [PATCH 21/30] Document a `codecov-cli` version reference example (#1774) * Document a `codecov-cli` version reference example * Recover the mention of `v` in the text --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f342d82f6..fa46f7320 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d | `use_oidc` | Use OIDC instead of token. This will ignore any token supplied | Optional | `use_pypi` | Use the pypi version of the CLI instead of from cli.codecov.io. If specified, integrity checking will be bypassed. | Optional | `verbose` | Enable verbose logging | Optional -| `version` | Which version of the Codecov CLI to use (defaults to 'latest') | Optional +| `version` | Which version of the Codecov CLI to use (defaults to 'latest', must start with a leading 'v'; example: `v10.0.1`) | Optional | `working-directory` | Directory in which to execute codecov.sh | Optional ### Example `workflow.yml` with Codecov Action From 206148c4b8a51281182730813eeed9f6d6f3fb35 Mon Sep 17 00:00:00 2001 From: Min Date: Thu, 4 Sep 2025 21:39:40 +0900 Subject: [PATCH 22/30] docs: fix typo in README (#1866) fix typo --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fa46f7320..c5853ecee 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ The `v5` release also coincides with the opt-out feature for tokens for public repositories. In the `Global Upload Token` section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see [how to upload without a token](https://docs.codecov.com/docs/codecov-tokens#uploading-without-a-token). -> [!WARNING] > **The following arguments have been changed** -> +> [!WARNING] +> **The following arguments have been changed** > - `file` (this has been deprecated in favor of `files`) > - `plugin` (this has been deprecated in favor of `plugins`) From 18fdacf0ce3c929a03f3f6fe8e55d31dbf270cfe Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Thu, 4 Sep 2025 16:18:57 +0200 Subject: [PATCH 23/30] fix: update to use local app/ dir (#1872) * fix: update to use local app/ dir * fix: update if statement on macos xlarge --- .github/workflows/main.yml | 10 +++++----- .gitignore | 3 +++ app/__init__.py | 0 app/calculator.py | 15 +++++++++++++++ app/requirements.txt | 1 + app/test_calculator.py | 31 +++++++++++++++++++++++++++++++ 6 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 app/__init__.py create mode 100644 app/calculator.py create mode 100644 app/requirements.txt create mode 100644 app/test_calculator.py diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 73f0c1790..b241c82a7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,9 +16,9 @@ jobs: with: submodules: "true" - name: Install dependencies - run: pip install -r src/scripts/app/requirements.txt + run: pip install -r app/requirements.txt - name: Run tests and collect coverage - run: pytest src/scripts/app/ --cov + run: pytest app/ --cov - name: Upload coverage to Codecov (script) uses: ./ @@ -50,7 +50,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} run-macos-latest-xlarge: - if: github.head.repo.full_name == 'codecov/codecov-action' + if: github.event.pull_request.head.repo.full_name == 'codecov/codecov-action' runs-on: macos-latest-xlarge steps: - name: Checkout @@ -58,9 +58,9 @@ jobs: with: submodules: "true" - name: Install dependencies - run: pip install -r src/scripts/app/requirements.txt + run: pip install -r app/requirements.txt - name: Run tests and collect coverage - run: pytest src/scripts/app/ --cov + run: pytest app/ --cov - name: Upload coverage to Codecov (script) uses: ./ with: diff --git a/.gitignore b/.gitignore index a310cc1a7..91945ba98 100644 --- a/.gitignore +++ b/.gitignore @@ -93,3 +93,6 @@ public/ # macOS Finder metadata .DS_Store + +# pycache dirs +__pycache__/ diff --git a/app/__init__.py b/app/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/app/calculator.py b/app/calculator.py new file mode 100644 index 000000000..8a976b257 --- /dev/null +++ b/app/calculator.py @@ -0,0 +1,15 @@ +class Calculator: + + def add(x, y): + return x + y + + def subtract(x, y): + return x - y + + def multiply(x, y): + return x * y + + def divide(x, y): + if y == 0: + return 'Cannot divide by 0' + return x * 1.0 / y diff --git a/app/requirements.txt b/app/requirements.txt new file mode 100644 index 000000000..c75c448bb --- /dev/null +++ b/app/requirements.txt @@ -0,0 +1 @@ +pytest-cov diff --git a/app/test_calculator.py b/app/test_calculator.py new file mode 100644 index 000000000..f5641938d --- /dev/null +++ b/app/test_calculator.py @@ -0,0 +1,31 @@ +from .calculator import Calculator + + +def test_add(): + assert Calculator.add(1, 2) == 3.0 + assert Calculator.add(1.0, 2.0) == 3.0 + assert Calculator.add(0, 2.0) == 2.0 + assert Calculator.add(2.0, 0) == 2.0 + assert Calculator.add(-4, 2.0) == -2.0 + +def test_subtract(): + assert Calculator.subtract(1, 2) == -1.0 + assert Calculator.subtract(2, 1) == 1.0 + assert Calculator.subtract(1.0, 2.0) == -1.0 + assert Calculator.subtract(0, 2.0) == -2.0 + assert Calculator.subtract(2.0, 0.0) == 2.0 + assert Calculator.subtract(-4, 2.0) == -6.0 + +def test_multiply(): + assert Calculator.multiply(1, 2) == 2.0 + assert Calculator.multiply(1.0, 2.0) == 2.0 + assert Calculator.multiply(0, 2.0) == 0.0 + assert Calculator.multiply(2.0, 0.0) == 0.0 + assert Calculator.multiply(-4, 2.0) == -8.0 + +def test_divide(): + # assert Calculator.divide(1, 2) == 0.5 + assert Calculator.divide(1.0, 2.0) == 0.5 + assert Calculator.divide(0, 2.0) == 0 + assert Calculator.divide(-4, 2.0) == -2.0 + # assert Calculator.divide(2.0, 0.0) == 'Cannot divide by 0' From 17370e8added1529d3650d8f4ed93e6854c2a93e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 16:27:59 +0200 Subject: [PATCH 24/30] build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.9 to 3.29.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.29.9...v3.29.11) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 294a6d0b9..8d9ff58af 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.29.9 + uses: github/codeql-action/init@v3.30.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.29.9 + uses: github/codeql-action/autobuild@v3.30.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.29.9 + uses: github/codeql-action/analyze@v3.30.0 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 7f55d8cc3..6ccf22163 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.29.9 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.30.0 # v1.0.26 with: sarif_file: results.sarif From c4741c819783101819b507e39812c179d04d217a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 16:28:07 +0200 Subject: [PATCH 25/30] build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...v5.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/main.yml | 12 ++++++------ .github/workflows/scorecards-analysis.yml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8d9ff58af..df10474ff 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b241c82a7..148d562fa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ jobs: os: [macos-latest, windows-latest, ubuntu-latest] steps: - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: submodules: "true" - name: Install dependencies @@ -54,7 +54,7 @@ jobs: runs-on: macos-latest-xlarge steps: - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: submodules: "true" - name: Install dependencies @@ -103,7 +103,7 @@ jobs: container: python:latest steps: - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: submodules: "true" - name: Install deps @@ -144,7 +144,7 @@ jobs: run: | apk add git - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: submodules: "true" - name: Upload coverage to Codecov (should fail due to missing dependencies) @@ -175,7 +175,7 @@ jobs: run: | apk add git curl gnupg bash - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: submodules: "true" - name: Upload coverage to Codecov (should succeed) @@ -212,7 +212,7 @@ jobs: run: | apk add git curl - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v5.0.0 with: submodules: "true" - name: Upload coverage to Codecov (should fail due to missing gpg and bash) diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 6ccf22163..340f33e8a 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v4.2.2 # v3.0.0 + uses: actions/checkout@v5.0.0 # v3.0.0 with: persist-credentials: false From 3e0ce21cac10ce733041970012642db7029d6bde Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Thu, 4 Sep 2025 16:28:19 +0200 Subject: [PATCH 26/30] fix: overwrite pr number on fork (#1871) --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index db668d416..93adcd27c 100644 --- a/action.yml +++ b/action.yml @@ -282,7 +282,7 @@ runs: then CC_SHA="$GITHUB_EVENT_PULL_REQUEST_HEAD_SHA" fi - if [ -z "$CC_PR" ] && [ "${GITHUB_EVENT_NAME}" == "pull_request_target" ]; + if [ -z "$CC_PR" ] && [ "$CC_FORK" == 'true' ]; then CC_PR="$GITHUB_EVENT_NUMBER" fi From 5a1091511ad55cbe89839c7260b706298ca349f7 Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Thu, 4 Sep 2025 16:35:45 +0200 Subject: [PATCH 27/30] chore(release): 5.5.1 (#1873) --- CHANGELOG.md | 16 ++++++++++++++++ src/version | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ce09b126..cfcc56194 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,19 @@ +## v5.5.1 + +### What's Changed +* fix: overwrite pr number on fork by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1871 +* build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1868 +* build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1867 +* fix: update to use local app/ dir by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1872 +* docs: fix typo in README by @datalater in https://github.com/codecov/codecov-action/pull/1866 +* Document a `codecov-cli` version reference example by @webknjaz in https://github.com/codecov/codecov-action/pull/1774 +* build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1861 +* build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1833 + + +**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1 + + ## v5.5.0 ### What's Changed diff --git a/src/version b/src/version index d50359de1..7acd1cb0e 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -5.5.0 +5.5.1 From 9b6d1f84bde660b0f784003009b1f0aa4663cdeb Mon Sep 17 00:00:00 2001 From: maxweng-sentry Date: Tue, 11 Nov 2025 14:37:52 -0800 Subject: [PATCH 28/30] check gpg only when skip-validation = false (#1894) --- action.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 93adcd27c..fbb6e73bf 100644 --- a/action.yml +++ b/action.yml @@ -180,13 +180,20 @@ runs: run: | missing_deps="" - # Check for required commands - for cmd in bash git curl gpg; do + # Check for always-required commands + for cmd in bash git curl; do if ! command -v "$cmd" >/dev/null 2>&1; then missing_deps="$missing_deps $cmd" fi done + # Check for gpg only if validation is not being skipped + if [ "${{ inputs.skip_validation }}" != "true" ]; then + if ! command -v gpg >/dev/null 2>&1; then + missing_deps="$missing_deps gpg" + fi + fi + # Report missing required dependencies if [ -n "$missing_deps" ]; then echo "Error: The following required dependencies are missing:$missing_deps" From 96b38e9e60ee60a8c3911f4612407bba2f9195fb Mon Sep 17 00:00:00 2001 From: Miguel Angel Rojo <29736144+freemanzMrojo@users.noreply.github.com> Date: Wed, 19 Nov 2025 13:34:32 +0000 Subject: [PATCH 29/30] chore: `disable_search` alignment (#1881) chore: disable_search alignment --- README.md | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c5853ecee..c0d3744da 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d | `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional | `exclude` | Comma-separated list of folders to exclude from search. | Optional | `fail_ci_if_error` | On error, exit with non-zero code | Optional -| `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable-search" to disable uploading other files. | Optional +| `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable_search" to disable uploading other files. | Optional | `flags` | Comma-separated list of flags to upload to group coverage metrics. | Optional | `force` | Only used for empty-upload run command | Optional | `git_service` | Override the git_service (e.g. github_enterprise) | Optional diff --git a/action.yml b/action.yml index fbb6e73bf..54c81958f 100644 --- a/action.yml +++ b/action.yml @@ -50,7 +50,7 @@ inputs: required: false default: 'false' files: - description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable-search to disable uploading other files.' + description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable_search to disable uploading other files.' required: false flags: description: 'Comma-separated list of flags to upload to group coverage metrics.' From 671740ac38dd9b0130fbe1cec585b89eea48d3de Mon Sep 17 00:00:00 2001 From: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com> Date: Wed, 10 Dec 2025 03:20:06 +0800 Subject: [PATCH 30/30] chore(release): 5.5.2 (#1902) --- CHANGELOG.md | 8 ++++++++ src/version | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cfcc56194..20917112f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## v5.5.2 + +### What's Changed + + +**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2 + + ## v5.5.1 ### What's Changed diff --git a/src/version b/src/version index 7acd1cb0e..e4d41db98 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -5.5.1 +5.5.2