build(deps): bump actions/checkout from 5.0.0 to 6.0.2

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5.0.0...v6.0.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-03-29 01:15:09 +00:00 · 2026-01-26 04:47:21 +00:00
4 changed files with 19 additions and 39 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -37,7 +37,7 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v6.0.2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -12,7 +12,7 @@ jobs:
        os: [macos-latest, windows-latest, ubuntu-latest]
    steps:
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.2
        with:
          submodules: "true"
      - name: Install dependencies
@@ -54,7 +54,7 @@ jobs:
    runs-on: macos-latest-xlarge
    steps:
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.2
        with:
          submodules: "true"
      - name: Install dependencies
@@ -103,7 +103,7 @@ jobs:
    container: python:latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.2
        with:
          submodules: "true"
      - name: Install deps
@@ -144,7 +144,7 @@ jobs:
        run: |
          apk add git
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.2
        with:
          submodules: "true"
      - name: Upload coverage to Codecov (should fail due to missing dependencies)
@@ -175,7 +175,7 @@ jobs:
        run: |
          apk add git curl gnupg bash
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.2
        with:
          submodules: "true"
      - name: Upload coverage to Codecov (should succeed)
@@ -212,7 +212,7 @@ jobs:
        run: |
          apk add git curl
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.2
        with:
          submodules: "true"
      - name: Upload coverage to Codecov (should fail due to missing gpg and bash)
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -25,7 +25,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v5.0.0 # v3.0.0
+        uses: actions/checkout@v6.0.2 # v3.0.0
        with:
          persist-credentials: false

--- a/dist/codecov.sh
+++ b/dist/codecov.sh
@@ -71,11 +71,6 @@ then
  fi
  CC_COMMAND="${CC_CLI_TYPE}"
 else
-  CC_DOWNLOAD_DIR=$(mktemp -d)
-  cleanup_downloads() {
-    rm -rf "$CC_DOWNLOAD_DIR"
-  }
-  trap cleanup_downloads EXIT
  if [ -n "$CC_OS" ];
  then
    say "$g==>$x Overridden OS: $b${CC_OS}$x"
@@ -92,7 +87,7 @@ else
  fi
  CC_FILENAME="${CC_CLI_TYPE%-cli}"
  [[ $CC_OS == "windows" ]] && CC_FILENAME+=".exe"
-  CC_COMMAND="$CC_DOWNLOAD_DIR/$CC_FILENAME"
+  CC_COMMAND="./$CC_FILENAME"
  [[ $CC_OS == "macos" ]]  && \
    ! command -v gpg 2>&1 >/dev/null && \
    HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg
@@ -100,7 +95,7 @@ else
  CC_URL="$CC_URL/${CC_VERSION}"
  CC_URL="$CC_URL/${CC_OS}/${CC_FILENAME}"
  say "$g ->$x Downloading $b${CC_URL}$x"
-  curl -o "$CC_DOWNLOAD_DIR/$CC_FILENAME" $retry "$CC_URL"
+  curl -O $retry "$CC_URL"
  say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x"
  v_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}"
  v=$(curl $retry --retry-all-errors -s "$v_url" -H "Accept:application/json" | tr \{ '\n' | tr , '\n' | tr \} '\n' | grep "\"version\"" | awk  -F'"' '{print $4}' | tail -1)
@@ -115,19 +110,9 @@ then
    chmod +x "$CC_COMMAND"
  fi
 else
-  gpg_key_url="https://keybase.io/codecovsecurity/pgp_keys.asc"
-  gpg_import_ok=false
-  for gpg_attempt in 1 2 3; do
-    if curl -sf $retry "$gpg_key_url" | gpg --no-default-keyring --import 2>/dev/null; then
-      gpg_import_ok=true
-      break
-    fi
-    say "$r ->$x GPG key import attempt $gpg_attempt failed, retrying..."
-    sleep 2
-  done
-  if [ "$gpg_import_ok" != "true" ]; then
-    exit_if_error "Could not import GPG verification key after 3 attempts. Please contact Codecov if problem continues"
-  fi
+  echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
+    gpg --no-default-keyring --import
+  # One-time step
  say "$g==>$x Verifying GPG signature integrity"
  sha_url="https://cli.codecov.io"
  sha_url="${sha_url}/${CC_VERSION}/${CC_OS}"
@@ -135,14 +120,14 @@ else
  say "$g ->$x Downloading $b${sha_url}$x"
  say "$g ->$x Downloading $b${sha_url}.sig$x"
  say " "
-  curl -o "$CC_DOWNLOAD_DIR/${CC_FILENAME}.SHA256SUM" -s $retry --connect-timeout 2 "$sha_url"
-  curl -o "$CC_DOWNLOAD_DIR/${CC_FILENAME}.SHA256SUM.sig" -s $retry --connect-timeout 2 "${sha_url}.sig"
-  if ! gpg --verify "$CC_DOWNLOAD_DIR/${CC_FILENAME}.SHA256SUM.sig" "$CC_DOWNLOAD_DIR/${CC_FILENAME}.SHA256SUM";
+  curl -Os $retry --connect-timeout 2 "$sha_url"
+  curl -Os $retry --connect-timeout 2 "${sha_url}.sig"
+  if ! gpg --verify "${CC_FILENAME}.SHA256SUM.sig" "${CC_FILENAME}.SHA256SUM";
  then
    exit_if_error "Could not verify signature. Please contact Codecov if problem continues"
  fi
-  if ! (cd "$CC_DOWNLOAD_DIR" && (shasum -a 256 -c "${CC_FILENAME}.SHA256SUM" 2>/dev/null || \
-    sha256sum -c "${CC_FILENAME}.SHA256SUM"));
+  if ! (shasum -a 256 -c "${CC_FILENAME}.SHA256SUM" 2>/dev/null || \
+    sha256sum -c "${CC_FILENAME}.SHA256SUM");
  then
    exit_if_error "Could not verify SHASUM. Please contact Codecov if problem continues"
  fi
@@ -152,16 +137,11 @@ else
 fi
 if [ -n "$CC_BINARY_LOCATION" ];
 then
-  mkdir -p "$CC_BINARY_LOCATION" && mv "$CC_COMMAND" "$CC_BINARY_LOCATION/$CC_FILENAME"
-  CC_COMMAND="$CC_BINARY_LOCATION/$CC_FILENAME"
+  mkdir -p "$CC_BINARY_LOCATION" && mv "$CC_FILENAME" $_
  say "$g==>$x ${CC_CLI_TYPE} binary moved to ${CC_BINARY_LOCATION}"
 fi
 if [ "$CC_DOWNLOAD_ONLY" = "true" ];
 then
-  if [ -n "$CC_DOWNLOAD_DIR" ] && [ -z "$CC_BINARY_LOCATION" ]; then
-    cp "$CC_COMMAND" "./$CC_FILENAME"
-    CC_COMMAND="./$CC_FILENAME"
-  fi
  say "$g==>$x ${CC_CLI_TYPE} download only called. Exiting..."
  exit
 fi