chore(release): wrapper-0.0.34

* use correct audience when requesting oidc token

* Update action.yml

* Update action.yml

---------

Co-authored-by: Tom Hu <88201630+thomasrockhu-codecov@users.noreply.github.com>

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.27.9
+      uses: github/codeql-action/init@v3.28.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.27.9
+      uses: github/codeql-action/autobuild@v3.28.1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.27.9
+      uses: github/codeql-action/analyze@v3.28.1

.github/workflows/scorecards-analysis.yml

@@ -49,7 +49,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.27.9 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.28.1 # v1.0.26
         with:
           sarif_file: results.sarif

CHANGELOG.md

@@ -1,3 +1,19 @@
+## v5.1.2
+
+### What's Changed
+* fix: update statment by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1726
+* fix: update action script by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1725
+* fix: prevent oidc on tokenless due to permissioning by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1724
+* chore(release): wrapper-0.0.31 by @app/codecov-releaser-app in https://github.com/codecov/codecov-action/pull/1723
+* Put quotes around `${{ inputs.token }}` in `action.yml` by @jwodder in https://github.com/codecov/codecov-action/pull/1721
+* build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1722
+* Remove mistake from options table by @Acconut in https://github.com/codecov/codecov-action/pull/1718
+* build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1717
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2
+
+
 ## v5.1.1
 ### What's Changed
 
@@ -993,4 +1009,4 @@ for the full list.
 ### Dependencies and Misc
 - #166 Bump requestretry from 4.1.1 to 4.1.2
 - #169 Bump typescript from 4.0.5 to 4.1.2
-- #178 Bump @types/jest from 26.0.15 to 26.0.19
+- #178 Bump @types/jest from 26.0.15 to 26.0.19

README.md

@@ -106,8 +106,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d
 | Input  | Description | Required |
 | :---       |     :---     |    :---:   |
 | `binary` | The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed. | Optional
-| `codecov_yml_path` | The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be locate
-d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
+| `codecov_yml_path` | The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be located as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
 | `commit_parent` | SHA (with 40 chars) of what should be the parent of this commit. | Optional
 | `directory` | Folder to search for coverage files. Default to the current working directory | Optional
 | `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports | Optional

action.yml

@@ -28,6 +28,10 @@ inputs:
     description: 'Disable setting safe directory. Set to true to disable.'
     required: false
     default: 'false'
+  disable_telem:
+    description: 'Disable sending telemetry data to Codecov. Set to true to disable.'
+    required: false
+    default: 'false'
   dry_run:
     description: "Don't upload files to Codecov"
     required: false
@@ -188,7 +192,7 @@ runs:
         then
           # {"count":1984,"value":"***"}
           echo -e "\033[0;32m==>\033[0m Requesting OIDC token from '$ACTIONS_ID_TOKEN_REQUEST_URL'"
-          CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io" | cut -d\" -f6)
+          CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$CC_OIDC_AUDIENCE" | cut -d\" -f6)
           echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
         elif [ -n "${{ env.CODECOV_TOKEN }}" ];
         then
@@ -202,6 +206,8 @@ runs:
             echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
           fi
         fi
+      env:
+        CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}
 
     - name: Override branch for forks
       shell: bash
@@ -254,6 +260,7 @@ runs:
         CC_DIR: ${{ inputs.directory }}
         CC_DISABLE_FILE_FIXES: ${{ inputs.disable_file_fixes }}
         CC_DISABLE_SEARCH: ${{ inputs.disable_search }}
+        CC_DISABLE_TELEM: ${{ inputs.disable_telem }}
         CC_DRY_RUN: ${{ inputs.dry_run }}
         CC_ENTERPRISE_URL: ${{ inputs.url }}
         CC_ENV: ${{ inputs.env_vars }}

dist/codecov.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-CC_WRAPPER_VERSION="0.0.31"
+CC_WRAPPER_VERSION="0.0.32"
 set +u
 say() {
   echo -e "$1"
@@ -117,6 +117,15 @@ CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
   say "$g==>$x CLI integrity verified"
   say
 fi
+if [ -n "$CC_BINARY_LOCATION" ];
+then
+  mkdir -p "$CC_BINARY_LOCATION" && mv "$cc_filename" $_
+  say "$g==>$x Codecov binary moved to ${CC_BINARY_LOCATION}"
+fi
+if [ "$CC_DOWNLOAD_ONLY" = "true" ];
+then
+  say "$g==>$x Codecov download only called. Exiting..."
+fi
 cc_cli_args=()
 cc_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM))
 cc_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL))
@@ -125,6 +134,7 @@ then
   cc_cli_args+=( "--codecov-yml-path" )
   cc_cli_args+=( "$CC_YML_PATH" )
 fi
+cc_cli_args+=( $(write_truthy_args CC_DISABLE_TELEM) )
 cc_cli_args+=( $(write_truthy_args CC_VERBOSE) )
 cc_uc_args=()
 # Args for create commit

src/version

@@ -1 +1 @@
-5.1.1
+5.1.2