chore(release): 5.6.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/codeql-analysis.yml

@@ -37,11 +37,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4.2.2
+      uses: actions/checkout@v5.0.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.27.9
+      uses: github/codeql-action/init@v3.30.0
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.27.9
+      uses: github/codeql-action/autobuild@v3.30.0
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.27.9
+      uses: github/codeql-action/analyze@v3.30.0

.github/workflows/main.yml

@@ -12,13 +12,14 @@ jobs:
         os: [macos-latest, windows-latest, ubuntu-latest]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
-          submodules: 'true'
+          submodules: "true"
       - name: Install dependencies
-        run: pip install -r src/scripts/app/requirements.txt
+        run: pip install -r app/requirements.txt
       - name: Run tests and collect coverage
-        run: pytest src/scripts/app/ --cov
+        run: pytest app/ --cov
+
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
@@ -49,17 +50,17 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
 
   run-macos-latest-xlarge:
-    if: github.head.repo.full_name == 'codecov/codecov-action'
+    if: github.event.pull_request.head.repo.full_name == 'codecov/codecov-action'
     runs-on: macos-latest-xlarge
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
-          submodules: 'true'
+          submodules: "true"
       - name: Install dependencies
-        run: pip install -r src/scripts/app/requirements.txt
+        run: pip install -r app/requirements.txt
       - name: Run tests and collect coverage
-        run: pytest src/scripts/app/ --cov
+        run: pytest app/ --cov
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
@@ -102,17 +103,18 @@ jobs:
     container: python:latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
-          submodules: 'true'
+          submodules: "true"
       - name: Install deps
         run: |
-          apt-get install git
+          apt-get update && apt-get install -y git
+
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
           files: ./coverage/script/coverage-final.json
-          flags: script-${{ matrix.os }}
+          flags: script-container
           name: codecov-script
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -120,7 +122,7 @@ jobs:
         uses: ./
         with:
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: demo-${{ matrix.os }}
+          flags: demo-container
           name: codecov-demo
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -128,8 +130,107 @@ jobs:
         uses: ./
         with:
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: version-${{ matrix.os }}
+          flags: version-container
           name: codecov-version
           version: v9.1.0
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
+
+  run-alpine-missing-deps:
+    runs-on: ubuntu-latest
+    container: alpine:latest
+    steps:
+      - name: Install only some deps (missing gpg and bash)
+        run: |
+          apk add git
+      - name: Checkout
+        uses: actions/checkout@v5.0.0
+        with:
+          submodules: "true"
+      - name: Upload coverage to Codecov (should fail due to missing dependencies)
+        id: codecov-upload
+        continue-on-error: true
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script-alpine-missing-deps
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Verify dependency check failed
+        run: |
+          if [ "${{ steps.codecov-upload.outcome }}" = "failure" ]; then
+            echo "✓ Action correctly failed due to missing dependencies"
+            exit 0
+          else
+            echo "✗ Action should have failed but didn't"
+            exit 1
+          fi
+
+  run-alpine-success:
+    runs-on: ubuntu-latest
+    container: alpine:latest
+    steps:
+      - name: Install all required deps
+        run: |
+          apk add git curl gnupg bash
+      - name: Checkout
+        uses: actions/checkout@v5.0.0
+        with:
+          submodules: "true"
+      - name: Upload coverage to Codecov (should succeed)
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script-alpine-success
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          flags: demo-alpine-success
+          name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          flags: version-alpine-success
+          name: codecov-version
+          version: v9.1.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  run-alpine-partial-deps:
+    runs-on: ubuntu-latest
+    container: alpine:latest
+    steps:
+      - name: Install only some deps (missing gpg and bash)
+        run: |
+          apk add git curl
+      - name: Checkout
+        uses: actions/checkout@v5.0.0
+        with:
+          submodules: "true"
+      - name: Upload coverage to Codecov (should fail due to missing gpg and bash)
+        id: codecov-upload
+        continue-on-error: true
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script-alpine-partial-deps
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Verify dependency check failed
+        run: |
+          if [ "${{ steps.codecov-upload.outcome }}" = "failure" ]; then
+            echo "✓ Action correctly failed due to missing dependencies (gpg and bash)"
+            exit 0
+          else
+            echo "✗ Action should have failed but didn't"
+            exit 1
+          fi

.github/workflows/scorecards-analysis.yml

@@ -25,12 +25,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.2.2 # v3.0.0
+        uses: actions/checkout@v5.0.0 # v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -49,7 +49,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.27.9 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.30.0 # v1.0.26
         with:
           sarif_file: results.sarif

.gitignore

@@ -93,3 +93,6 @@ public/
 
 # macOS Finder metadata
 .DS_Store
+
+# pycache dirs
+__pycache__/

CHANGELOG.md

@@ -1,3 +1,140 @@
+## v5.6.0
+
+### What's Changed
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.6.0
+
+
+## v5.5.1
+
+### What's Changed
+* fix: overwrite pr number on fork by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1871
+* build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1868
+* build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1867
+* fix: update to use local app/ dir by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1872
+* docs: fix typo in README by @datalater in https://github.com/codecov/codecov-action/pull/1866
+* Document a `codecov-cli` version reference example by @webknjaz in https://github.com/codecov/codecov-action/pull/1774
+* build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1861
+* build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1833
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1
+
+
+## v5.5.0
+
+### What's Changed
+* feat: upgrade wrapper to 0.2.4 by @jviall in https://github.com/codecov/codecov-action/pull/1864
+* Pin actions/github-script by Git SHA by @martincostello in https://github.com/codecov/codecov-action/pull/1859
+* fix: check reqs exist by @joseph-sentry in https://github.com/codecov/codecov-action/pull/1835
+* fix: Typo in README by @spalmurray in https://github.com/codecov/codecov-action/pull/1838
+* docs: Refine OIDC docs by @spalmurray in https://github.com/codecov/codecov-action/pull/1837
+* build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1829
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0
+
+
+## v5.4.3
+
+### What's Changed
+* build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1822
+* fix: OIDC on forks by @joseph-sentry in https://github.com/codecov/codecov-action/pull/1823
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3
+
+
+## v5.4.2
+
+### What's Changed
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2
+
+
+## v5.4.1
+
+### What's Changed
+* fix: use the github core methods by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1807
+* build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1803
+* build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1797
+* build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1798
+* chore(release): wrapper -0.2.1 by @app/codecov-releaser-app in https://github.com/codecov/codecov-action/pull/1788
+* build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1786
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1
+
+
+## v5.4.0
+
+### What's Changed
+* update wrapper submodule to 0.2.0, add recurse_submodules arg by @matt-codecov in https://github.com/codecov/codecov-action/pull/1780
+* build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1775
+* build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1776
+* build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1777
+* Clarify in README that `use_pypi` bypasses integrity checks too by @webknjaz in https://github.com/codecov/codecov-action/pull/1773
+* Fix use of safe.directory inside containers by @Flamefire in https://github.com/codecov/codecov-action/pull/1768
+* Fix description for report_type input by @craigscott-crascit in https://github.com/codecov/codecov-action/pull/1770
+* build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1765
+*  Fix a typo in the example by @miranska in https://github.com/codecov/codecov-action/pull/1758
+* build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1757
+* build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1753
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0
+
+
+## v5.3.1
+
+### What's Changed
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1
+
+
+## v5.3.0
+
+### What's Changed
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0
+
+
+## v5.2.0
+
+### What's Changed
+* Fix typo in README by @tserg in https://github.com/codecov/codecov-action/pull/1747
+* Th/add commands by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1745
+* use correct audience when requesting oidc token by @juho9000 in https://github.com/codecov/codecov-action/pull/1744
+* build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1742
+* build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1743
+* chore(deps): bump wrapper to 0.0.32 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1740
+* feat: add disable-telem feature by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1739
+* fix: remove erroneous linebreak in readme by @Vampire in https://github.com/codecov/codecov-action/pull/1734
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0
+
+
+## v5.1.2
+
+### What's Changed
+* fix: update statment by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1726
+* fix: update action script by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1725
+* fix: prevent oidc on tokenless due to permissioning by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1724
+* chore(release): wrapper-0.0.31 by @app/codecov-releaser-app in https://github.com/codecov/codecov-action/pull/1723
+* Put quotes around `${{ inputs.token }}` in `action.yml` by @jwodder in https://github.com/codecov/codecov-action/pull/1721
+* build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1722
+* Remove mistake from options table by @Acconut in https://github.com/codecov/codecov-action/pull/1718
+* build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1717
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2
+
+
 ## v5.1.1
 ### What's Changed
 
@@ -993,4 +1130,4 @@ for the full list.
 ### Dependencies and Misc
 - #166 Bump requestretry from 4.1.1 to 4.1.2
 - #169 Bump typescript from 4.0.5 to 4.1.2
-- #178 Bump @types/jest from 26.0.15 to 26.0.19
+- #178 Bump @types/jest from 26.0.15 to 26.0.19

README.md

@@ -3,12 +3,15 @@
 [![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v5-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
+
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
 ## v5 Release
+
 `v5` of the Codecov GitHub Action will use the [Codecov Wrapper](https://github.com/codecov/wrapper) to encapsulate the [CLI](https://github.com/codecov/codecov-cli). This will help ensure that the Action gets updates quicker.
 
 ### Migration Guide
+
 The `v5` release also coincides with the opt-out feature for tokens for public repositories. In the `Global Upload Token` section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see [how to upload without a token](https://docs.codecov.com/docs/codecov-tokens#uploading-without-a-token).
 
 > [!WARNING]
@@ -30,24 +33,32 @@ The following arguments have been added:
 You can see their usage in the `action.yml` [file](https://github.com/codecov/codecov-action/blob/main/action.yml).
 
 ## v4 Release
+
 `v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov.
 
 ### Breaking Changes
+
 - Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OSS projects do not need the upstream repo's Codecov token). For details, [see our docs](https://docs.codecov.com/docs/codecov-uploader#supporting-token-less-uploads-for-forks-of-open-source-repos-using-codecov)
 - Various arguments to the Action have been removed
 
 ### Dependabot
+
 - For repositories using `Dependabot`, users will need to ensure that it has access to the Codecov token for PRs from Dependabot to upload coverage. To do this, please add your `CODECOV_TOKEN` as a Dependabot Secret. For more information, see ["Configuring access to private registries for Dependabot."](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use)
 
 `v3` versions and below will not have access to CLI features (e.g. global upload token, ATS).
 
 ## Usage
 
+> [!CAUTION]
+> In order for the Action to work seamlessly, you will need to have `bash`, `curl`, `git`, and `gpg` installed on your runner. You will also need to run [actions/checkout](https://github.com/actions/checkout) before calling the Codecov action. If these are not present, the Action will fail. Github Actions runners will have these installed by default. If you are using a custom runner or running in a container, you will need to ensure that these are installed.
+
 To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v5` is recommended) as a `step` within your `workflow.yml` file.
 
+
 This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`).
 
 Currently, the Action will identify linux, macos, and windows runners. However, the Action may misidentify other architectures. The OS can be specified as
+
 - alpine
 - alpine-arm64
 - linux
@@ -59,37 +70,39 @@ Inside your `.github/workflows/workflow.yml` file:
 
 ```yaml
 steps:
-- uses: actions/checkout@main
-- uses: codecov/codecov-action@v5
-  with:
-    fail_ci_if_error: true # optional (default = false)
-    files: ./coverage1.xml,./coverage2.xml # optional
-    flags: unittests # optional
-    name: codecov-umbrella # optional
-    token: ${{ secrets.CODECOV_TOKEN }}
-    verbose: true # optional (default = false)
+  - uses: actions/checkout@main
+  - uses: codecov/codecov-action@v5
+    with:
+      fail_ci_if_error: true # optional (default = false)
+      files: ./coverage1.xml,./coverage2.xml # optional
+      flags: unittests # optional
+      name: codecov-umbrella # optional
+      token: ${{ secrets.CODECOV_TOKEN }}
+      verbose: true # optional (default = false)
 ```
 
 The Codecov token can also be passed in via environment variables:
 
 ```yaml
 steps:
-- uses: actions/checkout@main
-- uses: codecov/codecov-action@v5
-  with:
-    fail_ci_if_error: true # optional (default = false)
-    files: ./coverage1.xml,./coverage2.xml # optional
-    flags: unittests # optional
-    name: codecov-umbrella # optional
-    verbose: true # optional (default = false)
-  env:
-    CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+  - uses: actions/checkout@main
+  - uses: codecov/codecov-action@v5
+    with:
+      fail_ci_if_error: true # optional (default = false)
+      files: ./coverage1.xml,./coverage2.xml # optional
+      flags: unittests # optional
+      name: codecov-umbrella # optional
+      verbose: true # optional (default = false)
+    env:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 ```
-> [!NOTE]
-> This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
+
+> [!IMPORTANT]
+> This assumes that you've set your Codecov token inside _Settings > Secrets_ as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are _not_ available to forks of repositories.
 
 ### Using OIDC
-For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect), the Codecov token is not necessary. You can use OIDC with the `use_oidc` argument as following.
+
+As an alternative to Codecov upload tokens, you can choose to use OIDC as your upload authentication method by setting the `use_oidc` argument:
 
 ```yaml
 - uses: codecov/codecov-action@v5
@@ -99,26 +112,38 @@ For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions
 
 Any token supplied will be ignored, as Codecov will default to the OIDC token for verification.
 
+Note that the codecov action must have write permission for `id-token` for this to work:
+
+```yaml
+permissions:
+  id-token: write
+```
+
+This can be set at either the workflow or job level. See GitHub's [docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) for more details.
+
 ## Arguments
 
 Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
 
 | Input  | Description | Required |
 | :---       |     :---     |    :---:   |
+| `base_sha` | 'The base SHA to select. This is only used in the "pr-base-picking" run command' | Optional
 | `binary` | The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed. | Optional
-| `codecov_yml_path` | The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be locate
-d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
+| `codecov_yml_path` | The location of the codecov.yml file. This is currently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be located as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
 | `commit_parent` | SHA (with 40 chars) of what should be the parent of this commit. | Optional
 | `directory` | Folder to search for coverage files. Default to the current working directory | Optional
+| `disable_checkout` | Disable checking out the repository. This is not recommended as it can cause unwanted side effects in coverage processing | Optional
 | `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports | Optional
 | `disable_search` | Disable search for coverage files. This is helpful when specifying what files you want to upload with the files option. | Optional
 | `disable_safe_directory` | Disable setting safe directory. Set to true to disable. | Optional
+| `disable_telem` | Disable sending telemetry data to Codecov. Set to true to disable. | Optional
 | `dry_run` | Don't upload files to Codecov | Optional
 | `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional
 | `exclude` | Comma-separated list of folders to exclude from search. | Optional
 | `fail_ci_if_error` | On error, exit with non-zero code | Optional
 | `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable-search" to disable uploading other files. | Optional
 | `flags` | Comma-separated list of flags to upload to group coverage metrics. | Optional
+| `force` | Only used for empty-upload run command | Optional
 | `git_service` | Override the git_service (e.g. github_enterprise) | Optional
 | `gcov_args` | Extra arguments to pass to gcov | Optional
 | `gcov_executable` | gcov executable to run. Defaults to 'gcov' | Optional
@@ -136,9 +161,11 @@ d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-f
 | `override_commit` | Commit SHA (with 40 chars) | Optional
 | `override_pr` | Specify the pull request number manually. Used to override pre-existing CI environment variables. | Optional
 | `plugins` | Comma-separated list of plugins to run. Specify `noop` to turn off all plugins | Optional
+| `recurse_submodules` | Whether to enumerate files inside of submodules for path-fixing purposes. Off by default. | Optional
 | `report_code` | The code of the report if using local upload. If unsure, leave unset. Read more here https://docs.codecov.com/docs/the-codecov-cli#how-to-use-local-upload | Optional
-| `report_type` | The type of file to upload, coverage by default. Possible values are "testing", "coverage". | Optional
+| `report_type` | The type of file to upload, coverage by default. Possible values are "test_results", "coverage". | Optional
 | `root_dir` | Root folder from which to consider paths on the network section. Defaults to current working directory. | Optional
+| `run_command` | Choose which CLI command to run. Options are "upload-coverage", "empty-upload", "pr-base-picking", "send-notifications". "upload-coverage" is run by default.' | Optional
 | `skip_validation` | Skip integrity checking of the CLI. This is NOT recommended. | Optional
 | `slug` | [Required when using the org token] Set to the owner/repo slug used instead of the private repo token. Only applicable to some Enterprise users. | Optional
 | `swift_project` | Specify the swift project name. Useful for optimization. | Optional
@@ -146,8 +173,9 @@ d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-f
 | `url` | Set to the Codecov instance URl. Used by Dedicated Enterprise Cloud customers. | Optional
 | `use_legacy_upload_endpoint` | Use the legacy upload endpoint. | Optional
 | `use_oidc` | Use OIDC instead of token. This will ignore any token supplied | Optional
+| `use_pypi` | Use the pypi version of the CLI instead of from cli.codecov.io. If specified, integrity checking will be bypassed. | Optional
 | `verbose` | Enable verbose logging | Optional
-| `version` | Which version of the Codecov CLI to use (defaults to 'latest') | Optional
+| `version` | Which version of the Codecov CLI to use (defaults to 'latest', must start with a leading 'v'; example: `v10.0.1`) | Optional
 | `working-directory` | Directory in which to execute codecov.sh | Optional
 
 ### Example `workflow.yml` with Codecov Action
@@ -163,30 +191,31 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     env:
       OS: ${{ matrix.os }}
-      PYTHON: '3.10'
+      PYTHON: "3.10"
     steps:
-    - uses: actions/checkout@main
-    - name: Setup Python
-      uses: actions/setup-python@main
-      with:
-        python-version: 3.10
-    - name: Generate coverage report
-      run: |
-        pip install pytest
-        pip install pytest-cov
-        pytest --cov=./ --cov-report=xml
-    - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v5
-      with:
-        directory: ./coverage/reports/
-        env_vars: OS,PYTHON
-        fail_ci_if_error: true
-        files: ./coverage1.xml,./coverage2.xml,!./cache
-        flags: unittests
-        name: codecov-umbrella
-        token: ${{ secrets.CODECOV_TOKEN }}
-        verbose: true
+      - uses: actions/checkout@main
+      - name: Setup Python
+        uses: actions/setup-python@main
+        with:
+          python-version: "3.10"
+      - name: Generate coverage report
+        run: |
+          pip install pytest
+          pip install pytest-cov
+          pytest --cov=./ --cov-report=xml
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          directory: ./coverage/reports/
+          env_vars: OS,PYTHON
+          fail_ci_if_error: true
+          files: ./coverage1.xml,./coverage2.xml,!./cache
+          flags: unittests
+          name: codecov-umbrella
+          token: ${{ secrets.CODECOV_TOKEN }}
+          verbose: true
 ```
+
 ## Contributing
 
 Contributions are welcome! Check out the [Contribution Guide](CONTRIBUTING.md).

action.yml

@@ -4,6 +4,9 @@ name: 'Codecov'
 description: 'GitHub Action that uploads coverage reports for your repository to codecov.io'
 author: 'Thomas Hu <@thomasrockhu-codecov> | Codecov'
 inputs:
+  base_sha:
+    description: 'The base SHA to select. This is only used in the "pr-base-picking" run command'
+    required: false
   binary:
     description: 'The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed.'
     required: false
@@ -16,6 +19,10 @@ inputs:
   directory:
     description: 'Folder to search for coverage files. Default to the current working directory'
     required: false
+  disable_checkout:
+    description: 'Disable checking out the repository. This is not recommended as it can cause unwanted side effects in coverage processing'
+    required: false
+    default: 'false'
   disable_file_fixes:
     description: 'Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports'
     required: false
@@ -28,6 +35,10 @@ inputs:
     description: 'Disable setting safe directory. Set to true to disable.'
     required: false
     default: 'false'
+  disable_telem:
+    description: 'Disable sending telemetry data to Codecov. Set to true to disable.'
+    required: false
+    default: 'false'
   dry_run:
     description: "Don't upload files to Codecov"
     required: false
@@ -48,6 +59,9 @@ inputs:
   flags:
     description: 'Comma-separated list of flags to upload to group coverage metrics.'
     required: false
+  force:
+    description: 'Only used for empty-upload run command'
+    required: false
   git_service:
     description: 'Override the git_service (e.g. github_enterprise)'
     required: false
@@ -102,15 +116,22 @@ inputs:
   plugins:
     description: 'Comma-separated list of plugins to run. Specify `noop` to turn off all plugins'
     required: false
+  recurse_submodules:
+    description: 'Whether to enumerate files inside of submodules for path-fixing purposes. Off by default.'
+    default: 'false'
   report_code:
     description: 'The code of the report if using local upload. If unsure, leave default. Read more here https://docs.codecov.com/docs/the-codecov-cli#how-to-use-local-upload'
     required: false
   report_type:
-    description: 'The type of file to upload, coverage by default. Possible values are "testing", "coverage".'
+    description: 'The type of file to upload, coverage by default. Possible values are "test_results", "coverage".'
     required: false
   root_dir:
     description: 'Root folder from which to consider paths on the network section. Defaults to current working directory.'
     required: false
+  run_command:
+    description: 'Choose which CLI command to run. Options are "upload-coverage", "empty-upload", "pr-base-picking", "send-notifications". "upload-coverage" is run by default.'
+    required: false
+    default: 'upload-coverage'
   skip_validation:
     description: 'Skip integrity checking of the CLI. This is NOT recommended.'
     required: false
@@ -135,6 +156,10 @@ inputs:
     description: 'Use OIDC instead of token. This will ignore any token supplied'
     required: false
     default: 'false'
+  use_pypi:
+    description: 'Use the pypi version of the CLI instead of from cli.codecov.io'
+    required: false
+    default: 'false'
   verbose:
     description: 'Enable verbose logging'
     required: false
@@ -154,16 +179,55 @@ branding:
 runs:
   using: "composite"
   steps:
+    - name: Check system dependencies
+      shell: sh
+      run: |
+        missing_deps=""
+
+        # Check for required commands
+        for cmd in bash git curl gpg; do
+          if ! command -v "$cmd" >/dev/null 2>&1; then
+            missing_deps="$missing_deps $cmd"
+          fi
+        done
+
+        # Report missing required dependencies
+        if [ -n "$missing_deps" ]; then
+          echo "Error: The following required dependencies are missing:$missing_deps"
+          echo "Please install these dependencies before using this action."
+          exit 1
+        fi
+
+        echo "All required system dependencies are available."
     - name: Action version
       shell: bash
       run: |
         CC_ACTION_VERSION=$(cat ${GITHUB_ACTION_PATH}/src/version)
         echo -e "\033[0;32m==>\033[0m Running Action version $CC_ACTION_VERSION"
+
+    - name: Check if repository is checked out
+      id: check_repo
+      shell: bash
+      run: |
+        if [ -d ".git" ]; then
+          echo "Repository is checked out."
+          echo "repo_checked_out=true" >> "$GITHUB_OUTPUT"
+        else
+          echo "Repository is NOT checked out."
+          echo "repo_checked_out=false" >> "$GITHUB_OUTPUT"
+        fi
+    - name: Checkout repository
+      if: ${{ steps.check_repo.outputs.repo_checked_out == 'false' && inputs.disable_checkout != 'true' }}
+      uses: actions/checkout@v5
+      with:
+        fetch-depth: 2
+
     - name: Set safe directory
       if: ${{ inputs.disable_safe_directory != 'true' }}
       shell: bash
       run: |
-        git config --global --add safe.directory ${{ github.workspace }}
+        git config --global --add safe.directory "${{ github.workspace }}"
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
     - name: Set fork
       shell: bash
@@ -180,16 +244,25 @@ runs:
         GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
         GITHUB_REPOSITORY: ${{ github.repository }}
 
+    - name: Get OIDC token
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      id: oidc
+      with:
+        script: |
+          if (process.env.CC_USE_OIDC === 'true' && process.env.CC_FORK != 'true') {
+            const id_token = await core.getIDToken(process.env.CC_OIDC_AUDIENCE)
+            return id_token
+          }
+      env:
+        CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}
+        CC_USE_OIDC: ${{ inputs.use_oidc }}
 
     - name: Get and set token
       shell: bash
       run: |
         if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ];
         then
-          # {"count":1984,"value":"***"}
-          echo -e "\033[0;32m==>\033[0m Requesting OIDC token from '$ACTIONS_ID_TOKEN_REQUEST_URL'"
-          CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io" | cut -d\" -f6)
-          echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
+          echo "CC_TOKEN=$CC_OIDC_TOKEN" >> "$GITHUB_ENV"
         elif [ -n "${{ env.CODECOV_TOKEN }}" ];
         then
           echo -e "\033[0;32m==>\033[0m Token set from env"
@@ -202,6 +275,9 @@ runs:
             echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
           fi
         fi
+      env:
+        CC_OIDC_TOKEN: ${{ steps.oidc.outputs.result }}
+        CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}
 
     - name: Override branch for forks
       shell: bash
@@ -228,7 +304,7 @@ runs:
         then
           CC_SHA="$GITHUB_EVENT_PULL_REQUEST_HEAD_SHA"
         fi
-        if [ -z "$CC_PR" ] && [ "${GITHUB_EVENT_NAME}" == "pull_request_target" ];
+        if [ -z "$CC_PR" ] && [ "$CC_FORK" == 'true' ];
         then
           CC_PR="$GITHUB_EVENT_NUMBER"
         fi
@@ -247,6 +323,7 @@ runs:
       shell: bash
       working-directory: ${{ inputs.working-directory }}
       env:
+        CC_BASE_SHA: ${{ inputs.base_sha }}
         CC_BINARY: ${{ inputs.binary }}
         CC_BUILD: ${{ inputs.override_build }}
         CC_BUILD_URL: ${{ inputs.override_build_url }}
@@ -254,6 +331,7 @@ runs:
         CC_DIR: ${{ inputs.directory }}
         CC_DISABLE_FILE_FIXES: ${{ inputs.disable_file_fixes }}
         CC_DISABLE_SEARCH: ${{ inputs.disable_search }}
+        CC_DISABLE_TELEM: ${{ inputs.disable_telem }}
         CC_DRY_RUN: ${{ inputs.dry_run }}
         CC_ENTERPRISE_URL: ${{ inputs.url }}
         CC_ENV: ${{ inputs.env_vars }}
@@ -261,6 +339,7 @@ runs:
         CC_FAIL_ON_ERROR: ${{ inputs.fail_ci_if_error }}
         CC_FILES: ${{ inputs.files }}
         CC_FLAGS: ${{ inputs.flags }}
+        CC_FORCE: ${{ inputs.force }}
         CC_GCOV_ARGS: ${{ inputs.gcov_args }}
         CC_GCOV_EXECUTABLE: ${{ inputs.gcov_executable }}
         CC_GCOV_IGNORE: ${{ inputs.gcov_ignore }}
@@ -276,10 +355,14 @@ runs:
         CC_OS: ${{ inputs.os }}
         CC_PARENT_SHA: ${{ inputs.commit_parent }}
         CC_PLUGINS: ${{ inputs.plugins }}
+        CC_RECURSE_SUBMODULES: ${{ inputs.recurse_submodules }}
         CC_REPORT_TYPE: ${{ inputs.report_type }}
+        CC_RUN_CMD: ${{ inputs.run_command }}
+        CC_SERVICE: ${{ inputs.git_service }}
         CC_SKIP_VALIDATION: ${{ inputs.skip_validation }}
         CC_SLUG: ${{ inputs.slug }}
         CC_SWIFT_PROJECT: ${{ inputs.swift_project }}
+        CC_USE_PYPI: ${{ inputs.use_pypi }}
         CC_VERBOSE: ${{ inputs.verbose }}
         CC_VERSION: ${{ inputs.version }}
         CC_YML_PATH: ${{ inputs.codecov_yml_path }}

app/calculator.py

@@ -0,0 +1,15 @@
+class Calculator:
+
+    def add(x, y):
+        return x + y
+
+    def subtract(x, y):
+        return x - y
+
+    def multiply(x, y):
+        return x * y
+
+    def divide(x, y):
+        if y == 0:
+            return 'Cannot divide by 0'
+        return x * 1.0 / y

app/requirements.txt

@@ -0,0 +1 @@
+pytest-cov

app/test_calculator.py

@@ -0,0 +1,31 @@
+from .calculator import Calculator
+
+
+def test_add():
+    assert Calculator.add(1, 2) == 3.0
+    assert Calculator.add(1.0, 2.0) == 3.0
+    assert Calculator.add(0, 2.0) == 2.0
+    assert Calculator.add(2.0, 0) == 2.0
+    assert Calculator.add(-4, 2.0) == -2.0
+
+def test_subtract():
+    assert Calculator.subtract(1, 2) == -1.0
+    assert Calculator.subtract(2, 1) == 1.0
+    assert Calculator.subtract(1.0, 2.0) == -1.0
+    assert Calculator.subtract(0, 2.0) == -2.0
+    assert Calculator.subtract(2.0, 0.0) == 2.0
+    assert Calculator.subtract(-4, 2.0) == -6.0
+
+def test_multiply():
+    assert Calculator.multiply(1, 2) == 2.0
+    assert Calculator.multiply(1.0, 2.0) == 2.0
+    assert Calculator.multiply(0, 2.0) == 0.0
+    assert Calculator.multiply(2.0, 0.0) == 0.0
+    assert Calculator.multiply(-4, 2.0) == -8.0
+
+def test_divide():
+    # assert Calculator.divide(1, 2) == 0.5
+    assert Calculator.divide(1.0, 2.0) == 0.5
+    assert Calculator.divide(0, 2.0) == 0
+    assert Calculator.divide(-4, 2.0) == -2.0
+    # assert Calculator.divide(2.0, 0.0) == 'Cannot divide by 0'

dist/codecov.sh

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-CC_WRAPPER_VERSION="0.0.31"
 set +u
 say() {
   echo -e "$1"
@@ -27,7 +26,7 @@ v_arg() {
     echo "$(eval echo \$"CC_$1")"
   fi
 }
-write_truthy_args() {
+write_bool_args() {
   if [ "$(eval echo \$$1)" = "true" ] || [ "$(eval echo \$$1)" = "1" ];
   then
     echo "-$(lower $1)"
@@ -37,6 +36,12 @@ b="\033[0;36m"  # variables/constants
 g="\033[0;32m"  # info/debug
 r="\033[0;31m"  # errors
 x="\033[0m"
+retry="--retry 5 --retry-delay 2"
+CC_WRAPPER_VERSION="0.2.7"
+CC_VERSION="${CC_VERSION:-latest}"
+CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
+CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}"
+CC_CLI_TYPE=${CC_CLI_TYPE:-"codecov-cli"}
 say "     _____          _
     / ____|        | |
    | |     ___   __| | ___  ___ _____   __
@@ -44,18 +49,27 @@ say "     _____          _
    | |___| (_) | (_| |  __/ (_| (_) \\ V /
     \\_____\\___/ \\__,_|\\___|\\___\\___/ \\_/
                            $r Wrapper-$CC_WRAPPER_VERSION$x
-                                  "
-CC_VERSION="${CC_VERSION:-latest}"
-CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
+                           "
+if [[ "$CC_CLI_TYPE" != "codecov-cli" && "$CC_CLI_TYPE" != "sentry-prevent-cli" ]]; then
+  echo "Invalid CC_CLI_TYPE: '$CC_CLI_TYPE'. Must be 'codecov-cli' or 'sentry-prevent-cli'"
+  exit 1
+fi
 if [ -n "$CC_BINARY" ];
 then
   if [ -f "$CC_BINARY" ];
   then
-    cc_filename=$CC_BINARY
-    cc_command=$CC_BINARY
+    CC_FILENAME=$CC_BINARY
+    CC_COMMAND=$CC_BINARY
   else
     exit_if_error "Could not find binary file $CC_BINARY"
   fi
+elif [ "$CC_USE_PYPI" == "true" ];
+then
+  if ! pip install "${CC_CLI_TYPE}$([ "$CC_VERSION" == "latest" ] && echo "" || echo "==$CC_VERSION")"; then
+    exit_if_error "Could not install via pypi."
+    exit
+  fi
+  CC_COMMAND="${CC_CLI_TYPE}"
 else
   if [ -n "$CC_OS" ];
   then
@@ -71,132 +85,171 @@ else
     [[ $(arch) == "aarch64" && $family == "linux" ]] && CC_OS+="-arm64"
     say "$g==>$x Detected $b${CC_OS}$x"
   fi
-  cc_filename="codecov"
-  [[ $CC_OS == "windows" ]] && cc_filename+=".exe"
-  cc_command="./$cc_filename"
+  CC_FILENAME="${CC_CLI_TYPE%-cli}"
+  [[ $CC_OS == "windows" ]] && CC_FILENAME+=".exe"
+  CC_COMMAND="./$CC_FILENAME"
   [[ $CC_OS == "macos" ]]  && \
     ! command -v gpg 2>&1 >/dev/null && \
     HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg
-  cc_url="https://cli.codecov.io"
-  cc_url="$cc_url/${CC_VERSION}"
-  cc_url="$cc_url/${CC_OS}/${cc_filename}"
-  say "$g ->$x Downloading $b${cc_url}$x"
-  curl -Os "$cc_url"
+  CC_URL="${CC_CLI_URL:-https://cli.codecov.io}"
+  CC_URL="$CC_URL/${CC_VERSION}"
+  CC_URL="$CC_URL/${CC_OS}/${CC_FILENAME}"
+  say "$g ->$x Downloading $b${CC_URL}$x"
+  curl -O $retry "$CC_URL"
   say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x"
-  version_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}"
-  version=$(curl -s "$version_url" -H "Accept:application/json" | jq -r '.version')
-  say "      Version: $b$version$x"
+  v_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}"
+  v=$(curl $retry --retry-all-errors -s "$v_url" -H "Accept:application/json" | tr \{ '\n' | tr , '\n' | tr \} '\n' | grep "\"version\"" | awk  -F'"' '{print $4}' | tail -1)
+  say "      Version: $b$v$x"
   say " "
 fi
-if [ "$CC_SKIP_VALIDATION" = "true" ] || [ -n "$CC_BINARY" ];
+if [ "$CC_SKIP_VALIDATION" == "true" ] || [ -n "$CC_BINARY" ] || [ "$CC_USE_PYPI" == "true" ];
 then
-  say "$r==>$x Bypassing validation as requested by user"
+  say "$r==>$x Bypassing validation..."
+  if [ "$CC_SKIP_VALIDATION" == "true" ];
+  then
+    chmod +x "$CC_COMMAND"
+  fi
 else
-CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
-  echo "${CC_PUBLIC_PGP_KEY}"  | \
+  echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
     gpg --no-default-keyring --import
   # One-time step
   say "$g==>$x Verifying GPG signature integrity"
   sha_url="https://cli.codecov.io"
   sha_url="${sha_url}/${CC_VERSION}/${CC_OS}"
-  sha_url="${sha_url}/${cc_filename}.SHA256SUM"
+  sha_url="${sha_url}/${CC_FILENAME}.SHA256SUM"
   say "$g ->$x Downloading $b${sha_url}$x"
   say "$g ->$x Downloading $b${sha_url}.sig$x"
   say " "
-  curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "$sha_url"
-  curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "${sha_url}.sig"
-  if ! gpg --verify "${cc_filename}.SHA256SUM.sig" "${cc_filename}.SHA256SUM";
+  curl -Os $retry --connect-timeout 2 "$sha_url"
+  curl -Os $retry --connect-timeout 2 "${sha_url}.sig"
+  if ! gpg --verify "${CC_FILENAME}.SHA256SUM.sig" "${CC_FILENAME}.SHA256SUM";
   then
     exit_if_error "Could not verify signature. Please contact Codecov if problem continues"
   fi
-  if ! (shasum -a 256 -c "${cc_filename}.SHA256SUM" 2>/dev/null || \
-    sha256sum -c "${cc_filename}.SHA256SUM");
+  if ! (shasum -a 256 -c "${CC_FILENAME}.SHA256SUM" 2>/dev/null || \
+    sha256sum -c "${CC_FILENAME}.SHA256SUM");
   then
     exit_if_error "Could not verify SHASUM. Please contact Codecov if problem continues"
   fi
   say "$g==>$x CLI integrity verified"
   say
+  chmod +x "$CC_COMMAND"
 fi
-cc_cli_args=()
-cc_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM))
-cc_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL))
+if [ -n "$CC_BINARY_LOCATION" ];
+then
+  mkdir -p "$CC_BINARY_LOCATION" && mv "$CC_FILENAME" $_
+  say "$g==>$x ${CC_CLI_TYPE} binary moved to ${CC_BINARY_LOCATION}"
+fi
+if [ "$CC_DOWNLOAD_ONLY" = "true" ];
+then
+  say "$g==>$x ${CC_CLI_TYPE} download only called. Exiting..."
+  exit
+fi
+CC_CLI_ARGS=()
+CC_CLI_ARGS+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM))
+CC_CLI_ARGS+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL))
 if [ -n "$CC_YML_PATH" ]
 then
-  cc_cli_args+=( "--codecov-yml-path" )
-  cc_cli_args+=( "$CC_YML_PATH" )
+  CC_CLI_ARGS+=( "--codecov-yml-path" )
+  CC_CLI_ARGS+=( "$CC_YML_PATH" )
 fi
-cc_cli_args+=( $(write_truthy_args CC_VERBOSE) )
-cc_uc_args=()
+CC_CLI_ARGS+=( $(write_bool_args CC_DISABLE_TELEM) )
+CC_CLI_ARGS+=( $(write_bool_args CC_VERBOSE) )
+CC_ARGS=()
+if [ "$CC_RUN_CMD" == "upload-coverage" ]; then
 # Args for create commit
-cc_uc_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
-cc_uc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
-cc_uc_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA))
-cc_uc_args+=( $(k_arg PR) $(v_arg PR))
-cc_uc_args+=( $(k_arg SHA) $(v_arg SHA))
-cc_uc_args+=( $(k_arg SLUG) $(v_arg SLUG))
+CC_ARGS+=( $(write_bool_args CC_FAIL_ON_ERROR) )
+CC_ARGS+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+CC_ARGS+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA))
+CC_ARGS+=( $(k_arg PR) $(v_arg PR))
+CC_ARGS+=( $(k_arg SHA) $(v_arg SHA))
+CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG))
 # Args for create report
-cc_uc_args+=( $(k_arg CODE) $(v_arg CODE))
+CC_ARGS+=( $(k_arg CODE) $(v_arg CODE))
 # Args for do upload
-cc_uc_args+=( $(k_arg ENV) $(v_arg ENV))
+CC_ARGS+=( $(k_arg ENV) $(v_arg ENV))
 OLDIFS=$IFS;IFS=,
-cc_uc_args+=( $(k_arg BRANCH) $(v_arg BRANCH))
-cc_uc_args+=( $(k_arg BUILD) $(v_arg BUILD))
-cc_uc_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL))
-cc_uc_args+=( $(k_arg DIR) $(v_arg DIR))
-cc_uc_args+=( $(write_truthy_args CC_DISABLE_FILE_FIXES) )
-cc_uc_args+=( $(write_truthy_args CC_DISABLE_SEARCH) )
-cc_uc_args+=( $(write_truthy_args CC_DRY_RUN) )
+CC_ARGS+=( $(k_arg BRANCH) $(v_arg BRANCH))
+CC_ARGS+=( $(k_arg BUILD) $(v_arg BUILD))
+CC_ARGS+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL))
+CC_ARGS+=( $(k_arg DIR) $(v_arg DIR))
+CC_ARGS+=( $(write_bool_args CC_DISABLE_FILE_FIXES) )
+CC_ARGS+=( $(write_bool_args CC_DISABLE_SEARCH) )
+CC_ARGS+=( $(write_bool_args CC_DRY_RUN) )
 if [ -n "$CC_EXCLUDES" ];
 then
   for directory in $CC_EXCLUDES; do
-    cc_uc_args+=( "--exclude" "$directory" )
+    CC_ARGS+=( "--exclude" "$directory" )
   done
 fi
 if [ -n "$CC_FILES" ];
 then
   for file in $CC_FILES; do
-    cc_uc_args+=( "--file" "$file" )
+    CC_ARGS+=( "--file" "$file" )
   done
 fi
 if [ -n "$CC_FLAGS" ];
 then
   for flag in $CC_FLAGS; do
-    cc_uc_args+=( "--flag" "$flag" )
+    CC_ARGS+=( "--flag" "$flag" )
   done
 fi
-cc_uc_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS))
-cc_uc_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE))
-cc_uc_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE))
-cc_uc_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE))
-cc_uc_args+=( $(write_truthy_args CC_HANDLE_NO_REPORTS_FOUND) )
-cc_uc_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE))
-cc_uc_args+=( $(write_truthy_args CC_LEGACY) )
+CC_ARGS+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS))
+CC_ARGS+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE))
+CC_ARGS+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE))
+CC_ARGS+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE))
+CC_ARGS+=( $(write_bool_args CC_HANDLE_NO_REPORTS_FOUND) )
+CC_ARGS+=( $(write_bool_args CC_RECURSE_SUBMODULES) )
+CC_ARGS+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE))
+CC_ARGS+=( $(write_bool_args CC_LEGACY) )
 if [ -n "$CC_NAME" ];
 then
-  cc_uc_args+=( "--name" "$CC_NAME" )
+  CC_ARGS+=( "--name" "$CC_NAME" )
 fi
-cc_uc_args+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER))
-cc_uc_args+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX))
-cc_uc_args+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER))
+CC_ARGS+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER))
+CC_ARGS+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX))
+CC_ARGS+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER))
 if [ -n "$CC_PLUGINS" ];
 then
   for plugin in $CC_PLUGINS; do
-    cc_uc_args+=( "--plugin" "$plugin" )
+    CC_ARGS+=( "--plugin" "$plugin" )
   done
 fi
-cc_uc_args+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE))
-cc_uc_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT))
+CC_ARGS+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE))
+CC_ARGS+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT))
 IFS=$OLDIFS
+elif [ "$CC_RUN_CMD" == "empty-upload" ]; then
+CC_ARGS+=( $(k_arg BRANCH) $(v_arg BRANCH))
+CC_ARGS+=( $(write_bool_args CC_FAIL_ON_ERROR) )
+CC_ARGS+=( $(write_bool_args CC_FORCE) )
+CC_ARGS+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+CC_ARGS+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA))
+CC_ARGS+=( $(k_arg PR) $(v_arg PR))
+CC_ARGS+=( $(k_arg SHA) $(v_arg SHA))
+CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG))
+elif [ "$CC_RUN_CMD" == "pr-base-picking" ]; then
+CC_ARGS+=( $(k_arg BASE_SHA) $(v_arg BASE_SHA))
+CC_ARGS+=( $(k_arg PR) $(v_arg PR))
+CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG))
+CC_ARGS+=( $(k_arg SERVICE) $(v_arg SERVICE))
+elif [ "$CC_RUN_CMD" == "send-notifications" ]; then
+CC_ARGS+=( $(k_arg SHA) $(v_arg SHA))
+CC_ARGS+=( $(write_bool_args CC_FAIL_ON_ERROR) )
+CC_ARGS+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+CC_ARGS+=( $(k_arg SLUG) $(v_arg SLUG))
+else
+  exit_if_error "Invalid run command specified: $CC_RUN_CMD"
+  exit
+fi
 unset NODE_OPTIONS
-# See https://github.com/codecov/uploader/issues/475
-chmod +x $cc_command
+# github.com/codecov/uploader/issues/475
 if [ -n "$CC_TOKEN_VAR" ];
 then
   token="$(eval echo \$$CC_TOKEN_VAR)"
 else
   token="$(eval echo $CC_TOKEN)"
 fi
-say "$g ->$x Token of length ${#token} detected"
+say "$g ->$x Token length: ${#token}"
 token_str=""
 token_arg=()
 if [ -n "$token" ];
@@ -204,13 +257,13 @@ then
   token_str+=" -t <redacted>"
   token_arg+=( " -t " "$token")
 fi
-say "$g==>$x Running upload-coverage"
-say "      $b$cc_command $(echo "${cc_cli_args[@]}") upload-coverage$token_str $(echo "${cc_uc_args[@]}")$x"
-if ! $cc_command \
-  ${cc_cli_args[*]} \
-  upload-coverage \
+say "$g==>$x Running $CC_RUN_CMD"
+say "      $b$CC_COMMAND $(echo "${CC_CLI_ARGS[@]}") $CC_RUN_CMD$token_str $(echo "${CC_ARGS[@]}")$x"
+if ! $CC_COMMAND \
+  ${CC_CLI_ARGS[*]} \
+  ${CC_RUN_CMD} \
   ${token_arg[*]} \
-  "${cc_uc_args[@]}";
+  "${CC_ARGS[@]}";
 then
-  exit_if_error "Failed to upload coverage"
+  exit_if_error "Failed to run $CC_RUN_CMD"
 fi

src/version

@@ -1 +1 @@
-5.1.1
+5.6.0