chore(release): 5.1.2 (#1727)

Co-authored-by: codecov-releaser <devops+releaser@codecov.io>

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.27.5
+      uses: github/codeql-action/init@v3.27.9
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.27.5
+      uses: github/codeql-action/autobuild@v3.27.9
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.27.5
+      uses: github/codeql-action/analyze@v3.27.9

.github/workflows/main.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
-          fail_ci_if_error: false
+          fail_ci_if_error: true
           files: ./coverage/script/coverage-final.json
           flags: script-${{ matrix.os }}
           name: codecov-script

.github/workflows/scorecards-analysis.yml

@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.27.5 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.27.9 # v1.0.26
         with:
           sarif_file: results.sarif

CHANGELOG.md

@@ -1,3 +1,19 @@
+## v5.1.2
+
+### What's Changed
+* fix: update statment by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1726
+* fix: update action script by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1725
+* fix: prevent oidc on tokenless due to permissioning by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1724
+* chore(release): wrapper-0.0.31 by @app/codecov-releaser-app in https://github.com/codecov/codecov-action/pull/1723
+* Put quotes around `${{ inputs.token }}` in `action.yml` by @jwodder in https://github.com/codecov/codecov-action/pull/1721
+* build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1722
+* Remove mistake from options table by @Acconut in https://github.com/codecov/codecov-action/pull/1718
+* build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1717
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2
+
+
 ## v5.1.1
 ### What's Changed
 

Makefile

@@ -1,5 +1,5 @@
 deploy:
-	$(eval VERSION := $(shell cat src/version | grep 'CODECOV_ACTION_VERSION=' | cut -d\" -f2))
+	$(eval VERSION := $(shell cat src/version))
 	git tag -d v5
 	git push origin :v5
 	git tag v5

README.md

@@ -118,7 +118,6 @@ d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-f
 | `exclude` | Comma-separated list of folders to exclude from search. | Optional
 | `fail_ci_if_error` | On error, exit with non-zero code | Optional
 | `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable-search" to disable uploading other files. | Optional
-tional
 | `flags` | Comma-separated list of flags to upload to group coverage metrics. | Optional
 | `git_service` | Override the git_service (e.g. github_enterprise) | Optional
 | `gcov_args` | Extra arguments to pass to gcov | Optional

action.yml

@@ -157,7 +157,7 @@ runs:
     - name: Action version
       shell: bash
       run: |
-        CC_ACTION_VERSION=$(cat ${GITHUB_ACTION_PATH}/src/version | grep 'CODECOV_ACTION_VERSION=' | cut -d\" -f2)
+        CC_ACTION_VERSION=$(cat ${GITHUB_ACTION_PATH}/src/version)
         echo -e "\033[0;32m==>\033[0m Running Action version $CC_ACTION_VERSION"
     - name: Set safe directory
       if: ${{ inputs.disable_safe_directory != 'true' }}
@@ -165,20 +165,39 @@ runs:
       run: |
         git config --global --add safe.directory ${{ github.workspace }}
 
+    - name: Set fork
+      shell: bash
+      run: |
+        CC_FORK="false"
+        if [ -n "$GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME" ] && [ "$GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME" != "$GITHUB_REPOSITORY" ];
+        then
+          echo -e "\033[0;32m==>\033[0m Fork detected"
+          CC_FORK="true"
+        fi
+        echo "CC_FORK=$CC_FORK" >> "$GITHUB_ENV"
+      env:
+        GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL: ${{ github.event.pull_request.head.label }}
+        GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
+        GITHUB_REPOSITORY: ${{ github.repository }}
+
+
     - name: Get and set token
       shell: bash
       run: |
-        if [ "${{ inputs.use_oidc }}" == 'true' ];
+        if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ];
         then
           # {"count":1984,"value":"***"}
+          echo -e "\033[0;32m==>\033[0m Requesting OIDC token from '$ACTIONS_ID_TOKEN_REQUEST_URL'"
           CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io" | cut -d\" -f6)
           echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
         elif [ -n "${{ env.CODECOV_TOKEN }}" ];
         then
+          echo -e "\033[0;32m==>\033[0m Token set from env"
             echo "CC_TOKEN=${{ env.CODECOV_TOKEN }}" >> "$GITHUB_ENV"
         else
-          if [ -n ${{ inputs.token }} ];
+          if [ -n "${{ inputs.token }}" ];
           then
+            echo -e "\033[0;32m==>\033[0m Token set from input"
             CC_TOKEN=$(echo "${{ inputs.token }}" | tr -d '\n')
             echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
           fi
@@ -187,9 +206,9 @@ runs:
     - name: Override branch for forks
       shell: bash
       run: |
-        if [ -z "$CC_BRANCH" ] && [ -z "$CC_TOKEN" ] && [ -n "$GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME" ] && [ "${GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME}" != "$GITHUB_REPOSITORY" ];
+        if [ -z "$CC_BRANCH" ] && [ -z "$CC_TOKEN" ] && [ "$CC_FORK" == 'true' ]
         then
-          echo -e "\033[0;32m==>\033[0m Fork detected, tokenless uploading used"
+          echo -e "\033[0;32m==>\033[0m Fork detected, setting branch to $GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
           TOKENLESS="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
           CC_BRANCH="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
           echo "TOKENLESS=$TOKENLESS" >> "$GITHUB_ENV"
@@ -264,14 +283,3 @@ runs:
         CC_VERBOSE: ${{ inputs.verbose }}
         CC_VERSION: ${{ inputs.version }}
         CC_YML_PATH: ${{ inputs.codecov_yml_path }}
-
-    - name: Error
-      shell: bash
-      run: exit 1
-
-    - name: Gracefully exit
-      if: ${{ failure() && inputs.fail_ci_if_error != 'true' }}
-      shell: bash
-      run: |
-        echo -e "\033[0;32m==>\033[0m Exiting gracefully..."
-        exit 0

changelog.py

@@ -4,8 +4,7 @@ import subprocess
 
 def update_changelog():
     with open('src/version', 'r') as f:
-        raw_version = f.read()
-    version = re.search('\"(.*)\"', raw_version).groups()[0]
+        version = f.read()
     changelog = [f"## v{version}"]
     changelog.append("### What\'s Changed")
 

dist/codecov.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-CC_WRAPPER_VERSION="0.0.30"
+CC_WRAPPER_VERSION="0.0.31"
 set +u
 say() {
   echo -e "$1"
@@ -52,6 +52,7 @@ then
   if [ -f "$CC_BINARY" ];
   then
     cc_filename=$CC_BINARY
+    cc_command=$CC_BINARY
   else
     exit_if_error "Could not find binary file $CC_BINARY"
   fi
@@ -59,34 +60,30 @@ else
   if [ -n "$CC_OS" ];
   then
     say "$g==>$x Overridden OS: $b${CC_OS}$x"
-    export cc_os=${CC_OS}
   else
-    CC_OS="linux"
+    CC_OS="windows"
     family=$(uname -s | tr '[:upper:]' '[:lower:]')
-    cc_os="windows"
-    [[ $family == "darwin" ]] && cc_os="macos"
-    [[ $family == "linux" ]] && cc_os="linux"
-    [[ $cc_os == "linux" ]] && \
+    [[ $family == "darwin" ]] && CC_OS="macos"
+    [[ $family == "linux" ]] && CC_OS="linux"
+    [[ $CC_OS == "linux" ]] && \
       osID=$(grep -e "^ID=" /etc/os-release | cut -c4-)
-    [[ $osID == "alpine" ]] && cc_os="alpine"
-    [[ $(arch) == "aarch64" && $family == "linux" ]] && cc_os+="-arm64"
-    say "$g==>$x Detected $b${cc_os}$x"
-    export cc_os=${cc_os}
+    [[ $osID == "alpine" ]] && CC_OS="alpine"
+    [[ $(arch) == "aarch64" && $family == "linux" ]] && CC_OS+="-arm64"
+    say "$g==>$x Detected $b${CC_OS}$x"
   fi
-  export cc_version=${CC_VERSION}
   cc_filename="codecov"
-  [[ $cc_os == "windows" ]] && cc_filename+=".exe"
-  export cc_filename=${cc_filename}
-  [[ $cc_os == "macos" ]]  && \
+  [[ $CC_OS == "windows" ]] && cc_filename+=".exe"
+  cc_command="./$cc_filename"
+  [[ $CC_OS == "macos" ]]  && \
     ! command -v gpg 2>&1 >/dev/null && \
     HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg
   cc_url="https://cli.codecov.io"
   cc_url="$cc_url/${CC_VERSION}"
-  cc_url="$cc_url/${cc_os}/${cc_filename}"
+  cc_url="$cc_url/${CC_OS}/${cc_filename}"
   say "$g ->$x Downloading $b${cc_url}$x"
   curl -Os "$cc_url"
-  say "$g==>$x Finishing downloading $b${cc_os}:${CC_VERSION}$x"
-  version_url="https://cli.codecov.io/api/${cc_os}/${CC_VERSION}"
+  say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x"
+  version_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}"
   version=$(curl -s "$version_url" -H "Accept:application/json" | jq -r '.version')
   say "      Version: $b$version$x"
   say " "
@@ -101,7 +98,7 @@ CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
   # One-time step
   say "$g==>$x Verifying GPG signature integrity"
   sha_url="https://cli.codecov.io"
-  sha_url="${sha_url}/${cc_version}/${cc_os}"
+  sha_url="${sha_url}/${CC_VERSION}/${CC_OS}"
   sha_url="${sha_url}/${cc_filename}.SHA256SUM"
   say "$g ->$x Downloading $b${sha_url}$x"
   say "$g ->$x Downloading $b${sha_url}.sig$x"
@@ -192,7 +189,7 @@ cc_uc_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT))
 IFS=$OLDIFS
 unset NODE_OPTIONS
 # See https://github.com/codecov/uploader/issues/475
-chmod +x $cc_filename
+chmod +x $cc_command
 if [ -n "$CC_TOKEN_VAR" ];
 then
   token="$(eval echo \$$CC_TOKEN_VAR)"
@@ -208,8 +205,8 @@ then
   token_arg+=( " -t " "$token")
 fi
 say "$g==>$x Running upload-coverage"
-say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") upload-coverage$token_str $(echo "${cc_uc_args[@]}")$x"
-if ! ./$cc_filename \
+say "      $b$cc_command $(echo "${cc_cli_args[@]}") upload-coverage$token_str $(echo "${cc_uc_args[@]}")$x"
+if ! $cc_command \
   ${cc_cli_args[*]} \
   upload-coverage \
   ${token_arg[*]} \

src/version

@@ -1 +1 @@
-CODECOV_ACTION_VERSION="5.1.1"
+5.1.2