chore(release): bump to 3.1.3 (#961)

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 18.15.10 to 18.15.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.eslintrc.json

@@ -0,0 +1,22 @@
+{
+    "env": {
+        "browser": true,
+        "commonjs": true,
+        "es2021": true
+    },
+    "extends": [
+        "google",
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended"
+    ],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": 12
+    },
+    "plugins": [
+        "@typescript-eslint"
+    ],
+    "rules": {
+        "linebreak-style": 0
+    }
+}

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  directory: /
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,69 @@
+
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '24 6 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/main.yml

@@ -1,14 +1,73 @@
-name: Example workflow for Codecov
+name: Workflow for Codecov Action
 on: [push, pull_request]
 jobs:
-  run:
-    runs-on: ubuntu-latest
+  no-deps:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
     steps:
-    - uses: actions/checkout@master
-    - name: Upload coverage to Codecov  
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Upload coverage to Codecov (script)
         uses: ./
         with:
-        #commenting out token because tokenless uploads are now supported
-        #token: ${{secrets.CODECOV_TOKEN}}
-        flags: unittest
-        name: codecov-1
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+          verbose: true
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: demo,${{ matrix.os }}
+          name: codecov-demo
+          verbose: true
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.1.0_8880
+          verbose: true
+  run:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Install dependencies
+        run: npm install
+      - name: Lint
+        run: npm run lint
+      - name: Run tests and collect coverage
+        run: npm run test
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+          verbose: true
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: demo,${{ matrix.os }}
+          name: codecov-demo
+          verbose: true
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.1.0_8880
+          verbose: true

.github/workflows/scorecards-analysis.yml

@@ -0,0 +1,61 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '43 20 * * 1'
+  push:
+    branches: [ master ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      actions: read
+      contents: read
+    
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results. 
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless 
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+      
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
+        with:
+          sarif_file: results.sarif

CHANGELOG.md

@@ -0,0 +1,268 @@
+## 3.1.3
+### Fixes
+- #960 fix: allow for aarch64 build
+
+### Dependencies
+- #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
+- #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
+- #959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12
+
+## 3.1.2
+### Fixes
+- #718 Update README.md
+- #851 Remove unsupported path_to_write_report argument
+- #898 codeql-analysis.yml
+- #901 Update README to contain correct information - inputs and negate feature
+- #955 fix: add in all the extra arguments for uploader
+
+### Dependencies
+- #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
+- #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
+- #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
+- #841 build(deps): bump @actions/core from 1.9.1 to 1.10.0
+- #843 build(deps): bump @actions/github from 5.0.3 to 5.1.1
+- #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
+- #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
+- #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
+- #889 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2
+- #895 build(deps): bump json5 from 2.2.1 to 2.2.3
+- #896 build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
+- #900 build(deps-dev): bump @vercel/ncc from 0.34.0 to 0.36.1
+- #905 build(deps-dev): bump typescript from 4.7.4 to 4.9.5
+- #911 build(deps-dev): bump @types/node from 16.11.40 to 18.13.0
+- #922 build(deps-dev): bump @types/node from 18.13.0 to 18.14.0
+- #924 build(deps): bump openpgp from 5.5.0 to 5.7.0
+- #927 build(deps-dev): bump @types/node from 18.14.0 to 18.14.2
+- #933 build(deps-dev): bump @types/node from 18.14.2 to 18.14.6
+- #937 build(deps-dev): bump @types/node from 18.14.6 to 18.15.0
+- #938 build(deps): bump node-fetch from 3.3.0 to 3.3.1
+- #945 build(deps-dev): bump @types/node from 18.15.0 to 18.15.5
+- #946 build(deps-dev): bump @types/node from 18.15.5 to 18.15.6
+- #947 build(deps-dev): bump @types/node from 18.15.6 to 18.15.10
+- #951 build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
+
+## 3.1.1
+### Fixes
+- #661 Update deprecation warning
+- #593 Create codeql-analysis.yml
+- #712 README: fix typo
+- #725 fix: Remove a blank row
+- #726 Update README.md with correct badge version
+- #633 Create scorecards-analysis.yml
+- #747 fix: add more verbosity to validation
+- #750 Regenerate scorecards-analysis.yml
+- #774 Switch to v3
+- #783 Fix network entry in table
+- #791 Trim arguments after splitting them
+- #769 Plumb failCi into verification function.
+
+### Dependencies
+- #713 build(deps-dev): bump typescript from 4.6.3 to 4.6.4
+- #714 build(deps): bump node-fetch from 3.2.3 to 3.2.4
+- #724 build(deps): bump github/codeql-action from 1 to 2
+- #717 build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0
+- #729 build(deps-dev): bump @types/node from 17.0.25 to 17.0.33
+- #734 build(deps-dev): downgrade @types/node to 16.11.35
+- #723 build(deps): bump actions/checkout from 2 to 3
+- #733 build(deps): bump @actions/github from 5.0.1 to 5.0.3
+- #732 build(deps): bump @actions/core from 1.6.0 to 1.8.2
+- #737 build(deps-dev): bump @types/node from 16.11.35 to 16.11.36
+- #749 build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0
+- #755 build(deps-dev): bump typescript from 4.6.4 to 4.7.3
+- #759 build(deps-dev): bump @types/node from 16.11.36 to 16.11.39
+- #762 build(deps-dev): bump @types/node from 16.11.39 to 16.11.40
+- #746 build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0
+- #757 build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1
+- #760 build(deps): bump openpgp from 5.2.1 to 5.3.0
+- #748 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
+- #766 build(deps-dev): bump typescript from 4.7.3 to 4.7.4
+- #799 build(deps): bump openpgp from 5.3.0 to 5.4.0
+- #798 build(deps): bump @actions/core from 1.8.2 to 1.9.1
+
+## 3.1.0
+### Features
+- #699 Incorporate `xcode` arguments for the Codecov uploader
+
+### Dependencies
+- #694 build(deps-dev): bump @vercel/ncc from 0.33.3 to 0.33.4
+- #696 build(deps-dev): bump @types/node from 17.0.23 to 17.0.25
+- #698 build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0
+
+## 3.0.0
+### Breaking Changes
+- #689 Bump to node16 and small fixes
+
+### Features
+- #688 Incorporate `gcov` arguments for the Codecov uploader
+
+### Dependencies
+- #548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0
+- #603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0
+- #628 build(deps): bump node-fetch from 2.6.1 to 3.1.1
+- #634 build(deps): bump node-fetch from 3.1.1 to 3.2.0
+- #636 build(deps): bump openpgp from 5.0.1 to 5.1.0
+- #652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3
+- #653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18
+- #659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1
+- #667 build(deps): bump actions/checkout from 2 to 3
+- #673 build(deps): bump node-fetch from 3.2.0 to 3.2.3
+- #683 build(deps): bump minimist from 1.2.5 to 1.2.6
+- #685 build(deps): bump @actions/github from 5.0.0 to 5.0.1
+- #681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23
+- #682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3
+- #676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1
+- #675 build(deps): bump openpgp from 5.1.0 to 5.2.1
+
+## 2.1.0
+### Features
+- #515 Allow specifying version of Codecov uploader
+
+### Dependencies
+- #499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0
+- #508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
+- #514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0
+
+## 2.0.3
+### Fixes
+- #464 Fix wrong link in the readme
+- #485 fix: Add override OS and linux default to platform
+
+### Dependencies
+- #447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5
+- #458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
+- #465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1
+- #466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1
+- #468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0
+- #470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0
+- #472 build(deps): bump path-parse from 1.0.6 to 1.0.7
+- #473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1
+- #478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2
+- #479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2
+- #481 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2
+- #483 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2
+- #484 build(deps): bump @actions/core from 1.4.0 to 1.5.0
+
+## 2.0.2
+### Fixes
+- Underlying uploader fixes issues with tokens not being sent properly for users seeing
+  `Error!: Error: Error uploading to https://codecov.io: Error: Error uploading to Codecov: Error: Not Found`
+- #440 fix: Validation ordering
+
+## 2.0.1
+### Fixes
+- #424 fix: Issue in building all deep dependencies
+
+## 2.0.0
+On February 1, 2022, the `v1` uploader will be full sunset and no longer function. This is due
+to the deprecation of the underlying bash uploader. This version uses the new [uploader](https://github.com/codecov/uploader).
+
+The `v2` Action downloads, verifies, and runs the Codecov binary.
+
+### Breaking Changes
+- Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably
+many of the `functionalities` and `gcov_` arguments have been removed. Please check the documentation
+for the full list.
+
+### Features
+- `dry-run` argument allows Codecov flow without uploading reports to Codecov
+- (Enterprise only) `slug` allows specifying the repository slug manually
+- (Enterprise only) `url` allows changing the upload host
+
+## 1.5.2
+### Fixes
+- # fix: Import version properly as string not object
+
+## 1.5.1
+### Fixes
+- #320 doc: add github actions badge
+- #336 Update bash uploader to 1.0.3
+- #339 fix: Add action version
+
+### Dependencies
+- #302 Bump @typescript-eslint/eslint-plugin from 4.22.0 to 4.22.1
+- #303 Bump @typescript-eslint/parser from 4.22.0 to 4.22.1
+- #304 Bump ts-jest from 26.5.5 to 26.5.6
+- #309 Bump lodash from 4.17.19 to 4.17.21
+- #310 Bump hosted-git-info from 2.8.8 to 2.8.9
+- #311 Bump @actions/github from 4.0.0 to 5.0.0
+- #314 Bump eslint from 7.25.0 to 7.27.0
+- #315 Bump @actions/core from 1.2.7 to 1.3.0
+- #316 Bump @typescript-eslint/parser from 4.22.1 to 4.25.0
+- #317 Bump @typescript-eslint/eslint-plugin from 4.22.1 to 4.25.0
+- #319 Bump jest-junit from 12.0.0 to 12.1.0
+- #321 Bump typescript from 4.2.4 to 4.3.2
+- #323 Bump ws from 7.3.1 to 7.4.6
+- #331 Bump eslint from 7.27.0 to 7.28.0
+- #332 Bump @actions/exec from 1.0.4 to 1.1.0
+- #333 Bump @typescript-eslint/parser from 4.25.0 to 4.26.1
+- #334 Bump @typescript-eslint/eslint-plugin from 4.25.0 to 4.26.1
+- #335 Bump @actions/core from 1.3.0 to 1.4.0
+- #337 Bump glob-parent from 5.1.1 to 5.1.2
+
+## 1.5.0
+### Features
+- #299 Pull Codecov bash script into the action
+
+### Dependencies
+- #271 Bump typescript from 4.2.3 to 4.2.4
+- #277 Bump @typescript-eslint/eslint-plugin from 4.16.1 to 4.22.0
+- #278 Bump @typescript-eslint/parser from 4.20.0 to 4.22.0
+- #279 Bump @actions/core from 1.2.6 to 1.2.7
+- #292 Bump ts-jest from 26.5.3 to 26.5.5
+- #293 Bump eslint from 7.21.0 to 7.25.0
+- #297 Bump @types/jest from 26.0.20 to 26.0.23
+- #298 Upgrade to GitHub-native Dependabot
+
+## 1.4.1
+### Fixes
+- #287 Update VERSION regex to restrict on digits and dot and move checksums into script
+
+## 1.4.0
+### Features
+- #282 Add checksum verification of bash script
+
+## 1.3.2
+### Fixes
+- #264 Overwrites pr number for pull_request_target events
+
+## 1.3.1
+### Fixes
+- #253 Add `network_filter` to action manifest
+
+## 1.3.0
+### Features
+- #252 Add "network_filter" input
+
+## 1.2.2
+### Fixes
+- #241 pass root_dir using proper bash arg
+- #244 Overwrite the commit on pull_request* events
+
+## 1.2.1
+### Fixes
+- #196 Add parameters to the action.yml
+
+## 1.2.0
+### Features
+- #193 Add all the bash params
+
+### Fixes
+- #193 Fixes issue with working-directory
+
+## 1.1.1
+### Fixes
+- #184 Add automations ensure proper builds and deployments
+- #184 Fixes verbose flag
+
+## 1.1.0
+### Features
+- #110 Add "working-directory:" input
+- #174 Support Xcode specificed parameters
+
+### Fixes
+- #172 File is saved as text
+
+### Dependencies and Misc
+- #166 Bump requestretry from 4.1.1 to 4.1.2
+- #169 Bump typescript from 4.0.5 to 4.1.2
+- #178 Bump @types/jest from 26.0.15 to 26.0.19

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Codecov
+Copyright (c) 2019-2020 Codecov
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -0,0 +1,7 @@
+deploy:
+	$(eval VERSION := $(shell cat package.json | grep '"version": ' | cut -d\" -f4))
+	git tag -d v3
+	git push origin :v3
+	git tag v3
+	git tag v$(VERSION) -s -m ""
+	git push origin --tags

README.md

@@ -1,13 +1,30 @@
 # Codecov GitHub Action
 
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v1-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v3-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
+[![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
 >The latest release of this Action adds support for tokenless uploads from GitHub Actions!
 
+## ⚠️  Deprecation of v1
+**As of February 1, 2022, v1 has been fully sunset and no longer functions**
+
+Due to the [deprecation](https://about.codecov.io/blog/introducing-codecovs-new-uploader/) of the underlying bash uploader,
+the Codecov GitHub Action has released `v2`/`v3` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
+more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
+
+We will be restricting any updates to the `v1` Action to security updates and hotfixes.
+
+### Migration from `v1` to `v3`
+The `v3` uploader has a few breaking changes for users
+- Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably
+many of the `functionalities` and `gcov_` arguments have been removed. Please check the documentation
+below for the full list.
+
 ## Usage
 
-To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v1` is recommended) as a `step` within your `workflow.yml` file.
+To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v3` is recommended) as a `step` within your `workflow.yml` file.
 
 If you have a *private repository*, this Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, store it as a `secret`). Optionally, you can choose to include up to four additional inputs to customize the upload context. **For public repositories, no token is needed**
 
@@ -16,30 +33,61 @@ Inside your `.github/workflows/workflow.yml` file:
 ```yaml
 steps:
 - uses: actions/checkout@master
-- uses: codecov/codecov-action@v1
+- uses: codecov/codecov-action@v3
   with:
-    token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
-    file: ./coverage.xml # optional
+    token: ${{ secrets.CODECOV_TOKEN }}
+    files: ./coverage1.xml,./coverage2.xml # optional
     flags: unittests # optional
     name: codecov-umbrella # optional
     fail_ci_if_error: true # optional (default = false)
+    verbose: true # optional (default = false)
 ```
 >**Note**: This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
 
 ## Arguments
 
-Codecov's Action currently supports five inputs from the user: `token`, `file`, `flags`,`name`, and `fail_ci_if_error`. These inputs, along with their descriptions and usage contexts, are listed in the table below:
-
->**Update**: We've removed the `yml` parameter with the latest release of this action. Please put your custom codecov yaml file at the root of the repo because other locations will no longer be supported in the future.
+Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
 
 | Input  | Description | Usage |
 | :---:     |     :---:   |    :---:   |
-| `token`  | Used to authorize coverage report uploads  | *Required for private repos* |
-| `file`  | Path to the coverage report(s) | Optional
-| `flags`  | Flag the upload to group coverage metrics (unittests, uitests, etc.). Multiple flags are separated by a comma (ui,chrome) | Optional
+| `token`  | Used to authorize coverage report uploads  | *Required |
+| `move_coverage_to_trash` | Move discovered coverage reports to the trash | Optional
+| `commit_parent` | The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository provider's API, the parent is determined via finding the closest ancestor to the commit. | Optional
+| `dry_run` | Don't upload files to Codecov | Optional
 | `env_vars`  | Environment variables to tag the upload with. Multiple env variables can be separated with commas (e.g. `OS,PYTHON`) | Optional
-| `name`  | Custom defined name for the upload | Optional
 | `fail_ci_if_error`  | Specify if CI pipeline should fail when Codecov runs into errors during upload. *Defaults to **false*** | Optional
+| `files`  | Comma-separated paths to the coverage report(s). Negated paths are supported by starting with `!` | Optional
+| `flags`  | Flag the upload to group coverage metrics (unittests, uitests, etc.). Multiple flags are separated by a comma (ui,chrome) | Optional
+| `full_report` | Specify the path of a full Codecov report to re-upload | Optional
+| `functionalities` | Toggle functionalities | Optional
+| -- `network` | Disable uploading the file network | Optional
+| -- `fixes` | Enable file fixes to ignore common lines from coverage | Optional
+| -- `search` | Disable searching for coverage files | Optional
+| `gcov` | Run with gcov support | Optional
+| `gcov_args` | Extra arguments to pass to gcov | Optional
+| `gcov_ignore` | Paths to ignore during gcov gathering | Optional
+| `gcov_include` | Paths to include during gcov gathering | Optional
+| `gcov_executable` | gcov executable to run. Defaults to gcov. | Optional
+| `name`  | Custom defined name for the upload | Optional
+| `network_filer` | Specify a filter on the files listed in the network section of the Codecov report. Useful for upload-specific path fixing | Optional
+| `network_prefix` | Specify a prefix on files listed in the network section of the Codecov report. Useful to help resolve path fixing | Optional
+| `os` | Specify the OS (linux, macos, windows, alpine) | Optional
+| `override_branch` | Specify the branch name | Optional
+| `override_build` | Specify the build number | Optional
+| `override_commit` | Specify the commit SHA | Optional
+| `override_pr` | Specify the pull request number | Optional
+| `override_tag` | Specify the git tag | Optional
+| `root_dir` | Used when not in git/hg project to identify project root directory | Optional
+| `directory` | Directory to search for coverage reports. | Optional
+| `slug` | Specify the slug manually (Enterprise use) | Optional
+| `swift` | Run with swift coverage support | Optional
+| -- `swift_project` | Specify the swift project to speed up coverage conversion | Optional
+| `upstream_proxy` | The upstream http proxy server to connect through | Optional
+| `url` | Change the upload host (Enterprise use) | Optional
+| `verbose` | Specify whether the Codecov output should be verbose | Optional
+| `version` | Specify which version of the Codecov Uploader should be used. Defaults to `latest` | Optional
+| `xtra_args` | Add additional uploader args that may be missing in the Action | Optional
+
 
 ### Example `workflow.yml` with Codecov Action
 
@@ -54,27 +102,29 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     env:
       OS: ${{ matrix.os }}
-      PYTHON: '3.7'
+      PYTHON: '3.10'
     steps:
     - uses: actions/checkout@master
     - name: Setup Python
       uses: actions/setup-python@master
       with:
-        python-version: 3.7
+        python-version: 3.10
     - name: Generate coverage report
       run: |
         pip install pytest
         pip install pytest-cov
         pytest --cov=./ --cov-report=xml
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v1
+      uses: codecov/codecov-action@v3
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
-        file: ./coverage.xml
-        flags: unittests
+        directory: ./coverage/reports/
         env_vars: OS,PYTHON
-        name: codecov-umbrella
         fail_ci_if_error: true
+        files: ./coverage1.xml,./coverage2.xml,!./cache
+        flags: unittests
+        name: codecov-umbrella
+        verbose: true
 ```
 ## Contributing
 
@@ -83,3 +133,5 @@ Contributions are welcome! Check out the [Contribution Guide](CONTRIBUTING.md).
 ## License
 
 The code in this project is released under the [MIT License](LICENSE).
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_large)

action.yml

@@ -1,28 +1,121 @@
 name: 'Codecov'
 description: 'GitHub Action that uploads coverage reports for your repository to codecov.io'
-author: 'Ibrahim Ali <@ibrahim0814> | Codecov'
+author: 'Ibrahim Ali <@ibrahim0814> & Thomas Hu <@thomasrockhu> | Codecov'
 inputs:
-  name:
-    description: 'User defined upload name. Visible in Codecov UI'
-    required: false
   token:
     description: 'Repository upload token - get it from codecov.io. Required only for private repositories'
     required: false
   file:
     description: 'Path to coverage file to upload'
     required: false
+  files:
+    description: 'Comma-separated list of files to upload'
+    required: false
+  directory:
+    description: 'Directory to search for coverage reports.'
+    required: false
   flags:
     description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
     required: false
+  full_report:
+    description: Specify the path of a full Codecov report to re-upload
+    required: false
+  commit_parent:
+    description: 'The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository providers API, the parent is determined via finding the closest ancestor to the commit.'
+    required: false
+  dry_run:
+    description: "Don't upload files to Codecov"
+    required: false
   env_vars:
     description: 'Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)'
     required: false
   fail_ci_if_error:
     description: 'Specify whether or not CI build should fail if Codecov runs into an error during upload'
     required: false
+  functionalities:
+    description: 'Comma-separated list, see the README for options and their usage. Options include `network`, `fixes`, `search`.'
+    required: false
+  gcov:
+    description: 'Run with gcov support'
+    required: false
+  gcov_args:
+    description: 'Extra arguments to pass to gcov'
+    required: false
+  gcov_executable:
+    description: 'gcov executable to run. Defaults to gcov'
+    required: false
+  gcov_ignore:
+    description: 'Paths to ignore during gcov gathering'
+    required: false
+  gcov_include:
+    description: 'Paths to include during gcov gathering'
+    required: false
+  move_coverage_to_trash:
+    description: 'Move discovered coverage reports to the trash'
+    required: false
+  name:
+    description: 'User defined upload name. Visible in Codecov UI'
+    required: false
+  network_filter:
+    description: 'Specify a filter on the files listed in the network section of the Codecov report. Useful for upload-specific path fixing'
+    required: false
+  network_prefix:
+    description: 'Specify a prefix on files listed in the network section of the Codecov report. Useful to help resolve path fixing'
+    required: false
+  os:
+    description: 'Override the assumed OS. Options are aarch64 | alpine | linux | macos | windows.'
+    required: false
+  override_branch:
+    description: 'Specify the branch name'
+    required: false
+  override_build:
+    description: 'Specify the build number'
+    required: false
+  override_commit:
+    description: 'Specify the commit SHA'
+    required: false
+  override_pr:
+    description: 'Specify the pull request number'
+    required: false
+  override_tag:
+    description: 'Specify the git tag'
+    required: false
+  root_dir:
+    description: 'Used when not in git/hg project to identify project root directory'
+    required: false
+  slug:
+    description: 'Specify the slug manually (Enterprise use)'
+    required: false
+  swift:
+    description: 'Run with swift coverage support'
+    required: false
+  swift_project:
+    description: 'Specify the swift project to speed up coverage conversion'
+    required: false
+  upstream_proxy:
+    description: 'The upstream http proxy server to connect through'
+    required: false
+  url:
+    description: 'Change the upload host (Enterprise use)'
+    required: false
+  verbose:
+    description: 'Specify whether the Codecov output should be verbose'
+    required: false
+  version:
+    description: 'Specify which version of the Codecov Uploader should be used. Defaults to `latest`'
+    required: false
+  xcode:
+    description: 'Run with xcode support'
+    required: false
+  xcode_archive_path:
+    description: 'Specify the xcode archive path. Likely specified as the -resultBundlePath and should end in .xcresult'
+    required: false
+  xtra_args:
+    description: 'Add additional uploader args that may be missing in the Action'
+    required: false
 branding:
   color: 'red'
   icon: 'umbrella'
 runs:
-  using: 'node12'
+  using: 'node16'
   main: 'dist/index.js'

demo/calculator/calculator.test.ts

@@ -0,0 +1,11 @@
+import Calculator from './calculator';
+
+test('adds 2 + 3 to equal 5', () => {
+  const calc = new Calculator();
+  expect(calc.add(2, 3)).toBe(5);
+});
+
+test('subtracts 2 - 3 to equal -1', () => {
+  const calc = new Calculator();
+  expect(calc.subtract(2, 3)).toBe(-1);
+});

demo/calculator/calculator.ts

@@ -0,0 +1,10 @@
+export default class Calculator {
+
+  add(x : number, y : number) : number {
+    return x + y;
+  }
+
+  subtract(x: number, y: number) : number {
+    return x - y;
+  }
+}

demo/coverage-test/coverage.test.ts

@@ -0,0 +1,11 @@
+import Coverage from './coverage';
+
+test('test uncovered if', () => {
+  const coverageObj = new Coverage();
+  expect(coverageObj.uncovered_if()).toEqual(false);
+});
+
+test('fully covered', () => {
+  const coverageObj = new Coverage();
+  expect(coverageObj.fully_covered()).toEqual(true);
+});

demo/coverage-test/coverage.ts

@@ -0,0 +1,21 @@
+export default class Coverage {
+
+  //This function is tested and part of it is uncovered
+  uncovered_if = (a = true) => {
+    if (a == true) {
+      return false
+    } else {
+      return true
+    }
+  }
+
+  //This function will be fully covered
+  fully_covered = () => {
+    return true
+  }
+
+  //This function will not be tested by unit tests
+  uncovered = () => {
+    return true
+  }
+}

dist/37.index.js

@@ -0,0 +1,453 @@
+"use strict";
+exports.id = 37;
+exports.ids = [37];
+exports.modules = {
+
+/***/ 4037:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+__webpack_require__.r(__webpack_exports__);
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   "toFormData": () => (/* binding */ toFormData)
+/* harmony export */ });
+/* harmony import */ var fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(2777);
+/* harmony import */ var formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(8010);
+
+
+
+let s = 0;
+const S = {
+	START_BOUNDARY: s++,
+	HEADER_FIELD_START: s++,
+	HEADER_FIELD: s++,
+	HEADER_VALUE_START: s++,
+	HEADER_VALUE: s++,
+	HEADER_VALUE_ALMOST_DONE: s++,
+	HEADERS_ALMOST_DONE: s++,
+	PART_DATA_START: s++,
+	PART_DATA: s++,
+	END: s++
+};
+
+let f = 1;
+const F = {
+	PART_BOUNDARY: f,
+	LAST_BOUNDARY: f *= 2
+};
+
+const LF = 10;
+const CR = 13;
+const SPACE = 32;
+const HYPHEN = 45;
+const COLON = 58;
+const A = 97;
+const Z = 122;
+
+const lower = c => c | 0x20;
+
+const noop = () => {};
+
+class MultipartParser {
+	/**
+	 * @param {string} boundary
+	 */
+	constructor(boundary) {
+		this.index = 0;
+		this.flags = 0;
+
+		this.onHeaderEnd = noop;
+		this.onHeaderField = noop;
+		this.onHeadersEnd = noop;
+		this.onHeaderValue = noop;
+		this.onPartBegin = noop;
+		this.onPartData = noop;
+		this.onPartEnd = noop;
+
+		this.boundaryChars = {};
+
+		boundary = '\r\n--' + boundary;
+		const ui8a = new Uint8Array(boundary.length);
+		for (let i = 0; i < boundary.length; i++) {
+			ui8a[i] = boundary.charCodeAt(i);
+			this.boundaryChars[ui8a[i]] = true;
+		}
+
+		this.boundary = ui8a;
+		this.lookbehind = new Uint8Array(this.boundary.length + 8);
+		this.state = S.START_BOUNDARY;
+	}
+
+	/**
+	 * @param {Uint8Array} data
+	 */
+	write(data) {
+		let i = 0;
+		const length_ = data.length;
+		let previousIndex = this.index;
+		let {lookbehind, boundary, boundaryChars, index, state, flags} = this;
+		const boundaryLength = this.boundary.length;
+		const boundaryEnd = boundaryLength - 1;
+		const bufferLength = data.length;
+		let c;
+		let cl;
+
+		const mark = name => {
+			this[name + 'Mark'] = i;
+		};
+
+		const clear = name => {
+			delete this[name + 'Mark'];
+		};
+
+		const callback = (callbackSymbol, start, end, ui8a) => {
+			if (start === undefined || start !== end) {
+				this[callbackSymbol](ui8a && ui8a.subarray(start, end));
+			}
+		};
+
+		const dataCallback = (name, clear) => {
+			const markSymbol = name + 'Mark';
+			if (!(markSymbol in this)) {
+				return;
+			}
+
+			if (clear) {
+				callback(name, this[markSymbol], i, data);
+				delete this[markSymbol];
+			} else {
+				callback(name, this[markSymbol], data.length, data);
+				this[markSymbol] = 0;
+			}
+		};
+
+		for (i = 0; i < length_; i++) {
+			c = data[i];
+
+			switch (state) {
+				case S.START_BOUNDARY:
+					if (index === boundary.length - 2) {
+						if (c === HYPHEN) {
+							flags |= F.LAST_BOUNDARY;
+						} else if (c !== CR) {
+							return;
+						}
+
+						index++;
+						break;
+					} else if (index - 1 === boundary.length - 2) {
+						if (flags & F.LAST_BOUNDARY && c === HYPHEN) {
+							state = S.END;
+							flags = 0;
+						} else if (!(flags & F.LAST_BOUNDARY) && c === LF) {
+							index = 0;
+							callback('onPartBegin');
+							state = S.HEADER_FIELD_START;
+						} else {
+							return;
+						}
+
+						break;
+					}
+
+					if (c !== boundary[index + 2]) {
+						index = -2;
+					}
+
+					if (c === boundary[index + 2]) {
+						index++;
+					}
+
+					break;
+				case S.HEADER_FIELD_START:
+					state = S.HEADER_FIELD;
+					mark('onHeaderField');
+					index = 0;
+					// falls through
+				case S.HEADER_FIELD:
+					if (c === CR) {
+						clear('onHeaderField');
+						state = S.HEADERS_ALMOST_DONE;
+						break;
+					}
+
+					index++;
+					if (c === HYPHEN) {
+						break;
+					}
+
+					if (c === COLON) {
+						if (index === 1) {
+							// empty header field
+							return;
+						}
+
+						dataCallback('onHeaderField', true);
+						state = S.HEADER_VALUE_START;
+						break;
+					}
+
+					cl = lower(c);
+					if (cl < A || cl > Z) {
+						return;
+					}
+
+					break;
+				case S.HEADER_VALUE_START:
+					if (c === SPACE) {
+						break;
+					}
+
+					mark('onHeaderValue');
+					state = S.HEADER_VALUE;
+					// falls through
+				case S.HEADER_VALUE:
+					if (c === CR) {
+						dataCallback('onHeaderValue', true);
+						callback('onHeaderEnd');
+						state = S.HEADER_VALUE_ALMOST_DONE;
+					}
+
+					break;
+				case S.HEADER_VALUE_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					state = S.HEADER_FIELD_START;
+					break;
+				case S.HEADERS_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					callback('onHeadersEnd');
+					state = S.PART_DATA_START;
+					break;
+				case S.PART_DATA_START:
+					state = S.PART_DATA;
+					mark('onPartData');
+					// falls through
+				case S.PART_DATA:
+					previousIndex = index;
+
+					if (index === 0) {
+						// boyer-moore derrived algorithm to safely skip non-boundary data
+						i += boundaryEnd;
+						while (i < bufferLength && !(data[i] in boundaryChars)) {
+							i += boundaryLength;
+						}
+
+						i -= boundaryEnd;
+						c = data[i];
+					}
+
+					if (index < boundary.length) {
+						if (boundary[index] === c) {
+							if (index === 0) {
+								dataCallback('onPartData', true);
+							}
+
+							index++;
+						} else {
+							index = 0;
+						}
+					} else if (index === boundary.length) {
+						index++;
+						if (c === CR) {
+							// CR = part boundary
+							flags |= F.PART_BOUNDARY;
+						} else if (c === HYPHEN) {
+							// HYPHEN = end boundary
+							flags |= F.LAST_BOUNDARY;
+						} else {
+							index = 0;
+						}
+					} else if (index - 1 === boundary.length) {
+						if (flags & F.PART_BOUNDARY) {
+							index = 0;
+							if (c === LF) {
+								// unset the PART_BOUNDARY flag
+								flags &= ~F.PART_BOUNDARY;
+								callback('onPartEnd');
+								callback('onPartBegin');
+								state = S.HEADER_FIELD_START;
+								break;
+							}
+						} else if (flags & F.LAST_BOUNDARY) {
+							if (c === HYPHEN) {
+								callback('onPartEnd');
+								state = S.END;
+								flags = 0;
+							} else {
+								index = 0;
+							}
+						} else {
+							index = 0;
+						}
+					}
+
+					if (index > 0) {
+						// when matching a possible boundary, keep a lookbehind reference
+						// in case it turns out to be a false lead
+						lookbehind[index - 1] = c;
+					} else if (previousIndex > 0) {
+						// if our boundary turned out to be rubbish, the captured lookbehind
+						// belongs to partData
+						const _lookbehind = new Uint8Array(lookbehind.buffer, lookbehind.byteOffset, lookbehind.byteLength);
+						callback('onPartData', 0, previousIndex, _lookbehind);
+						previousIndex = 0;
+						mark('onPartData');
+
+						// reconsider the current character even so it interrupted the sequence
+						// it could be the beginning of a new sequence
+						i--;
+					}
+
+					break;
+				case S.END:
+					break;
+				default:
+					throw new Error(`Unexpected state entered: ${state}`);
+			}
+		}
+
+		dataCallback('onHeaderField');
+		dataCallback('onHeaderValue');
+		dataCallback('onPartData');
+
+		// Update properties for the next call
+		this.index = index;
+		this.state = state;
+		this.flags = flags;
+	}
+
+	end() {
+		if ((this.state === S.HEADER_FIELD_START && this.index === 0) ||
+			(this.state === S.PART_DATA && this.index === this.boundary.length)) {
+			this.onPartEnd();
+		} else if (this.state !== S.END) {
+			throw new Error('MultipartParser.end(): stream ended unexpectedly');
+		}
+	}
+}
+
+function _fileName(headerValue) {
+	// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+	const m = headerValue.match(/\bfilename=("(.*?)"|([^()<>@,;:\\"/[\]?={}\s\t]+))($|;\s)/i);
+	if (!m) {
+		return;
+	}
+
+	const match = m[2] || m[3] || '';
+	let filename = match.slice(match.lastIndexOf('\\') + 1);
+	filename = filename.replace(/%22/g, '"');
+	filename = filename.replace(/&#(\d{4});/g, (m, code) => {
+		return String.fromCharCode(code);
+	});
+	return filename;
+}
+
+async function toFormData(Body, ct) {
+	if (!/multipart/i.test(ct)) {
+		throw new TypeError('Failed to fetch');
+	}
+
+	const m = ct.match(/boundary=(?:"([^"]+)"|([^;]+))/i);
+
+	if (!m) {
+		throw new TypeError('no or bad content-type header, no multipart boundary');
+	}
+
+	const parser = new MultipartParser(m[1] || m[2]);
+
+	let headerField;
+	let headerValue;
+	let entryValue;
+	let entryName;
+	let contentType;
+	let filename;
+	const entryChunks = [];
+	const formData = new formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__/* .FormData */ .Ct();
+
+	const onPartData = ui8a => {
+		entryValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	const appendToFile = ui8a => {
+		entryChunks.push(ui8a);
+	};
+
+	const appendFileToFormData = () => {
+		const file = new fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__/* .File */ .$B(entryChunks, filename, {type: contentType});
+		formData.append(entryName, file);
+	};
+
+	const appendEntryToFormData = () => {
+		formData.append(entryName, entryValue);
+	};
+
+	const decoder = new TextDecoder('utf-8');
+	decoder.decode();
+
+	parser.onPartBegin = function () {
+		parser.onPartData = onPartData;
+		parser.onPartEnd = appendEntryToFormData;
+
+		headerField = '';
+		headerValue = '';
+		entryValue = '';
+		entryName = '';
+		contentType = '';
+		filename = null;
+		entryChunks.length = 0;
+	};
+
+	parser.onHeaderField = function (ui8a) {
+		headerField += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderValue = function (ui8a) {
+		headerValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderEnd = function () {
+		headerValue += decoder.decode();
+		headerField = headerField.toLowerCase();
+
+		if (headerField === 'content-disposition') {
+			// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+			const m = headerValue.match(/\bname=("([^"]*)"|([^()<>@,;:\\"/[\]?={}\s\t]+))/i);
+
+			if (m) {
+				entryName = m[2] || m[3] || '';
+			}
+
+			filename = _fileName(headerValue);
+
+			if (filename) {
+				parser.onPartData = appendToFile;
+				parser.onPartEnd = appendFileToFormData;
+			}
+		} else if (headerField === 'content-type') {
+			contentType = headerValue;
+		}
+
+		headerValue = '';
+		headerField = '';
+	};
+
+	for await (const chunk of Body) {
+		parser.write(chunk);
+	}
+
+	parser.end();
+
+	return formData;
+}
+
+
+/***/ })
+
+};
+;
+//# sourceMappingURL=37.index.js.map

dist/629.index.js

@@ -0,0 +1,453 @@
+exports.id = 629;
+exports.ids = [629];
+exports.modules = {
+
+/***/ 6629:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+"use strict";
+__webpack_require__.r(__webpack_exports__);
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   "toFormData": () => (/* binding */ toFormData)
+/* harmony export */ });
+/* harmony import */ var fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(4818);
+/* harmony import */ var formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(1402);
+
+
+
+let s = 0;
+const S = {
+	START_BOUNDARY: s++,
+	HEADER_FIELD_START: s++,
+	HEADER_FIELD: s++,
+	HEADER_VALUE_START: s++,
+	HEADER_VALUE: s++,
+	HEADER_VALUE_ALMOST_DONE: s++,
+	HEADERS_ALMOST_DONE: s++,
+	PART_DATA_START: s++,
+	PART_DATA: s++,
+	END: s++
+};
+
+let f = 1;
+const F = {
+	PART_BOUNDARY: f,
+	LAST_BOUNDARY: f *= 2
+};
+
+const LF = 10;
+const CR = 13;
+const SPACE = 32;
+const HYPHEN = 45;
+const COLON = 58;
+const A = 97;
+const Z = 122;
+
+const lower = c => c | 0x20;
+
+const noop = () => {};
+
+class MultipartParser {
+	/**
+	 * @param {string} boundary
+	 */
+	constructor(boundary) {
+		this.index = 0;
+		this.flags = 0;
+
+		this.onHeaderEnd = noop;
+		this.onHeaderField = noop;
+		this.onHeadersEnd = noop;
+		this.onHeaderValue = noop;
+		this.onPartBegin = noop;
+		this.onPartData = noop;
+		this.onPartEnd = noop;
+
+		this.boundaryChars = {};
+
+		boundary = '\r\n--' + boundary;
+		const ui8a = new Uint8Array(boundary.length);
+		for (let i = 0; i < boundary.length; i++) {
+			ui8a[i] = boundary.charCodeAt(i);
+			this.boundaryChars[ui8a[i]] = true;
+		}
+
+		this.boundary = ui8a;
+		this.lookbehind = new Uint8Array(this.boundary.length + 8);
+		this.state = S.START_BOUNDARY;
+	}
+
+	/**
+	 * @param {Uint8Array} data
+	 */
+	write(data) {
+		let i = 0;
+		const length_ = data.length;
+		let previousIndex = this.index;
+		let {lookbehind, boundary, boundaryChars, index, state, flags} = this;
+		const boundaryLength = this.boundary.length;
+		const boundaryEnd = boundaryLength - 1;
+		const bufferLength = data.length;
+		let c;
+		let cl;
+
+		const mark = name => {
+			this[name + 'Mark'] = i;
+		};
+
+		const clear = name => {
+			delete this[name + 'Mark'];
+		};
+
+		const callback = (callbackSymbol, start, end, ui8a) => {
+			if (start === undefined || start !== end) {
+				this[callbackSymbol](ui8a && ui8a.subarray(start, end));
+			}
+		};
+
+		const dataCallback = (name, clear) => {
+			const markSymbol = name + 'Mark';
+			if (!(markSymbol in this)) {
+				return;
+			}
+
+			if (clear) {
+				callback(name, this[markSymbol], i, data);
+				delete this[markSymbol];
+			} else {
+				callback(name, this[markSymbol], data.length, data);
+				this[markSymbol] = 0;
+			}
+		};
+
+		for (i = 0; i < length_; i++) {
+			c = data[i];
+
+			switch (state) {
+				case S.START_BOUNDARY:
+					if (index === boundary.length - 2) {
+						if (c === HYPHEN) {
+							flags |= F.LAST_BOUNDARY;
+						} else if (c !== CR) {
+							return;
+						}
+
+						index++;
+						break;
+					} else if (index - 1 === boundary.length - 2) {
+						if (flags & F.LAST_BOUNDARY && c === HYPHEN) {
+							state = S.END;
+							flags = 0;
+						} else if (!(flags & F.LAST_BOUNDARY) && c === LF) {
+							index = 0;
+							callback('onPartBegin');
+							state = S.HEADER_FIELD_START;
+						} else {
+							return;
+						}
+
+						break;
+					}
+
+					if (c !== boundary[index + 2]) {
+						index = -2;
+					}
+
+					if (c === boundary[index + 2]) {
+						index++;
+					}
+
+					break;
+				case S.HEADER_FIELD_START:
+					state = S.HEADER_FIELD;
+					mark('onHeaderField');
+					index = 0;
+					// falls through
+				case S.HEADER_FIELD:
+					if (c === CR) {
+						clear('onHeaderField');
+						state = S.HEADERS_ALMOST_DONE;
+						break;
+					}
+
+					index++;
+					if (c === HYPHEN) {
+						break;
+					}
+
+					if (c === COLON) {
+						if (index === 1) {
+							// empty header field
+							return;
+						}
+
+						dataCallback('onHeaderField', true);
+						state = S.HEADER_VALUE_START;
+						break;
+					}
+
+					cl = lower(c);
+					if (cl < A || cl > Z) {
+						return;
+					}
+
+					break;
+				case S.HEADER_VALUE_START:
+					if (c === SPACE) {
+						break;
+					}
+
+					mark('onHeaderValue');
+					state = S.HEADER_VALUE;
+					// falls through
+				case S.HEADER_VALUE:
+					if (c === CR) {
+						dataCallback('onHeaderValue', true);
+						callback('onHeaderEnd');
+						state = S.HEADER_VALUE_ALMOST_DONE;
+					}
+
+					break;
+				case S.HEADER_VALUE_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					state = S.HEADER_FIELD_START;
+					break;
+				case S.HEADERS_ALMOST_DONE:
+					if (c !== LF) {
+						return;
+					}
+
+					callback('onHeadersEnd');
+					state = S.PART_DATA_START;
+					break;
+				case S.PART_DATA_START:
+					state = S.PART_DATA;
+					mark('onPartData');
+					// falls through
+				case S.PART_DATA:
+					previousIndex = index;
+
+					if (index === 0) {
+						// boyer-moore derrived algorithm to safely skip non-boundary data
+						i += boundaryEnd;
+						while (i < bufferLength && !(data[i] in boundaryChars)) {
+							i += boundaryLength;
+						}
+
+						i -= boundaryEnd;
+						c = data[i];
+					}
+
+					if (index < boundary.length) {
+						if (boundary[index] === c) {
+							if (index === 0) {
+								dataCallback('onPartData', true);
+							}
+
+							index++;
+						} else {
+							index = 0;
+						}
+					} else if (index === boundary.length) {
+						index++;
+						if (c === CR) {
+							// CR = part boundary
+							flags |= F.PART_BOUNDARY;
+						} else if (c === HYPHEN) {
+							// HYPHEN = end boundary
+							flags |= F.LAST_BOUNDARY;
+						} else {
+							index = 0;
+						}
+					} else if (index - 1 === boundary.length) {
+						if (flags & F.PART_BOUNDARY) {
+							index = 0;
+							if (c === LF) {
+								// unset the PART_BOUNDARY flag
+								flags &= ~F.PART_BOUNDARY;
+								callback('onPartEnd');
+								callback('onPartBegin');
+								state = S.HEADER_FIELD_START;
+								break;
+							}
+						} else if (flags & F.LAST_BOUNDARY) {
+							if (c === HYPHEN) {
+								callback('onPartEnd');
+								state = S.END;
+								flags = 0;
+							} else {
+								index = 0;
+							}
+						} else {
+							index = 0;
+						}
+					}
+
+					if (index > 0) {
+						// when matching a possible boundary, keep a lookbehind reference
+						// in case it turns out to be a false lead
+						lookbehind[index - 1] = c;
+					} else if (previousIndex > 0) {
+						// if our boundary turned out to be rubbish, the captured lookbehind
+						// belongs to partData
+						const _lookbehind = new Uint8Array(lookbehind.buffer, lookbehind.byteOffset, lookbehind.byteLength);
+						callback('onPartData', 0, previousIndex, _lookbehind);
+						previousIndex = 0;
+						mark('onPartData');
+
+						// reconsider the current character even so it interrupted the sequence
+						// it could be the beginning of a new sequence
+						i--;
+					}
+
+					break;
+				case S.END:
+					break;
+				default:
+					throw new Error(`Unexpected state entered: ${state}`);
+			}
+		}
+
+		dataCallback('onHeaderField');
+		dataCallback('onHeaderValue');
+		dataCallback('onPartData');
+
+		// Update properties for the next call
+		this.index = index;
+		this.state = state;
+		this.flags = flags;
+	}
+
+	end() {
+		if ((this.state === S.HEADER_FIELD_START && this.index === 0) ||
+			(this.state === S.PART_DATA && this.index === this.boundary.length)) {
+			this.onPartEnd();
+		} else if (this.state !== S.END) {
+			throw new Error('MultipartParser.end(): stream ended unexpectedly');
+		}
+	}
+}
+
+function _fileName(headerValue) {
+	// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+	const m = headerValue.match(/\bfilename=("(.*?)"|([^()<>@,;:\\"/[\]?={}\s\t]+))($|;\s)/i);
+	if (!m) {
+		return;
+	}
+
+	const match = m[2] || m[3] || '';
+	let filename = match.slice(match.lastIndexOf('\\') + 1);
+	filename = filename.replace(/%22/g, '"');
+	filename = filename.replace(/&#(\d{4});/g, (m, code) => {
+		return String.fromCharCode(code);
+	});
+	return filename;
+}
+
+async function toFormData(Body, ct) {
+	if (!/multipart/i.test(ct)) {
+		throw new TypeError('Failed to fetch');
+	}
+
+	const m = ct.match(/boundary=(?:"([^"]+)"|([^;]+))/i);
+
+	if (!m) {
+		throw new TypeError('no or bad content-type header, no multipart boundary');
+	}
+
+	const parser = new MultipartParser(m[1] || m[2]);
+
+	let headerField;
+	let headerValue;
+	let entryValue;
+	let entryName;
+	let contentType;
+	let filename;
+	const entryChunks = [];
+	const formData = new formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__/* .FormData */ .Ct();
+
+	const onPartData = ui8a => {
+		entryValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	const appendToFile = ui8a => {
+		entryChunks.push(ui8a);
+	};
+
+	const appendFileToFormData = () => {
+		const file = new fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__/* .File */ .$B(entryChunks, filename, {type: contentType});
+		formData.append(entryName, file);
+	};
+
+	const appendEntryToFormData = () => {
+		formData.append(entryName, entryValue);
+	};
+
+	const decoder = new TextDecoder('utf-8');
+	decoder.decode();
+
+	parser.onPartBegin = function () {
+		parser.onPartData = onPartData;
+		parser.onPartEnd = appendEntryToFormData;
+
+		headerField = '';
+		headerValue = '';
+		entryValue = '';
+		entryName = '';
+		contentType = '';
+		filename = null;
+		entryChunks.length = 0;
+	};
+
+	parser.onHeaderField = function (ui8a) {
+		headerField += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderValue = function (ui8a) {
+		headerValue += decoder.decode(ui8a, {stream: true});
+	};
+
+	parser.onHeaderEnd = function () {
+		headerValue += decoder.decode();
+		headerField = headerField.toLowerCase();
+
+		if (headerField === 'content-disposition') {
+			// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
+			const m = headerValue.match(/\bname=("([^"]*)"|([^()<>@,;:\\"/[\]?={}\s\t]+))/i);
+
+			if (m) {
+				entryName = m[2] || m[3] || '';
+			}
+
+			filename = _fileName(headerValue);
+
+			if (filename) {
+				parser.onPartData = appendToFile;
+				parser.onPartEnd = appendFileToFormData;
+			}
+		} else if (headerField === 'content-type') {
+			contentType = headerValue;
+		}
+
+		headerValue = '';
+		headerField = '';
+	};
+
+	for await (const chunk of Body) {
+		parser.write(chunk);
+	}
+
+	parser.end();
+
+	return formData;
+}
+
+
+/***/ })
+
+};
+;
+//# sourceMappingURL=629.index.js.map

dist/pgp_keys.asc

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq
+KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr
+sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv
+2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5
+GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL
+KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw
+HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y
+zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue
+IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q
+Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3
+ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB
+tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv
+biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L
+vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
+EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F
+V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u
+yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV
+PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61
+BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J
+Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz
+atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL
+BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f
+JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa
+Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q
+WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN
+BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X
+VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB
+8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b
+PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9
+HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ
+ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/
+TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh
+vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R
+kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE
+SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633
+e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2
+BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13
+mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701
+0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ
+WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7
+UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU
+dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF
+o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq
+dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5
+y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL
+QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU
+8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ
+3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ=
+=ch7z
+-----END PGP PUBLIC KEY BLOCK-----

hooks/pre-commit

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -e
+
+npm install
+npm run lint
+npm run build
+git add dist/
+git add package-lock.json

index.js

@@ -1,137 +0,0 @@
-const core = require("@actions/core");
-const exec = require("@actions/exec");
-const fs = require("fs");
-const request = require('retry-request', {
-  request: require('request')
-});
-
-let fail_ci;
-try {
-  const name = core.getInput("name");
-  const token = core.getInput("token");
-  const flags = core.getInput("flags");
-  const file = core.getInput("file");
-  const env_vars = core.getInput("env_vars");
-
-  fail_ci = core.getInput("fail_ci_if_error").toLowerCase();
-
-  if (
-    fail_ci === "yes" ||
-    fail_ci === "y" ||
-    fail_ci === "true" ||
-    fail_ci === "t" ||
-    fail_ci === "1"
-  ) {
-    fail_ci = true;
-  } else {
-    fail_ci = false;
-  }
-
-  const retryOpts = {
-    retries: 3
-  };
-
-  request("https://codecov.io/bash", retryOpts, (error, response, body) => {
-    if (error && fail_ci) {
-      throw error;
-    } else if (error) {
-      core.warning(`Codecov warning: ${error.message}`);
-    }
-
-    fs.writeFile("codecov.sh", body, err => {
-      if (err && fail_ci) {
-        throw err;
-      } else if (err) {
-        core.warning(`Codecov warning: ${err.message}`);
-      }
-
-      let output = "";
-      let execError = "";
-      const options = {};
-      options.listeners = {
-        stdout: data => {
-          output += data.toString();
-        },
-        stderr: data => {
-          execError += data.toString();
-        }
-      };
-
-      options.env = Object.assign(process.env, {
-        GITHUB_ACTION: process.env.GITHUB_ACTION,
-        GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
-        GITHUB_REF: process.env.GITHUB_REF,
-        GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
-        GITHUB_SHA: process.env.GITHUB_SHA,
-        GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || ''
-      });
-
-      if(token){
-        options.env.CODECOV_TOKEN = token
-      }
-
-      const env_vars_arg = []
-      for (let env_var of env_vars.split(",")) {
-        let env_var_clean = env_var.trim();
-        if (env_var_clean) {
-          options.env[env_var_clean] = process.env[env_var_clean];
-          env_vars_arg.push(env_var_clean)
-        }
-      }
-
-      const execArgs = ["codecov.sh"];
-      if (file) {
-        execArgs.push(
-          "-f", `${file}`
-        );
-      }
-
-      execArgs.push(
-        "-n", `${name}`,
-        "-F", `${flags}`
-      );
-
-      if (fail_ci) {
-        execArgs.push(
-          "-Z"
-        );
-      }
-
-      if (env_vars_arg.length) {
-        execArgs.push(
-          "-e", env_vars_arg.join(",")
-        );
-      }
-
-      exec.exec("bash", execArgs, options)
-        .catch(err => {
-          if (fail_ci) {
-            core.setFailed(
-              `Codecov failed with the following error: ${err.message}`
-            );
-          } else {
-            core.warning(`Codecov warning: ${err.message}`);
-          }
-        })
-        .then(() => {
-          unlinkFile();
-        });
-
-      const unlinkFile = () => {
-        fs.unlink("codecov.sh", err => {
-          if (err && fail_ci) {
-            throw err;
-          } else if (err) {
-            core.warning(`Codecov warning: ${err.message}`);
-          }
-        });
-      };
-    });
-  });
-} catch (error) {
-  if (fail_ci) {
-    core.setFailed(`Codecov failed with the following error: ${error.message}`);
-  } else {
-    core.warning(`Codecov warning: ${error.message}`);
-  }
-}

install.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+if ! [ -e .git ]; then
+    echo "Please run this from repo root directory"
+    exit 1
+fi
+
+cd .git/hooks
+for i in pre-commit; do
+    rm -fv $i
+    ln -sv ../../hooks/$i
+done

jest.config.js

@@ -0,0 +1,4 @@
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+};

package.json

@@ -1,30 +1,45 @@
 {
   "name": "codecov-action",
-  "version": "1.0.5",
+  "version": "3.1.3",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
-    "build": "ncc build index.js"
+    "build": "ncc build src/index.ts --source-map",
+    "lint": "eslint src/**/*.ts",
+    "test": "npm run test-script && npm run test-calculator && npm run test-coverage",
+    "test-calculator": "jest --testPathPattern=demo/calculator/ --coverage --coverageDirectory=coverage/calculator",
+    "test-coverage": "jest --testPathPattern=demo/coverage-test/ --coverage --coverageDirectory=coverage/coverage-test",
+    "test-script": "jest --testPathPattern=src/ --coverage --coverageDirectory=coverage/script"
   },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/codecov/codecov-action.git"
   },
   "keywords": [],
-  "author": "Ibrahim Ali",
+  "author": "Codecov",
   "license": "MIT",
   "bugs": {
     "url": "https://github.com/codecov/codecov-action/issues"
   },
   "homepage": "https://github.com/codecov/codecov-action#readme",
   "dependencies": {
-    "@actions/core": "^1.2.0",
-    "@actions/exec": "^1.0.1",
-    "@zeit/ncc": "^0.20.5",
-    "fs": "0.0.1-security",
-    "request": "^2.88.0",
-    "retry-request": "^4.1.1"
+    "@actions/core": "^1.10.0",
+    "@actions/exec": "^1.1.1",
+    "@actions/github": "^5.1.1",
+    "node-fetch": "^3.3.1",
+    "openpgp": "5.8"
   },
-  "devDependencies": {}
+  "devDependencies": {
+    "@types/jest": "^27.5.0",
+    "@types/node": "^18.15.12",
+    "@typescript-eslint/eslint-plugin": "^4.29.2",
+    "@typescript-eslint/parser": "^4.29.2",
+    "@vercel/ncc": "^0.36.1",
+    "eslint": "^7.32.0",
+    "eslint-config-google": "^0.14.0",
+    "jest": "^26.6.3",
+    "jest-junit": "^16.0.0",
+    "ts-jest": "^26.5.6",
+    "typescript": "^4.9.5"
+  }
 }

src/buildExec.test.ts

@@ -0,0 +1,225 @@
+import * as github from '@actions/github';
+
+import buildExec from './buildExec';
+
+/* eslint-disable  @typescript-eslint/no-var-requires */
+const {version} = require('../package.json');
+
+const context = github.context;
+
+test('no arguments', () => {
+  const {execArgs, failCi} = buildExec();
+
+  const args = [
+    '-n',
+    '',
+    '-Q',
+    `github-action-${version}`,
+  ];
+  if (context.eventName == 'pull_request') {
+    args.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  expect(execArgs).toEqual(args);
+  expect(failCi).toBeFalsy();
+});
+
+test('all arguments', () => {
+  const envs = {
+    'commit_parent': '83231650328f11695dfb754ca0f540516f188d27',
+    'directory': 'coverage/',
+    'dry_run': 'true',
+    'env_vars': 'OS,PYTHON',
+    'fail_ci_if_error': 'true',
+    'file': 'coverage.xml',
+    'files': 'dir1/coverage.xml,dir2/coverage.xml',
+    'flags': 'test,test2',
+    'functionalities':
+      'network',
+    'full_report': 'oldDir/oldReport.json',
+    'gcov': 'true',
+    'gcov_args': '-v',
+    'gcov_ignore': '*.fake',
+    'gcov_include': 'real_file',
+    'gcov_executable': 'gcov2',
+    'move_coverage_to_trash': 'true',
+    'name': 'codecov',
+    'network_filter': 'src/',
+    'network_prefix': 'build/',
+    'override_branch': 'thomasrockhu/test',
+    'override_build': '1',
+    'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
+    'override_pr': '2',
+    'override_tag': 'v1.2',
+    'root_dir': 'root/',
+    'swift': 'true',
+    'swift_project': 'MyApp',
+    'slug': 'fakeOwner/fakeRepo',
+    'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
+    'upstream_proxy': 'https://codecov.example.com',
+    'url': 'https://codecov.enterprise.com',
+    'verbose': 't',
+    'xcode': 'true',
+    'xcode_archive_path': '/test.xcresult',
+    'xtra_args': '-some -other -args',
+  };
+
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {execArgs, failCi} = buildExec();
+  expect(execArgs).toEqual([
+    '-n',
+    'codecov',
+    '-Q',
+    `github-action-${version}`,
+    '-c',
+    '-N',
+    '83231650328f11695dfb754ca0f540516f188d27',
+    '-d',
+    '-e',
+    'OS,PYTHON',
+    '-X',
+    'network',
+    '-Z',
+    '-f',
+    'coverage.xml',
+    '-f',
+    'dir1/coverage.xml',
+    '-f',
+    'dir2/coverage.xml',
+    '-full',
+    'oldDir/oldReport.json',
+    '-F',
+    'test',
+    '-F',
+    'test2',
+    '-g',
+    '-gcovArgs',
+    '-v',
+    '-gcovIgnore',
+    '*.fake',
+    '-gcovInclude',
+    'real_file',
+    '-gcovExecutable',
+    'gcov2',
+    '-networkFilter',
+    'src/',
+    '-networkPrefix',
+    'build/',
+    '-B',
+    'thomasrockhu/test',
+    '-b',
+    '1',
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '-P',
+    '2',
+    '-T',
+    'v1.2',
+    '-R',
+    'root/',
+    '-s',
+    'coverage/',
+    '-r',
+    'fakeOwner/fakeRepo',
+    '-xs',
+    '-xsp',
+    'MyApp',
+    '-U',
+    'https://codecov.example.com',
+    '-u',
+    'https://codecov.enterprise.com',
+    '-v',
+    '-xc',
+    '-xp',
+    '/test.xcresult',
+    '-some -other -args',
+  ]);
+  expect(failCi).toBeTruthy();
+
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+describe('trim arguments after splitting them', () => {
+  const baseExpectation = [
+    '-n',
+    expect.stringContaining(''),
+    '-Q',
+    expect.stringContaining('github-action'),
+  ];
+
+  test('files', () => {
+    const envs = {'files': './client-coverage.txt, ./lcov.info'};
+
+    for (const [name, value] of Object.entries(envs)) {
+      process.env['INPUT_' + name.toUpperCase()] = value;
+    }
+
+    const {execArgs} = buildExec();
+
+    expect(execArgs).toEqual(
+        expect.arrayContaining([
+          ...baseExpectation,
+          '-f',
+          './client-coverage.txt',
+          '-f',
+          './lcov.info',
+        ]),
+    );
+
+    for (const env of Object.keys(envs)) {
+      delete process.env['INPUT_' + env.toUpperCase()];
+    }
+  });
+
+  test('flags', () => {
+    const envs = {'flags': 'ios, mobile'};
+
+    for (const [name, value] of Object.entries(envs)) {
+      process.env['INPUT_' + name.toUpperCase()] = value;
+    }
+
+    const {execArgs} = buildExec();
+
+    expect(execArgs).toEqual(
+        expect.arrayContaining([
+          ...baseExpectation,
+          '-F',
+          'ios',
+          '-F',
+          'mobile',
+        ]),
+    );
+
+    for (const env of Object.keys(envs)) {
+      delete process.env['INPUT_' + env.toUpperCase()];
+    }
+  });
+
+  test('functionalities', () => {
+    const envs = {'functionalities': 'network, gcov'};
+
+    for (const [name, value] of Object.entries(envs)) {
+      process.env['INPUT_' + name.toUpperCase()] = value;
+    }
+
+    const {execArgs} = buildExec();
+
+    expect(execArgs).toEqual(
+        expect.arrayContaining([
+          ...baseExpectation,
+          '-X',
+          'network',
+          '-X',
+          'gcov',
+        ]),
+    );
+
+    for (const env of Object.keys(envs)) {
+      delete process.env['INPUT_' + env.toUpperCase()];
+    }
+  });
+});

src/buildExec.ts

@@ -0,0 +1,216 @@
+import * as core from '@actions/core';
+import * as github from '@actions/github';
+
+import {version} from '../package.json';
+
+const context = github.context;
+
+const isTrue = (variable) => {
+  const lowercase = variable.toLowerCase();
+  return (
+    lowercase === '1' ||
+    lowercase === 't' ||
+    lowercase === 'true' ||
+    lowercase === 'y' ||
+    lowercase === 'yes'
+  );
+};
+
+const buildExec = () => {
+  const clean = core.getInput('move_coverage_to_trash');
+  const commitParent = core.getInput('commit_parent');
+  const dryRun = isTrue(core.getInput('dry_run'));
+  const envVars = core.getInput('env_vars');
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
+  const file = core.getInput('file');
+  const files = core.getInput('files');
+  const flags = core.getInput('flags');
+  const fullReport = core.getInput('full_report');
+  const functionalities = core.getInput('functionalities');
+  const gcov = core.getInput('gcov');
+  const gcovArgs = core.getInput('gcov_args');
+  const gcovExecutable = core.getInput('gcov_executable');
+  const gcovIgnore = core.getInput('gcov_ignore');
+  const gcovInclude = core.getInput('gcov_include');
+  const name = core.getInput('name');
+  const networkFilter = core.getInput('network_filter');
+  const networkPrefix = core.getInput('network_prefix');
+  const os = core.getInput('os');
+  const overrideBranch = core.getInput('override_branch');
+  const overrideBuild = core.getInput('override_build');
+  const overrideCommit = core.getInput('override_commit');
+  const overridePr = core.getInput('override_pr');
+  const overrideTag = core.getInput('override_tag');
+  const rootDir = core.getInput('root_dir');
+  const searchDir = core.getInput('directory');
+  const slug = core.getInput('slug');
+  const swift = core.getInput('swift');
+  const swiftProject = core.getInput('swift_project');
+  const token = core.getInput('token');
+  const upstream = core.getInput('upstream_proxy');
+  const url = core.getInput('url');
+  const verbose = isTrue(core.getInput('verbose'));
+  const xcode = core.getInput('xcode');
+  const xcodeArchivePath = core.getInput('xcode_archive_path');
+  const xtraArgs = core.getInput('xtra_args');
+  let uploaderVersion = core.getInput('version');
+
+  const execArgs = [];
+  execArgs.push(
+      '-n',
+      `${name}`,
+      '-Q',
+      `github-action-${version}`,
+  );
+
+  const options:any = {};
+  options.env = Object.assign(process.env, {
+    GITHUB_ACTION: process.env.GITHUB_ACTION,
+    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
+    GITHUB_REF: process.env.GITHUB_REF,
+    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
+    GITHUB_SHA: process.env.GITHUB_SHA,
+    GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
+  });
+
+  const envVarsArg = [];
+  for (const envVar of envVars.split(',')) {
+    const envVarClean = envVar.trim();
+    if (envVarClean) {
+      options.env[envVarClean] = process.env[envVarClean];
+      envVarsArg.push(envVarClean);
+    }
+  }
+
+  if (token) {
+    options.env.CODECOV_TOKEN = token;
+  }
+  if (clean) {
+    execArgs.push('-c');
+  }
+  if (commitParent) {
+    execArgs.push('-N', `${commitParent}`);
+  }
+  if (dryRun) {
+    execArgs.push('-d');
+  }
+  if (envVarsArg.length) {
+    execArgs.push('-e', envVarsArg.join(','));
+  }
+  if (functionalities) {
+    functionalities.split(',').map((f) => f.trim()).forEach((f) => {
+      execArgs.push('-X', `${f}`);
+    });
+  }
+  if (failCi) {
+    execArgs.push('-Z');
+  }
+  if (file) {
+    execArgs.push('-f', `${file}`);
+  }
+  if (files) {
+    files.split(',').map((f) => f.trim()).forEach((f) => {
+      execArgs.push('-f', `${f}`);
+    });
+  }
+  if (fullReport) {
+    execArgs.push('-full', `${fullReport}`);
+  }
+  if (flags) {
+    flags.split(',').map((f) => f.trim()).forEach((f) => {
+      execArgs.push('-F', `${f}`);
+    });
+  }
+
+  if (gcov) {
+    execArgs.push('-g');
+  }
+  if (gcovArgs) {
+    execArgs.push('-gcovArgs', `${gcovArgs}`);
+  }
+  if (gcovIgnore) {
+    execArgs.push('-gcovIgnore', `${gcovIgnore}`);
+  }
+  if (gcovInclude) {
+    execArgs.push('-gcovInclude', `${gcovInclude}`);
+  }
+  if (gcovExecutable) {
+    execArgs.push('-gcovExecutable', `${gcovExecutable}`);
+  }
+
+  if (networkFilter) {
+    execArgs.push('-networkFilter', `${networkFilter}`);
+  }
+  if (networkPrefix) {
+    execArgs.push('-networkPrefix', `${networkPrefix}`);
+  }
+
+  if (overrideBranch) {
+    execArgs.push('-B', `${overrideBranch}`);
+  }
+  if (overrideBuild) {
+    execArgs.push('-b', `${overrideBuild}`);
+  }
+  if (overrideCommit) {
+    execArgs.push('-C', `${overrideCommit}`);
+  } else if (
+    `${context.eventName}` == 'pull_request' ||
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    execArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (overridePr) {
+    execArgs.push('-P', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    execArgs.push('-P', `${context.payload.number}`);
+  }
+  if (overrideTag) {
+    execArgs.push('-T', `${overrideTag}`);
+  }
+  if (rootDir) {
+    execArgs.push('-R', `${rootDir}`);
+  }
+  if (searchDir) {
+    execArgs.push('-s', `${searchDir}`);
+  }
+  if (slug) {
+    execArgs.push('-r', `${slug}`);
+  }
+  if (swift) {
+    execArgs.push('-xs');
+  }
+  if (swift && swiftProject) {
+    execArgs.push('-xsp', `${swiftProject}`);
+  }
+  if (upstream) {
+    execArgs.push('-U', `${upstream}`);
+  }
+  if (url) {
+    execArgs.push('-u', `${url}`);
+  }
+  if (verbose) {
+    execArgs.push('-v');
+  }
+  if (xcode && xcodeArchivePath) {
+    execArgs.push('-xc');
+    execArgs.push('-xp', `${xcodeArchivePath}`);
+  }
+
+  if (uploaderVersion == '') {
+    uploaderVersion = 'latest';
+  }
+
+  if (verbose) {
+    console.debug({execArgs});
+  }
+
+  if (xtraArgs) {
+    execArgs.push(`${xtraArgs}`);
+  }
+
+  return {execArgs, options, failCi, os, uploaderVersion, verbose};
+};
+
+export default buildExec;

src/helpers.test.ts

@@ -0,0 +1,72 @@
+import {
+  getBaseUrl,
+  getPlatform,
+  isValidPlatform,
+  isWindows,
+  PLATFORMS,
+} from './helpers';
+
+let OLDOS = process.env.RUNNER_OS;
+
+beforeEach(() => {
+  jest.resetModules();
+  OLDOS = process.env.RUNNER_OS;
+});
+
+afterAll(() => {
+  process.env.RUNNER_OS = OLDOS;
+});
+
+test('getPlatform', () => {
+  expect(getPlatform('linux')).toBe('linux');
+  expect(getPlatform('windows')).toBe('windows');
+
+  const defaultPlatform =
+      process.env.RUNNER_OS ? process.env.RUNNER_OS.toLowerCase() : 'linux';
+  expect(getPlatform('fakeos')).toBe(defaultPlatform);
+  expect(getPlatform()).toBe(defaultPlatform);
+
+  process.env.RUNNER_OS = 'macos';
+  expect(getPlatform('fakeos')).toBe('macos');
+  expect(getPlatform()).toBe('macos');
+
+  process.env.RUNNER_OS = 'alsofakeos';
+  expect(getPlatform()).toBe('linux');
+  expect(getPlatform('fakeos')).toBe('linux');
+});
+
+test('getBaseUrl', () => {
+  expect(PLATFORMS.map((platform) => {
+    return getBaseUrl(platform, 'latest');
+  })).toEqual([
+    'https://uploader.codecov.io/latest/aarch64/codecov',
+    'https://uploader.codecov.io/latest/alpine/codecov',
+    'https://uploader.codecov.io/latest/linux/codecov',
+    'https://uploader.codecov.io/latest/macos/codecov',
+    'https://uploader.codecov.io/latest/windows/codecov.exe',
+  ]);
+
+  expect(PLATFORMS.map((platform) => {
+    return getBaseUrl(platform, 'v0.1.0_8880');
+  })).toEqual([
+    'https://uploader.codecov.io/v0.1.0_8880/aarch64/codecov',
+    'https://uploader.codecov.io/v0.1.0_8880/alpine/codecov',
+    'https://uploader.codecov.io/v0.1.0_8880/linux/codecov',
+    'https://uploader.codecov.io/v0.1.0_8880/macos/codecov',
+    'https://uploader.codecov.io/v0.1.0_8880/windows/codecov.exe',
+  ]);
+});
+
+test('isWindows', () => {
+  expect(PLATFORMS.map((platform) => {
+    return isWindows(platform);
+  })).toEqual([false, false, false, false, true]);
+});
+
+test('isValidPlatform', () => {
+  expect(PLATFORMS.map((platform) => {
+    return isValidPlatform(platform);
+  })).toEqual([true, true, true, true, true]);
+
+  expect(isValidPlatform('fakeos')).toBeFalsy();
+});

src/helpers.ts

@@ -0,0 +1,64 @@
+import * as core from '@actions/core';
+
+const PLATFORMS = [
+  'aarch64',
+  'alpine',
+  'linux',
+  'macos',
+  'windows',
+];
+
+const setFailure = (message: string, failCi: boolean): void => {
+    failCi ? core.setFailed(message) : core.warning(message);
+    if (failCi) {
+      process.exit();
+    }
+};
+
+const getUploaderName = (platform: string): string => {
+  if (isWindows(platform)) {
+    return 'codecov.exe';
+  } else {
+    return 'codecov';
+  }
+};
+
+const isValidPlatform = (platform: string): boolean => {
+  return PLATFORMS.includes(platform);
+};
+
+const isWindows = (platform: string): boolean => {
+  return platform === 'windows';
+};
+
+const getPlatform = (os?: string): string => {
+  if (isValidPlatform(os)) {
+    core.info(`==> ${os} OS provided`);
+    return os;
+  }
+
+  const platform = process.env.RUNNER_OS?.toLowerCase();
+  if (isValidPlatform(platform)) {
+    core.info(`==> ${platform} OS detected`);
+    return platform;
+  }
+
+  core.info(
+      '==> Could not detect OS or provided OS is invalid. Defaulting to linux',
+  );
+  return 'linux';
+};
+
+const getBaseUrl = (platform: string, version: string): string => {
+  return `https://uploader.codecov.io/${version}/${platform}/${getUploaderName(platform)}`;
+};
+
+export {
+  PLATFORMS,
+  getBaseUrl,
+  getPlatform,
+  getUploaderName,
+  isValidPlatform,
+  isWindows,
+  setFailure,
+};

src/index.ts

@@ -0,0 +1,65 @@
+import * as fs from 'fs';
+import * as https from 'https';
+import * as path from 'path';
+
+import * as exec from '@actions/exec';
+
+import buildExec from './buildExec';
+import {
+  getBaseUrl,
+  getPlatform,
+  getUploaderName,
+  setFailure,
+} from './helpers';
+
+import verify from './validate';
+import versionInfo from './version';
+
+let failCi;
+
+try {
+  const {execArgs, options, failCi, os, uploaderVersion, verbose} = buildExec();
+  const platform = getPlatform(os);
+
+  const filename = path.join( __dirname, getUploaderName(platform));
+  https.get(getBaseUrl(platform, uploaderVersion), (res) => {
+    // Image will be stored at this path
+    const filePath = fs.createWriteStream(filename);
+    res.pipe(filePath);
+    filePath
+        .on('error', (err) => {
+          setFailure(
+              `Codecov: Failed to write uploader binary: ${err.message}`,
+              true,
+          );
+        }).on('finish', async () => {
+          filePath.close();
+
+          await verify(filename, platform, uploaderVersion, verbose, failCi);
+          await versionInfo(platform, uploaderVersion);
+          await fs.chmodSync(filename, '777');
+
+          const unlink = () => {
+            fs.unlink(filename, (err) => {
+              if (err) {
+                setFailure(
+                    `Codecov: Could not unlink uploader: ${err.message}`,
+                    failCi,
+                );
+              }
+            });
+          };
+          await exec.exec(filename, execArgs, options)
+              .catch((err) => {
+                setFailure(
+                    `Codecov: Failed to properly upload: ${err.message}`,
+                    failCi,
+                );
+              }).then(() => {
+                unlink();
+              });
+        });
+  });
+} catch (err) {
+  setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
+}

src/pgp_keys.asc

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq
+KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr
+sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv
+2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5
+GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL
+KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw
+HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y
+zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue
+IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q
+Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3
+ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB
+tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv
+biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L
+vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
+EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F
+V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u
+yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV
+PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61
+BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J
+Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz
+atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL
+BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f
+JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa
+Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q
+WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN
+BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X
+VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB
+8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b
+PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9
+HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ
+ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/
+TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh
+vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R
+kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE
+SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633
+e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2
+BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13
+mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701
+0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ
+WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7
+UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU
+dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF
+o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq
+dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5
+y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL
+QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU
+8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ
+3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ=
+=ch7z
+-----END PGP PUBLIC KEY BLOCK-----

src/validate.ts

@@ -0,0 +1,91 @@
+import * as crypto from 'crypto';
+import * as fs from 'fs';
+import * as path from 'path';
+
+import * as core from '@actions/core';
+import * as openpgp from 'openpgp';
+import * as fetch from 'node-fetch';
+
+import {
+  getBaseUrl,
+  getUploaderName,
+  setFailure,
+} from './helpers';
+
+const verify = async (
+    filename: string,
+    platform: string,
+    version: string,
+    verbose: boolean,
+    failCi: boolean,
+): Promise<void> => {
+  try {
+    const uploaderName = getUploaderName(platform);
+
+    // Read in public key
+    const publicKeyArmored = await fs.readFileSync(
+        path.join(__dirname, 'pgp_keys.asc'),
+        'utf-8',
+    );
+
+    // Get SHASUM and SHASUM signature files
+    console.log(`${getBaseUrl(platform, version)}.SHA256SUM`);
+    const shasumRes = await fetch.default(
+        `${getBaseUrl(platform, version)}.SHA256SUM`,
+    );
+    const shasum = await shasumRes.text();
+    if (verbose) {
+      console.log(`Received SHA256SUM ${shasum}`);
+    }
+
+    const shaSigRes = await fetch.default(
+        `${getBaseUrl(platform, version)}.SHA256SUM.sig`,
+    );
+    const shaSig = await shaSigRes.text();
+    if (verbose) {
+      console.log(`Received SHA256SUM signature ${shaSig}`);
+    }
+
+    // Verify shasum
+    const verified = await openpgp.verify({
+      message: await openpgp.createMessage({text: shasum}),
+      signature: await openpgp.readSignature({armoredSignature: shaSig}),
+      verificationKeys: await openpgp.readKeys({armoredKeys: publicKeyArmored}),
+    });
+    const valid = await verified.signatures[0].verified;
+    if (valid) {
+      core.info('==> SHASUM file signed by key id ' +
+          verified.signatures[0].keyID.toHex(),
+      );
+    } else {
+      setFailure('Codecov: Error validating SHASUM signature', failCi);
+    }
+
+    const calculateHash = async (filename: string) => {
+      const stream = fs.createReadStream(filename);
+      const uploaderSha = crypto.createHash(`sha256`);
+      stream.pipe(uploaderSha);
+
+      return new Promise((resolve, reject) => {
+        stream.on('end', () => resolve(
+            `${uploaderSha.digest('hex')}  ${uploaderName}`,
+        ));
+        stream.on('error', reject);
+      });
+    };
+
+    const hash = await calculateHash(filename);
+    if (hash === shasum) {
+      core.info(`==> Uploader SHASUM verified (${hash})`);
+    } else {
+      setFailure(
+          'Codecov: Uploader shasum does not match -- ' +
+            `uploader hash: ${hash}, public hash: ${shasum}`,
+          failCi,
+      );
+    }
+  } catch (err) {
+    setFailure(`Codecov: Error validating uploader: ${err.message}`, failCi);
+  }
+};
+export default verify;

src/version.ts

@@ -0,0 +1,22 @@
+import * as core from '@actions/core';
+import * as fetch from 'node-fetch';
+
+const versionInfo = async (
+    platform: string,
+    version?: string,
+): Promise<void> => {
+  if (version) {
+    core.info(`==> Running version ${version}`);
+  }
+
+  try {
+    const metadataRes = await fetch.default( `https://uploader.codecov.io/${platform}/latest`, {
+      headers: {'Accept': 'application/json'},
+    });
+    const metadata = await metadataRes.json();
+    core.info(`==> Running version ${metadata['version']}`);
+  } catch (err) {
+    core.info(`Could not pull latest version information: ${err}`);
+  }
+};
+export default versionInfo;

tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "esModuleInterop": true,
+    "moduleResolution": "node",
+    "outDir": "dist/",
+    "resolveJsonModule": true,
+    "rootDir": ".",
+    "sourceMap": true,
+    "target": "es2015"
+  },
+  "include": [
+    "src/**/*.ts"
+  ],
+  "exclude": [
+    "src/**/*.test.ts"
+  ]
+}