Merge pull request #515 from codecov/specify-version

Allow specifying version of Codecov uploader

.github/dependabot.yml

@@ -1,7 +1,12 @@
 version: 2
 updates:
 - package-ecosystem: npm
-  directory: "/"
+  directory: /
   schedule:
     interval: daily
   open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: /
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10

.github/workflows/main.yml

@@ -1,6 +1,35 @@
 name: Workflow for Codecov Action
 on: [push, pull_request]
 jobs:
+  no-deps:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: demo,${{ matrix.os }}
+          name: codecov-demo
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.1.0_8880
   run:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -28,3 +57,11 @@ jobs:
           file: ./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
           name: codecov-demo
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.1.0_8880

CHANGELOG.md

@@ -1,3 +1,42 @@
+## 2.1.0
+### Features
+- #515 Allow specifying version of Codecov uploader
+
+### Dependencies
+- #499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0
+- #508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
+- #514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0
+
+## 2.0.3
+### Fixes
+- #464 Fix wrong link in the readme
+- #485 fix: Add override OS and linux default to platform
+
+### Dependencies
+- #447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5
+- #458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
+- #465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1
+- #466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1
+- #468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0
+- #470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0
+- #472 build(deps): bump path-parse from 1.0.6 to 1.0.7
+- #473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1
+- #478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2
+- #479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2
+- #481 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2
+- #483 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2
+- #484 build(deps): bump @actions/core from 1.4.0 to 1.5.0
+
+## 2.0.2
+### Fixes
+- Underlying uploader fixes issues with tokens not being sent properly for users seeing
+  `Error!: Error: Error uploading to https://codecov.io: Error: Error uploading to Codecov: Error: Not Found`
+- #440 fix: Validation ordering
+
+## 2.0.1
+### Fixes
+- #424 fix: Issue in building all deep dependencies
+
 ## 2.0.0
 On February 1, 2022, the `v1` uploader will be full sunset and no longer function. This is due
 to the deprecation of the underlying bash uploader. This version uses the new [uploader](https://github.com/codecov/uploader).

Makefile

@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat package.json | grep '"version": ' | cut -d\" -f4))
-	git tag -d v1
-	git push origin :v1
-	git tag v1
+	git tag -d v2
+	git push origin :v2
+	git tag v2
 	git tag v$(VERSION) -m ""
 	git push origin --tags

README.md

@@ -1,6 +1,6 @@
 # Codecov GitHub Action
 
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v1-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v2-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
@@ -10,7 +10,7 @@
 ## ⚠️  Deprecration of v1
 **On February 1, 2022, this version will be fully sunset and no longer function**
 
-Due to the [deprecation](https://about.codecov.io/blog/introducting-codecovs-new-uploader/) of the underlying bash uploader,
+Due to the [deprecation](https://about.codecov.io/blog/introducing-codecovs-new-uploader/) of the underlying bash uploader,
 the Codecov GitHub Action has released `v2` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
 more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
 
@@ -73,6 +73,7 @@ Codecov's Action currently supports five inputs from the user: `token`, `file`,
 | `slug` | Specify the slug manually (Enterprise use) | Optional
 | `url` | Change the upload host (Enterprise use) | Optional
 | `verbose` | Specify whether the Codecov output should be verbose | Optional
+| `version` | Specify which version of the Codecov Uploader should be used. Defaults to `latest` | Optional
 | `working-directory` | Directory in which to execute `codecov.sh` | Optional
 
 ### Example `workflow.yml` with Codecov Action

action.yml

@@ -53,6 +53,9 @@ inputs:
   override_tag:
     description: 'Specify the git tag'
     required: false
+  os:
+    description: 'Override the assumed OS. Options are alpine | linux | macos | windows.'
+    required: false
   root_dir:
     description: 'Used when not in git/hg project to identify project root directory'
     required: false
@@ -65,6 +68,9 @@ inputs:
   verbose:
     description: 'Specify whether the Codecov output should be verbose'
     required: false
+  version:
+    description: 'Specify which version of the Codecov Uploader should be used. Defaults to `latest`'
+    required: false
   working-directory:
     description: 'Directory in which to execute codecov.sh'
     required: false

package.json

@@ -1,10 +1,10 @@
 {
   "name": "codecov-action",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
-    "build": "ncc build src/index.ts",
+    "build": "ncc build src/index.ts --source-map",
     "lint": "eslint src/**/*.ts",
     "test": "npm run test-script && npm run test-calculator && npm run test-coverage",
     "test-calculator": "jest --testPathPattern=demo/calculator/ --coverage --coverageDirectory=coverage/calculator",
@@ -23,19 +23,19 @@
   },
   "homepage": "https://github.com/codecov/codecov-action#readme",
   "dependencies": {
-    "@actions/core": "^1.4.0",
+    "@actions/core": "^1.5.0",
     "@actions/exec": "^1.1.0",
     "@actions/github": "^5.0.0",
     "node-fetch": "^2.6.1",
-    "openpgp": "^4.10.10"
+    "openpgp": "^5.0.0"
   },
   "devDependencies": {
-    "@types/jest": "^26.0.24",
-    "@types/node": "^16.0.1",
-    "@typescript-eslint/eslint-plugin": "^4.28.3",
-    "@typescript-eslint/parser": "^4.28.3",
-    "@vercel/ncc": "^0.28.6",
-    "eslint": "^7.30.0",
+    "@types/jest": "^27.0.1",
+    "@types/node": "^16.9.0",
+    "@typescript-eslint/eslint-plugin": "^4.29.2",
+    "@typescript-eslint/parser": "^4.29.2",
+    "@vercel/ncc": "^0.30.0",
+    "eslint": "^7.32.0",
     "eslint-config-google": "^0.14.0",
     "jest": "^26.6.3",
     "jest-junit": "^12.2.0",

src/buildExec.ts

@@ -1,8 +1,7 @@
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
-/* eslint-disable  @typescript-eslint/no-var-requires */
-const {version} = require('../package.json');
+import {version} from '../package.json';
 
 const context = github.context;
 
@@ -28,6 +27,7 @@ const buildExec = () => {
   const flags = core.getInput('flags');
   const functionalities = core.getInput('functionalities');
   const name = core.getInput('name');
+  const os = core.getInput('os');
   const overrideBranch = core.getInput('override_branch');
   const overrideBuild = core.getInput('override_build');
   const overrideCommit = core.getInput('override_commit');
@@ -37,8 +37,9 @@ const buildExec = () => {
   const searchDir = core.getInput('directory');
   const slug = core.getInput('slug');
   const token = core.getInput('token');
-  const verbose = isTrue(core.getInput('verbose'));
+  let uploaderVersion = core.getInput('version');
   const url = core.getInput('url');
+  const verbose = isTrue(core.getInput('verbose'));
   const workingDir = core.getInput('working-directory');
 
   const execArgs = [];
@@ -147,7 +148,11 @@ const buildExec = () => {
     options.cwd = workingDir;
   }
 
-  return {execArgs, options, failCi};
+  if (uploaderVersion == '') {
+    uploaderVersion = 'latest';
+  }
+
+  return {execArgs, options, failCi, os, uploaderVersion};
 };
 
 export default buildExec;

src/helpers.test.ts

@@ -0,0 +1,70 @@
+import {
+  getBaseUrl,
+  getPlatform,
+  isValidPlatform,
+  isWindows,
+  PLATFORMS,
+} from './helpers';
+
+let OLDOS = process.env.RUNNER_OS;
+
+beforeEach(() => {
+  jest.resetModules();
+  OLDOS = process.env.RUNNER_OS;
+});
+
+afterAll(() => {
+  process.env.RUNNER_OS = OLDOS;
+});
+
+test('getPlatform', () => {
+  expect(getPlatform('linux')).toBe('linux');
+  expect(getPlatform('windows')).toBe('windows');
+
+  const defaultPlatform =
+      process.env.RUNNER_OS ? process.env.RUNNER_OS.toLowerCase() : 'linux';
+  expect(getPlatform('fakeos')).toBe(defaultPlatform);
+  expect(getPlatform()).toBe(defaultPlatform);
+
+  process.env.RUNNER_OS = 'macos';
+  expect(getPlatform('fakeos')).toBe('macos');
+  expect(getPlatform()).toBe('macos');
+
+  process.env.RUNNER_OS = 'alsofakeos';
+  expect(getPlatform()).toBe('linux');
+  expect(getPlatform('fakeos')).toBe('linux');
+});
+
+test('getBaseUrl', () => {
+  expect(PLATFORMS.map((platform) => {
+    return getBaseUrl(platform, 'latest');
+  })).toEqual([
+    'https://uploader.codecov.io/latest/alpine/codecov',
+    'https://uploader.codecov.io/latest/linux/codecov',
+    'https://uploader.codecov.io/latest/macos/codecov',
+    'https://uploader.codecov.io/latest/windows/codecov.exe',
+  ]);
+
+  expect(PLATFORMS.map((platform) => {
+    return getBaseUrl(platform, 'v0.1.0_8880');
+  })).toEqual([
+    'https://uploader.codecov.io/v0.1.0_8880/alpine/codecov',
+    'https://uploader.codecov.io/v0.1.0_8880/linux/codecov',
+    'https://uploader.codecov.io/v0.1.0_8880/macos/codecov',
+    'https://uploader.codecov.io/v0.1.0_8880/windows/codecov.exe',
+  ]);
+});
+
+test('isWindows', () => {
+  expect(PLATFORMS.map((platform) => {
+    return isWindows(platform);
+  })).toEqual([false, false, false, true]);
+});
+
+test('isValidPlatform', () => {
+  expect(PLATFORMS.map((platform) => {
+    return isValidPlatform(platform);
+  })).toEqual([true, true, true, true]);
+
+  expect(isValidPlatform('fakeos')).toBeFalsy();
+});

src/helpers.ts

@@ -9,30 +9,47 @@ const setFailure = (message: string, failCi: boolean): void => {
     }
 };
 
-const getUploaderName = (): string => {
-  if (isWindows()) {
+const getUploaderName = (platform: string): string => {
+  if (isWindows(platform)) {
     return 'codecov.exe';
   } else {
     return 'codecov';
   }
 };
 
-const isValidPlatform = (): boolean => {
-  return PLATFORMS.includes(getPlatform());
+const isValidPlatform = (platform: string): boolean => {
+  return PLATFORMS.includes(platform);
 };
 
-const isWindows = (): boolean => {
-  return getPlatform() === 'windows';
+const isWindows = (platform: string): boolean => {
+  return platform === 'windows';
 };
 
-const getPlatform = (): string => {
-  return process.env.RUNNER_OS.toLowerCase();
+const getPlatform = (os?: string): string => {
+  if (isValidPlatform(os)) {
+    core.info(`==> ${os} OS provided`);
+    return os;
+  }
+
+  const platform = process.env.RUNNER_OS?.toLowerCase();
+  if (isValidPlatform(platform)) {
+    core.info(`==> ${platform} OS detected`);
+    return platform;
+  }
+
+  core.info(
+      '==> Could not detect OS or provided OS is invalid. Defaulting to linux',
+  );
+  return 'linux';
 };
 
-const BASEURL = `https://uploader.codecov.io/latest/${getPlatform()}/${getUploaderName()}`;
+const getBaseUrl = (platform: string, version: string): string => {
+  return `https://uploader.codecov.io/${version}/${platform}/${getUploaderName(platform)}`;
+};
 
 export {
-  BASEURL,
+  PLATFORMS,
+  getBaseUrl,
   getPlatform,
   getUploaderName,
   isValidPlatform,

src/index.ts

@@ -6,28 +6,23 @@ import * as exec from '@actions/exec';
 
 import buildExec from './buildExec';
 import {
-  BASEURL,
+  getBaseUrl,
   getPlatform,
   getUploaderName,
-  isValidPlatform,
   setFailure,
 } from './helpers';
 
 import verify from './validate';
+import versionInfo from './version';
 
 let failCi;
 
 try {
-  const {execArgs, options, failCi} = buildExec();
-  const platform = getPlatform();
-  if (!isValidPlatform()) {
-    setFailure(
-        `Codecov: Encountered an unexpected platform: ${platform}`,
-        failCi,
-    );
-  }
-  const filename = path.join( __dirname, getUploaderName());
-  https.get(BASEURL, (res) => {
+  const {execArgs, options, failCi, os, uploaderVersion} = buildExec();
+  const platform = getPlatform(os);
+
+  const filename = path.join( __dirname, getUploaderName(platform));
+  https.get(getBaseUrl(platform, uploaderVersion), (res) => {
     // Image will be stored at this path
     const filePath = fs.createWriteStream(filename);
     res.pipe(filePath);
@@ -40,7 +35,8 @@ try {
         }).on('finish', async () => {
           filePath.close();
 
-          await verify(filename);
+          await verify(filename, platform, uploaderVersion);
+          await versionInfo(platform, uploaderVersion);
           await fs.chmodSync(filename, '777');
 
           const unlink = () => {

src/validate.ts

@@ -7,14 +7,14 @@ import * as openpgp from 'openpgp';
 import * as fetch from 'node-fetch';
 
 import {
-  BASEURL,
+  getBaseUrl,
   getUploaderName,
   setFailure,
 } from './helpers';
 
-const verify = async (filename: string) => {
+const verify = async (filename: string, platform: string, version: string) => {
   try {
-    const uploaderName = getUploaderName();
+    const uploaderName = getUploaderName(platform);
 
     // Read in public key
     const publicKeyArmored = await fs.readFileSync(
@@ -23,45 +23,55 @@ const verify = async (filename: string) => {
     );
 
     // Get SHASUM and SHASUM signature files
-    const shasumRes = await fetch( `${BASEURL}.SHA256SUM`);
+    console.log(`${getBaseUrl(platform, version)}.SHA256SUM`);
+    const shasumRes = await fetch(
+        `${getBaseUrl(platform, version)}.SHA256SUM`,
+    );
     const shasum = await shasumRes.text();
 
-    const shaSigRes = await fetch( `${BASEURL}.SHA256SUM.sig`);
+    const shaSigRes = await fetch(
+        `${getBaseUrl(platform, version)}.SHA256SUM.sig`,
+    );
     const shaSig = await shaSigRes.text();
 
     // Verify shasum
     const verified = await openpgp.verify({
-      message: await openpgp.cleartext.fromText(shasum),
-      signature: await openpgp.signature.readArmored(shaSig),
-      publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,
+      message: await openpgp.createMessage({text: shasum}),
+      signature: await openpgp.readSignature({armoredSignature: shaSig}),
+      verificationKeys: await openpgp.readKeys({armoredKeys: publicKeyArmored}),
     });
-    const {valid} = verified.signatures[0];
+    const valid = await verified.signatures[0].verified;
     if (valid) {
       core.info('==> SHASUM file signed by key id ' +
-          verified.signatures[0].keyid.toHex(),
+          verified.signatures[0].keyID.toHex(),
       );
     } else {
       setFailure('Codecov: Error validating SHASUM signature', true);
     }
 
-    // Verify uploader
-    const uploaderSha = crypto.createHash(`sha256`);
-    const stream = fs.createReadStream(filename);
-    await stream
-        .on('data', (data) => {
-          uploaderSha.update(data);
-        }).on('end', async () => {
-          const hash = `${uploaderSha.digest('hex')}  ${uploaderName}`;
-          if (hash !== shasum) {
-            setFailure(
-                'Codecov: Uploader shasum does not match ' +
-                  `uploader hash: ${hash}, public hash: ${shasum}`,
-                true,
-            );
-          } else {
-            core.info('==> Uploader SHASUM verified');
-          }
-        });
+    const calculateHash = async (filename: string) => {
+      const stream = fs.createReadStream(filename);
+      const uploaderSha = crypto.createHash(`sha256`);
+      stream.pipe(uploaderSha);
+
+      return new Promise((resolve, reject) => {
+        stream.on('end', () => resolve(
+            `${uploaderSha.digest('hex')}  ${uploaderName}`,
+        ));
+        stream.on('error', reject);
+      });
+    };
+
+    const hash = await calculateHash(filename);
+    if (hash === shasum) {
+      core.info(`==> Uploader SHASUM verified (${hash})`);
+    } else {
+      setFailure(
+          'Codecov: Uploader shasum does not match -- ' +
+            `uploader hash: ${hash}, public hash: ${shasum}`,
+          true,
+      );
+    }
   } catch (err) {
     setFailure(`Codecov: Error validating uploader: ${err.message}`, true);
   }

src/version.ts

@@ -0,0 +1,19 @@
+import * as core from '@actions/core';
+import * as fetch from 'node-fetch';
+
+const versionInfo = async (platform: string, version?: string) => {
+  if (version) {
+    core.info(`==> Running version ${version}`);
+  }
+
+  try {
+    const metadataRes = await fetch( `https://uploader.codecov.io/${platform}/latest`, {
+      headers: {'Accept': 'application/json'},
+    });
+    const metadata = await metadataRes.json();
+    core.info(`==> Running version ${metadata['version']}`);
+  } catch (err) {
+    core.info(`Could not pull latest version information: ${err}`);
+  }
+};
+export default versionInfo;

tsconfig.json

@@ -2,9 +2,11 @@
   "compilerOptions": {
     "esModuleInterop": true,
     "moduleResolution": "node",
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "sourceMap": true
+    "outDir": "dist/",
+    "resolveJsonModule": true,
+    "rootDir": ".",
+    "sourceMap": true,
+    "target": "es2015"
   },
   "include": [
     "src/**/*.ts"