chore(release): 4.1.1 (#1344)

Signed-off-by: Martin Kröning <martin.kroening@eonerc.rwth-aachen.de>

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,69 @@
+
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '24 6 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4.1.2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3.24.9
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3.24.9
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3.24.9

.github/workflows/enforce-license-compliance.yml

@@ -0,0 +1,14 @@
+name: Enforce License Compliance
+
+on:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  enforce-license-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Enforce License Compliance'
+        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
+        with:
+          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}

.github/workflows/main.yml

@@ -1,43 +1,14 @@
 name: Workflow for Codecov Action
 on: [push, pull_request]
 jobs:
-  no-deps:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Upload coverage to Codecov (script)
-        uses: ./
-        with:
-          files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
-          name: codecov-script
-      - name: Upload coverage to Codecov (demo)
-        uses: ./
-        with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
-          file: ./coverage/coverage-final.json
-          flags: demo,${{ matrix.os }}
-          name: codecov-demo
-      - name: Upload coverage to Codecov (version)
-        uses: ./
-        with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
-          file: ./coverage/coverage-final.json
-          flags: version,${{ matrix.os }}
-          name: codecov-version
-          version: v0.1.0_8880
   run:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
+        os: [macos-latest, windows-latest, ubuntu-latest, macos-latest-xlarge]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4.1.2
       - name: Install dependencies
         run: npm install
       - name: Lint
@@ -50,6 +21,8 @@ jobs:
           files: ./coverage/script/coverage-final.json
           flags: script,${{ matrix.os }}
           name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
@@ -57,6 +30,8 @@ jobs:
           file: ./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
           name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
       - name: Upload coverage to Codecov (version)
         uses: ./
         with:
@@ -64,4 +39,46 @@ jobs:
           file: ./coverage/coverage-final.json
           flags: version,${{ matrix.os }}
           name: codecov-version
-          version: v0.1.0_8880
+          version: v0.2.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  run-container:
+    runs-on: ubuntu-latest
+    container: node:18
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.1.2
+      - name: Install dependencies
+        run: npm install
+      - name: Lint
+        run: npm run lint
+      - name: Run tests and collect coverage
+        run: npm run test
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: demo,${{ matrix.os }}
+          name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,${{ matrix.os }}
+          name: codecov-version
+          version: v0.2.0
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/scorecards-analysis.yml

@@ -0,0 +1,61 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '43 20 * * 1'
+  push:
+    branches: [ master ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      actions: read
+      contents: read
+    
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4.1.2 # v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results. 
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless 
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+      
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3.24.9 # v1.0.26
+        with:
+          sarif_file: results.sarif

CHANGELOG.md

@@ -1,3 +1,108 @@
+## 4.0.0-beta.2
+### Fixes
+- #1085 not adding -n if empty to do-upload command
+
+## 4.0.0-beta.1
+
+`v4` represents a move from the [universal uploader](https://github.com/codecov/uploader) to the [Codecov CLI](https://github.com/codecov/codecov-cli). Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.
+
+### Breaking Changes
+- No current support for `aarch64` and `alpine` architectures.
+- Tokenless uploading is unsuported
+- Various arguments to the Action have been removed
+
+## 3.1.4
+### Fixes
+- #967 Fix typo in README.md
+- #971 fix: add back in working dir
+- #969 fix: CLI option names for uploader
+
+### Dependencies
+- #970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3
+- #979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2
+- #981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4
+
+## 3.1.3
+### Fixes
+- #960 fix: allow for aarch64 build
+
+### Dependencies
+- #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
+- #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
+- #959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12
+
+## 3.1.2
+### Fixes
+- #718 Update README.md
+- #851 Remove unsupported path_to_write_report argument
+- #898 codeql-analysis.yml
+- #901 Update README to contain correct information - inputs and negate feature
+- #955 fix: add in all the extra arguments for uploader
+
+### Dependencies
+- #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
+- #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
+- #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
+- #841 build(deps): bump @actions/core from 1.9.1 to 1.10.0
+- #843 build(deps): bump @actions/github from 5.0.3 to 5.1.1
+- #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
+- #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
+- #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
+- #889 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2
+- #895 build(deps): bump json5 from 2.2.1 to 2.2.3
+- #896 build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
+- #900 build(deps-dev): bump @vercel/ncc from 0.34.0 to 0.36.1
+- #905 build(deps-dev): bump typescript from 4.7.4 to 4.9.5
+- #911 build(deps-dev): bump @types/node from 16.11.40 to 18.13.0
+- #922 build(deps-dev): bump @types/node from 18.13.0 to 18.14.0
+- #924 build(deps): bump openpgp from 5.5.0 to 5.7.0
+- #927 build(deps-dev): bump @types/node from 18.14.0 to 18.14.2
+- #933 build(deps-dev): bump @types/node from 18.14.2 to 18.14.6
+- #937 build(deps-dev): bump @types/node from 18.14.6 to 18.15.0
+- #938 build(deps): bump node-fetch from 3.3.0 to 3.3.1
+- #945 build(deps-dev): bump @types/node from 18.15.0 to 18.15.5
+- #946 build(deps-dev): bump @types/node from 18.15.5 to 18.15.6
+- #947 build(deps-dev): bump @types/node from 18.15.6 to 18.15.10
+- #951 build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
+
+## 3.1.1
+### Fixes
+- #661 Update deprecation warning
+- #593 Create codeql-analysis.yml
+- #712 README: fix typo
+- #725 fix: Remove a blank row
+- #726 Update README.md with correct badge version
+- #633 Create scorecards-analysis.yml
+- #747 fix: add more verbosity to validation
+- #750 Regenerate scorecards-analysis.yml
+- #774 Switch to v3
+- #783 Fix network entry in table
+- #791 Trim arguments after splitting them
+- #769 Plumb failCi into verification function.
+
+### Dependencies
+- #713 build(deps-dev): bump typescript from 4.6.3 to 4.6.4
+- #714 build(deps): bump node-fetch from 3.2.3 to 3.2.4
+- #724 build(deps): bump github/codeql-action from 1 to 2
+- #717 build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0
+- #729 build(deps-dev): bump @types/node from 17.0.25 to 17.0.33
+- #734 build(deps-dev): downgrade @types/node to 16.11.35
+- #723 build(deps): bump actions/checkout from 2 to 3
+- #733 build(deps): bump @actions/github from 5.0.1 to 5.0.3
+- #732 build(deps): bump @actions/core from 1.6.0 to 1.8.2
+- #737 build(deps-dev): bump @types/node from 16.11.35 to 16.11.36
+- #749 build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0
+- #755 build(deps-dev): bump typescript from 4.6.4 to 4.7.3
+- #759 build(deps-dev): bump @types/node from 16.11.36 to 16.11.39
+- #762 build(deps-dev): bump @types/node from 16.11.39 to 16.11.40
+- #746 build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0
+- #757 build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1
+- #760 build(deps): bump openpgp from 5.2.1 to 5.3.0
+- #748 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
+- #766 build(deps-dev): bump typescript from 4.7.3 to 4.7.4
+- #799 build(deps): bump openpgp from 5.3.0 to 5.4.0
+- #798 build(deps): bump @actions/core from 1.8.2 to 1.9.1
+
 ## 3.1.0
 ### Features
 - #699 Incorporate `xcode` arguments for the Codecov uploader

Makefile

@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat package.json | grep '"version": ' | cut -d\" -f4))
-	git tag -d v3
+	git tag -d v4
-	git push origin :v3
+	git push origin :v4
-	git tag v3
+	git tag v4
 	git tag v$(VERSION) -s -m ""
 	git push origin --tags

README.md

@@ -1,87 +1,107 @@
 # Codecov GitHub Action
 
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v2-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v4-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
->The latest release of this Action adds support for tokenless uploads from GitHub Actions!
+## v4 Release
+`v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov.
 
-## ⚠️  Deprecration of v1
+### Breaking Changes
-**On February 1, 2022, this version will be fully sunset and no longer function**
+- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token)
+- Various arguments to the Action have been removed
 
-Due to the [deprecation](https://about.codecov.io/blog/introducing-codecovs-new-uploader/) of the underlying bash uploader,
+### Dependabot
-the Codecov GitHub Action has released `v2` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
+- For repositories using `Dependabot`, users will need to ensure that it has access to the Codecov token for PRs from Dependabot to upload coverage. To do this, please add your `CODECOV_TOKEN` as a Dependabot Secret. For more information, see ["Configuring access to private registries for Dependabot."](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use)
-more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
 
-We will be restricting any updates to the `v1` Action to security updates and hotfixes.
+`v3` versions and below will not have access to CLI features (e.g. global upload token, ATS).
-
-### Migration from `v1` to `v2`
-The `v2` uploader has a few breaking changes for users
-- Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably
-many of the `functionalities` and `gcov_` arguments have been removed. Please check the documentation
-below for the full list.
 
 ## Usage
 
-To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v2` is recommended) as a `step` within your `workflow.yml` file.
+To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v4` is recommended) as a `step` within your `workflow.yml` file.
 
-If you have a *private repository*, this Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, store it as a `secret`). Optionally, you can choose to include up to four additional inputs to customize the upload context. **For public repositories, no token is needed**
+This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`).
+
+Currently, the Action will identify linux, macos, and windows runners. However, the Action may misidentify other architectures. The OS can be specified as
+- alpine
+- alpine-arm64
+- linux
+- linux-arm64
+- macos
+- windows
 
 Inside your `.github/workflows/workflow.yml` file:
 
 ```yaml
 steps:
 - uses: actions/checkout@master
-- uses: codecov/codecov-action@v2
+- uses: codecov/codecov-action@v4
   with:
-    token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+    fail_ci_if_error: true # optional (default = false)
     files: ./coverage1.xml,./coverage2.xml # optional
     flags: unittests # optional
     name: codecov-umbrella # optional
-    fail_ci_if_error: true # optional (default = false)
+    token: ${{ secrets.CODECOV_TOKEN }} # required
     verbose: true # optional (default = false)
 ```
->**Note**: This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
+
+The Codecov token can also be passed in via environment variables:
+
+```yaml
+steps:
+- uses: actions/checkout@master
+- uses: codecov/codecov-action@v4
+  with:
+    fail_ci_if_error: true # optional (default = false)
+    files: ./coverage1.xml,./coverage2.xml # optional
+    flags: unittests # optional
+    name: codecov-umbrella # optional
+    verbose: true # optional (default = false)
+  env:
+    CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+```
+> [!NOTE]
+> This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
 
 ## Arguments
 
-Codecov's Action currently supports five inputs from the user: `token`, `file`, `flags`,`name`, and `fail_ci_if_error`. These inputs, along with their descriptions and usage contexts, are listed in the table below:
+Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
 
-| Input  | Description | Usage |
+| Input  | Description | Required |
-| :---:     |     :---:   |    :---:   |
+| :---       |     :---     |    :---:   |
-| `token`  | Used to authorize coverage report uploads  | *Required for private repos* |
+| `token` | Repository Codecov token. Used to authorize report uploads | *Required 
-| `files`  | Comma-separated paths to the coverage report(s) | Optional
+| `codecov_yml_path` | Specify the path to the Codecov YML | Optional 
+| `commit_parent` | Override to specify the parent commit SHA | Optional 
 | `directory` | Directory to search for coverage reports. | Optional 
+| `disable_search` | Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option. | Optional 
+| `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets) | Optional 
 | `dry_run` | Don't upload files to Codecov | Optional 
-| `flags`  | Flag the upload to group coverage metrics (unittests, uitests, etc.). Multiple flags are separated by a comma (ui,chrome) | Optional
+| `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional 
-| | |
+| `exclude` | Folders to exclude from search | Optional 
-| `commit_parent` | The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository provider's API, the parent is determined via finding the closest ancestor to the commit. | Optional
+| `fail_ci_if_error` | Specify whether or not CI build should fail if Codecov runs into an error during upload | Optional 
-| `env_vars`  | Environment variables to tag the upload with. Multiple env variables can be separated with commas (e.g. `OS,PYTHON`) | Optional
+| `file` | Path to coverage file to upload | Optional 
-| `fail_ci_if_error`  | Specify if CI pipeline should fail when Codecov runs into errors during upload. *Defaults to **false*** | Optional
+| `files` | Comma-separated list of files to upload | Optional 
-| `functionalities` | Toggle functionalities | Optional
+| `flags` | Flag upload to group coverage metrics (e.g. unittests \| integration \| ui,chrome) | Optional 
-| | `network` Disable uploading the file network |
+| `handle_no_reports_found` | Raise no exceptions when no coverage reports found | Optional 
-| `gcov` | Run with gcov support | Optional
+| `job_code` | The job code | Optional 
-| `gcov_args` | Extra arguments to pass to gcov | Optional
+| `name` | User defined upload name. Visible in Codecov UI | Optional 
-| `gcov_ignore` | Paths to ignore during gcov gathering | Optional
+| `os` | Override the assumed OS. Options are linux \| macos \| windows \| . | Optional 
-| `gcov_include` | Paths to include during gcov gathering | Optional
-| `move_coverage_to_trash` | Move discovered coverage reports to the trash | Optional
-| `name`  | Custom defined name for the upload | Optional
 | `override_branch` | Specify the branch name | Optional 
 | `override_build` | Specify the build number | Optional 
+| `override_build_url` | The URL of the build where this is running | Optional 
 | `override_commit` | Specify the commit SHA | Optional 
 | `override_pr` | Specify the pull request number | Optional 
-| `override_tag` | Specify the git tag | Optional
+| `plugin` | plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all. | Optional 
-| `path_to_write_report` | Write upload file to path before uploading | Optional
+| `plugins` | Comma-separated list of plugins for use during upload. | Optional 
-| `root_dir` | Used when not in git/hg project to identify project root directory | Optional
+| `report_code` | The code of the report. If unsure, do not include | Optional 
+| `root_dir` | Used to specify the location of your   .git   root to identify project root directory | Optional 
 | `slug` | Specify the slug manually (Enterprise use) | Optional 
-| `url` | Change the upload host (Enterprise use) | Optional
+| `url` | Specify the base url to upload (Enterprise use) | Optional 
+| `use_legacy_upload_endpoint` | Use the legacy upload endpoint | Optional 
 | `verbose` | Specify whether the Codecov output should be verbose | Optional 
-| `version` | Specify which version of the Codecov Uploader should be used. Defaults to `latest` | Optional
+| `version` | Specify which version of the Codecov CLI should be used. Defaults to `latest` | Optional 
-| `working-directory` | Directory in which to execute `codecov.sh` | Optional
+| `working-directory` | Directory in which to execute codecov.sh | Optional 
-| `xcode` | Run with xcode support | Optional
-| `xcode_archive_path` | Specify the xcode archive path. Likely specified as the -resultBundlePath and should end in .xcresult | Optional
-
 
 ### Example `workflow.yml` with Codecov Action
 
@@ -96,29 +116,28 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     env:
       OS: ${{ matrix.os }}
-      PYTHON: '3.7'
+      PYTHON: '3.10'
     steps:
     - uses: actions/checkout@master
     - name: Setup Python
       uses: actions/setup-python@master
       with:
-        python-version: 3.7
+        python-version: 3.10
     - name: Generate coverage report
       run: |
         pip install pytest
         pip install pytest-cov
         pytest --cov=./ --cov-report=xml
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v2
+      uses: codecov/codecov-action@v4
       with:
-        token: ${{ secrets.CODECOV_TOKEN }}
         directory: ./coverage/reports/
         env_vars: OS,PYTHON
         fail_ci_if_error: true
-        files: ./coverage1.xml,./coverage2.xml
+        files: ./coverage1.xml,./coverage2.xml,!./cache
         flags: unittests
         name: codecov-umbrella
-        path_to_write_report: ./coverage/codecov_report.txt
+        token: ${{ secrets.CODECOV_TOKEN }}
         verbose: true
 ```
 ## Contributing

action.yml

@@ -3,19 +3,25 @@ description: 'GitHub Action that uploads coverage reports for your repository to
 author: 'Ibrahim Ali <@ibrahim0814> & Thomas Hu <@thomasrockhu> | Codecov'
 inputs:
   token:
-    description: 'Repository upload token - get it from codecov.io. Required only for private repositories'
+    description: 'Repository Codecov token. Used to authorize report uploads'
     required: false
-  files:
+  codecov_yml_path:
-    description: 'Comma-separated list of files to upload'
+    description: 'Specify the path to the Codecov YML'
+    required: false
+  commit_parent:
+    description: 'Override to specify the parent commit SHA'
     required: false
   directory:
     description: 'Directory to search for coverage reports.'
     required: false
-  flags:
+  disable_file_fixes:
-    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
+    description: 'Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets)'
     required: false
-  commit_parent:
+  disable_search:
-    description: 'The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository providers API, the parent is determined via finding the closest ancestor to the commit.'
+    description: 'Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option.'
+    required: false
+  disable_safe_directory:
+    description: 'Disable setting safe directory. Set to true to disable.'
     required: false
   dry_run:
     description: "Don't upload files to Codecov"
@@ -23,50 +29,59 @@ inputs:
   env_vars:
     description: 'Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)'
     required: false
+  exclude:
+    description: 'Folders to exclude from search'
+    required: false
   fail_ci_if_error:
     description: 'Specify whether or not CI build should fail if Codecov runs into an error during upload'
     required: false
   file:
     description: 'Path to coverage file to upload'
     required: false
-  functionalities:
+  files:
-    description: 'Comma-separated list, see the README for options and their usage'
+    description: 'Comma-separated list of files to upload'
     required: false
-  gcov:
+  flags:
-    description: 'Run with gcov support'
+    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
     required: false
-  gcov_args:
+  git_service:
-    description: 'Extra arguments to pass to gcov'
+    description: 'Override the git_service (e.g. github_enterprise)'
     required: false
-  gcov_ignore:
+  handle_no_reports_found:
-    description: 'Paths to ignore during gcov gathering'
+    description: 'Raise no exceptions when no coverage reports found'
     required: false
-  gcov_include:
+  job_code:
-    description: 'Paths to include during gcov gathering'
+    description: 'The job code'
-    required: false
-  move_coverage_to_trash:
-    description: 'Move discovered coverage reports to the trash'
     required: false
   name:
     description: 'User defined upload name. Visible in Codecov UI'
     required: false
+  os:
+    description: 'Override the assumed OS. Options are linux | macos | windows.'
+    required: false
   override_branch:
     description: 'Specify the branch name'
     required: false
   override_build:
     description: 'Specify the build number'
     required: false
+  override_build_url:
+    description: 'The URL of the build where this is running'
+    required: false
   override_commit:
     description: 'Specify the commit SHA'
     required: false
   override_pr:
     description: 'Specify the pull request number'
     required: false
-  override_tag:
+  plugin:
-    description: 'Specify the git tag'
+    description: 'plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all.'
     required: false
-  os:
+  plugins:
-    description: 'Override the assumed OS. Options are alpine | linux | macos | windows.'
+    description: 'Comma-separated list of plugins for use during upload.'
+    required: false
+  report_code:
+    description: 'The code of the report. If unsure, do not include'
     required: false
   root_dir:
     description: 'Used when not in git/hg project to identify project root directory'
@@ -75,26 +90,23 @@ inputs:
     description: 'Specify the slug manually (Enterprise use)'
     required: false
   url:
-    description: 'Change the upload host (Enterprise use)'
+    description: 'Specify the base url to upload (Enterprise use)'
+    required: false
+  use_legacy_upload_endpoint:
+    description: 'Use the legacy upload endpoint'
     required: false
   verbose:
     description: 'Specify whether the Codecov output should be verbose'
     required: false
   version:
-    description: 'Specify which version of the Codecov Uploader should be used. Defaults to `latest`'
+    description: 'Specify which version of the Codecov CLI should be used. Defaults to `latest`'
     required: false
   working-directory:
     description: 'Directory in which to execute codecov.sh'
     required: false
-  xcode:
-    description: 'Run with xcode support'
-    required: false
-  xcode_archive_path:
-    description: 'Specify the xcode archive path. Likely specified as the -resultBundlePath and should end in .xcresult'
-    required: false
 branding:
   color: 'red'
   icon: 'umbrella'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/index.js'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codecov-action",
-  "version": "3.1.0",
+  "version": "4.1.1",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
@@ -23,23 +23,22 @@
   },
   "homepage": "https://github.com/codecov/codecov-action#readme",
   "dependencies": {
-    "@actions/core": "^1.6.0",
+    "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
-    "@actions/github": "^5.0.1",
+    "@actions/github": "^6.0.0",
-    "node-fetch": "^3.2.3",
+    "gpg": "^0.6.0",
-    "openpgp": "^5.2.1"
+    "undici": "5.28.3"
   },
   "devDependencies": {
-    "@types/jest": "^27.4.1",
+    "@types/jest": "^29.5.12",
-    "@types/node": "^17.0.25",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
-    "@typescript-eslint/eslint-plugin": "^4.29.2",
+    "@typescript-eslint/parser": "^6.21.0",
-    "@typescript-eslint/parser": "^4.29.2",
+    "@vercel/ncc": "^0.38.1",
-    "@vercel/ncc": "^0.33.4",
+    "eslint": "^8.57.0",
-    "eslint": "^7.32.0",
     "eslint-config-google": "^0.14.0",
-    "jest": "^26.6.3",
+    "jest": "^29.7.0",
-    "jest-junit": "^13.2.0",
+    "jest-junit": "^16.0.0",
-    "ts-jest": "^26.5.6",
+    "ts-jest": "^29.1.2",
-    "typescript": "^4.6.3"
+    "typescript": "^5.4.3"
   }
 }

src/buildExec.test.ts

@@ -1,80 +1,108 @@
 import * as github from '@actions/github';
 
-import buildExec from './buildExec';
+import {
+  buildCommitExec,
+  buildGeneralExec,
+  buildReportExec,
+  buildUploadExec,
+} from './buildExec';
 
-/* eslint-disable  @typescript-eslint/no-var-requires */
-const {version} = require('../package.json');
 
 const context = github.context;
 
-test('no arguments', () => {
+test('general args', () => {
-  const {execArgs, failCi} = buildExec();
-
-  const args = [
-    '-n',
-    '',
-    '-Q',
-    `github-action-${version}`,
-  ];
-  if (context.eventName == 'pull_request') {
-    args.push('-C', `${context.payload.pull_request.head.sha}`);
-  }
-  expect(execArgs).toEqual(args);
-  expect(failCi).toBeFalsy();
-});
-
-test('all arguments', () => {
   const envs = {
-    'commit_parent': '83231650328f11695dfb754ca0f540516f188d27',
+    codecov_yml_path: 'dev/codecov.yml',
-    'directory': 'coverage/',
+    url: 'https://codecov.enterprise.com',
-    'dry_run': 'true',
+    verbose: 't',
-    'env_vars': 'OS,PYTHON',
-    'fail_ci_if_error': 'true',
-    'file': 'coverage.xml',
-    'files': 'dir1/coverage.xml,dir2/coverage.xml',
-    'flags': 'test,test2',
-    'functionalities':
-      'network',
-    'gcov': 'true',
-    'gcov_args': '-v',
-    'gcov_ignore': '*.fake',
-    'gcov_include': 'real_file',
-    'move_coverage_to_trash': 'true',
-    'name': 'codecov',
-    'override_branch': 'thomasrockhu/test',
-    'override_build': '1',
-    'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
-    'override_pr': '2',
-    'override_tag': 'v1.2',
-    'path_to_write_report': 'codecov/',
-    'root_dir': 'root/',
-    'slug': 'fakeOwner/fakeRepo',
-    'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
-    'url': 'https://codecov.enterprise.com',
-    'verbose': 't',
-    'working-directory': 'src',
-    'xcode': 'true',
-    'xcode_archive_path': '/test.xcresult',
   };
-
   for (const env of Object.keys(envs)) {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
 
-  const {execArgs, failCi} = buildExec();
+  const {args, verbose} = buildGeneralExec();
-  expect(execArgs).toEqual([
+
-    '-n',
+  expect(args).toEqual(
-    'codecov',
+      expect.arrayContaining([
-    '-Q',
+        '--codecov-yml-path',
-    `github-action-${version}`,
+        'dev/codecov.yml',
-    '-c',
+        '--enterprise-url',
-    '-N',
+        'https://codecov.enterprise.com',
-    '83231650328f11695dfb754ca0f540516f188d27',
+        '-v',
+      ]));
+  expect(verbose).toBeTruthy();
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+
+test('upload args using context', () => {
+  const expectedArgs = [
+    '--git-service',
+    'github',
+  ];
+  const {uploadExecArgs, uploadCommand} = buildUploadExec();
+  if (context.eventName == 'pull_request') {
+    expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (context.eventName == 'pull_request_target') {
+    expectedArgs.push('-P', `${context.payload.number}`);
+  }
+
+  expect(uploadExecArgs).toEqual(expectedArgs);
+  expect(uploadCommand).toEqual('do-upload');
+});
+
+test('upload args', () => {
+  const envs = {
+    'codecov_yml_path': 'dev/codecov.yml',
+    'commit_parent': 'fakeparentcommit',
+    'directory': 'coverage/',
+    'disable_file_fixes': 'true',
+    'disable_search': 'true',
+    'dry_run': 'true',
+    'env_vars': 'OS,PYTHON',
+    'exclude': 'node_modules/',
+    'fail_ci_if_error': 'true',
+    'file': 'coverage.xml',
+    'files': 'dir1/coverage.xml,dir2/coverage.xml',
+    'flags': 'test,test2',
+    'git_service': 'github_enterprise',
+    'handle_no_reports_found': 'true',
+    'job_code': '32',
+    'name': 'codecov',
+    'os': 'macos',
+    'override_branch': 'thomasrockhu/test',
+    'override_build': '1',
+    'override_build_url': 'https://example.com/build/2',
+    'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
+    'override_pr': '2',
+    'plugin': 'xcode',
+    'plugins': 'pycoverage,compress-pycoverage',
+    'report_code': 'testCode',
+    'root_dir': 'root/',
+    'slug': 'fakeOwner/fakeRepo',
+    'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
+    'url': 'https://enterprise.example.com',
+    'use_legacy_upload_endpoint': 'true',
+    'verbose': 'true',
+    'version': '0.1.2',
+    'working-directory': 'src',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {uploadExecArgs, uploadCommand} = buildUploadExec();
+  const expectedArgs = [
+    '--disable-file-fixes',
+    '--disable-search',
     '-d',
     '-e',
     'OS,PYTHON',
-    '-X',
+    '--exclude',
-    'network',
+    'node_modules/',
     '-Z',
     '-f',
     'coverage.xml',
@@ -86,39 +114,161 @@ test('all arguments', () => {
     'test',
     '-F',
     'test2',
-    '-g',
+    '--git-service',
-    '--gcovArgs',
+    'github_enterprise',
-    '-v',
+    '--handle-no-reports-found',
-    '--gcovIgnore',
+    '--job-code',
-    '*.fake',
+    '32',
-    '--gcovInclude',
+    '-n',
-    'real_file',
+    'codecov',
     '-B',
     'thomasrockhu/test',
     '-b',
     '1',
+    '--build-url',
+    'https://example.com/build/2',
     '-C',
     '9caabca5474b49de74ef5667deabaf74cdacc244',
     '-P',
     '2',
-    '-T',
+    '--plugin',
-    'v1.2',
+    'xcode',
-    '-R',
+    '--plugin',
+    'pycoverage',
+    '--plugin',
+    'compress-pycoverage',
+    '--report-code',
+    'testCode',
+    '--network-root-folder',
     'root/',
     '-s',
     'coverage/',
     '-r',
     'fakeOwner/fakeRepo',
-    '-u',
+    '--legacy',
-    'https://codecov.enterprise.com',
+  ];
-    '-v',
-    '--xc',
-    '--xp',
-    '/test.xcresult',
-  ]);
-  expect(failCi).toBeTruthy();
 
+  expect(uploadExecArgs).toEqual(expectedArgs);
+  expect(uploadCommand).toEqual('do-upload');
   for (const env of Object.keys(envs)) {
     delete process.env['INPUT_' + env.toUpperCase()];
   }
 });
+
+
+test('report args', () => {
+  const envs = {
+    git_service: 'github_enterprise',
+    override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
+    override_pr: 'fakePR',
+    slug: 'fakeOwner/fakeRepo',
+    token: 'd3859757-ab80-4664-924d-aef22fa7557b',
+    fail_ci_if_error: 'true',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {reportExecArgs, reportCommand} = buildReportExec();
+
+  const expectedArgs = [
+    '--git-service',
+    'github_enterprise',
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '-P',
+    'fakePR',
+    '--slug',
+    'fakeOwner/fakeRepo',
+    '-Z',
+  ];
+
+  expect(reportExecArgs).toEqual(expectedArgs);
+  expect(reportCommand).toEqual('create-report');
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+
+test('report args using context', () => {
+  const envs = {
+    token: 'd3859757-ab80-4664-924d-aef22fa7557b',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+  const expectedArgs : string[] = [
+    '--git-service',
+    'github',
+  ];
+  if (context.eventName == 'pull_request') {
+    expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+
+  const {reportExecArgs, reportCommand} = buildReportExec();
+
+  expect(reportExecArgs).toEqual(expectedArgs);
+  expect(reportCommand).toEqual('create-report');
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+
+test('commit args', () => {
+  const envs = {
+    git_service: 'github_enterprise',
+    commit_parent: '83231650328f11695dfb754ca0f540516f188d27',
+    override_branch: 'thomasrockhu/test',
+    override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
+    override_pr: '2',
+    slug: 'fakeOwner/fakeRepo',
+    token: 'd3859757-ab80-4664-924d-aef22fa7557b',
+    fail_ci_if_error: 'true',
+  };
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {commitExecArgs, commitCommand} = buildCommitExec();
+  const expectedArgs = [
+    '--parent-sha',
+    '83231650328f11695dfb754ca0f540516f188d27',
+    '--git-service',
+    'github_enterprise',
+    '-B',
+    'thomasrockhu/test',
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '--pr',
+    '2',
+    '--slug',
+    'fakeOwner/fakeRepo',
+    '-Z',
+  ];
+
+  expect(commitExecArgs).toEqual(expectedArgs);
+  expect(commitCommand).toEqual('create-commit');
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});
+
+test('commit args using context', () => {
+  const expectedArgs :string[] = [
+    '--git-service',
+    'github',
+  ];
+
+  const {commitExecArgs, commitCommand} = buildCommitExec();
+  if (context.eventName == 'pull_request') {
+    expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (context.eventName == 'pull_request_target') {
+    expectedArgs.push('-P', `${context.payload.number}`);
+  }
+
+  expect(commitExecArgs).toEqual(expectedArgs);
+  expect(commitCommand).toEqual('create-commit');
+});

src/buildExec.ts

@@ -1,7 +1,8 @@
+/* eslint-disable  @typescript-eslint/no-explicit-any */
+
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
-import {version} from '../package.json';
 
 const context = github.context;
 
@@ -16,48 +17,185 @@ const isTrue = (variable) => {
   );
 };
 
-const buildExec = () => {
+
-  const clean = core.getInput('move_coverage_to_trash');
+const buildCommitExec = () => {
   const commitParent = core.getInput('commit_parent');
-  const envVars = core.getInput('env_vars');
+  const gitService = core.getInput('git_service');
+  const overrideBranch = core.getInput('override_branch');
+  const overrideCommit = core.getInput('override_commit');
+  const overridePr = core.getInput('override_pr');
+  const slug = core.getInput('slug');
+  const token = core.getInput('token');
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
+  const workingDir = core.getInput('working-directory');
+
+  const commitCommand = 'create-commit';
+  const commitExecArgs = [];
+
+  const commitOptions:any = {};
+  commitOptions.env = Object.assign(process.env, {
+    GITHUB_ACTION: process.env.GITHUB_ACTION,
+    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
+    GITHUB_REF: process.env.GITHUB_REF,
+    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
+    GITHUB_SHA: process.env.GITHUB_SHA,
+    GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
+  });
+
+
+  if (token) {
+    commitOptions.env.CODECOV_TOKEN = token;
+  }
+  if (commitParent) {
+    commitExecArgs.push('--parent-sha', `${commitParent}`);
+  }
+  commitExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+
+  if (overrideBranch) {
+    commitExecArgs.push('-B', `${overrideBranch}`);
+  }
+  if (overrideCommit) {
+    commitExecArgs.push('-C', `${overrideCommit}`);
+  } else if (
+    `${context.eventName}` == 'pull_request' ||
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    commitExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (overridePr) {
+    commitExecArgs.push('--pr', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    commitExecArgs.push('--pr', `${context.payload.number}`);
+  }
+  if (slug) {
+    commitExecArgs.push('--slug', `${slug}`);
+  }
+  if (failCi) {
+    commitExecArgs.push('-Z');
+  }
+  if (workingDir) {
+    commitOptions.cwd = workingDir;
+  }
+
+
+  return {commitExecArgs, commitOptions, commitCommand};
+};
+
+const buildGeneralExec = () => {
+  const codecovYmlPath = core.getInput('codecov_yml_path');
+  const url = core.getInput('url');
+  const verbose = isTrue(core.getInput('verbose'));
+  const args = [];
+
+  if (codecovYmlPath) {
+    args.push('--codecov-yml-path', `${codecovYmlPath}`);
+  }
+  if (url) {
+    args.push('--enterprise-url', `${url}`);
+  }
+  if (verbose) {
+    args.push('-v');
+  }
+  return {args, verbose};
+};
+
+const buildReportExec = () => {
+  const gitService = core.getInput('git_service');
+  const overrideCommit = core.getInput('override_commit');
+  const overridePr = core.getInput('override_pr');
+  const slug = core.getInput('slug');
+  const token = core.getInput('token');
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
+  const workingDir = core.getInput('working-directory');
+
+
+  const reportCommand = 'create-report';
+  const reportExecArgs = [];
+
+  const reportOptions:any = {};
+  reportOptions.env = Object.assign(process.env, {
+    GITHUB_ACTION: process.env.GITHUB_ACTION,
+    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
+    GITHUB_REF: process.env.GITHUB_REF,
+    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
+    GITHUB_SHA: process.env.GITHUB_SHA,
+    GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
+  });
+
+
+  if (token) {
+    reportOptions.env.CODECOV_TOKEN = token;
+  }
+  reportExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+
+  if (overrideCommit) {
+    reportExecArgs.push('-C', `${overrideCommit}`);
+  } else if (
+    `${context.eventName}` == 'pull_request' ||
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    reportExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (overridePr) {
+    reportExecArgs.push('-P', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    reportExecArgs.push('-P', `${context.payload.number}`);
+  }
+  if (slug) {
+    reportExecArgs.push('--slug', `${slug}`);
+  }
+  if (failCi) {
+    reportExecArgs.push('-Z');
+  }
+  if (workingDir) {
+    reportOptions.cwd = workingDir;
+  }
+
+  return {reportExecArgs, reportOptions, reportCommand};
+};
+
+const buildUploadExec = () => {
+  const disableFileFixes = isTrue(core.getInput('disable_file_fixes'));
+  const disableSafeDirectory = isTrue(core.getInput('disable_safe_directory'));
+  const disableSearch = isTrue(core.getInput('disable_search'));
   const dryRun = isTrue(core.getInput('dry_run'));
+  const envVars = core.getInput('env_vars');
+  const exclude = core.getInput('exclude');
   const failCi = isTrue(core.getInput('fail_ci_if_error'));
   const file = core.getInput('file');
   const files = core.getInput('files');
   const flags = core.getInput('flags');
-  const gcov = core.getInput('gcov');
+  const gitService = core.getInput('git_service');
-  const gcovArgs = core.getInput('gcov_args');
+  const handleNoReportsFound = isTrue(core.getInput('handle_no_reports_found'));
-  const gcovIgnore = core.getInput('gcov_ignore');
+  const jobCode = core.getInput('job_code');
-  const gcovInclude = core.getInput('gcov_include');
-  const functionalities = core.getInput('functionalities');
   const name = core.getInput('name');
   const os = core.getInput('os');
   const overrideBranch = core.getInput('override_branch');
   const overrideBuild = core.getInput('override_build');
+  const overrideBuildUrl = core.getInput('override_build_url');
   const overrideCommit = core.getInput('override_commit');
   const overridePr = core.getInput('override_pr');
-  const overrideTag = core.getInput('override_tag');
+  const plugin = core.getInput('plugin');
+  const plugins = core.getInput('plugins');
+  const reportCode = core.getInput('report_code');
   const rootDir = core.getInput('root_dir');
   const searchDir = core.getInput('directory');
   const slug = core.getInput('slug');
   const token = core.getInput('token');
   let uploaderVersion = core.getInput('version');
-  const url = core.getInput('url');
+  const useLegacyUploadEndpoint = isTrue(
-  const verbose = isTrue(core.getInput('verbose'));
+      core.getInput('use_legacy_upload_endpoint'),
-  const workingDir = core.getInput('working-directory');
-  const xcode = core.getInput('xcode');
-  const xcodeArchivePath = core.getInput('xcode_archive_path');
-
-  const execArgs = [];
-  execArgs.push(
-      '-n',
-      `${name}`,
-      '-Q',
-      `github-action-${version}`,
   );
+  const workingDir = core.getInput('working-directory');
 
-  const options:any = {};
+  const uploadExecArgs = [];
-  options.env = Object.assign(process.env, {
+  const uploadCommand = 'do-upload';
+  const uploadOptions:any = {};
+  uploadOptions.env = Object.assign(process.env, {
     GITHUB_ACTION: process.env.GITHUB_ACTION,
     GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
     GITHUB_REF: process.env.GITHUB_REF,
@@ -70,113 +208,123 @@ const buildExec = () => {
   for (const envVar of envVars.split(',')) {
     const envVarClean = envVar.trim();
     if (envVarClean) {
-      options.env[envVarClean] = process.env[envVarClean];
+      uploadOptions.env[envVarClean] = process.env[envVarClean];
       envVarsArg.push(envVarClean);
     }
   }
-
   if (token) {
-    options.env.CODECOV_TOKEN = token;
+    uploadOptions.env.CODECOV_TOKEN = token;
   }
-  if (clean) {
+  if (disableFileFixes) {
-    execArgs.push('-c');
+    uploadExecArgs.push('--disable-file-fixes');
   }
-  if (commitParent) {
+  if (disableSearch) {
-    execArgs.push('-N', `${commitParent}`);
+    uploadExecArgs.push('--disable-search');
   }
   if (dryRun) {
-    execArgs.push('-d');
+    uploadExecArgs.push('-d');
   }
   if (envVarsArg.length) {
-    execArgs.push('-e', envVarsArg.join(','));
+    uploadExecArgs.push('-e', envVarsArg.join(','));
   }
-  if (functionalities) {
+  if (exclude) {
-    functionalities.split(',').forEach((f) => {
+    uploadExecArgs.push('--exclude', `${exclude}`);
-      execArgs.push('-X', `${f}`);
-    });
   }
   if (failCi) {
-    execArgs.push('-Z');
+    uploadExecArgs.push('-Z');
   }
   if (file) {
-    execArgs.push('-f', `${file}`);
+    uploadExecArgs.push('-f', `${file}`);
   }
   if (files) {
-    files.split(',').forEach((f) => {
+    files.split(',').map((f) => f.trim()).forEach((f) => {
-      execArgs.push('-f', `${f}`);
+      uploadExecArgs.push('-f', `${f}`);
     });
   }
   if (flags) {
-    flags.split(',').forEach((f) => {
+    flags.split(',').map((f) => f.trim()).forEach((f) => {
-      execArgs.push('-F', `${f}`);
+      uploadExecArgs.push('-F', `${f}`);
     });
   }
-
+  uploadExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
-  if (gcov) {
+  if (handleNoReportsFound) {
-    execArgs.push('-g');
+    uploadExecArgs.push('--handle-no-reports-found');
   }
-  if (gcovArgs) {
+  if (jobCode) {
-    execArgs.push('--gcovArgs', `${gcovArgs}`);
+    uploadExecArgs.push('--job-code', `${jobCode}`);
   }
-  if (gcovIgnore) {
+  if (name) {
-    execArgs.push('--gcovIgnore', `${gcovIgnore}`);
+    uploadExecArgs.push('-n', `${name}`);
   }
-  if (gcovInclude) {
-    execArgs.push('--gcovInclude', `${gcovInclude}`);
-  }
-
   if (overrideBranch) {
-    execArgs.push('-B', `${overrideBranch}`);
+    uploadExecArgs.push('-B', `${overrideBranch}`);
   }
   if (overrideBuild) {
-    execArgs.push('-b', `${overrideBuild}`);
+    uploadExecArgs.push('-b', `${overrideBuild}`);
+  }
+  if (overrideBuildUrl) {
+    uploadExecArgs.push('--build-url', `${overrideBuildUrl}`);
   }
   if (overrideCommit) {
-    execArgs.push('-C', `${overrideCommit}`);
+    uploadExecArgs.push('-C', `${overrideCommit}`);
   } else if (
     `${context.eventName}` == 'pull_request' ||
     `${context.eventName}` == 'pull_request_target'
   ) {
-    execArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+    uploadExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
   }
   if (overridePr) {
-    execArgs.push('-P', `${overridePr}`);
+    uploadExecArgs.push('-P', `${overridePr}`);
   } else if (
     `${context.eventName}` == 'pull_request_target'
   ) {
-    execArgs.push('-P', `${context.payload.number}`);
+    uploadExecArgs.push('-P', `${context.payload.number}`);
   }
-  if (overrideTag) {
+  if (plugin) {
-    execArgs.push('-T', `${overrideTag}`);
+    uploadExecArgs.push('--plugin', `${plugin}`);
+  }
+  if (plugins) {
+    plugins.split(',').map((p) => p.trim()).forEach((p) => {
+      uploadExecArgs.push('--plugin', `${p}`);
+    });
+  }
+  if (reportCode) {
+    uploadExecArgs.push('--report-code', `${reportCode}`);
   }
   if (rootDir) {
-    execArgs.push('-R', `${rootDir}`);
+    uploadExecArgs.push('--network-root-folder', `${rootDir}`);
   }
   if (searchDir) {
-    execArgs.push('-s', `${searchDir}`);
+    uploadExecArgs.push('-s', `${searchDir}`);
   }
   if (slug) {
-    execArgs.push('-r', `${slug}`);
+    uploadExecArgs.push('-r', `${slug}`);
-  }
-  if (url) {
-    execArgs.push('-u', `${url}`);
-  }
-  if (verbose) {
-    execArgs.push('-v');
   }
   if (workingDir) {
-    options.cwd = workingDir;
+    uploadOptions.cwd = workingDir;
   }
-  if (xcode && xcodeArchivePath) {
-    execArgs.push('--xc');
-    execArgs.push('--xp', `${xcodeArchivePath}`);
-  }
-
   if (uploaderVersion == '') {
     uploaderVersion = 'latest';
   }
+  if (useLegacyUploadEndpoint) {
+    uploadExecArgs.push('--legacy');
+  }
 
-  return {execArgs, options, failCi, os, uploaderVersion};
+  return {
+    uploadExecArgs,
+    uploadOptions,
+    disableSafeDirectory,
+    failCi,
+    os,
+    uploaderVersion,
+    uploadCommand,
+  };
 };
 
-export default buildExec;
+
+export {
+  buildCommitExec,
+  buildGeneralExec,
+  buildReportExec,
+  buildUploadExec,
+};

src/helpers.test.ts

@@ -1,9 +1,13 @@
+import * as exec from '@actions/exec';
+
 import {
+  PLATFORMS,
   getBaseUrl,
+  getCommand,
   getPlatform,
   isValidPlatform,
   isWindows,
-  PLATFORMS,
+  setSafeDirectory,
 } from './helpers';
 
 let OLDOS = process.env.RUNNER_OS;
@@ -39,32 +43,54 @@ test('getBaseUrl', () => {
   expect(PLATFORMS.map((platform) => {
     return getBaseUrl(platform, 'latest');
   })).toEqual([
-    'https://uploader.codecov.io/latest/alpine/codecov',
+    'https://cli.codecov.io/latest/linux/codecov',
-    'https://uploader.codecov.io/latest/linux/codecov',
+    'https://cli.codecov.io/latest/macos/codecov',
-    'https://uploader.codecov.io/latest/macos/codecov',
+    'https://cli.codecov.io/latest/windows/codecov.exe',
-    'https://uploader.codecov.io/latest/windows/codecov.exe',
+    'https://cli.codecov.io/latest/alpine/codecov',
+    'https://cli.codecov.io/latest/linux-arm64/codecov',
+    'https://cli.codecov.io/latest/alpine-arm64/codecov',
   ]);
 
   expect(PLATFORMS.map((platform) => {
     return getBaseUrl(platform, 'v0.1.0_8880');
   })).toEqual([
-    'https://uploader.codecov.io/v0.1.0_8880/alpine/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/linux/codecov',
-    'https://uploader.codecov.io/v0.1.0_8880/linux/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/macos/codecov',
-    'https://uploader.codecov.io/v0.1.0_8880/macos/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/windows/codecov.exe',
-    'https://uploader.codecov.io/v0.1.0_8880/windows/codecov.exe',
+    'https://cli.codecov.io/v0.1.0_8880/alpine/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/linux-arm64/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/alpine-arm64/codecov',
   ]);
 });
 
 test('isWindows', () => {
   expect(PLATFORMS.map((platform) => {
     return isWindows(platform);
-  })).toEqual([false, false, false, true]);
+  })).toEqual([false, false, true, false, false, false]);
 });
 
 test('isValidPlatform', () => {
   expect(PLATFORMS.map((platform) => {
     return isValidPlatform(platform);
-  })).toEqual([true, true, true, true]);
+  })).toEqual([true, true, true, true, true, true]);
 
   expect(isValidPlatform('fakeos')).toBeFalsy();
 });
+
+test('getCommand', () => {
+  expect(getCommand('path', ['-v', '-x'], 'do-upload'))
+      .toEqual(['path', '-v', '-x', 'do-upload']);
+});
+
+test('setSafeDirectory', async () => {
+  process.env.GITHUB_WORKSPACE = 'testOrg/testRepo';
+  await setSafeDirectory();
+  const testSafeDirectory = ([
+    'git',
+    'config',
+    '--get',
+    'safe.directory',
+  ]).join(' ');
+  const safeDirectory = await exec.getExecOutput(testSafeDirectory);
+  expect(safeDirectory.stdout).toBe('testOrg/testRepo\n');
+});

src/helpers.ts

@@ -1,6 +1,14 @@
 import * as core from '@actions/core';
+import * as exec from '@actions/exec';
 
-const PLATFORMS = ['alpine', 'linux', 'macos', 'windows'];
+const PLATFORMS = [
+  'linux',
+  'macos',
+  'windows',
+  'alpine',
+  'linux-arm64',
+  'alpine-arm64',
+];
 
 const setFailure = (message: string, failCi: boolean): void => {
     failCi ? core.setFailed(message) : core.warning(message);
@@ -44,7 +52,30 @@ const getPlatform = (os?: string): string => {
 };
 
 const getBaseUrl = (platform: string, version: string): string => {
-  return `https://uploader.codecov.io/${version}/${platform}/${getUploaderName(platform)}`;
+  return `https://cli.codecov.io/${version}/${platform}/${getUploaderName(platform)}`;
+};
+
+const getCommand = (
+    filename: string,
+    generalArgs:string[],
+    command: string,
+): string[] => {
+  const fullCommand = [filename, ...generalArgs, command];
+  core.info(`==> Running command '${fullCommand.join(' ')}'`);
+  return fullCommand;
+};
+
+const setSafeDirectory = async () => {
+  const command = ([
+    'git',
+    'config',
+    '--global',
+    '--add',
+    'safe.directory',
+    `${process.env['GITHUB_WORKSPACE']}`,
+  ].join(' '));
+  core.info(`==> Running ${command}`);
+  await exec.exec(command);
 };
 
 export {
@@ -55,4 +86,6 @@ export {
   isValidPlatform,
   isWindows,
   setFailure,
+  setSafeDirectory,
+  getCommand,
 };

src/index.ts

@@ -4,12 +4,19 @@ import * as path from 'path';
 
 import * as exec from '@actions/exec';
 
-import buildExec from './buildExec';
+import {
+  buildCommitExec,
+  buildGeneralExec,
+  buildReportExec,
+  buildUploadExec,
+} from './buildExec';
 import {
   getBaseUrl,
+  getCommand,
   getPlatform,
   getUploaderName,
   setFailure,
+  setSafeDirectory,
 } from './helpers';
 
 import verify from './validate';
@@ -18,7 +25,19 @@ import versionInfo from './version';
 let failCi;
 
 try {
-  const {execArgs, options, failCi, os, uploaderVersion} = buildExec();
+  const {commitExecArgs, commitOptions, commitCommand} = buildCommitExec();
+  const {reportExecArgs, reportOptions, reportCommand} = buildReportExec();
+  const {
+    uploadExecArgs,
+    uploadOptions,
+    disableSafeDirectory,
+    failCi,
+    os,
+    uploaderVersion,
+    uploadCommand,
+  } = buildUploadExec();
+  const {args, verbose} = buildGeneralExec();
+
   const platform = getPlatform(os);
 
   const filename = path.join( __dirname, getUploaderName(platform));
@@ -35,9 +54,12 @@ try {
         }).on('finish', async () => {
           filePath.close();
 
-          await verify(filename, platform, uploaderVersion);
+          await verify(filename, platform, uploaderVersion, verbose, failCi);
           await versionInfo(platform, uploaderVersion);
           await fs.chmodSync(filename, '777');
+          if (!disableSafeDirectory) {
+            await setSafeDirectory();
+          }
 
           const unlink = () => {
             fs.unlink(filename, (err) => {
@@ -49,14 +71,52 @@ try {
               }
             });
           };
-          await exec.exec(filename, execArgs, options)
+          const doUpload = async () => {
-              .catch((err) => {
+            await exec.exec(getCommand(filename, args, uploadCommand).join(' '),
+                uploadExecArgs,
+                uploadOptions)
+                .catch((err) => {
+                  setFailure(
+                      `Codecov:
+                      Failed to properly upload report: ${err.message}`,
+                      failCi,
+                  );
+                });
+          };
+          const createReport = async () => {
+            await exec.exec(
+                getCommand(filename, args, reportCommand).join(' '),
+                reportExecArgs,
+                reportOptions)
+                .then(async (exitCode) => {
+                  if (exitCode == 0) {
+                    await doUpload();
+                  }
+                }).catch((err) => {
+                  setFailure(
+                      `Codecov:
+                      Failed to properly create report: ${err.message}`,
+                      failCi,
+                  );
+                });
+          };
+          await exec.exec(
+              getCommand(
+                  filename,
+                  args,
+                  commitCommand,
+              ).join(' '),
+              commitExecArgs, commitOptions)
+              .then(async (exitCode) => {
+                if (exitCode == 0) {
+                  await createReport();
+                }
+                unlink();
+              }).catch((err) => {
                 setFailure(
-                    `Codecov: Failed to properly upload: ${err.message}`,
+                    `Codecov: Failed to properly create commit: ${err.message}`,
                     failCi,
                 );
-              }).then(() => {
-                unlink();
               });
         });
   });

src/validate.ts

@@ -1,10 +1,10 @@
 import * as crypto from 'crypto';
 import * as fs from 'fs';
+import * as gpg from 'gpg';
 import * as path from 'path';
 
 import * as core from '@actions/core';
-import * as openpgp from 'openpgp';
+import {request} from 'undici';
-import * as fetch from 'node-fetch';
 
 import {
   getBaseUrl,
@@ -16,68 +16,98 @@ const verify = async (
     filename: string,
     platform: string,
     version: string,
+    verbose: boolean,
+    failCi: boolean,
 ): Promise<void> => {
   try {
     const uploaderName = getUploaderName(platform);
 
-    // Read in public key
-    const publicKeyArmored = await fs.readFileSync(
-        path.join(__dirname, 'pgp_keys.asc'),
-        'utf-8',
-    );
-
     // Get SHASUM and SHASUM signature files
     console.log(`${getBaseUrl(platform, version)}.SHA256SUM`);
-    const shasumRes = await fetch.default(
+    const shasumRes = await request(
         `${getBaseUrl(platform, version)}.SHA256SUM`,
     );
-    const shasum = await shasumRes.text();
+    const shasum = await shasumRes.body.text();
+    if (verbose) {
+      console.log(`Received SHA256SUM ${shasum}`);
+    }
+    await fs.writeFileSync(
+        path.join(__dirname, `${uploaderName}.SHA256SUM`),
+        shasum,
+    );
 
-    const shaSigRes = await fetch.default(
+    const shaSigRes = await request(
         `${getBaseUrl(platform, version)}.SHA256SUM.sig`,
     );
-    const shaSig = await shaSigRes.text();
+    const shaSig = await shaSigRes.body.text();
-
+    if (verbose) {
-    // Verify shasum
+      console.log(`Received SHA256SUM signature ${shaSig}`);
-    const verified = await openpgp.verify({
-      message: await openpgp.createMessage({text: shasum}),
-      signature: await openpgp.readSignature({armoredSignature: shaSig}),
-      verificationKeys: await openpgp.readKeys({armoredKeys: publicKeyArmored}),
-    });
-    const valid = await verified.signatures[0].verified;
-    if (valid) {
-      core.info('==> SHASUM file signed by key id ' +
-          verified.signatures[0].keyID.toHex(),
-      );
-    } else {
-      setFailure('Codecov: Error validating SHASUM signature', true);
     }
+    await fs.writeFileSync(
+        path.join(__dirname, `${uploaderName}.SHA256SUM.sig`),
+        shaSig,
+    );
 
-    const calculateHash = async (filename: string) => {
+    const validateSha = async () => {
-      const stream = fs.createReadStream(filename);
+      const calculateHash = async (filename: string) => {
-      const uploaderSha = crypto.createHash(`sha256`);
+        const stream = fs.createReadStream(filename);
-      stream.pipe(uploaderSha);
+        const uploaderSha = crypto.createHash(`sha256`);
+        stream.pipe(uploaderSha);
 
-      return new Promise((resolve, reject) => {
+        return new Promise((resolve, reject) => {
-        stream.on('end', () => resolve(
+          stream.on('end', () => resolve(
-            `${uploaderSha.digest('hex')}  ${uploaderName}`,
+              `${uploaderSha.digest('hex')}  ${uploaderName}`,
-        ));
+          ));
-        stream.on('error', reject);
+          stream.on('error', reject);
+        });
+      };
+
+      const hash = await calculateHash(
+          path.join(__dirname, `${uploaderName}`),
+      );
+      if (hash === shasum) {
+        core.info(`==> Uploader SHASUM verified (${hash})`);
+      } else {
+        setFailure(
+            'Codecov: Uploader shasum does not match -- ' +
+              `uploader hash: ${hash}, public hash: ${shasum}`,
+            failCi,
+        );
+      }
+    };
+
+    const verifySignature = () => {
+      gpg.call('', [
+        '--logger-fd',
+        '1',
+        '--verify',
+        path.join(__dirname, `${uploaderName}.SHA256SUM.sig`),
+        path.join(__dirname, `${uploaderName}.SHA256SUM`),
+      ], async (err, verifyResult) => {
+        if (err) {
+          setFailure('Codecov: Error importing pgp key', failCi);
+        }
+        core.info(verifyResult);
+        await validateSha();
       });
     };
 
-    const hash = await calculateHash(filename);
+    // Import gpg key
-    if (hash === shasum) {
+    gpg.call('', [
-      core.info(`==> Uploader SHASUM verified (${hash})`);
+      '--logger-fd',
-    } else {
+      '1',
-      setFailure(
+      '--no-default-keyring',
-          'Codecov: Uploader shasum does not match -- ' +
+      '--import',
-            `uploader hash: ${hash}, public hash: ${shasum}`,
+      path.join(__dirname, 'pgp_keys.asc'),
-          true,
+    ], async (err, importResult) => {
-      );
+      if (err) {
-    }
+        setFailure('Codecov: Error importing pgp key', failCi);
+      }
+      core.info(importResult);
+      verifySignature();
+    });
   } catch (err) {
-    setFailure(`Codecov: Error validating uploader: ${err.message}`, true);
+    setFailure(`Codecov: Error validating uploader: ${err.message}`, failCi);
   }
 };
 export default verify;

src/version.ts

@@ -1,19 +1,17 @@
 import * as core from '@actions/core';
-import * as fetch from 'node-fetch';
+import {request} from 'undici';
 
 const versionInfo = async (
     platform: string,
-    version?: string,
+    version: string,
 ): Promise<void> => {
-  if (version) {
+  core.info(`==> Running version ${version}`);
-    core.info(`==> Running version ${version}`);
-  }
 
   try {
-    const metadataRes = await fetch.default( `https://uploader.codecov.io/${platform}/latest`, {
+    const metadataRes = await request(`https://cli.codecov.io/${platform}/${version}`, {
       headers: {'Accept': 'application/json'},
     });
-    const metadata = await metadataRes.json();
+    const metadata = await metadataRes.body.json();
     core.info(`==> Running version ${metadata['version']}`);
   } catch (err) {
     core.info(`Could not pull latest version information: ${err}`);