release: update changelog and version to 3.1.1 (#828)

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.8.2 to 1.9.1.
- [Release notes](https://github.com/actions/toolkit/releases)
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '24 6 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/main.yml

@@ -15,6 +15,7 @@ jobs:
           files: ./coverage/script/coverage-final.json
           flags: script,${{ matrix.os }}
           name: codecov-script
+          verbose: true
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
@@ -22,6 +23,7 @@ jobs:
           file: ./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
           name: codecov-demo
+          verbose: true
       - name: Upload coverage to Codecov (version)
         uses: ./
         with:
@@ -30,6 +32,7 @@ jobs:
           flags: version,${{ matrix.os }}
           name: codecov-version
           version: v0.1.0_8880
+          verbose: true
   run:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -50,6 +53,7 @@ jobs:
           files: ./coverage/script/coverage-final.json
           flags: script,${{ matrix.os }}
           name: codecov-script
+          verbose: true
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
@@ -57,6 +61,7 @@ jobs:
           file: ./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
           name: codecov-demo
+          verbose: true
       - name: Upload coverage to Codecov (version)
         uses: ./
         with:
@@ -65,3 +70,4 @@ jobs:
           flags: version,${{ matrix.os }}
           name: codecov-version
           version: v0.1.0_8880
+          verbose: true

.github/workflows/scorecards-analysis.yml

@@ -0,0 +1,61 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '43 20 * * 1'
+  push:
+    branches: [ master ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge. (Upcoming feature)
+      id-token: write
+      actions: read
+      contents: read
+    
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # v1.1.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results. 
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless 
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+      
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26
+        with:
+          sarif_file: results.sarif

CHANGELOG.md

@@ -1,3 +1,41 @@
+## 3.1.1
+### Fixes
+- #661 Update deprecation warning
+- #593 Create codeql-analysis.yml
+- #712 README: fix typo
+- #725 fix: Remove a blank row
+- #726 Update README.md with correct badge version
+- #633 Create scorecards-analysis.yml
+- #747 fix: add more verbosity to validation
+- #750 Regenerate scorecards-analysis.yml
+- #774 Switch to v3
+- #783 Fix network entry in table
+- #791 Trim arguments after splitting them
+- #769 Plumb failCi into verification function.
+
+### Dependencies
+- #713 build(deps-dev): bump typescript from 4.6.3 to 4.6.4
+- #714 build(deps): bump node-fetch from 3.2.3 to 3.2.4
+- #724 build(deps): bump github/codeql-action from 1 to 2
+- #717 build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0
+- #729 build(deps-dev): bump @types/node from 17.0.25 to 17.0.33
+- #734 build(deps-dev): downgrade @types/node to 16.11.35
+- #723 build(deps): bump actions/checkout from 2 to 3
+- #733 build(deps): bump @actions/github from 5.0.1 to 5.0.3
+- #732 build(deps): bump @actions/core from 1.6.0 to 1.8.2
+- #737 build(deps-dev): bump @types/node from 16.11.35 to 16.11.36
+- #749 build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0
+- #755 build(deps-dev): bump typescript from 4.6.4 to 4.7.3
+- #759 build(deps-dev): bump @types/node from 16.11.36 to 16.11.39
+- #762 build(deps-dev): bump @types/node from 16.11.39 to 16.11.40
+- #746 build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0
+- #757 build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1
+- #760 build(deps): bump openpgp from 5.2.1 to 5.3.0
+- #748 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
+- #766 build(deps-dev): bump typescript from 4.7.3 to 4.7.4
+- #799 build(deps): bump openpgp from 5.3.0 to 5.4.0
+- #798 build(deps): bump @actions/core from 1.8.2 to 1.9.1
+
 ## 3.1.0
 ### Features
 - #699 Incorporate `xcode` arguments for the Codecov uploader

README.md

@@ -1,30 +1,30 @@
 # Codecov GitHub Action
 
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v2-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v3-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
 >The latest release of this Action adds support for tokenless uploads from GitHub Actions!
 
-## ⚠️  Deprecration of v1
-**On February 1, 2022, this version will be fully sunset and no longer function**
+## ⚠️  Deprecation of v1
+**As of February 1, 2022, v1 has been fully sunset and no longer functions**
 
 Due to the [deprecation](https://about.codecov.io/blog/introducing-codecovs-new-uploader/) of the underlying bash uploader,
-the Codecov GitHub Action has released `v2` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
+the Codecov GitHub Action has released `v2`/`v3` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
 more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
 
 We will be restricting any updates to the `v1` Action to security updates and hotfixes.
 
-### Migration from `v1` to `v2`
-The `v2` uploader has a few breaking changes for users
+### Migration from `v1` to `v3`
+The `v3` uploader has a few breaking changes for users
 - Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably
 many of the `functionalities` and `gcov_` arguments have been removed. Please check the documentation
 below for the full list.
 
 ## Usage
 
-To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v2` is recommended) as a `step` within your `workflow.yml` file.
+To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v3` is recommended) as a `step` within your `workflow.yml` file.
 
 If you have a *private repository*, this Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, store it as a `secret`). Optionally, you can choose to include up to four additional inputs to customize the upload context. **For public repositories, no token is needed**
 
@@ -33,7 +33,7 @@ Inside your `.github/workflows/workflow.yml` file:
 ```yaml
 steps:
 - uses: actions/checkout@master
-- uses: codecov/codecov-action@v2
+- uses: codecov/codecov-action@v3
   with:
     token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
     files: ./coverage1.xml,./coverage2.xml # optional
@@ -55,12 +55,11 @@ Codecov's Action currently supports five inputs from the user: `token`, `file`,
 | `directory` | Directory to search for coverage reports. | Optional
 | `dry_run` | Don't upload files to Codecov | Optional
 | `flags`  | Flag the upload to group coverage metrics (unittests, uitests, etc.). Multiple flags are separated by a comma (ui,chrome) | Optional
-| | |
 | `commit_parent` | The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository provider's API, the parent is determined via finding the closest ancestor to the commit. | Optional
 | `env_vars`  | Environment variables to tag the upload with. Multiple env variables can be separated with commas (e.g. `OS,PYTHON`) | Optional
 | `fail_ci_if_error`  | Specify if CI pipeline should fail when Codecov runs into errors during upload. *Defaults to **false*** | Optional
 | `functionalities` | Toggle functionalities | Optional
-| | `network` Disable uploading the file network |
+| `network` | Disable uploading the file network | Optional
 | `gcov` | Run with gcov support | Optional
 | `gcov_args` | Extra arguments to pass to gcov | Optional
 | `gcov_ignore` | Paths to ignore during gcov gathering | Optional
@@ -109,7 +108,7 @@ jobs:
         pip install pytest-cov
         pytest --cov=./ --cov-report=xml
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v2
+      uses: codecov/codecov-action@v3
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         directory: ./coverage/reports/

package-lock.json

@@ -1,40 +1,49 @@
 {
   "name": "codecov-action",
-  "version": "3.1.0",
+  "version": "3.1.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "codecov-action",
-      "version": "3.1.0",
+      "version": "3.1.1",
       "license": "MIT",
       "dependencies": {
-        "@actions/core": "^1.6.0",
+        "@actions/core": "^1.9.1",
         "@actions/exec": "^1.1.1",
-        "@actions/github": "^5.0.1",
-        "node-fetch": "^3.2.3",
-        "openpgp": "^5.2.1"
+        "@actions/github": "^5.0.3",
+        "node-fetch": "^3.2.4",
+        "openpgp": "5.4"
       },
       "devDependencies": {
-        "@types/jest": "^27.4.1",
-        "@types/node": "^17.0.25",
+        "@types/jest": "^27.5.0",
+        "@types/node": "^16.11.40",
         "@typescript-eslint/eslint-plugin": "^4.29.2",
         "@typescript-eslint/parser": "^4.29.2",
-        "@vercel/ncc": "^0.33.4",
+        "@vercel/ncc": "^0.34.0",
         "eslint": "^7.32.0",
         "eslint-config-google": "^0.14.0",
         "jest": "^26.6.3",
         "jest-junit": "^13.2.0",
         "ts-jest": "^26.5.6",
-        "typescript": "^4.6.3"
+        "typescript": "^4.7.4"
       }
     },
     "node_modules/@actions/core": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz",
-      "integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==",
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
+      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
       "dependencies": {
-        "@actions/http-client": "^1.0.11"
+        "@actions/http-client": "^2.0.1",
+        "uuid": "^8.3.2"
+      }
+    },
+    "node_modules/@actions/core/node_modules/@actions/http-client": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
+      "dependencies": {
+        "tunnel": "^0.0.6"
       }
     },
     "node_modules/@actions/exec": {
@@ -46,22 +55,22 @@
       }
     },
     "node_modules/@actions/github": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.0.1.tgz",
-      "integrity": "sha512-JZGyPM9ektb8NVTTI/2gfJ9DL7Rk98tQ7OVyTlgTuaQroariRBsOnzjy0I2EarX4xUZpK88YyO503fhmjFdyAg==",
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.0.3.tgz",
+      "integrity": "sha512-myjA/pdLQfhUGLtRZC/J4L1RXOG4o6aYdiEq+zr5wVVKljzbFld+xv10k1FX6IkIJtNxbAq44BdwSNpQ015P0A==",
       "dependencies": {
-        "@actions/http-client": "^1.0.11",
+        "@actions/http-client": "^2.0.1",
         "@octokit/core": "^3.6.0",
         "@octokit/plugin-paginate-rest": "^2.17.0",
         "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
       }
     },
-    "node_modules/@actions/http-client": {
-      "version": "1.0.11",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
-      "integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
+    "node_modules/@actions/github/node_modules/@actions/http-client": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+      "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
       "dependencies": {
-        "tunnel": "0.0.6"
+        "tunnel": "^0.0.6"
       }
     },
     "node_modules/@actions/io": {
@@ -1304,9 +1313,9 @@
       }
     },
     "node_modules/@types/jest": {
-      "version": "27.4.1",
-      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-27.4.1.tgz",
-      "integrity": "sha512-23iPJADSmicDVrWk+HT58LMJtzLAnB2AgIzplQuq/bSrGaxCrlvRFjGbXmamnnk/mAmCdLStiGqggu28ocUyiw==",
+      "version": "27.5.0",
+      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-27.5.0.tgz",
+      "integrity": "sha512-9RBFx7r4k+msyj/arpfaa0WOOEcaAZNmN+j80KFbFCoSqCJGHTz7YMAMGQW9Xmqm5w6l5c25vbSjMwlikJi5+g==",
       "dev": true,
       "dependencies": {
         "jest-matcher-utils": "^27.0.0",
@@ -1320,9 +1329,9 @@
       "dev": true
     },
     "node_modules/@types/node": {
-      "version": "17.0.25",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.25.tgz",
-      "integrity": "sha512-wANk6fBrUwdpY4isjWrKTufkrXdu1D2YHCot2fD/DfWxF5sMrVSA+KN7ydckvaTCh0HiqX9IVl0L5/ZoXg5M7w==",
+      "version": "16.11.40",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.40.tgz",
+      "integrity": "sha512-7bOWglXUO6f21NG3YDI7hIpeMX3M59GG+DzZuzX2EkFKYUnRoxq3EOg4R0KNv2hxryY9M3UUqG5akwwsifrukw==",
       "dev": true
     },
     "node_modules/@types/normalize-package-data": {
@@ -1516,9 +1525,9 @@
       }
     },
     "node_modules/@vercel/ncc": {
-      "version": "0.33.4",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.33.4.tgz",
-      "integrity": "sha512-ln18hs7dMffelP47tpkaR+V5Tj6coykNyxJrlcmCormPqRQjB/Gv4cu2FfBG+PMzIfdZp2CLDsrrB1NPU22Qhg==",
+      "version": "0.34.0",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
+      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
       "dev": true,
       "bin": {
         "ncc": "dist/ncc/cli.js"
@@ -5302,9 +5311,9 @@
       }
     },
     "node_modules/node-fetch": {
-      "version": "3.2.3",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.2.3.tgz",
-      "integrity": "sha512-AXP18u4pidSZ1xYXRDPY/8jdv3RAozIt/WLNR/MBGZAz+xjtlr90RvCnsvHQRiXyWliZF/CpytExp32UU67/SA==",
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.2.4.tgz",
+      "integrity": "sha512-WvYJRN7mMyOLurFR2YpysQGuwYrJN+qrrpHjJDuKMcSPdfFccRUla/kng2mz6HWSBxJcqPbvatS6Gb4RhOzCJw==",
       "dependencies": {
         "data-uri-to-buffer": "^4.0.0",
         "fetch-blob": "^3.1.4",
@@ -5526,9 +5535,9 @@
       }
     },
     "node_modules/openpgp": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.2.1.tgz",
-      "integrity": "sha512-zvu63kxe70q3D6WlKC/TB2pzI59I8V/l4G+z/VYgNVOyARsoH9q4i/WqwoHPjWG5HnRjhII3WSvp3gXH2DMPVg==",
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.4.0.tgz",
+      "integrity": "sha512-XgQnK8SYy4Ycg9BDvrXTE4foMwME/+1EfGZWZirUU2VPzU1X3xx094fChjbP10+gUJifAcoWTsT2zAbdhFUxyg==",
       "dependencies": {
         "asn1.js": "^5.0.0"
       },
@@ -7354,9 +7363,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "4.6.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz",
-      "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==",
+      "version": "4.7.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz",
+      "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==",
       "dev": true,
       "bin": {
         "tsc": "bin/tsc",
@@ -7481,7 +7490,6 @@
       "version": "8.3.2",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
       "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
-      "dev": true,
       "bin": {
         "uuid": "dist/bin/uuid"
       }
@@ -7760,11 +7768,22 @@
   },
   "dependencies": {
     "@actions/core": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.6.0.tgz",
-      "integrity": "sha512-NB1UAZomZlCV/LmJqkLhNTqtKfFXJZAUPcfl/zqG7EfsQdeUJtaWO98SGbuQ3pydJ3fHl2CvI/51OKYlCYYcaw==",
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.9.1.tgz",
+      "integrity": "sha512-5ad+U2YGrmmiw6du20AQW5XuWo7UKN2052FjSV7MX+Wfjf8sCqcsZe62NfgHys4QI4/Y+vQvLKYL8jWtA1ZBTA==",
       "requires": {
-        "@actions/http-client": "^1.0.11"
+        "@actions/http-client": "^2.0.1",
+        "uuid": "^8.3.2"
+      },
+      "dependencies": {
+        "@actions/http-client": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+          "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
+          "requires": {
+            "tunnel": "^0.0.6"
+          }
+        }
       }
     },
     "@actions/exec": {
@@ -7776,22 +7795,24 @@
       }
     },
     "@actions/github": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.0.1.tgz",
-      "integrity": "sha512-JZGyPM9ektb8NVTTI/2gfJ9DL7Rk98tQ7OVyTlgTuaQroariRBsOnzjy0I2EarX4xUZpK88YyO503fhmjFdyAg==",
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.0.3.tgz",
+      "integrity": "sha512-myjA/pdLQfhUGLtRZC/J4L1RXOG4o6aYdiEq+zr5wVVKljzbFld+xv10k1FX6IkIJtNxbAq44BdwSNpQ015P0A==",
       "requires": {
-        "@actions/http-client": "^1.0.11",
+        "@actions/http-client": "^2.0.1",
         "@octokit/core": "^3.6.0",
         "@octokit/plugin-paginate-rest": "^2.17.0",
         "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
-      }
       },
+      "dependencies": {
         "@actions/http-client": {
-      "version": "1.0.11",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-1.0.11.tgz",
-      "integrity": "sha512-VRYHGQV1rqnROJqdMvGUbY/Kn8vriQe/F9HR2AlYHzmKuM/p3kjNuXhmdBfcVgsvRWTz5C5XW5xvndZrVBuAYg==",
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.0.1.tgz",
+          "integrity": "sha512-PIXiMVtz6VvyaRsGY268qvj57hXQEpsYogYOu2nrQhlf+XCGmZstmuZBbAybUl1nQGnvS1k1eEsQ69ZoD7xlSw==",
           "requires": {
-        "tunnel": "0.0.6"
+            "tunnel": "^0.0.6"
+          }
+        }
       }
     },
     "@actions/io": {
@@ -8810,9 +8831,9 @@
       }
     },
     "@types/jest": {
-      "version": "27.4.1",
-      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-27.4.1.tgz",
-      "integrity": "sha512-23iPJADSmicDVrWk+HT58LMJtzLAnB2AgIzplQuq/bSrGaxCrlvRFjGbXmamnnk/mAmCdLStiGqggu28ocUyiw==",
+      "version": "27.5.0",
+      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-27.5.0.tgz",
+      "integrity": "sha512-9RBFx7r4k+msyj/arpfaa0WOOEcaAZNmN+j80KFbFCoSqCJGHTz7YMAMGQW9Xmqm5w6l5c25vbSjMwlikJi5+g==",
       "dev": true,
       "requires": {
         "jest-matcher-utils": "^27.0.0",
@@ -8826,9 +8847,9 @@
       "dev": true
     },
     "@types/node": {
-      "version": "17.0.25",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.25.tgz",
-      "integrity": "sha512-wANk6fBrUwdpY4isjWrKTufkrXdu1D2YHCot2fD/DfWxF5sMrVSA+KN7ydckvaTCh0HiqX9IVl0L5/ZoXg5M7w==",
+      "version": "16.11.40",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.40.tgz",
+      "integrity": "sha512-7bOWglXUO6f21NG3YDI7hIpeMX3M59GG+DzZuzX2EkFKYUnRoxq3EOg4R0KNv2hxryY9M3UUqG5akwwsifrukw==",
       "dev": true
     },
     "@types/normalize-package-data": {
@@ -8948,9 +8969,9 @@
       }
     },
     "@vercel/ncc": {
-      "version": "0.33.4",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.33.4.tgz",
-      "integrity": "sha512-ln18hs7dMffelP47tpkaR+V5Tj6coykNyxJrlcmCormPqRQjB/Gv4cu2FfBG+PMzIfdZp2CLDsrrB1NPU22Qhg==",
+      "version": "0.34.0",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.34.0.tgz",
+      "integrity": "sha512-G9h5ZLBJ/V57Ou9vz5hI8pda/YQX5HQszCs3AmIus3XzsmRn/0Ptic5otD3xVST8QLKk7AMk7AqpsyQGN7MZ9A==",
       "dev": true
     },
     "abab": {
@@ -11869,9 +11890,9 @@
       "integrity": "sha512-/jKZoMpw0F8GRwl4/eLROPA3cfcXtLApP0QzLmUT/HuPCZWyB7IY9ZrMeKw2O/nFIqPQB3PVM9aYm0F312AXDQ=="
     },
     "node-fetch": {
-      "version": "3.2.3",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.2.3.tgz",
-      "integrity": "sha512-AXP18u4pidSZ1xYXRDPY/8jdv3RAozIt/WLNR/MBGZAz+xjtlr90RvCnsvHQRiXyWliZF/CpytExp32UU67/SA==",
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.2.4.tgz",
+      "integrity": "sha512-WvYJRN7mMyOLurFR2YpysQGuwYrJN+qrrpHjJDuKMcSPdfFccRUla/kng2mz6HWSBxJcqPbvatS6Gb4RhOzCJw==",
       "requires": {
         "data-uri-to-buffer": "^4.0.0",
         "fetch-blob": "^3.1.4",
@@ -12050,9 +12071,9 @@
       }
     },
     "openpgp": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.2.1.tgz",
-      "integrity": "sha512-zvu63kxe70q3D6WlKC/TB2pzI59I8V/l4G+z/VYgNVOyARsoH9q4i/WqwoHPjWG5HnRjhII3WSvp3gXH2DMPVg==",
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/openpgp/-/openpgp-5.4.0.tgz",
+      "integrity": "sha512-XgQnK8SYy4Ycg9BDvrXTE4foMwME/+1EfGZWZirUU2VPzU1X3xx094fChjbP10+gUJifAcoWTsT2zAbdhFUxyg==",
       "requires": {
         "asn1.js": "^5.0.0"
       }
@@ -13445,9 +13466,9 @@
       }
     },
     "typescript": {
-      "version": "4.6.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.6.3.tgz",
-      "integrity": "sha512-yNIatDa5iaofVozS/uQJEl3JRWLKKGJKh6Yaiv0GLGSuhpFJe7P3SbHZ8/yjAHRQwKRoA6YZqlfjXWmVzoVSMw==",
+      "version": "4.7.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.7.4.tgz",
+      "integrity": "sha512-C0WQT0gezHuw6AdY1M2jxUO83Rjf0HP7Sk1DtXj6j1EwkQNZrHAg2XPWlq62oqEhYvONq5pkC2Y9oPljWToLmQ==",
       "dev": true
     },
     "union-value": {
@@ -13545,8 +13566,7 @@
     "uuid": {
       "version": "8.3.2",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
-      "dev": true
+      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
     },
     "v8-compile-cache": {
       "version": "2.3.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codecov-action",
-  "version": "3.1.0",
+  "version": "3.1.1",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
@@ -23,23 +23,23 @@
   },
   "homepage": "https://github.com/codecov/codecov-action#readme",
   "dependencies": {
-    "@actions/core": "^1.6.0",
+    "@actions/core": "^1.9.1",
     "@actions/exec": "^1.1.1",
-    "@actions/github": "^5.0.1",
-    "node-fetch": "^3.2.3",
-    "openpgp": "^5.2.1"
+    "@actions/github": "^5.0.3",
+    "node-fetch": "^3.2.4",
+    "openpgp": "5.4"
   },
   "devDependencies": {
-    "@types/jest": "^27.4.1",
-    "@types/node": "^17.0.25",
+    "@types/jest": "^27.5.0",
+    "@types/node": "^16.11.40",
     "@typescript-eslint/eslint-plugin": "^4.29.2",
     "@typescript-eslint/parser": "^4.29.2",
-    "@vercel/ncc": "^0.33.4",
+    "@vercel/ncc": "^0.34.0",
     "eslint": "^7.32.0",
     "eslint-config-google": "^0.14.0",
     "jest": "^26.6.3",
     "jest-junit": "^13.2.0",
     "ts-jest": "^26.5.6",
-    "typescript": "^4.6.3"
+    "typescript": "^4.7.4"
   }
 }

src/buildExec.test.ts

@@ -122,3 +122,84 @@ test('all arguments', () => {
     delete process.env['INPUT_' + env.toUpperCase()];
   }
 });
+
+describe('trim arguments after splitting them', () => {
+  const baseExpectation = [
+    '-n',
+    expect.stringContaining(''),
+    '-Q',
+    expect.stringContaining('github-action'),
+  ];
+
+  test('files', () => {
+    const envs = {'files': './client-coverage.txt, ./lcov.info'};
+
+    for (const [name, value] of Object.entries(envs)) {
+      process.env['INPUT_' + name.toUpperCase()] = value;
+    }
+
+    const {execArgs} = buildExec();
+
+    expect(execArgs).toEqual(
+        expect.arrayContaining([
+          ...baseExpectation,
+          '-f',
+          './client-coverage.txt',
+          '-f',
+          './lcov.info',
+        ]),
+    );
+
+    for (const env of Object.keys(envs)) {
+      delete process.env['INPUT_' + env.toUpperCase()];
+    }
+  });
+
+  test('flags', () => {
+    const envs = {'flags': 'ios, mobile'};
+
+    for (const [name, value] of Object.entries(envs)) {
+      process.env['INPUT_' + name.toUpperCase()] = value;
+    }
+
+    const {execArgs} = buildExec();
+
+    expect(execArgs).toEqual(
+        expect.arrayContaining([
+          ...baseExpectation,
+          '-F',
+          'ios',
+          '-F',
+          'mobile',
+        ]),
+    );
+
+    for (const env of Object.keys(envs)) {
+      delete process.env['INPUT_' + env.toUpperCase()];
+    }
+  });
+
+  test('functionalities', () => {
+    const envs = {'functionalities': 'network, gcov'};
+
+    for (const [name, value] of Object.entries(envs)) {
+      process.env['INPUT_' + name.toUpperCase()] = value;
+    }
+
+    const {execArgs} = buildExec();
+
+    expect(execArgs).toEqual(
+        expect.arrayContaining([
+          ...baseExpectation,
+          '-X',
+          'network',
+          '-X',
+          'gcov',
+        ]),
+    );
+
+    for (const env of Object.keys(envs)) {
+      delete process.env['INPUT_' + env.toUpperCase()];
+    }
+  });
+});

src/buildExec.ts

@@ -91,7 +91,7 @@ const buildExec = () => {
     execArgs.push('-e', envVarsArg.join(','));
   }
   if (functionalities) {
-    functionalities.split(',').forEach((f) => {
+    functionalities.split(',').map((f) => f.trim()).forEach((f) => {
       execArgs.push('-X', `${f}`);
     });
   }
@@ -102,12 +102,12 @@ const buildExec = () => {
     execArgs.push('-f', `${file}`);
   }
   if (files) {
-    files.split(',').forEach((f) => {
+    files.split(',').map((f) => f.trim()).forEach((f) => {
       execArgs.push('-f', `${f}`);
     });
   }
   if (flags) {
-    flags.split(',').forEach((f) => {
+    flags.split(',').map((f) => f.trim()).forEach((f) => {
       execArgs.push('-F', `${f}`);
     });
   }
@@ -176,7 +176,11 @@ const buildExec = () => {
     uploaderVersion = 'latest';
   }
 
-  return {execArgs, options, failCi, os, uploaderVersion};
+  if (verbose) {
+    console.debug({execArgs});
+  }
+
+  return {execArgs, options, failCi, os, uploaderVersion, verbose};
 };
 
 export default buildExec;

src/index.ts

@@ -18,7 +18,7 @@ import versionInfo from './version';
 let failCi;
 
 try {
-  const {execArgs, options, failCi, os, uploaderVersion} = buildExec();
+  const {execArgs, options, failCi, os, uploaderVersion, verbose} = buildExec();
   const platform = getPlatform(os);
 
   const filename = path.join( __dirname, getUploaderName(platform));
@@ -35,7 +35,7 @@ try {
         }).on('finish', async () => {
           filePath.close();
 
-          await verify(filename, platform, uploaderVersion);
+          await verify(filename, platform, uploaderVersion, verbose, failCi);
           await versionInfo(platform, uploaderVersion);
           await fs.chmodSync(filename, '777');
 

src/validate.ts

@@ -16,6 +16,8 @@ const verify = async (
     filename: string,
     platform: string,
     version: string,
+    verbose: boolean,
+    failCi: boolean,
 ): Promise<void> => {
   try {
     const uploaderName = getUploaderName(platform);
@@ -32,11 +34,17 @@ const verify = async (
         `${getBaseUrl(platform, version)}.SHA256SUM`,
     );
     const shasum = await shasumRes.text();
+    if (verbose) {
+      console.log(`Received SHA256SUM ${shasum}`);
+    }
 
     const shaSigRes = await fetch.default(
         `${getBaseUrl(platform, version)}.SHA256SUM.sig`,
     );
     const shaSig = await shaSigRes.text();
+    if (verbose) {
+      console.log(`Received SHA256SUM signature ${shaSig}`);
+    }
 
     // Verify shasum
     const verified = await openpgp.verify({
@@ -50,7 +58,7 @@ const verify = async (
           verified.signatures[0].keyID.toHex(),
       );
     } else {
-      setFailure('Codecov: Error validating SHASUM signature', true);
+      setFailure('Codecov: Error validating SHASUM signature', failCi);
     }
 
     const calculateHash = async (filename: string) => {
@@ -73,11 +81,11 @@ const verify = async (
       setFailure(
           'Codecov: Uploader shasum does not match -- ' +
             `uploader hash: ${hash}, public hash: ${shasum}`,
-          true,
+          failCi,
       );
     }
   } catch (err) {
-    setFailure(`Codecov: Error validating uploader: ${err.message}`, true);
+    setFailure(`Codecov: Error validating uploader: ${err.message}`, failCi);
   }
 };
 export default verify;