fix: show both token uses in readme (#1250)

* fix: add all args from cli

* chore(release): bump to 4.0.1

.github/workflows/codeql-analysis.yml

@@ -37,11 +37,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4.0.0
+      uses: actions/checkout@v4.1.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2.21.7
+      uses: github/codeql-action/init@v3.23.2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2.21.7
+      uses: github/codeql-action/autobuild@v3.23.2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2.21.7
+      uses: github/codeql-action/analyze@v3.23.2

.github/workflows/enforce-license-compliance.yml

@@ -0,0 +1,14 @@
+name: Enforce License Compliance
+
+on:
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  enforce-license-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Enforce License Compliance'
+        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
+        with:
+          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}

.github/workflows/main.yml

@@ -1,49 +1,14 @@
 name: Workflow for Codecov Action
 on: [push, pull_request]
 jobs:
-  no-deps:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.0.0
-      - name: Upload coverage to Codecov (script)
-        uses: ./
-        with:
-          files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
-          name: codecov-script
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (demo)
-        uses: ./
-        with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
-          file: ./coverage/coverage-final.json
-          flags: demo,${{ matrix.os }}
-          name: codecov-demo
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (version)
-        uses: ./
-        with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
-          file: ./coverage/coverage-final.json
-          flags: version,${{ matrix.os }}
-          name: codecov-version
-          version: v0.2.0
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
   run:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
+        os: [macos-latest, windows-latest, ubuntu-latest, macos-latest-xlarge]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.0.0
+        uses: actions/checkout@v4.1.1
       - name: Install dependencies
         run: npm install
       - name: Lint
@@ -76,4 +41,4 @@ jobs:
           name: codecov-version
           version: v0.2.0
           verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/scorecards-analysis.yml

@@ -24,12 +24,12 @@ jobs:
     
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.0.0 # v3.0.0
+        uses: actions/checkout@v4.1.1 # v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -48,7 +48,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
         with:
           name: SARIF file
           path: results.sarif
@@ -56,6 +56,6 @@ jobs:
       
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v2.21.7 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.23.2 # v1.0.26
         with:
           sarif_file: results.sarif

Makefile

@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat package.json | grep '"version": ' | cut -d\" -f4))
-	git tag -d v3
-	git push origin :v3
-	git tag v3
+	git tag -d v4
+	git push origin :v4
+	git tag v4
 	git tag v$(VERSION) -s -m ""
 	git push origin --tags

README.md

@@ -5,45 +5,59 @@
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
-## v4 Beta Release
-`v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov. Currently, `v4` is in beta.
+## v4 Release
+`v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov.
 
 Breaking Changes
-- No current support for `aarch64` and `alpine` architectures.
-- Tokenless uploading is unsupported
+- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token)
 - Various arguments to the Action have been removed
 
-`v3` versions and below will not have access to CLI features (e.g. global upload token).
-
-## ⚠️  Deprecation of v1
-**As of February 1, 2022, v1 has been fully sunset and no longer functions**
-
-Due to the [deprecation](https://about.codecov.io/blog/introducing-codecovs-new-uploader/) of the underlying bash uploader,
-the Codecov GitHub Action has released `v2`/`v3` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
-more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
-
-We will be restricting any updates to the `v1` Action to security updates and hotfixes.
+`v3` versions and below will not have access to CLI features (e.g. global upload token, ATS).
 
 ## Usage
 
-To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v3` is recommended) as a `step` within your `workflow.yml` file.
+To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v4` is recommended) as a `step` within your `workflow.yml` file.
 
-If you have a *private repository*, this Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, store it as a `secret`). Optionally, you can choose to include up to four additional inputs to customize the upload context. **For public repositories, no token is needed**
+This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`).
+
+Currently, the Action will identify linux, macos, and windows runners. However, the Action may misidentify other architectures. The OS can be specified as
+- alpine
+- alpine-arm64
+- linux
+- linux-arm64
+- macos
+- windows
 
 Inside your `.github/workflows/workflow.yml` file:
 
 ```yaml
 steps:
 - uses: actions/checkout@master
-- uses: codecov/codecov-action@v3
+- uses: codecov/codecov-action@v4
   with:
-    token: ${{ secrets.CODECOV_TOKEN }}
+    fail_ci_if_error: true # optional (default = false)
     files: ./coverage1.xml,./coverage2.xml # optional
     flags: unittests # optional
     name: codecov-umbrella # optional
-    fail_ci_if_error: true # optional (default = false)
+    token: ${{ secrets.CODECOV_TOKEN }} # required
     verbose: true # optional (default = false)
 ```
+
+The Codecov token can also be passed in via environment variables:
+
+```yaml
+steps:
+- uses: actions/checkout@master
+- uses: codecov/codecov-action@v4
+  with:
+    fail_ci_if_error: true # optional (default = false)
+    files: ./coverage1.xml,./coverage2.xml # optional
+    flags: unittests # optional
+    name: codecov-umbrella # optional
+    verbose: true # optional (default = false)
+  env:
+    CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+```
 >**Note**: This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
 
 ## Arguments
@@ -118,15 +132,15 @@ jobs:
         pip install pytest-cov
         pytest --cov=./ --cov-report=xml
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@v4
       with:
-        token: ${{ secrets.CODECOV_TOKEN }}
         directory: ./coverage/reports/
         env_vars: OS,PYTHON
         fail_ci_if_error: true
         files: ./coverage1.xml,./coverage2.xml,!./cache
         flags: unittests
         name: codecov-umbrella
+        token: ${{ secrets.CODECOV_TOKEN }}
         verbose: true
 ```
 ## Contributing

action.yml

@@ -5,17 +5,20 @@ inputs:
   token:
     description: 'Repository upload token - get it from codecov.io. Required only for private repositories'
     required: false
-  file:
-    description: 'Path to coverage file to upload'
+  codecov_yml_path:
+    description: 'Specify the path to the Codecov YML'
     required: false
-  files:
-    description: 'Comma-separated list of files to upload'
+  commit_parent:
+    description: 'Override to specify the parent commit SHA'
     required: false
   directory:
     description: 'Directory to search for coverage reports.'
     required: false
-  flags:
-    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
+  disable_search:
+    description: 'Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option.'
+    required: false
+  disable_file_fixes:
+    description: 'Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets)'
     required: false
   dry_run:
     description: "Don't upload files to Codecov"
@@ -23,11 +26,26 @@ inputs:
   env_vars:
     description: 'Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)'
     required: false
+  exclude:
+    description: 'Folders to exclude from search'
+    required: false
   fail_ci_if_error:
     description: 'Specify whether or not CI build should fail if Codecov runs into an error during upload'
     required: false
-  gcov:
-    description: 'Run with gcov support'
+  file:
+    description: 'Path to coverage file to upload'
+    required: false
+  files:
+    description: 'Comma-separated list of files to upload'
+    required: false
+  flags:
+    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
+    required: false
+  handle_no_reports_found:
+    description: 'Raise no exceptions when no coverage reports found'
+    required: false
+  job_code:
+    description: 'The job code'
     required: false
   name:
     description: 'User defined upload name. Visible in Codecov UI'
@@ -41,21 +59,36 @@ inputs:
   override_build:
     description: 'Specify the build number'
     required: false
+  override_build_url:
+    description: 'The URL of the build where this is running'
+    required: false
   override_commit:
     description: 'Specify the commit SHA'
     required: false
   override_pr:
     description: 'Specify the pull request number'
     required: false
+  plugin:
+    description: 'plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all.'
+    required: false
   plugins:
     description: 'Comma-separated list of plugins for use during upload.'
     required: false
+  report_code:
+    description: 'The code of the report. If unsure, do not include'
+    required: false
   root_dir:
     description: 'Used when not in git/hg project to identify project root directory'
     required: false
   slug:
     description: 'Specify the slug manually (Enterprise use)'
     required: false
+  url:
+    description: 'Specify the base url to upload (Enterprise use)'
+    required: false
+  use_legacy_upload_endpoint:
+    description: 'Use the legacy upload endpoint'
+    required: false
   verbose:
     description: 'Specify whether the Codecov output should be verbose'
     required: false
@@ -69,5 +102,5 @@ branding:
   color: 'red'
   icon: 'umbrella'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/index.js'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codecov-action",
-  "version": "4.0.0-beta.3",
+  "version": "4.0.1",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
@@ -25,21 +25,20 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
-    "@actions/github": "^5.1.1",
-    "node-fetch": "^3.3.2",
-    "openpgp": "5.10"
+    "@actions/github": "^6.0.0",
+    "gpg": "^0.6.0",
+    "undici": "5.28.2"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.5",
-    "@types/node": "^20.6.3",
-    "@typescript-eslint/eslint-plugin": "^6.7.2",
-    "@typescript-eslint/parser": "^6.7.2",
-    "@vercel/ncc": "^0.38.0",
-    "eslint": "^8.49.0",
+    "@types/jest": "^29.5.11",
+    "@typescript-eslint/eslint-plugin": "^6.20.0",
+    "@typescript-eslint/parser": "^6.20.0",
+    "@vercel/ncc": "^0.38.1",
+    "eslint": "^8.56.0",
     "eslint-config-google": "^0.14.0",
     "jest": "^29.7.0",
     "jest-junit": "^16.0.0",
-    "ts-jest": "^29.1.1",
-    "typescript": "^5.2.0"
+    "ts-jest": "^29.1.2",
+    "typescript": "^5.3.3"
   }
 }

src/buildExec.test.ts

@@ -12,6 +12,7 @@ const context = github.context;
 
 test('general args', () => {
   const envs = {
+    codecov_yml_path: 'dev/codecov.yml',
     url: 'https://codecov.enterprise.com',
     verbose: 't',
   };
@@ -23,6 +24,8 @@ test('general args', () => {
 
   expect(args).toEqual(
       expect.arrayContaining([
+        '--codecov-yml-path',
+        'dev/codecov.yml',
         '--enterprise-url',
         'https://codecov.enterprise.com',
         '-v',
@@ -50,25 +53,38 @@ test('upload args using context', () => {
 
 test('upload args', () => {
   const envs = {
+    'codecov_yml_path': 'dev/codecov.yml',
+    'commit_parent': 'fakeparentcommit',
     'directory': 'coverage/',
+    'disable_file_fixes': 'true',
+    'disable_search': 'true',
     'dry_run': 'true',
     'env_vars': 'OS,PYTHON',
+    'exclude': 'node_modules/',
     'fail_ci_if_error': 'true',
     'file': 'coverage.xml',
     'files': 'dir1/coverage.xml,dir2/coverage.xml',
     'flags': 'test,test2',
+    'handle_no_reports_found': 'true',
+    'job_code': '32',
     'name': 'codecov',
+    'os': 'macos',
     'override_branch': 'thomasrockhu/test',
     'override_build': '1',
+    'override_build_url': 'https://example.com/build/2',
     'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
     'override_pr': '2',
+    'plugin': 'xcode',
     'plugins': 'pycoverage,compress-pycoverage',
+    'report_code': 'testCode',
     'root_dir': 'root/',
     'slug': 'fakeOwner/fakeRepo',
     'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
+    'url': 'https://enterprise.example.com',
+    'use_legacy_upload_endpoint': 'true',
+    'verbose': 'true',
+    'version': '0.1.2',
     'working-directory': 'src',
-    'plugin': 'xcode',
-    'exclude': 'src',
   };
   for (const env of Object.keys(envs)) {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
@@ -76,11 +92,13 @@ test('upload args', () => {
 
   const {uploadExecArgs, uploadCommand} = buildUploadExec();
   const expectedArgs = [
-    '-n',
-    'codecov',
+    '--disable-file-fixes',
+    '--disable-search',
     '-d',
     '-e',
     'OS,PYTHON',
+    '--exclude',
+    'node_modules/',
     '-Z',
     '-f',
     'coverage.xml',
@@ -92,28 +110,36 @@ test('upload args', () => {
     'test',
     '-F',
     'test2',
+    '--handle-no-reports-found',
+    '--job-code',
+    '32',
+    '-n',
+    'codecov',
     '-B',
     'thomasrockhu/test',
     '-b',
     '1',
+    '--build-url',
+    'https://example.com/build/2',
     '-C',
     '9caabca5474b49de74ef5667deabaf74cdacc244',
     '-P',
     '2',
     '--plugin',
+    'xcode',
+    '--plugin',
     'pycoverage',
     '--plugin',
     'compress-pycoverage',
+    '--report-code',
+    'testCode',
     '--network-root-folder',
     'root/',
     '-s',
     'coverage/',
     '-r',
     'fakeOwner/fakeRepo',
-    '--plugin',
-    'xcode',
-    '--exclude',
-    'src',
+    '--legacy',
   ];
 
   expect(uploadExecArgs).toEqual(expectedArgs);
@@ -127,8 +153,10 @@ test('upload args', () => {
 test('report args', () => {
   const envs = {
     override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
+    override_pr: 'fakePR',
     slug: 'fakeOwner/fakeRepo',
     token: 'd3859757-ab80-4664-924d-aef22fa7557b',
+    fail_ci_if_error: 'true',
   };
   for (const env of Object.keys(envs)) {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
@@ -136,13 +164,17 @@ test('report args', () => {
 
   const {reportExecArgs, reportCommand} = buildReportExec();
 
-  expect(reportExecArgs).toEqual(
-      expect.arrayContaining([
-        '-C',
-        '9caabca5474b49de74ef5667deabaf74cdacc244',
-        '--slug',
-        'fakeOwner/fakeRepo',
-      ]));
+  const expectedArgs = [
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '-P',
+    'fakePR',
+    '--slug',
+    'fakeOwner/fakeRepo',
+    '-Z',
+  ];
+
+  expect(reportExecArgs).toEqual(expectedArgs);
   expect(reportCommand).toEqual('create-report');
   for (const env of Object.keys(envs)) {
     delete process.env['INPUT_' + env.toUpperCase()];
@@ -174,32 +206,34 @@ test('report args using context', () => {
 
 test('commit args', () => {
   const envs = {
+    commit_parent: '83231650328f11695dfb754ca0f540516f188d27',
+    override_branch: 'thomasrockhu/test',
     override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
+    override_pr: '2',
     slug: 'fakeOwner/fakeRepo',
     token: 'd3859757-ab80-4664-924d-aef22fa7557b',
-    override_branch: 'thomasrockhu/test',
-    override_pr: '2',
-    commit_parent: '83231650328f11695dfb754ca0f540516f188d27',
+    fail_ci_if_error: 'true',
   };
   for (const env of Object.keys(envs)) {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
 
   const {commitExecArgs, commitCommand} = buildCommitExec();
+  const expectedArgs = [
+    '--parent-sha',
+    '83231650328f11695dfb754ca0f540516f188d27',
+    '-B',
+    'thomasrockhu/test',
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '--pr',
+    '2',
+    '--slug',
+    'fakeOwner/fakeRepo',
+    '-Z',
+  ];
 
-  expect(commitExecArgs).toEqual(
-      expect.arrayContaining([
-        '-C',
-        '9caabca5474b49de74ef5667deabaf74cdacc244',
-        '--slug',
-        'fakeOwner/fakeRepo',
-        '-B',
-        'thomasrockhu/test',
-        '--pr',
-        '2',
-        '--parent-sha',
-        '83231650328f11695dfb754ca0f540516f188d27',
-      ]));
+  expect(commitExecArgs).toEqual(expectedArgs);
   expect(commitCommand).toEqual('create-commit');
   for (const env of Object.keys(envs)) {
     delete process.env['INPUT_' + env.toUpperCase()];

src/buildExec.ts

@@ -25,7 +25,7 @@ const buildCommitExec = () => {
   const overridePr = core.getInput('override_pr');
   const slug = core.getInput('slug');
   const token = core.getInput('token');
-
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
 
   const commitCommand = 'create-commit';
   const commitExecArgs = [];
@@ -69,16 +69,23 @@ const buildCommitExec = () => {
   if (slug) {
     commitExecArgs.push('--slug', `${slug}`);
   }
+  if (failCi) {
+    commitExecArgs.push('-Z');
+  }
 
 
   return {commitExecArgs, commitOptions, commitCommand};
 };
 
 const buildGeneralExec = () => {
+  const codecovYmlPath = core.getInput('codecov_yml_path');
   const url = core.getInput('url');
   const verbose = isTrue(core.getInput('verbose'));
   const args = [];
 
+  if (codecovYmlPath) {
+    args.push('--codecov-yml-path', `${codecovYmlPath}`);
+  }
   if (url) {
     args.push('--enterprise-url', `${url}`);
   }
@@ -90,8 +97,10 @@ const buildGeneralExec = () => {
 
 const buildReportExec = () => {
   const overrideCommit = core.getInput('override_commit');
+  const overridePr = core.getInput('override_pr');
   const slug = core.getInput('slug');
   const token = core.getInput('token');
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
 
 
   const reportCommand = 'create-report';
@@ -119,35 +128,54 @@ const buildReportExec = () => {
   ) {
     reportExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
   }
+  if (overridePr) {
+    reportExecArgs.push('-P', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    reportExecArgs.push('-P', `${context.payload.number}`);
+  }
   if (slug) {
     reportExecArgs.push('--slug', `${slug}`);
   }
+  if (failCi) {
+    reportExecArgs.push('-Z');
+  }
 
   return {reportExecArgs, reportOptions, reportCommand};
 };
 
 const buildUploadExec = () => {
-  const envVars = core.getInput('env_vars');
+  const disableFileFixes = isTrue(core.getInput('disable_file_fixes'));
+  const disableSearch = isTrue(core.getInput('disable_search'));
   const dryRun = isTrue(core.getInput('dry_run'));
+  const envVars = core.getInput('env_vars');
+  const exclude = core.getInput('exclude');
   const failCi = isTrue(core.getInput('fail_ci_if_error'));
   const file = core.getInput('file');
   const files = core.getInput('files');
   const flags = core.getInput('flags');
+  const handleNoReportsFound = isTrue(core.getInput('handle_no_reports_found'));
+  const jobCode = core.getInput('job_code');
   const name = core.getInput('name');
   const os = core.getInput('os');
   const overrideBranch = core.getInput('override_branch');
   const overrideBuild = core.getInput('override_build');
+  const overrideBuildUrl = core.getInput('override_build_url');
   const overrideCommit = core.getInput('override_commit');
   const overridePr = core.getInput('override_pr');
+  const plugin = core.getInput('plugin');
   const plugins = core.getInput('plugins');
+  const reportCode = core.getInput('report_code');
   const rootDir = core.getInput('root_dir');
   const searchDir = core.getInput('directory');
   const slug = core.getInput('slug');
   const token = core.getInput('token');
   let uploaderVersion = core.getInput('version');
+  const useLegacyUploadEndpoint = isTrue(
+      core.getInput('use_legacy_upload_endpoint'),
+  );
   const workingDir = core.getInput('working-directory');
-  const plugin = core.getInput('plugin');
-  const exclude = core.getInput('exclude');
 
   const uploadExecArgs = [];
   const uploadCommand = 'do-upload';
@@ -169,21 +197,24 @@ const buildUploadExec = () => {
       envVarsArg.push(envVarClean);
     }
   }
-  if (name) {
-    uploadExecArgs.push(
-        '-n',
-        `${name}`,
-    );
-  }
   if (token) {
     uploadOptions.env.CODECOV_TOKEN = token;
   }
+  if (disableFileFixes) {
+    uploadExecArgs.push('--disable-file-fixes');
+  }
+  if (disableSearch) {
+    uploadExecArgs.push('--disable-search');
+  }
   if (dryRun) {
     uploadExecArgs.push('-d');
   }
   if (envVarsArg.length) {
     uploadExecArgs.push('-e', envVarsArg.join(','));
   }
+  if (exclude) {
+    uploadExecArgs.push('--exclude', `${exclude}`);
+  }
   if (failCi) {
     uploadExecArgs.push('-Z');
   }
@@ -200,12 +231,24 @@ const buildUploadExec = () => {
       uploadExecArgs.push('-F', `${f}`);
     });
   }
+  if (handleNoReportsFound) {
+    uploadExecArgs.push('--handle-no-reports-found');
+  }
+  if (jobCode) {
+    uploadExecArgs.push('--job-code', `${jobCode}`);
+  }
+  if (name) {
+    uploadExecArgs.push('-n', `${name}`);
+  }
   if (overrideBranch) {
     uploadExecArgs.push('-B', `${overrideBranch}`);
   }
   if (overrideBuild) {
     uploadExecArgs.push('-b', `${overrideBuild}`);
   }
+  if (overrideBuildUrl) {
+    uploadExecArgs.push('--build-url', `${overrideBuildUrl}`);
+  }
   if (overrideCommit) {
     uploadExecArgs.push('-C', `${overrideCommit}`);
   } else if (
@@ -221,11 +264,17 @@ const buildUploadExec = () => {
   ) {
     uploadExecArgs.push('-P', `${context.payload.number}`);
   }
+  if (plugin) {
+    uploadExecArgs.push('--plugin', `${plugin}`);
+  }
   if (plugins) {
     plugins.split(',').map((p) => p.trim()).forEach((p) => {
       uploadExecArgs.push('--plugin', `${p}`);
     });
   }
+  if (reportCode) {
+    uploadExecArgs.push('--report-code', `${reportCode}`);
+  }
   if (rootDir) {
     uploadExecArgs.push('--network-root-folder', `${rootDir}`);
   }
@@ -238,16 +287,12 @@ const buildUploadExec = () => {
   if (workingDir) {
     uploadOptions.cwd = workingDir;
   }
-  if (plugin) {
-    uploadExecArgs.push('--plugin', `${plugin}`);
-  }
-  if (exclude) {
-    uploadExecArgs.push('--exclude', `${exclude}`);
-  }
-
   if (uploaderVersion == '') {
     uploaderVersion = 'latest';
   }
+  if (useLegacyUploadEndpoint) {
+    uploadExecArgs.push('--legacy');
+  }
 
   return {
     uploadExecArgs,

src/helpers.test.ts

@@ -43,6 +43,9 @@ test('getBaseUrl', () => {
     'https://cli.codecov.io/latest/linux/codecov',
     'https://cli.codecov.io/latest/macos/codecov',
     'https://cli.codecov.io/latest/windows/codecov.exe',
+    'https://cli.codecov.io/latest/alpine/codecov',
+    'https://cli.codecov.io/latest/linux-arm64/codecov',
+    'https://cli.codecov.io/latest/alpine-arm64/codecov',
   ]);
 
   expect(PLATFORMS.map((platform) => {
@@ -51,19 +54,22 @@ test('getBaseUrl', () => {
     'https://cli.codecov.io/v0.1.0_8880/linux/codecov',
     'https://cli.codecov.io/v0.1.0_8880/macos/codecov',
     'https://cli.codecov.io/v0.1.0_8880/windows/codecov.exe',
+    'https://cli.codecov.io/v0.1.0_8880/alpine/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/linux-arm64/codecov',
+    'https://cli.codecov.io/v0.1.0_8880/alpine-arm64/codecov',
   ]);
 });
 
 test('isWindows', () => {
   expect(PLATFORMS.map((platform) => {
     return isWindows(platform);
-  })).toEqual([false, false, true]);
+  })).toEqual([false, false, true, false, false, false]);
 });
 
 test('isValidPlatform', () => {
   expect(PLATFORMS.map((platform) => {
     return isValidPlatform(platform);
-  })).toEqual([true, true, true]);
+  })).toEqual([true, true, true, true, true, true]);
 
   expect(isValidPlatform('fakeos')).toBeFalsy();
 });

src/helpers.ts

@@ -4,6 +4,9 @@ const PLATFORMS = [
   'linux',
   'macos',
   'windows',
+  'alpine',
+  'linux-arm64',
+  'alpine-arm64',
 ];
 
 const setFailure = (message: string, failCi: boolean): void => {

src/validate.ts

@@ -1,10 +1,10 @@
 import * as crypto from 'crypto';
 import * as fs from 'fs';
+import * as gpg from 'gpg';
 import * as path from 'path';
 
 import * as core from '@actions/core';
-import * as openpgp from 'openpgp';
-import * as fetch from 'node-fetch';
+import {request} from 'undici';
 
 import {
   getBaseUrl,
@@ -22,68 +22,90 @@ const verify = async (
   try {
     const uploaderName = getUploaderName(platform);
 
-    // Read in public key
-    const publicKeyArmored = await fs.readFileSync(
-        path.join(__dirname, 'pgp_keys.asc'),
-        'utf-8',
-    );
-
     // Get SHASUM and SHASUM signature files
     console.log(`${getBaseUrl(platform, version)}.SHA256SUM`);
-    const shasumRes = await fetch.default(
+    const shasumRes = await request(
         `${getBaseUrl(platform, version)}.SHA256SUM`,
     );
-    const shasum = await shasumRes.text();
+    const shasum = await shasumRes.body.text();
     if (verbose) {
       console.log(`Received SHA256SUM ${shasum}`);
     }
+    await fs.writeFileSync(
+        path.join(__dirname, `${uploaderName}.SHA256SUM`),
+        shasum,
+    );
 
-    const shaSigRes = await fetch.default(
+    const shaSigRes = await request(
         `${getBaseUrl(platform, version)}.SHA256SUM.sig`,
     );
-    const shaSig = await shaSigRes.text();
+    const shaSig = await shaSigRes.body.text();
     if (verbose) {
       console.log(`Received SHA256SUM signature ${shaSig}`);
     }
+    await fs.writeFileSync(
+        path.join(__dirname, `${uploaderName}.SHA256SUM.sig`),
+        shaSig,
+    );
 
-    // Verify shasum
-    const verified = await openpgp.verify({
-      message: await openpgp.createMessage({text: shasum}),
-      signature: await openpgp.readSignature({armoredSignature: shaSig}),
-      verificationKeys: await openpgp.readKeys({armoredKeys: publicKeyArmored}),
-    });
-    const valid = await verified.signatures[0].verified;
-    if (valid) {
-      core.info('==> SHASUM file signed by key id ' +
-          verified.signatures[0].keyID.toHex(),
+    const validateSha = async () => {
+      const calculateHash = async (filename: string) => {
+        const stream = fs.createReadStream(filename);
+        const uploaderSha = crypto.createHash(`sha256`);
+        stream.pipe(uploaderSha);
+
+        return new Promise((resolve, reject) => {
+          stream.on('end', () => resolve(
+              `${uploaderSha.digest('hex')}  ${uploaderName}`,
+          ));
+          stream.on('error', reject);
+        });
+      };
+
+      const hash = await calculateHash(
+          path.join(__dirname, `${uploaderName}`),
       );
-    } else {
-      setFailure('Codecov: Error validating SHASUM signature', failCi);
-    }
+      if (hash === shasum) {
+        core.info(`==> Uploader SHASUM verified (${hash})`);
+      } else {
+        setFailure(
+            'Codecov: Uploader shasum does not match -- ' +
+              `uploader hash: ${hash}, public hash: ${shasum}`,
+            failCi,
+        );
+      }
+    };
 
-    const calculateHash = async (filename: string) => {
-      const stream = fs.createReadStream(filename);
-      const uploaderSha = crypto.createHash(`sha256`);
-      stream.pipe(uploaderSha);
-
-      return new Promise((resolve, reject) => {
-        stream.on('end', () => resolve(
-            `${uploaderSha.digest('hex')}  ${uploaderName}`,
-        ));
-        stream.on('error', reject);
+    const verifySignature = () => {
+      gpg.call('', [
+        '--logger-fd',
+        '1',
+        '--verify',
+        path.join(__dirname, `${uploaderName}.SHA256SUM.sig`),
+        path.join(__dirname, `${uploaderName}.SHA256SUM`),
+      ], async (err, verifyResult) => {
+        if (err) {
+          setFailure('Codecov: Error importing pgp key', failCi);
+        }
+        core.info(verifyResult);
+        await validateSha();
       });
     };
 
-    const hash = await calculateHash(filename);
-    if (hash === shasum) {
-      core.info(`==> Uploader SHASUM verified (${hash})`);
-    } else {
-      setFailure(
-          'Codecov: Uploader shasum does not match -- ' +
-            `uploader hash: ${hash}, public hash: ${shasum}`,
-          failCi,
-      );
-    }
+    // Import gpg key
+    gpg.call('', [
+      '--logger-fd',
+      '1',
+      '--no-default-keyring',
+      '--import',
+      path.join(__dirname, 'pgp_keys.asc'),
+    ], async (err, importResult) => {
+      if (err) {
+        setFailure('Codecov: Error importing pgp key', failCi);
+      }
+      core.info(importResult);
+      verifySignature();
+    });
   } catch (err) {
     setFailure(`Codecov: Error validating uploader: ${err.message}`, failCi);
   }

src/version.ts

@@ -1,5 +1,5 @@
 import * as core from '@actions/core';
-import * as fetch from 'node-fetch';
+import {request} from 'undici';
 
 const versionInfo = async (
     platform: string,
@@ -10,10 +10,10 @@ const versionInfo = async (
   }
 
   try {
-    const metadataRes = await fetch.default( `https://uploader.codecov.io/${platform}/latest`, {
+    const metadataRes = await request(`https://cli.codecov.io/${platform}/latest`, {
       headers: {'Accept': 'application/json'},
     });
-    const metadata = await metadataRes.json();
+    const metadata = await metadataRes.body.json();
     core.info(`==> Running version ${metadata['version']}`);
   } catch (err) {
     core.info(`Could not pull latest version information: ${err}`);