chore(release): v4.3.0 (#1366)

Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.eslintrc.json

@@ -17,6 +17,7 @@
         "@typescript-eslint"
     ],
     "rules": {
+        "max-len": ["error", { "code": 120 }],
         "linebreak-style": 0
     }
 }

.github/workflows/codeql-analysis.yml

@@ -37,11 +37,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4.1.1
+      uses: actions/checkout@v4.1.2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.24.5
+      uses: github/codeql-action/init@v3.24.10
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.24.5
+      uses: github/codeql-action/autobuild@v3.24.10
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.24.5
+      uses: github/codeql-action/analyze@v3.24.10

.github/workflows/main.yml

@@ -8,7 +8,7 @@ jobs:
         os: [macos-latest, windows-latest, ubuntu-latest, macos-latest-xlarge]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       - name: Install dependencies
         run: npm install
       - name: Lint
@@ -48,7 +48,7 @@ jobs:
     container: node:18
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.1.2
       - name: Install dependencies
         run: npm install
       - name: Lint

.github/workflows/scorecards-analysis.yml

@@ -24,7 +24,7 @@ jobs:
     
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.1.1 # v3.0.0
+        uses: actions/checkout@v4.1.2 # v3.0.0
         with:
           persist-credentials: false
 
@@ -56,6 +56,6 @@ jobs:
       
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.24.5 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.24.10 # v1.0.26
         with:
           sarif_file: results.sarif

README.md

@@ -64,44 +64,56 @@ steps:
 > [!NOTE]
 > This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
 
+### Using OIDC
+For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect), the Codecov token is not necessary. You can use OIDC with the `use_oidc` argument as following.
+
+```yaml
+- uses: codecov/codecov-action@v4
+  with:
+    use_oidc: true
+```
+
+Any token supplied will be ignored, as Codecov will default to the OIDC token for verification.
+
 ## Arguments
 
 Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
 
 | Input  | Description | Required |
 | :---       |     :---     |    :---:   |
-| `token` | Repository Codecov token. Used to authorize report uploads | *Required 
-| `codecov_yml_path` | Specify the path to the Codecov YML | Optional 
-| `commit_parent` | Override to specify the parent commit SHA | Optional 
-| `directory` | Directory to search for coverage reports. | Optional 
-| `disable_search` | Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option. | Optional 
-| `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets) | Optional 
-| `dry_run` | Don't upload files to Codecov | Optional 
-| `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional 
-| `exclude` | Folders to exclude from search | Optional 
-| `fail_ci_if_error` | Specify whether or not CI build should fail if Codecov runs into an error during upload | Optional 
-| `file` | Path to coverage file to upload | Optional 
-| `files` | Comma-separated list of files to upload | Optional 
-| `flags` | Flag upload to group coverage metrics (e.g. unittests \| integration \| ui,chrome) | Optional 
-| `handle_no_reports_found` | Raise no exceptions when no coverage reports found | Optional 
-| `job_code` | The job code | Optional 
-| `name` | User defined upload name. Visible in Codecov UI | Optional 
-| `os` | Override the assumed OS. Options are linux \| macos \| windows \| . | Optional 
-| `override_branch` | Specify the branch name | Optional 
-| `override_build` | Specify the build number | Optional 
-| `override_build_url` | The URL of the build where this is running | Optional 
-| `override_commit` | Specify the commit SHA | Optional 
-| `override_pr` | Specify the pull request number | Optional 
-| `plugin` | plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all. | Optional 
-| `plugins` | Comma-separated list of plugins for use during upload. | Optional 
-| `report_code` | The code of the report. If unsure, do not include | Optional 
-| `root_dir` | Used when not in git/hg project to identify project root directory | Optional 
-| `slug` | Specify the slug manually (Enterprise use) | Optional 
-| `url` | Specify the base url to upload (Enterprise use) | Optional 
-| `use_legacy_upload_endpoint` | Use the legacy upload endpoint | Optional 
-| `verbose` | Specify whether the Codecov output should be verbose | Optional 
-| `version` | Specify which version of the Codecov CLI should be used. Defaults to `latest` | Optional 
-| `working-directory` | Directory in which to execute codecov.sh | Optional 
+| `token` | Repository Codecov token. Used to authorize report uploads | *Required
+| `codecov_yml_path` | Specify the path to the Codecov YML | Optional
+| `commit_parent` | Override to specify the parent commit SHA | Optional
+| `directory` | Directory to search for coverage reports. | Optional
+| `disable_search` | Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option. | Optional
+| `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets) | Optional
+| `dry_run` | Don't upload files to Codecov | Optional
+| `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional
+| `exclude` | Folders to exclude from search | Optional
+| `fail_ci_if_error` | Specify whether or not CI build should fail if Codecov runs into an error during upload | Optional
+| `file` | Path to coverage file to upload | Optional
+| `files` | Comma-separated list of files to upload | Optional
+| `flags` | Flag upload to group coverage metrics (e.g. unittests \| integration \| ui,chrome) | Optional
+| `handle_no_reports_found` | Raise no exceptions when no coverage reports found | Optional
+| `job_code` | The job code | Optional
+| `name` | User defined upload name. Visible in Codecov UI | Optional
+| `os` | Override the assumed OS. Options are linux \| macos \| windows \| . | Optional
+| `override_branch` | Specify the branch name | Optional
+| `override_build` | Specify the build number | Optional
+| `override_build_url` | The URL of the build where this is running | Optional
+| `override_commit` | Specify the commit SHA | Optional
+| `override_pr` | Specify the pull request number | Optional
+| `plugin` | plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all. | Optional
+| `plugins` | Comma-separated list of plugins for use during upload. | Optional
+| `report_code` | The code of the report. If unsure, do not include | Optional
+| `root_dir` | Used to specify the location of your   .git   root to identify project root directory | Optional
+| `slug` | Specify the slug manually (Enterprise use) | Optional
+| `url` | Specify the base url to upload (Enterprise use) | Optional
+| `use_legacy_upload_endpoint` | Use the legacy upload endpoint | Optional
+| `use_oidc` | Use OpenID Connect for verification instead of token. This will ignore any token supplied. Please see [GitHub documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) for details.
+| `verbose` | Specify whether the Codecov output should be verbose | Optional
+| `version` | Specify which version of the Codecov CLI should be used. Defaults to `latest` | Optional
+| `working-directory` | Directory in which to execute codecov.sh | Optional
 
 ### Example `workflow.yml` with Codecov Action
 

action.yml

@@ -56,6 +56,12 @@ inputs:
   name:
     description: 'User defined upload name. Visible in Codecov UI'
     required: false
+  network_filter:
+    description: 'Specify a filter on the files listed in the network section of the Codecov report. This will only add files whose path begin with the specified filter. Useful for upload-specific path fixing'
+    required: false
+  network_prefix:
+    description: 'Specify a prefix on files listed in the network section of the Codecov report. Useful to help resolve path fixing'
+    required: false
   os:
     description: 'Override the assumed OS. Options are linux | macos | windows.'
     required: false
@@ -95,6 +101,9 @@ inputs:
   use_legacy_upload_endpoint:
     description: 'Use the legacy upload endpoint'
     required: false
+  use_oidc:
+    description: 'Use OIDC instead of token. This will ignore any token supplied'
+    required: false
   verbose:
     description: 'Specify whether the Codecov output should be verbose'
     required: false

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codecov-action",
-  "version": "4.1.0",
+  "version": "4.3.0",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
@@ -27,18 +27,18 @@
     "@actions/exec": "^1.1.1",
     "@actions/github": "^6.0.0",
     "gpg": "^0.6.0",
-    "undici": "5.28.2"
+    "undici": "5.28.4"
   },
   "devDependencies": {
     "@types/jest": "^29.5.12",
-    "@typescript-eslint/eslint-plugin": "^7.0.0",
-    "@typescript-eslint/parser": "^6.21.0",
+    "@typescript-eslint/eslint-plugin": "^7.6.0",
+    "@typescript-eslint/parser": "^7.6.0",
     "@vercel/ncc": "^0.38.1",
     "eslint": "^8.57.0",
     "eslint-config-google": "^0.14.0",
     "jest": "^29.7.0",
     "jest-junit": "^16.0.0",
     "ts-jest": "^29.1.2",
-    "typescript": "^5.3.3"
+    "typescript": "^5.4.4"
   }
 }

src/buildExec.test.ts

@@ -7,10 +7,20 @@ import {
   buildUploadExec,
 } from './buildExec';
 
-
 const context = github.context;
 
-test('general args', () => {
+let OLDOS = process.env.RUNNER_OS;
+
+beforeEach(() => {
+  jest.resetModules();
+  OLDOS = process.env.RUNNER_OS;
+});
+
+afterAll(() => {
+  process.env.RUNNER_OS = OLDOS;
+});
+
+test('general args', async () => {
   const envs = {
     codecov_yml_path: 'dev/codecov.yml',
     url: 'https://codecov.enterprise.com',
@@ -20,7 +30,7 @@ test('general args', () => {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
 
-  const {args, verbose} = buildGeneralExec();
+  const {args, verbose} = await buildGeneralExec();
 
   expect(args).toEqual(
       expect.arrayContaining([
@@ -36,13 +46,12 @@ test('general args', () => {
   }
 });
 
-
-test('upload args using context', () => {
+test('upload args using context', async () => {
   const expectedArgs = [
     '--git-service',
     'github',
   ];
-  const {uploadExecArgs, uploadCommand} = buildUploadExec();
+  const {uploadExecArgs, uploadCommand} = await buildUploadExec();
   if (context.eventName == 'pull_request') {
     expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
   }
@@ -54,7 +63,7 @@ test('upload args using context', () => {
   expect(uploadCommand).toEqual('do-upload');
 });
 
-test('upload args', () => {
+test('upload args', async () => {
   const envs = {
     'codecov_yml_path': 'dev/codecov.yml',
     'commit_parent': 'fakeparentcommit',
@@ -78,6 +87,8 @@ test('upload args', () => {
     'override_build_url': 'https://example.com/build/2',
     'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
     'override_pr': '2',
+    'network_filter': 'subA/',
+    'network_prefix': 'forA/',
     'plugin': 'xcode',
     'plugins': 'pycoverage,compress-pycoverage',
     'report_code': 'testCode',
@@ -94,7 +105,7 @@ test('upload args', () => {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
 
-  const {uploadExecArgs, uploadCommand} = buildUploadExec();
+  const {uploadExecArgs, uploadCommand} = await buildUploadExec();
   const expectedArgs = [
     '--disable-file-fixes',
     '--disable-search',
@@ -121,6 +132,10 @@ test('upload args', () => {
     '32',
     '-n',
     'codecov',
+    '--network-filter',
+    'subA/',
+    '--network-prefix',
+    'forA/',
     '-B',
     'thomasrockhu/test',
     '-b',
@@ -156,7 +171,7 @@ test('upload args', () => {
 });
 
 
-test('report args', () => {
+test('report args', async () => {
   const envs = {
     git_service: 'github_enterprise',
     override_commit: '9caabca5474b49de74ef5667deabaf74cdacc244',
@@ -169,7 +184,7 @@ test('report args', () => {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
 
-  const {reportExecArgs, reportCommand} = buildReportExec();
+  const {reportExecArgs, reportCommand} = await buildReportExec();
 
   const expectedArgs = [
     '--git-service',
@@ -191,7 +206,7 @@ test('report args', () => {
 });
 
 
-test('report args using context', () => {
+test('report args using context', async () => {
   const envs = {
     token: 'd3859757-ab80-4664-924d-aef22fa7557b',
   };
@@ -206,7 +221,7 @@ test('report args using context', () => {
     expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
   }
 
-  const {reportExecArgs, reportCommand} = buildReportExec();
+  const {reportExecArgs, reportCommand} = await buildReportExec();
 
   expect(reportExecArgs).toEqual(expectedArgs);
   expect(reportCommand).toEqual('create-report');
@@ -216,7 +231,7 @@ test('report args using context', () => {
 });
 
 
-test('commit args', () => {
+test('commit args', async () => {
   const envs = {
     git_service: 'github_enterprise',
     commit_parent: '83231650328f11695dfb754ca0f540516f188d27',
@@ -231,7 +246,7 @@ test('commit args', () => {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
 
-  const {commitExecArgs, commitCommand} = buildCommitExec();
+  const {commitExecArgs, commitCommand} = await buildCommitExec();
   const expectedArgs = [
     '--parent-sha',
     '83231650328f11695dfb754ca0f540516f188d27',
@@ -255,13 +270,33 @@ test('commit args', () => {
   }
 });
 
-test('commit args using context', () => {
+test('commit args using context', async () => {
   const expectedArgs :string[] = [
     '--git-service',
     'github',
   ];
 
-  const {commitExecArgs, commitCommand} = buildCommitExec();
+  const {commitExecArgs, commitCommand} = await buildCommitExec();
+  if (context.eventName == 'pull_request') {
+    expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (context.eventName == 'pull_request_target') {
+    expectedArgs.push('-P', `${context.payload.number}`);
+  }
+
+  expect(commitExecArgs).toEqual(expectedArgs);
+  expect(commitCommand).toEqual('create-commit');
+});
+
+test('commit args using github server url', async () => {
+  const expectedArgs :string[] = [
+    '--git-service',
+    'github_enterprise',
+  ];
+
+  process.env.GITHUB_SERVER_URL = 'https://example.com';
+
+  const {commitExecArgs, commitCommand} = await buildCommitExec();
   if (context.eventName == 'pull_request') {
     expectedArgs.push('-C', `${context.payload.pull_request.head.sha}`);
   }

src/buildExec.ts

@@ -3,6 +3,7 @@
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
+import {setFailure} from './helpers';
 
 const context = github.context;
 
@@ -17,15 +18,47 @@ const isTrue = (variable) => {
   );
 };
 
+const getGitService = () => {
+  const overrideGitService = core.getInput('git_service');
+  const serverUrl = process.env.GITHUB_SERVER_URL;
+  if (overrideGitService) {
+    return overrideGitService;
+  } else if (serverUrl !== undefined && serverUrl !== 'https://github.com') {
+    return 'github_enterprise';
+  }
+  return 'github';
+};
 
-const buildCommitExec = () => {
+const getToken = async () => {
+  let token = core.getInput('token');
+  let url = core.getInput('url');
+  const useOIDC = isTrue(core.getInput('use_oidc'));
+
+  if (useOIDC) {
+    if (!url) {
+      url = 'https://codecov.io';
+    }
+    try {
+      token = await core.getIDToken(url);
+      return token;
+    } catch (err) {
+      setFailure(
+          `Codecov: Failed to get OIDC token with url: ${url}. ${err.message}`,
+          true,
+      );
+    }
+  }
+  return token;
+};
+
+const buildCommitExec = async () => {
   const commitParent = core.getInput('commit_parent');
-  const gitService = core.getInput('git_service');
+  const gitService = getGitService();
   const overrideBranch = core.getInput('override_branch');
   const overrideCommit = core.getInput('override_commit');
   const overridePr = core.getInput('override_pr');
   const slug = core.getInput('slug');
-  const token = core.getInput('token');
+  const token = await getToken();
   const failCi = isTrue(core.getInput('fail_ci_if_error'));
   const workingDir = core.getInput('working-directory');
 
@@ -49,7 +82,7 @@ const buildCommitExec = () => {
   if (commitParent) {
     commitExecArgs.push('--parent-sha', `${commitParent}`);
   }
-  commitExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+  commitExecArgs.push('--git-service', `${gitService}`);
 
   if (overrideBranch) {
     commitExecArgs.push('-B', `${overrideBranch}`);
@@ -101,12 +134,12 @@ const buildGeneralExec = () => {
   return {args, verbose};
 };
 
-const buildReportExec = () => {
-  const gitService = core.getInput('git_service');
+const buildReportExec = async () => {
+  const gitService = getGitService();
   const overrideCommit = core.getInput('override_commit');
   const overridePr = core.getInput('override_pr');
   const slug = core.getInput('slug');
-  const token = core.getInput('token');
+  const token = await getToken();
   const failCi = isTrue(core.getInput('fail_ci_if_error'));
   const workingDir = core.getInput('working-directory');
 
@@ -128,7 +161,7 @@ const buildReportExec = () => {
   if (token) {
     reportOptions.env.CODECOV_TOKEN = token;
   }
-  reportExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+  reportExecArgs.push('--git-service', `${gitService}`);
 
   if (overrideCommit) {
     reportExecArgs.push('-C', `${overrideCommit}`);
@@ -158,9 +191,9 @@ const buildReportExec = () => {
   return {reportExecArgs, reportOptions, reportCommand};
 };
 
-const buildUploadExec = () => {
+const buildUploadExec = async () => {
   const disableFileFixes = isTrue(core.getInput('disable_file_fixes'));
-  const disableSafeDirectory = isTrue(core.getInput('diable_safe_directory'));
+  const disableSafeDirectory = isTrue(core.getInput('disable_safe_directory'));
   const disableSearch = isTrue(core.getInput('disable_search'));
   const dryRun = isTrue(core.getInput('dry_run'));
   const envVars = core.getInput('env_vars');
@@ -169,10 +202,12 @@ const buildUploadExec = () => {
   const file = core.getInput('file');
   const files = core.getInput('files');
   const flags = core.getInput('flags');
-  const gitService = core.getInput('git_service');
+  const gitService = getGitService();
   const handleNoReportsFound = isTrue(core.getInput('handle_no_reports_found'));
   const jobCode = core.getInput('job_code');
   const name = core.getInput('name');
+  const networkFilter = core.getInput('network_filter');
+  const networkPrefix = core.getInput('network_prefix');
   const os = core.getInput('os');
   const overrideBranch = core.getInput('override_branch');
   const overrideBuild = core.getInput('override_build');
@@ -185,7 +220,7 @@ const buildUploadExec = () => {
   const rootDir = core.getInput('root_dir');
   const searchDir = core.getInput('directory');
   const slug = core.getInput('slug');
-  const token = core.getInput('token');
+  const token = await getToken();
   let uploaderVersion = core.getInput('version');
   const useLegacyUploadEndpoint = isTrue(
       core.getInput('use_legacy_upload_endpoint'),
@@ -246,7 +281,7 @@ const buildUploadExec = () => {
       uploadExecArgs.push('-F', `${f}`);
     });
   }
-  uploadExecArgs.push('--git-service', `${gitService ? gitService : 'github'}`);
+  uploadExecArgs.push('--git-service', `${gitService}`);
   if (handleNoReportsFound) {
     uploadExecArgs.push('--handle-no-reports-found');
   }
@@ -256,6 +291,12 @@ const buildUploadExec = () => {
   if (name) {
     uploadExecArgs.push('-n', `${name}`);
   }
+  if (networkFilter) {
+    uploadExecArgs.push('--network-filter', `${networkFilter}`);
+  }
+  if (networkPrefix) {
+    uploadExecArgs.push('--network-prefix', `${networkPrefix}`);
+  }
   if (overrideBranch) {
     uploadExecArgs.push('-B', `${overrideBranch}`);
   }

src/index.ts

@@ -24,102 +24,106 @@ import versionInfo from './version';
 
 let failCi;
 
-try {
-  const {commitExecArgs, commitOptions, commitCommand} = buildCommitExec();
-  const {reportExecArgs, reportOptions, reportCommand} = buildReportExec();
-  const {
-    uploadExecArgs,
-    uploadOptions,
-    disableSafeDirectory,
-    failCi,
-    os,
-    uploaderVersion,
-    uploadCommand,
-  } = buildUploadExec();
-  const {args, verbose} = buildGeneralExec();
+const run = async () => {
+  try {
+    const {commitExecArgs, commitOptions, commitCommand} = await buildCommitExec();
+    const {reportExecArgs, reportOptions, reportCommand} = await buildReportExec();
+    const {
+      uploadExecArgs,
+      uploadOptions,
+      disableSafeDirectory,
+      failCi,
+      os,
+      uploaderVersion,
+      uploadCommand,
+    } = await buildUploadExec();
+    const {args, verbose} = buildGeneralExec();
 
-  const platform = getPlatform(os);
+    const platform = getPlatform(os);
 
-  const filename = path.join( __dirname, getUploaderName(platform));
-  https.get(getBaseUrl(platform, uploaderVersion), (res) => {
-    // Image will be stored at this path
-    const filePath = fs.createWriteStream(filename);
-    res.pipe(filePath);
-    filePath
-        .on('error', (err) => {
-          setFailure(
-              `Codecov: Failed to write uploader binary: ${err.message}`,
-              true,
-          );
-        }).on('finish', async () => {
-          filePath.close();
+    const filename = path.join( __dirname, getUploaderName(platform));
+    https.get(getBaseUrl(platform, uploaderVersion), (res) => {
+      // Image will be stored at this path
+      const filePath = fs.createWriteStream(filename);
+      res.pipe(filePath);
+      filePath
+          .on('error', (err) => {
+            setFailure(
+                `Codecov: Failed to write uploader binary: ${err.message}`,
+                true,
+            );
+          }).on('finish', async () => {
+            filePath.close();
 
-          await verify(filename, platform, uploaderVersion, verbose, failCi);
-          await versionInfo(platform, uploaderVersion);
-          await fs.chmodSync(filename, '777');
-          if (!disableSafeDirectory) {
-            await setSafeDirectory();
-          }
+            await verify(filename, platform, uploaderVersion, verbose, failCi);
+            await versionInfo(platform, uploaderVersion);
+            await fs.chmodSync(filename, '777');
+            if (!disableSafeDirectory) {
+              await setSafeDirectory();
+            }
 
-          const unlink = () => {
-            fs.unlink(filename, (err) => {
-              if (err) {
-                setFailure(
-                    `Codecov: Could not unlink uploader: ${err.message}`,
-                    failCi,
-                );
-              }
-            });
-          };
-          const doUpload = async () => {
-            await exec.exec(getCommand(filename, args, uploadCommand).join(' '),
-                uploadExecArgs,
-                uploadOptions)
-                .catch((err) => {
+            const unlink = () => {
+              fs.unlink(filename, (err) => {
+                if (err) {
                   setFailure(
-                      `Codecov:
-                      Failed to properly upload report: ${err.message}`,
+                      `Codecov: Could not unlink uploader: ${err.message}`,
                       failCi,
                   );
-                });
-          };
-          const createReport = async () => {
+                }
+              });
+            };
+            const doUpload = async () => {
+              await exec.exec(getCommand(filename, args, uploadCommand).join(' '),
+                  uploadExecArgs,
+                  uploadOptions)
+                  .catch((err) => {
+                    setFailure(
+                        `Codecov:
+                        Failed to properly upload report: ${err.message}`,
+                        failCi,
+                    );
+                  });
+            };
+            const createReport = async () => {
+              await exec.exec(
+                  getCommand(filename, args, reportCommand).join(' '),
+                  reportExecArgs,
+                  reportOptions)
+                  .then(async (exitCode) => {
+                    if (exitCode == 0) {
+                      await doUpload();
+                    }
+                  }).catch((err) => {
+                    setFailure(
+                        `Codecov:
+                        Failed to properly create report: ${err.message}`,
+                        failCi,
+                    );
+                  });
+            };
             await exec.exec(
-                getCommand(filename, args, reportCommand).join(' '),
-                reportExecArgs,
-                reportOptions)
+                getCommand(
+                    filename,
+                    args,
+                    commitCommand,
+                ).join(' '),
+                commitExecArgs, commitOptions)
                 .then(async (exitCode) => {
                   if (exitCode == 0) {
-                    await doUpload();
+                    await createReport();
                   }
+                  unlink();
                 }).catch((err) => {
                   setFailure(
-                      `Codecov:
-                      Failed to properly create report: ${err.message}`,
+                      `Codecov: Failed to properly create commit: ${err.message}`,
                       failCi,
                   );
                 });
-          };
-          await exec.exec(
-              getCommand(
-                  filename,
-                  args,
-                  commitCommand,
-              ).join(' '),
-              commitExecArgs, commitOptions)
-              .then(async (exitCode) => {
-                if (exitCode == 0) {
-                  await createReport();
-                }
-                unlink();
-              }).catch((err) => {
-                setFailure(
-                    `Codecov: Failed to properly create commit: ${err.message}`,
-                    failCi,
-                );
-              });
-        });
-  });
-} catch (err) {
-  setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
-}
+          });
+    });
+  } catch (err) {
+    setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
+  }
+};
+
+run();

src/version.ts

@@ -3,14 +3,12 @@ import {request} from 'undici';
 
 const versionInfo = async (
     platform: string,
-    version?: string,
+    version: string,
 ): Promise<void> => {
-  if (version) {
-    core.info(`==> Running version ${version}`);
-  }
+  core.info(`==> Running version ${version}`);
 
   try {
-    const metadataRes = await request(`https://cli.codecov.io/${platform}/latest`, {
+    const metadataRes = await request(`https://cli.codecov.io/${platform}/${version}`, {
       headers: {'Accept': 'application/json'},
     });
     const metadata = await metadataRes.body.json();