chore(release):4.6.0 (#1587)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...v4.2.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/codeql-analysis.yml

@@ -37,11 +37,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4.1.4
+      uses: actions/checkout@v4.2.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.25.3
+      uses: github/codeql-action/init@v3.26.9
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.25.3
+      uses: github/codeql-action/autobuild@v3.26.9
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.25.3
+      uses: github/codeql-action/analyze@v3.26.9

.github/workflows/main.yml

@@ -5,10 +5,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest, macos-latest-xlarge]
+        os: [macos-latest, windows-latest, ubuntu-latest]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.4
+        uses: actions/checkout@v4.2.0
       - name: Install dependencies
         run: npm install
       - name: Lint
@@ -18,6 +18,7 @@ jobs:
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
+          fail_ci_if_error: true
           files: ./coverage/script/coverage-final.json
           flags: script,${{ matrix.os }}
           name: codecov-script
@@ -26,6 +27,7 @@ jobs:
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
+          fail_ci_if_error: true
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
           file: ./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
@@ -35,11 +37,55 @@ jobs:
       - name: Upload coverage to Codecov (version)
         uses: ./
         with:
+          fail_ci_if_error: true
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
           file: ./coverage/coverage-final.json
           flags: version,${{ matrix.os }}
           name: codecov-version
-          version: v0.2.0
+          version: v0.7.3
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  run-macos-latest-xlarge:
+    if: github.head.repo.full_name == 'codecov/codecov-action'
+    runs-on: macos-latest-xlarge
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.0
+      - name: Install dependencies
+        run: npm install
+      - name: Lint
+        run: npm run lint
+      - name: Run tests and collect coverage
+        run: npm run test
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/script/coverage-final.json
+          flags: script,macos-latest-xlarge
+          name: codecov-script
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: demo,macos-latest-xlarge
+          name: codecov-demo
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (version)
+        uses: ./
+        with:
+          fail_ci_if_error: true
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: version,maxos-latest-xlarge
+          name: codecov-version
+          version: v0.6.0
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
 
@@ -48,7 +94,7 @@ jobs:
     container: node:18
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.1.4
+        uses: actions/checkout@v4.2.0
       - name: Install dependencies
         run: npm install
       - name: Lint
@@ -79,6 +125,6 @@ jobs:
           file: ./coverage/coverage-final.json
           flags: version,${{ matrix.os }}
           name: codecov-version
-          version: v0.2.0
+          version: v0.6.0
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/scorecards-analysis.yml

@@ -12,6 +12,7 @@ permissions: read-all
 
 jobs:
   analysis:
+    if: github.repository == 'codecov/codecov-action'
     name: Scorecards analysis
     runs-on: ubuntu-latest
     permissions:
@@ -21,15 +22,15 @@ jobs:
       id-token: write
       actions: read
       contents: read
-    
+
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.1.4 # v3.0.0
+        uses: actions/checkout@v4.2.0 # v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -40,22 +41,22 @@ jobs:
           # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
 
           # Publish the results for public repositories to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results. 
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless 
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
           # of the value entered here.
           publish_results: true
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
-      
+
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.25.3 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.26.9 # v1.0.26
         with:
           sarif_file: results.sarif

README.md

@@ -9,7 +9,7 @@
 `v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov.
 
 ### Breaking Changes
-- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). For details, [see our docs](https://docs.codecov.com/docs/codecov-uploader#supporting-token-less-uploads-for-forks-of-open-source-repos-using-codecov)
+- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OSS projects do not need the upstream repo's Codecov token). For details, [see our docs](https://docs.codecov.com/docs/codecov-uploader#supporting-token-less-uploads-for-forks-of-open-source-repos-using-codecov)
 - Various arguments to the Action have been removed
 
 ### Dependabot

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codecov-action",
-  "version": "4.3.1",
+  "version": "4.6.0",
   "description": "Upload coverage reports to Codecov from GitHub Actions",
   "main": "index.js",
   "scripts": {
@@ -26,19 +26,19 @@
     "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.1",
     "@actions/github": "^6.0.0",
-    "gpg": "^0.6.0",
     "undici": "5.28.4"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.12",
-    "@typescript-eslint/eslint-plugin": "^7.8.0",
-    "@typescript-eslint/parser": "^7.8.0",
-    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.57.0",
+    "@octokit/webhooks-types": "^7.5.1",
+    "@types/jest": "^29.5.13",
+    "@typescript-eslint/eslint-plugin": "^8.8.0",
+    "@typescript-eslint/parser": "^8.8.0",
+    "@vercel/ncc": "^0.38.2",
+    "eslint": "^8.57.1",
     "eslint-config-google": "^0.14.0",
     "jest": "^29.7.0",
     "jest-junit": "^16.0.0",
-    "ts-jest": "^29.1.2",
-    "typescript": "^5.4.5"
+    "ts-jest": "^29.2.5",
+    "typescript": "^5.6.2"
   }
 }

src/buildExec.test.ts

@@ -5,6 +5,7 @@ import {
   buildGeneralExec,
   buildReportExec,
   buildUploadExec,
+  getToken,
 } from './buildExec';
 
 const context = github.context;
@@ -75,7 +76,7 @@ test('upload args', async () => {
     'exclude': 'node_modules/',
     'fail_ci_if_error': 'true',
     'file': 'coverage.xml',
-    'files': 'dir1/coverage.xml,dir2/coverage.xml',
+    'files': 'dir1/coverage.xml,dir2/coverage.xml,',
     'flags': 'test,test2',
     'git_service': 'github_enterprise',
     'handle_no_reports_found': 'true',
@@ -213,7 +214,7 @@ test('report args using context', async () => {
   for (const env of Object.keys(envs)) {
     process.env['INPUT_' + env.toUpperCase()] = envs[env];
   }
-  const expectedArgs : string[] = [
+  const expectedArgs: string[] = [
     '--git-service',
     'github',
   ];
@@ -271,12 +272,18 @@ test('commit args', async () => {
 });
 
 test('commit args using context', async () => {
-  const expectedArgs :string[] = [
+  const expectedArgs: string[] = [
     '--git-service',
     'github',
   ];
 
   const {commitExecArgs, commitCommand} = await buildCommitExec();
+  if (
+    (context.eventName == 'pull_request' || context.eventName == 'pull_request_target') &&
+    context.payload.pull_request?.base.label.split(':')[0] != context.payload.pull_request?.head.label.split(':')[0]
+  ) {
+    expectedArgs.push('-B', `${context.payload.pull_request?.head.label}`);
+  }
   if (context.eventName == 'pull_request') {
     expectedArgs.push('-C', `${context.payload.pull_request?.head.sha}`);
   }
@@ -289,7 +296,7 @@ test('commit args using context', async () => {
 });
 
 test('commit args using github server url', async () => {
-  const expectedArgs :string[] = [
+  const expectedArgs: string[] = [
     '--git-service',
     'github_enterprise',
   ];
@@ -297,13 +304,65 @@ test('commit args using github server url', async () => {
   process.env.GITHUB_SERVER_URL = 'https://example.com';
 
   const {commitExecArgs, commitCommand} = await buildCommitExec();
+  if (
+    (context.eventName == 'pull_request' || context.eventName == 'pull_request_target') &&
+    context.payload.pull_request?.base.label.split(':')[0] != context.payload.pull_request?.head.label.split(':')[0]
+  ) {
+    expectedArgs.push('-B', `${context.payload.pull_request?.head.label}`);
+  }
   if (context.eventName == 'pull_request') {
     expectedArgs.push('-C', `${context.payload.pull_request?.head.sha}`);
   }
   if (context.eventName == 'pull_request_target') {
     expectedArgs.push('-P', `${context.payload.number}`);
   }
+  expect(commitExecArgs).toEqual(expectedArgs);
+  expect(commitCommand).toEqual('create-commit');
+});
+
+test('build commit args when token arg is unset and from fork', async () => {
+  context.eventName = 'pull_request';
+  context.payload.pull_request = {
+    'number': 1,
+    'base': {
+      'label': 'hello:main',
+    },
+    'head': {
+      'label': 'world:feat',
+      'sha': 'aaaaaa',
+    },
+  };
+
+  const expectedArgs: string[] = [
+    '--git-service',
+    'github_enterprise',
+    '-B',
+    'world:feat',
+    '-C',
+    `${context.payload.pull_request?.head.sha}`,
+  ];
+
+  const {commitExecArgs, commitCommand} = await buildCommitExec();
 
   expect(commitExecArgs).toEqual(expectedArgs);
   expect(commitCommand).toEqual('create-commit');
 });
+
+test('get token when token arg is unset and from fork', async () => {
+  context.eventName = 'pull_request';
+  context.payload.pull_request = {
+    'number': 1,
+    'base': {
+      'label': 'hello:main',
+    },
+    'head': {
+      'label': 'world:feat',
+      'sha': 'aaaaaa',
+    },
+  };
+
+
+  const token = await getToken();
+
+  expect(token).toEqual('');
+});

src/buildExec.ts

@@ -2,6 +2,7 @@
 
 import * as core from '@actions/core';
 import * as github from '@actions/github';
+import {type PullRequestEvent} from '@octokit/webhooks-types';
 
 import {setFailure} from './helpers';
 
@@ -29,11 +30,9 @@ const getGitService = (): string => {
   return 'github';
 };
 
-const isFork = (): boolean => {
-  if (
-    `${context.eventName}` !== 'pull_request' ||
-    `${context.eventName}` !== 'pull_request_target'
-  ) {
+const isPullRequestFromFork = (): boolean => {
+  core.info(`eventName: ${context.eventName}`);
+  if (!['pull_request', 'pull_request_target'].includes(context.eventName)) {
     return false;
   }
 
@@ -41,14 +40,10 @@ const isFork = (): boolean => {
   const headLabel = context.payload.pull_request.head.label;
 
   core.info(`baseRef: ${baseLabel} | headRef: ${headLabel}`);
-  return (baseLabel.split(':')[0] !== headLabel.split(':')[0]);
+  return baseLabel.split(':')[0] !== headLabel.split(':')[0];
 };
 
 const getToken = async (): Promise<string> => {
-  if (isFork()) {
-    core.info('==> Fork detected, tokenless uploading used');
-    return Promise.resolve('');
-  }
   let token = core.getInput('token');
   let url = core.getInput('url');
   const useOIDC = isTrue(core.getInput('use_oidc'));
@@ -58,7 +53,7 @@ const getToken = async (): Promise<string> => {
     }
     try {
       token = await core.getIDToken(url);
-      return token;
+      return Promise.resolve(token);
     } catch (err) {
       setFailure(
           `Codecov: Failed to get OIDC token with url: ${url}. ${err.message}`,
@@ -69,6 +64,17 @@ const getToken = async (): Promise<string> => {
   return token;
 };
 
+const getOverrideBranch = (token: string): string => {
+  let overrideBranch = core.getInput('override_branch');
+  if (!overrideBranch && !token && isPullRequestFromFork()) {
+    core.info('==> Fork detected, tokenless uploading used');
+    // backwards compatibility with certain versions of the CLI that expect this
+    process.env['TOKENLESS'] = context.payload.pull_request.head.label;
+    overrideBranch =context.payload.pull_request.head.label;
+  }
+  return overrideBranch;
+};
+
 const buildCommitExec = async (): Promise<{
   commitExecArgs: any[];
   commitOptions: any;
@@ -76,18 +82,18 @@ const buildCommitExec = async (): Promise<{
 }> => {
   const commitParent = core.getInput('commit_parent');
   const gitService = getGitService();
-  const overrideBranch = core.getInput('override_branch');
   const overrideCommit = core.getInput('override_commit');
   const overridePr = core.getInput('override_pr');
   const slug = core.getInput('slug');
   const token = await getToken();
+  const overrideBranch = getOverrideBranch(token);
   const failCi = isTrue(core.getInput('fail_ci_if_error'));
   const workingDir = core.getInput('working-directory');
 
   const commitCommand = 'create-commit';
-  const commitExecArgs = [];
+  const commitExecArgs: string[] = [];
 
-  const commitOptions:any = {};
+  const commitOptions: any = {};
   commitOptions.env = Object.assign(process.env, {
     GITHUB_ACTION: process.env.GITHUB_ACTION,
     GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
@@ -97,35 +103,33 @@ const buildCommitExec = async (): Promise<{
     GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
   });
 
-
   if (token) {
     commitOptions.env.CODECOV_TOKEN = token;
   }
   if (commitParent) {
-    commitExecArgs.push('--parent-sha', `${commitParent}`);
+    commitExecArgs.push('--parent-sha', commitParent);
   }
-  commitExecArgs.push('--git-service', `${gitService}`);
+  commitExecArgs.push('--git-service', gitService);
 
   if (overrideBranch) {
-    commitExecArgs.push('-B', `${overrideBranch}`);
+    commitExecArgs.push('-B', overrideBranch);
   }
   if (overrideCommit) {
-    commitExecArgs.push('-C', `${overrideCommit}`);
+    commitExecArgs.push('-C', overrideCommit);
   } else if (
-    `${context.eventName}` == 'pull_request' ||
-    `${context.eventName}` == 'pull_request_target'
+    ['pull_request', 'pull_request_target'].includes(context.eventName)
   ) {
-    commitExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+    const payload = context.payload as PullRequestEvent;
+    commitExecArgs.push('-C', payload.pull_request.head.sha);
   }
   if (overridePr) {
-    commitExecArgs.push('--pr', `${overridePr}`);
-  } else if (
-    `${context.eventName}` == 'pull_request_target'
-  ) {
-    commitExecArgs.push('--pr', `${context.payload.number}`);
+    commitExecArgs.push('--pr', overridePr);
+  } else if (context.eventName === 'pull_request_target') {
+    const payload = context.payload as PullRequestEvent;
+    commitExecArgs.push('--pr', payload.number.toString());
   }
   if (slug) {
-    commitExecArgs.push('--slug', `${slug}`);
+    commitExecArgs.push('--slug', slug);
   }
   if (failCi) {
     commitExecArgs.push('-Z');
@@ -134,7 +138,6 @@ const buildCommitExec = async (): Promise<{
     commitOptions.cwd = workingDir;
   }
 
-
   return {commitExecArgs, commitOptions, commitCommand};
 };
 
@@ -148,10 +151,10 @@ const buildGeneralExec = (): {
   const args = [];
 
   if (codecovYmlPath) {
-    args.push('--codecov-yml-path', `${codecovYmlPath}`);
+    args.push('--codecov-yml-path', codecovYmlPath);
   }
   if (url) {
-    args.push('--enterprise-url', `${url}`);
+    args.push('--enterprise-url', url);
   }
   if (verbose) {
     args.push('-v');
@@ -172,11 +175,10 @@ const buildReportExec = async (): Promise<{
   const failCi = isTrue(core.getInput('fail_ci_if_error'));
   const workingDir = core.getInput('working-directory');
 
-
   const reportCommand = 'create-report';
-  const reportExecArgs = [];
+  const reportExecArgs: string[] = [];
 
-  const reportOptions:any = {};
+  const reportOptions: any = {};
   reportOptions.env = Object.assign(process.env, {
     GITHUB_ACTION: process.env.GITHUB_ACTION,
     GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
@@ -186,29 +188,27 @@ const buildReportExec = async (): Promise<{
     GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
   });
 
-
   if (token) {
     reportOptions.env.CODECOV_TOKEN = token;
   }
-  reportExecArgs.push('--git-service', `${gitService}`);
+  reportExecArgs.push('--git-service', gitService);
 
   if (overrideCommit) {
-    reportExecArgs.push('-C', `${overrideCommit}`);
+    reportExecArgs.push('-C', overrideCommit);
   } else if (
-    `${context.eventName}` == 'pull_request' ||
-    `${context.eventName}` == 'pull_request_target'
+    ['pull_request', 'pull_request_target'].includes(context.eventName)
   ) {
-    reportExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+    const payload = context.payload as PullRequestEvent;
+    reportExecArgs.push('-C', payload.pull_request.head.sha);
   }
   if (overridePr) {
-    reportExecArgs.push('-P', `${overridePr}`);
-  } else if (
-    `${context.eventName}` == 'pull_request_target'
-  ) {
-    reportExecArgs.push('-P', `${context.payload.number}`);
+    reportExecArgs.push('-P', overridePr);
+  } else if (context.eventName == 'pull_request_target') {
+    const payload = context.payload as PullRequestEvent;
+    reportExecArgs.push('-P', payload.number.toString());
   }
   if (slug) {
-    reportExecArgs.push('--slug', `${slug}`);
+    reportExecArgs.push('--slug', slug);
   }
   if (failCi) {
     reportExecArgs.push('-Z');
@@ -264,9 +264,9 @@ const buildUploadExec = async (): Promise<{
   );
   const workingDir = core.getInput('working-directory');
 
-  const uploadExecArgs = [];
+  const uploadExecArgs: string[] = [];
   const uploadCommand = 'do-upload';
-  const uploadOptions:any = {};
+  const uploadOptions: any = {};
   uploadOptions.env = Object.assign(process.env, {
     GITHUB_ACTION: process.env.GITHUB_ACTION,
     GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
@@ -300,83 +300,94 @@ const buildUploadExec = async (): Promise<{
     uploadExecArgs.push('-e', envVarsArg.join(','));
   }
   if (exclude) {
-    uploadExecArgs.push('--exclude', `${exclude}`);
+    uploadExecArgs.push('--exclude', exclude);
   }
   if (failCi) {
     uploadExecArgs.push('-Z');
   }
   if (file) {
-    uploadExecArgs.push('-f', `${file}`);
+    uploadExecArgs.push('-f', file);
   }
   if (files) {
-    files.split(',').map((f) => f.trim()).forEach((f) => {
-      uploadExecArgs.push('-f', `${f}`);
-    });
+    files
+        .split(',')
+        .map((f) => f.trim())
+        .forEach((f) => {
+          if (f.length > 0) {
+          // this handles trailing commas
+            uploadExecArgs.push('-f', f);
+          }
+        });
   }
   if (flags) {
-    flags.split(',').map((f) => f.trim()).forEach((f) => {
-      uploadExecArgs.push('-F', `${f}`);
-    });
+    flags
+        .split(',')
+        .map((f) => f.trim())
+        .forEach((f) => {
+          uploadExecArgs.push('-F', f);
+        });
   }
-  uploadExecArgs.push('--git-service', `${gitService}`);
+  uploadExecArgs.push('--git-service', gitService);
   if (handleNoReportsFound) {
     uploadExecArgs.push('--handle-no-reports-found');
   }
   if (jobCode) {
-    uploadExecArgs.push('--job-code', `${jobCode}`);
+    uploadExecArgs.push('--job-code', jobCode);
   }
   if (name) {
-    uploadExecArgs.push('-n', `${name}`);
+    uploadExecArgs.push('-n', name);
   }
   if (networkFilter) {
-    uploadExecArgs.push('--network-filter', `${networkFilter}`);
+    uploadExecArgs.push('--network-filter', networkFilter);
   }
   if (networkPrefix) {
-    uploadExecArgs.push('--network-prefix', `${networkPrefix}`);
+    uploadExecArgs.push('--network-prefix', networkPrefix);
   }
   if (overrideBranch) {
-    uploadExecArgs.push('-B', `${overrideBranch}`);
+    uploadExecArgs.push('-B', overrideBranch);
   }
   if (overrideBuild) {
-    uploadExecArgs.push('-b', `${overrideBuild}`);
+    uploadExecArgs.push('-b', overrideBuild);
   }
   if (overrideBuildUrl) {
-    uploadExecArgs.push('--build-url', `${overrideBuildUrl}`);
+    uploadExecArgs.push('--build-url', overrideBuildUrl);
   }
   if (overrideCommit) {
-    uploadExecArgs.push('-C', `${overrideCommit}`);
+    uploadExecArgs.push('-C', overrideCommit);
   } else if (
-    `${context.eventName}` == 'pull_request' ||
-    `${context.eventName}` == 'pull_request_target'
+    ['pull_request', 'pull_request_target'].includes(context.eventName)
   ) {
-    uploadExecArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+    const payload = context.payload as PullRequestEvent;
+    uploadExecArgs.push('-C', payload.pull_request.head.sha);
   }
   if (overridePr) {
-    uploadExecArgs.push('-P', `${overridePr}`);
-  } else if (
-    `${context.eventName}` == 'pull_request_target'
-  ) {
-    uploadExecArgs.push('-P', `${context.payload.number}`);
+    uploadExecArgs.push('-P', overridePr);
+  } else if (context.eventName == 'pull_request_target') {
+    const payload = context.payload as PullRequestEvent;
+    uploadExecArgs.push('-P', payload.number.toString());
   }
   if (plugin) {
-    uploadExecArgs.push('--plugin', `${plugin}`);
+    uploadExecArgs.push('--plugin', plugin);
   }
   if (plugins) {
-    plugins.split(',').map((p) => p.trim()).forEach((p) => {
-      uploadExecArgs.push('--plugin', `${p}`);
-    });
+    plugins
+        .split(',')
+        .map((p) => p.trim())
+        .forEach((p) => {
+          uploadExecArgs.push('--plugin', p);
+        });
   }
   if (reportCode) {
-    uploadExecArgs.push('--report-code', `${reportCode}`);
+    uploadExecArgs.push('--report-code', reportCode);
   }
   if (rootDir) {
-    uploadExecArgs.push('--network-root-folder', `${rootDir}`);
+    uploadExecArgs.push('--network-root-folder', rootDir);
   }
   if (searchDir) {
-    uploadExecArgs.push('-s', `${searchDir}`);
+    uploadExecArgs.push('-s', searchDir);
   }
   if (slug) {
-    uploadExecArgs.push('-r', `${slug}`);
+    uploadExecArgs.push('-r', slug);
   }
   if (workingDir) {
     uploadOptions.cwd = workingDir;
@@ -405,4 +416,5 @@ export {
   buildGeneralExec,
   buildReportExec,
   buildUploadExec,
+  getToken,
 };

src/helpers.ts

@@ -12,10 +12,15 @@ const PLATFORMS = [
 type Platform = typeof PLATFORMS[number];
 
 const setFailure = (message: string, failCi: boolean): void => {
-    failCi ? core.setFailed(message) : core.warning(message);
-    if (failCi) {
-      process.exit();
-    }
+  if (failCi) {
+    core.setFailed(message);
+  } else {
+    core.warning(message);
+  }
+
+  if (failCi) {
+    process.exit();
+  }
 };
 
 const getUploaderName = (platform: string): string => {

src/validate.ts

@@ -1,7 +1,7 @@
+import {execSync} from 'node:child_process';
 import * as crypto from 'node:crypto';
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import * as gpg from 'gpg';
 
 import * as core from '@actions/core';
 import {request} from 'undici';
@@ -76,36 +76,43 @@ const verify = async (
       }
     };
 
-    const verifySignature = () => {
-      gpg.call('', [
+    const verifySignature = async () => {
+      const command = [
+        'gpg',
         '--logger-fd',
         '1',
         '--verify',
         path.join(__dirname, `${uploaderName}.SHA256SUM.sig`),
         path.join(__dirname, `${uploaderName}.SHA256SUM`),
-      ], async (err, verifyResult) => {
-        if (err) {
-          setFailure(`Codecov: Error importing pgp key: ${err.message}`, failCi);
-        }
-        core.info(verifyResult);
-        await validateSha();
-      });
+      ].join(' ');
+
+      try {
+        await execSync(command, {stdio: 'inherit'});
+      } catch (err) {
+        setFailure(`Codecov: Error verifying gpg signature: ${err.message}`, failCi);
+      }
     };
 
-    // Import gpg key
-    gpg.call('', [
-      '--logger-fd',
-      '1',
-      '--no-default-keyring',
-      '--import',
-      path.join(__dirname, 'pgp_keys.asc'),
-    ], async (err, importResult) => {
-      if (err) {
-        setFailure(`Codecov: Error importing pgp key: ${err.message}`, failCi);
+    const importKey = async () => {
+      const command = [
+        'gpg',
+        '--logger-fd',
+        '1',
+        '--no-default-keyring',
+        '--import',
+        path.join(__dirname, 'pgp_keys.asc'),
+      ].join(' ');
+
+      try {
+        await execSync(command, {stdio: 'inherit'});
+      } catch (err) {
+        setFailure(`Codecov: Error importing gpg key: ${err.message}`, failCi);
       }
-      core.info(importResult);
-      verifySignature();
-    });
+    };
+
+    await importKey();
+    await verifySignature();
+    await validateSha();
   } catch (err) {
     setFailure(`Codecov: Error validating uploader: ${err.message}`, failCi);
   }

src/version.test.ts

@@ -0,0 +1,62 @@
+import * as core from '@actions/core';
+import {Agent, MockAgent, setGlobalDispatcher} from 'undici';
+
+import versionInfo from './version';
+
+const mockAgent = new MockAgent();
+
+beforeAll(() => {
+  setGlobalDispatcher(mockAgent);
+  mockAgent.disableNetConnect();
+});
+
+afterEach(() => {
+  jest.clearAllMocks();
+});
+
+afterAll(async () => {
+  await mockAgent.close();
+  setGlobalDispatcher(new Agent());
+});
+
+describe('versionInfo', () => {
+  const platform = 'linux';
+
+  test('should resolve requested version info', async () => {
+    const version = 'latest';
+    const coreInfoSpy = jest.spyOn(core, 'info');
+
+    mockAgent
+        .get('https://cli.codecov.io')
+        .intercept({
+          path: `/${platform}/${version}`,
+        })
+        .reply(200, {
+          version: 'v0.5.2',
+        });
+
+    await versionInfo(platform, version);
+
+    expect(coreInfoSpy).toHaveBeenCalledTimes(2);
+    expect(coreInfoSpy).toHaveBeenCalledWith('==> Running version latest');
+    expect(coreInfoSpy).toHaveBeenCalledWith('==> Running version v0.5.2');
+  });
+
+  test('should handle unsupported version', async () => {
+    const version = 'unsupported';
+    const coreInfoSpy = jest.spyOn(core, 'info');
+
+    mockAgent
+        .get('https://cli.codecov.io')
+        .intercept({
+          path: `/${platform}/${version}`,
+        })
+        .reply(404, 'MESSAGE');
+
+    await versionInfo(platform, version);
+
+    expect(coreInfoSpy).toHaveBeenCalledTimes(2);
+    expect(coreInfoSpy).toHaveBeenCalledWith('==> Running version unsupported');
+    expect(coreInfoSpy).toHaveBeenCalledWith(expect.stringContaining('Could not pull latest version information'));
+  });
+});