build(deps): bump github/codeql-action from 3.30.0 to 4.31.7

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 4.31.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.30.0...v4.31.7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.7 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
chore: disable_search alignment (#1881 )
2025-12-08 16:16:24 +00:00 · 2025-12-08 04:01:42 +00:00 · 2025-11-19 18:34:32 +05:00 · 2025-11-11 14:37:52 -08:00
4 changed files with 15 additions and 8 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -41,7 +41,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.30.0
+      uses: github/codeql-action/init@v4.31.7
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.30.0
+      uses: github/codeql-action/autobuild@v4.31.7

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.30.0
+      uses: github/codeql-action/analyze@v4.31.7
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -57,6 +57,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.30.0 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v4.31.7 # v1.0.26
        with:
          sarif_file: results.sarif
--- a/README.md
+++ b/README.md
@@ -140,7 +140,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d
 | `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional
 | `exclude` | Comma-separated list of folders to exclude from search. | Optional
 | `fail_ci_if_error` | On error, exit with non-zero code | Optional
-| `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable-search" to disable uploading other files. | Optional
+| `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable_search" to disable uploading other files. | Optional
 | `flags` | Comma-separated list of flags to upload to group coverage metrics. | Optional
 | `force` | Only used for empty-upload run command | Optional
 | `git_service` | Override the git_service (e.g. github_enterprise) | Optional
--- a/action.yml
+++ b/action.yml
@@ -50,7 +50,7 @@ inputs:
    required: false
    default: 'false'
  files:
-    description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable-search to disable uploading other files.'
+    description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable_search to disable uploading other files.'
    required: false
  flags:
    description: 'Comma-separated list of flags to upload to group coverage metrics.'
@@ -180,13 +180,20 @@ runs:
      run: |
        missing_deps=""

-        # Check for required commands
-        for cmd in bash git curl gpg; do
+        # Check for always-required commands
+        for cmd in bash git curl; do
          if ! command -v "$cmd" >/dev/null 2>&1; then
            missing_deps="$missing_deps $cmd"
          fi
        done

+        # Check for gpg only if validation is not being skipped
+        if [ "${{ inputs.skip_validation }}" != "true" ]; then
+          if ! command -v gpg >/dev/null 2>&1; then
+            missing_deps="$missing_deps gpg"
+          fi
+        fi
+
        # Report missing required dependencies
        if [ -n "$missing_deps" ]; then
          echo "Error: The following required dependencies are missing:$missing_deps"