Create README.md

.eslintrc.json

@@ -0,0 +1,22 @@
+{
+    "env": {
+        "browser": true,
+        "commonjs": true,
+        "es2021": true
+    },
+    "extends": [
+        "google",
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended"
+    ],
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "ecmaVersion": 12
+    },
+    "plugins": [
+        "@typescript-eslint"
+    ],
+    "rules": {
+        "linebreak-style": 0
+    }
+}

.github/workflows/codeql-analysis.yml

@@ -1,69 +0,0 @@
-
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '24 6 * * 5'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4.2.2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.27.0
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.27.0
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.27.0

.github/workflows/enforce-license-compliance.yml

@@ -1,14 +0,0 @@
-name: Enforce License Compliance
-
-on:
-  pull_request:
-    branches: [main]
-
-jobs:
-  enforce-license-compliance:
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Enforce License Compliance'
-        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
-        with:
-          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}

.github/workflows/main.yml

@@ -1,10 +1,27 @@
----
 name: Workflow for Codecov Action
 on: [push, pull_request]
-permissions:
-  id-token: write
-  contents: read
 jobs:
+  no-deps:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Upload coverage to Codecov (script)
+        uses: ./
+        with:
+          files: ./coverage/script/coverage-final.json
+          flags: script,${{ matrix.os }}
+          name: codecov-script
+      - name: Upload coverage to Codecov (demo)
+        uses: ./
+        with:
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
+          flags: demo,${{ matrix.os }}
+          name: codecov-demo
   run:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -12,116 +29,23 @@ jobs:
         os: [macos-latest, windows-latest, ubuntu-latest]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
-        with:
-          submodules: 'true'
+        uses: actions/checkout@v2
       - name: Install dependencies
-        run: pip install -r src/scripts/app/requirements.txt
+        run: npm install
+      - name: Lint
+        run: npm run lint
       - name: Run tests and collect coverage
-        run: pytest src/scripts/app/ --cov
-      - name: Upload coverage to Codecov (script)
-        uses: ./
-        with:
-          fail_ci_if_error: true
-          files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
-          name: codecov-script
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (demo)
-        uses: ./
-        with:
-          fail_ci_if_error: true
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: demo,${{ matrix.os }}
-          name: codecov-demo
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (version)
-        uses: ./
-        with:
-          fail_ci_if_error: true
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: version,${{ matrix.os }}
-          name: codecov-version
-          version: v0.8.0
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-
-  run-macos-latest-xlarge:
-    if: github.head.repo.full_name == 'codecov/codecov-action'
-    runs-on: macos-latest-xlarge
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.2.2
-        with:
-          submodules: 'true'
-      - name: Install dependencies
-        run: pip install -r src/scripts/app/requirements.txt
-      - name: Run tests and collect coverage
-        run: pytest src/scripts/app/ --cov
-      - name: Upload coverage to Codecov (script)
-        uses: ./
-        with:
-          fail_ci_if_error: true
-          files: ./coverage/script/coverage-final.json
-          flags: script,macos-latest-xlarge
-          name: codecov-script
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (demo)
-        uses: ./
-        with:
-          fail_ci_if_error: true
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: demo,macos-latest-xlarge
-          name: codecov-demo
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (version)
-        uses: ./
-        with:
-          fail_ci_if_error: true
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: version,maxos-latest-xlarge
-          name: codecov-version
-          version: v0.8.0
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-
-  run-container:
-    runs-on: ubuntu-latest
-    container: python:latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.2.2
-        with:
-          submodules: 'true'
-      - name: Install deps
-        run: |
-          apt-get install git
+        run: npm run test
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
           files: ./coverage/script/coverage-final.json
           flags: script,${{ matrix.os }}
           name: codecov-script
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
+          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json
+          file: ./coverage/coverage-final.json
           flags: demo,${{ matrix.os }}
           name: codecov-demo
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (version)
-        uses: ./
-        with:
-          files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: version,${{ matrix.os }}
-          name: codecov-version
-          version: v0.8.0
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/scorecards-analysis.yml

@@ -1,62 +0,0 @@
-name: Scorecards supply-chain security
-on:
-  # Only the default branch is supported.
-  branch_protection_rule:
-  schedule:
-    - cron: '43 20 * * 1'
-  push:
-    branches: [ main ]
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    if: github.repository == 'codecov/codecov-action'
-    name: Scorecards analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Used to receive a badge. (Upcoming feature)
-      id-token: write
-      actions: read
-      contents: read
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4.2.2 # v3.0.0
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecards on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
-
-          # Publish the results for public repositories to enable scorecard badges. For more details, see
-          # https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories, `publish_results` will automatically be set to `false`, regardless
-          # of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.27.0 # v1.0.26
-        with:
-          sarif_file: results.sarif

.gitmodules

@@ -1,4 +0,0 @@
-[submodule "src/scripts"]
-	path = src/scripts
-	url = https://github.com/codecov/wrapper
-	branch = main

CHANGELOG.md

@@ -1,171 +1,3 @@
-## 4.0.0-beta.2
-### Fixes
-- #1085 not adding -n if empty to do-upload command
-
-## 4.0.0-beta.1
-
-`v4` represents a move from the [universal uploader](https://github.com/codecov/uploader) to the [Codecov CLI](https://github.com/codecov/codecov-cli). Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.
-
-### Breaking Changes
-- No current support for `aarch64` and `alpine` architectures.
-- Tokenless uploading is unsuported
-- Various arguments to the Action have been removed
-
-## 3.1.4
-### Fixes
-- #967 Fix typo in README.md
-- #971 fix: add back in working dir
-- #969 fix: CLI option names for uploader
-
-### Dependencies
-- #970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3
-- #979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2
-- #981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4
-
-## 3.1.3
-### Fixes
-- #960 fix: allow for aarch64 build
-
-### Dependencies
-- #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
-- #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
-- #959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12
-
-## 3.1.2
-### Fixes
-- #718 Update README.md
-- #851 Remove unsupported path_to_write_report argument
-- #898 codeql-analysis.yml
-- #901 Update README to contain correct information - inputs and negate feature
-- #955 fix: add in all the extra arguments for uploader
-
-### Dependencies
-- #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
-- #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
-- #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
-- #841 build(deps): bump @actions/core from 1.9.1 to 1.10.0
-- #843 build(deps): bump @actions/github from 5.0.3 to 5.1.1
-- #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
-- #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
-- #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2
-- #889 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2
-- #895 build(deps): bump json5 from 2.2.1 to 2.2.3
-- #896 build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2
-- #900 build(deps-dev): bump @vercel/ncc from 0.34.0 to 0.36.1
-- #905 build(deps-dev): bump typescript from 4.7.4 to 4.9.5
-- #911 build(deps-dev): bump @types/node from 16.11.40 to 18.13.0
-- #922 build(deps-dev): bump @types/node from 18.13.0 to 18.14.0
-- #924 build(deps): bump openpgp from 5.5.0 to 5.7.0
-- #927 build(deps-dev): bump @types/node from 18.14.0 to 18.14.2
-- #933 build(deps-dev): bump @types/node from 18.14.2 to 18.14.6
-- #937 build(deps-dev): bump @types/node from 18.14.6 to 18.15.0
-- #938 build(deps): bump node-fetch from 3.3.0 to 3.3.1
-- #945 build(deps-dev): bump @types/node from 18.15.0 to 18.15.5
-- #946 build(deps-dev): bump @types/node from 18.15.5 to 18.15.6
-- #947 build(deps-dev): bump @types/node from 18.15.6 to 18.15.10
-- #951 build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
-
-## 3.1.1
-### Fixes
-- #661 Update deprecation warning
-- #593 Create codeql-analysis.yml
-- #712 README: fix typo
-- #725 fix: Remove a blank row
-- #726 Update README.md with correct badge version
-- #633 Create scorecards-analysis.yml
-- #747 fix: add more verbosity to validation
-- #750 Regenerate scorecards-analysis.yml
-- #774 Switch to v3
-- #783 Fix network entry in table
-- #791 Trim arguments after splitting them
-- #769 Plumb failCi into verification function.
-
-### Dependencies
-- #713 build(deps-dev): bump typescript from 4.6.3 to 4.6.4
-- #714 build(deps): bump node-fetch from 3.2.3 to 3.2.4
-- #724 build(deps): bump github/codeql-action from 1 to 2
-- #717 build(deps-dev): bump @types/jest from 27.4.1 to 27.5.0
-- #729 build(deps-dev): bump @types/node from 17.0.25 to 17.0.33
-- #734 build(deps-dev): downgrade @types/node to 16.11.35
-- #723 build(deps): bump actions/checkout from 2 to 3
-- #733 build(deps): bump @actions/github from 5.0.1 to 5.0.3
-- #732 build(deps): bump @actions/core from 1.6.0 to 1.8.2
-- #737 build(deps-dev): bump @types/node from 16.11.35 to 16.11.36
-- #749 build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0
-- #755 build(deps-dev): bump typescript from 4.6.4 to 4.7.3
-- #759 build(deps-dev): bump @types/node from 16.11.36 to 16.11.39
-- #762 build(deps-dev): bump @types/node from 16.11.39 to 16.11.40
-- #746 build(deps-dev): bump @vercel/ncc from 0.33.4 to 0.34.0
-- #757 build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1
-- #760 build(deps): bump openpgp from 5.2.1 to 5.3.0
-- #748 build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
-- #766 build(deps-dev): bump typescript from 4.7.3 to 4.7.4
-- #799 build(deps): bump openpgp from 5.3.0 to 5.4.0
-- #798 build(deps): bump @actions/core from 1.8.2 to 1.9.1
-
-## 3.1.0
-### Features
-- #699 Incorporate `xcode` arguments for the Codecov uploader
-
-### Dependencies
-- #694 build(deps-dev): bump @vercel/ncc from 0.33.3 to 0.33.4
-- #696 build(deps-dev): bump @types/node from 17.0.23 to 17.0.25
-- #698 build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0
-
-## 3.0.0
-### Breaking Changes
-- #689 Bump to node16 and small fixes
-
-### Features
-- #688 Incorporate `gcov` arguments for the Codecov uploader
-
-### Dependencies
-- #548 build(deps-dev): bump jest-junit from 12.2.0 to 13.0.0
-- #603 [Snyk] Upgrade @actions/core from 1.5.0 to 1.6.0
-- #628 build(deps): bump node-fetch from 2.6.1 to 3.1.1
-- #634 build(deps): bump node-fetch from 3.1.1 to 3.2.0
-- #636 build(deps): bump openpgp from 5.0.1 to 5.1.0
-- #652 build(deps-dev): bump @vercel/ncc from 0.30.0 to 0.33.3
-- #653 build(deps-dev): bump @types/node from 16.11.21 to 17.0.18
-- #659 build(deps-dev): bump @types/jest from 27.4.0 to 27.4.1
-- #667 build(deps): bump actions/checkout from 2 to 3
-- #673 build(deps): bump node-fetch from 3.2.0 to 3.2.3
-- #683 build(deps): bump minimist from 1.2.5 to 1.2.6
-- #685 build(deps): bump @actions/github from 5.0.0 to 5.0.1
-- #681 build(deps-dev): bump @types/node from 17.0.18 to 17.0.23
-- #682 build(deps-dev): bump typescript from 4.5.5 to 4.6.3
-- #676 build(deps): bump @actions/exec from 1.1.0 to 1.1.1
-- #675 build(deps): bump openpgp from 5.1.0 to 5.2.1
-
-## 2.1.0
-### Features
-- #515 Allow specifying version of Codecov uploader
-
-### Dependencies
-- #499 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.30.0
-- #508 build(deps): bump openpgp from 5.0.0-5 to 5.0.0
-- #514 build(deps-dev): bump @types/node from 16.6.0 to 16.9.0
-
-## 2.0.3
-### Fixes
-- #464 Fix wrong link in the readme
-- #485 fix: Add override OS and linux default to platform
-
-### Dependencies
-- #447 build(deps): bump openpgp from 5.0.0-4 to 5.0.0-5
-- #458 build(deps-dev): bump eslint from 7.31.0 to 7.32.0
-- #465 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.28.4 to 4.29.1
-- #466 build(deps-dev): bump @typescript-eslint/parser from 4.28.4 to 4.29.1
-- #468 build(deps-dev): bump @types/jest from 26.0.24 to 27.0.0
-- #470 build(deps-dev): bump @types/node from 16.4.0 to 16.6.0
-- #472 build(deps): bump path-parse from 1.0.6 to 1.0.7
-- #473 build(deps-dev): bump @types/jest from 27.0.0 to 27.0.1
-- #478 build(deps-dev): bump @typescript-eslint/parser from 4.29.1 to 4.29.2
-- #479 build(deps-dev): bump @typescript-eslint/eslint-plugin from 4.29.1 to 4.29.2
-- #481 build(deps-dev): bump @types/node from 16.6.0 to 16.6.2
-- #483 build(deps-dev): bump @vercel/ncc from 0.29.0 to 0.29.2
-- #484 build(deps): bump @actions/core from 1.4.0 to 1.5.0
-
 ## 2.0.2
 ### Fixes
 - Underlying uploader fixes issues with tokens not being sent properly for users seeing

Makefile

@@ -1,7 +1,7 @@
 deploy:
-  $(eval VERSION := $(shell cat src/version | grep 'CODECOV_ACTION_VERSION=' | cut -d\" -f2))
-	git tag -d v5
-	git push origin :v5
-	git tag v5
-	git tag v$(VERSION) -s -m ""
+	$(eval VERSION := $(shell cat package.json | grep '"version": ' | cut -d\" -f4))
+	git tag -d v2
+	git push origin :v2
+	git tag v2
+	git tag v$(VERSION) -m ""
 	git push origin --tags

README.md

@@ -1,143 +1,79 @@
 # Codecov GitHub Action
 
-[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v5-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
+[![GitHub Marketplace](https://img.shields.io/badge/Marketplace-v2-undefined.svg?logo=github&logoColor=white&style=flat)](https://github.com/marketplace/actions/codecov)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fcodecov%2Fcodecov-action?ref=badge_shield)
 [![Workflow for Codecov Action](https://github.com/codecov/codecov-action/actions/workflows/main.yml/badge.svg)](https://github.com/codecov/codecov-action/actions/workflows/main.yml)
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
-## v5 Release
-`v5` of the Codecov GitHub Action will use the [Codecov Wrapper](https://github.com/codecov/wrapper) to encapsulate the [CLI](https://github.com/codecov/codecov-cli). This will help ensure that the Action gets updates quicker.
+>The latest release of this Action adds support for tokenless uploads from GitHub Actions!
 
-### Migration Guide
-The `v5` release also coincides with the opt-out feature for tokens for public repositories. In the `Global Upload Token` section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see [how to upload without a token](https://docs.codecov.com/docs/codecov-tokens#uploading-without-a-token).
+## ⚠️  Deprecration of v1
+**On February 1, 2022, this version will be fully sunset and no longer function**
 
-> [!WARNING]
-> **The following arguments have been changed**
-> - `file` (this has been deprecated in favor of `files`)
-> - `plugin` (this has been deprecated in favor of `plugins`)
+Due to the [deprecation](https://about.codecov.io/blog/introducting-codecovs-new-uploader/) of the underlying bash uploader,
+the Codecov GitHub Action has released `v2` which will use the new [uploader](https://github.com/codecov/uploader). You can learn
+more about our deprecation plan and the new uploader on our [blog](https://about.codecov.io/blog/introducing-codecovs-new-uploader/).
 
-The following arguments have been added:
+We will be restricting any updates to the `v1` Action to security updates and hotfixes.
 
-- `binary`
-- `gcov_args`
-- `gcov_executable`
-- `gcov_ignore`
-- `gcov_include`
-- `report_type`
-- `skip_validation`
-- `swift_project`
-
-You can see their usage in the `action.yml` [file](https://github.com/codecov/codecov-action/blob/main/action.yml).
-
-## v4 Release
-`v4` of the Codecov GitHub Action will use the [Codecov CLI](https://github.com/codecov/codecov-cli) to upload coverage reports to Codecov.
-
-### Breaking Changes
-- Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OSS projects do not need the upstream repo's Codecov token). For details, [see our docs](https://docs.codecov.com/docs/codecov-uploader#supporting-token-less-uploads-for-forks-of-open-source-repos-using-codecov)
-- Various arguments to the Action have been removed
-
-### Dependabot
-- For repositories using `Dependabot`, users will need to ensure that it has access to the Codecov token for PRs from Dependabot to upload coverage. To do this, please add your `CODECOV_TOKEN` as a Dependabot Secret. For more information, see ["Configuring access to private registries for Dependabot."](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use)
-
-`v3` versions and below will not have access to CLI features (e.g. global upload token, ATS).
+### Migration from `v1` to `v2`
+The `v2` uploader has a few breaking changes for users
+- Multiple fields have not been transferred from the bash uploader or have been deprecated. Notably
+many of the `functionalities` and `gcov_` arguments have been removed. Please check the documentation
+below for the full list.
 
 ## Usage
 
-To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v4` is recommended) as a `step` within your `workflow.yml` file.
+To integrate Codecov with your Actions pipeline, specify the name of this repository with a tag number (`@v2` is recommended) as a `step` within your `workflow.yml` file.
 
-This Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, [store it](https://docs.codecov.com/docs/adding-the-codecov-token#github-actions) as a `secret`).
-
-Currently, the Action will identify linux, macos, and windows runners. However, the Action may misidentify other architectures. The OS can be specified as
-- alpine
-- alpine-arm64
-- linux
-- linux-arm64
-- macos
-- windows
+If you have a *private repository*, this Action also requires you to [provide an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) from [codecov.io](https://www.codecov.io) (tip: in order to avoid exposing your token, store it as a `secret`). Optionally, you can choose to include up to four additional inputs to customize the upload context. **For public repositories, no token is needed**
 
 Inside your `.github/workflows/workflow.yml` file:
 
 ```yaml
 steps:
-- uses: actions/checkout@main
-- uses: codecov/codecov-action@v4
+- uses: actions/checkout@master
+- uses: codecov/codecov-action@v2
   with:
-    fail_ci_if_error: true # optional (default = false)
+    token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
     files: ./coverage1.xml,./coverage2.xml # optional
     flags: unittests # optional
     name: codecov-umbrella # optional
-    token: ${{ secrets.CODECOV_TOKEN }} # required
-    verbose: true # optional (default = false)
-```
-
-The Codecov token can also be passed in via environment variables:
-
-```yaml
-steps:
-- uses: actions/checkout@main
-- uses: codecov/codecov-action@v4
-  with:
     fail_ci_if_error: true # optional (default = false)
-    files: ./coverage1.xml,./coverage2.xml # optional
-    flags: unittests # optional
-    name: codecov-umbrella # optional
     verbose: true # optional (default = false)
-  env:
-    CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 ```
-> [!NOTE]
-> This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
-
-### Using OIDC
-For users with [OpenID Connect(OIDC) enabled](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect), the Codecov token is not necessary. You can use OIDC with the `use_oidc` argument as following.
-
-```yaml
-- uses: codecov/codecov-action@v4
-  with:
-    use_oidc: true
-```
-
-Any token supplied will be ignored, as Codecov will default to the OIDC token for verification.
+>**Note**: This assumes that you've set your Codecov token inside *Settings > Secrets* as `CODECOV_TOKEN`. If not, you can [get an upload token](https://docs.codecov.io/docs/frequently-asked-questions#section-where-is-the-repository-upload-token-found-) for your specific repo on [codecov.io](https://www.codecov.io). Keep in mind that secrets are *not* available to forks of repositories.
 
 ## Arguments
 
-Codecov's Action supports inputs from the user. These inputs, along with their descriptions and usage contexts, are listed in the table below:
+Codecov's Action currently supports five inputs from the user: `token`, `file`, `flags`,`name`, and `fail_ci_if_error`. These inputs, along with their descriptions and usage contexts, are listed in the table below:
 
-| Input  | Description | Required |
-| :---       |     :---     |    :---:   |
-| `token` | Repository Codecov token. Used to authorize report uploads | *Required
-| `codecov_yml_path` | Specify the path to the Codecov YML | Optional
-| `commit_parent` | Override to specify the parent commit SHA | Optional
+| Input  | Description | Usage |
+| :---:     |     :---:   |    :---:   |
+| `token`  | Used to authorize coverage report uploads  | *Required for private repos* |
+| `files`  | Comma-separated paths to the coverage report(s) | Optional
 | `directory` | Directory to search for coverage reports. | Optional
-| `disable_search` | Disable search for coverage files. This is helpful when specifying what files you want to upload with the --file option. | Optional
-| `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets) | Optional
 | `dry_run` | Don't upload files to Codecov | Optional
-| `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional
-| `exclude` | Folders to exclude from search | Optional
-| `fail_ci_if_error` | Specify whether or not CI build should fail if Codecov runs into an error during upload | Optional
-| `file` | Path to coverage file to upload | Optional
-| `files` | Comma-separated list of files to upload | Optional
-| `flags` | Flag upload to group coverage metrics (e.g. unittests \| integration \| ui,chrome) | Optional
-| `handle_no_reports_found` | Raise no exceptions when no coverage reports found | Optional
-| `job_code` | The job code | Optional
-| `name` | User defined upload name. Visible in Codecov UI | Optional
-| `os` | Override the assumed OS. Options are linux \| macos \| windows \| . | Optional
+| `flags`  | Flag the upload to group coverage metrics (unittests, uitests, etc.). Multiple flags are separated by a comma (ui,chrome) | Optional
+| | |
+| `commit_parent` | The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository provider's API, the parent is determined via finding the closest ancestor to the commit. | Optional
+| `env_vars`  | Environment variables to tag the upload with. Multiple env variables can be separated with commas (e.g. `OS,PYTHON`) | Optional
+| `fail_ci_if_error`  | Specify if CI pipeline should fail when Codecov runs into errors during upload. *Defaults to **false*** | Optional
+-| `functionalities` | Toggle functionalities | Optional
+-| | `network` Disable uploading the file network |
+| `move_coverage_to_trash` | Move discovered coverage reports to the trash | Optional
+| `name`  | Custom defined name for the upload | Optional
 | `override_branch` | Specify the branch name | Optional
 | `override_build` | Specify the build number | Optional
-| `override_build_url` | The URL of the build where this is running | Optional
 | `override_commit` | Specify the commit SHA | Optional
 | `override_pr` | Specify the pull request number | Optional
-| `plugin` | plugins to run. Options: xcode, gcov, pycoverage. The default behavior runs them all. | Optional
-| `plugins` | Comma-separated list of plugins for use during upload. | Optional
-| `report_code` | The code of the report. If unsure, do not include | Optional
-| `root_dir` | Used to specify the location of your   .git   root to identify project root directory | Optional
+| `override_tag` | Specify the git tag | Optional
+| `path_to_write_report` | Write upload file to path before uploading | Optional
+| `root_dir` | Used when not in git/hg project to identify project root directory | Optional
 | `slug` | Specify the slug manually (Enterprise use) | Optional
-| `url` | Specify the base url to upload (Enterprise use) | Optional
-| `use_legacy_upload_endpoint` | Use the legacy upload endpoint | Optional
-| `use_oidc` | Use OpenID Connect for verification instead of token. This will ignore any token supplied. Please see [GitHub documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) for details.
+| `url` | Change the upload host (Enterprise use) | Optional
 | `verbose` | Specify whether the Codecov output should be verbose | Optional
-| `version` | Specify which version of the Codecov CLI should be used. Defaults to `latest` | Optional
-| `working-directory` | Directory in which to execute codecov.sh | Optional
+| `working-directory` | Directory in which to execute `codecov.sh` | Optional
 
 ### Example `workflow.yml` with Codecov Action
 
@@ -152,28 +88,29 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     env:
       OS: ${{ matrix.os }}
-      PYTHON: '3.10'
+      PYTHON: '3.7'
     steps:
-    - uses: actions/checkout@main
+    - uses: actions/checkout@master
     - name: Setup Python
-      uses: actions/setup-python@main
+      uses: actions/setup-python@master
       with:
-        python-version: 3.10
+        python-version: 3.7
     - name: Generate coverage report
       run: |
         pip install pytest
         pip install pytest-cov
         pytest --cov=./ --cov-report=xml
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v4
+      uses: codecov/codecov-action@v2
       with:
+        token: ${{ secrets.CODECOV_TOKEN }}
         directory: ./coverage/reports/
         env_vars: OS,PYTHON
         fail_ci_if_error: true
-        files: ./coverage1.xml,./coverage2.xml,!./cache
+        files: ./coverage1.xml,./coverage2.xml
         flags: unittests
         name: codecov-umbrella
-        token: ${{ secrets.CODECOV_TOKEN }}
+        path_to_write_report: ./coverage/codecov_report.txt
         verbose: true
 ```
 ## Contributing

action.yml

@@ -1,241 +1,76 @@
----
-# yamllint disable rule:line-length
 name: 'Codecov'
 description: 'GitHub Action that uploads coverage reports for your repository to codecov.io'
-author: 'Thomas Hu <@thomasrockhu-codecov> | Codecov'
+author: 'Ibrahim Ali <@ibrahim0814> & Thomas Hu <@thomasrockhu> | Codecov'
 inputs:
-  binary:
-    description: 'The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed.'
+  token:
+    description: 'Repository upload token - get it from codecov.io. Required only for private repositories'
     required: false
-  codecov_yml_path:
-    description: 'The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be located as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml'
-    required: false
-  commit_parent:
-    description: 'SHA (with 40 chars) of what should be the parent of this commit.'
+  files:
+    description: 'Comma-separated list of files to upload'
     required: false
   directory:
-    description: 'Folder to search for coverage files. Default to the current working directory'
+    description: 'Directory to search for coverage reports.'
     required: false
-  disable_file_fixes:
-    description: 'Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports'
+  flags:
+    description: 'Flag upload to group coverage metrics (e.g. unittests | integration | ui,chrome)'
     required: false
-    default: 'false'
-  disable_search:
-    description: 'Disable search for coverage files. This is helpful when specifying what files you want to upload with the files option.'
+  commit_parent:
+    description: 'The commit SHA of the parent for which you are uploading coverage. If not present, the parent will be determined using the API of your repository provider.  When using the repository providers API, the parent is determined via finding the closest ancestor to the commit.'
     required: false
-    default: 'false'
-  disable_safe_directory:
-    description: 'Disable setting safe directory. Set to true to disable.'
-    required: false
-    default: 'false'
   dry_run:
     description: "Don't upload files to Codecov"
     required: false
-    default: 'false'
   env_vars:
     description: 'Environment variables to tag the upload with (e.g. PYTHON | OS,PYTHON)'
     required: false
-  exclude:
-    description: 'Comma-separated list of folders to exclude from search.'
-    required: false
   fail_ci_if_error:
-    description: 'On error, exit with non-zero code'
+    description: 'Specify whether or not CI build should fail if Codecov runs into an error during upload'
     required: false
-    default: 'false'
-  files:
-    description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable-search to disable uploading other files.'
+  file:
+    description: 'Path to coverage file to upload'
     required: false
-  flags:
-    description: 'Comma-separated list of flags to upload to group coverage metrics.'
+  functionalities:
+    description: 'Comma-separated list, see the README for options and their usage'
     required: false
-  git_service:
-    description: 'Override the git_service (e.g. github_enterprise)'
-    required: false
-    default: 'github'
-  gcov_args:
-    description: 'Extra arguments to pass to gcov'
-    required: false
-  gcov_executable:
-    description: "gcov executable to run. Defaults to 'gcov'"
-    required: false
-    default: 'gcov'
-  gcov_ignore:
-    description: 'Paths to ignore during gcov gathering'
-    required: false
-  gcov_include:
-    description: "Paths to include during gcov gathering"
-    required: false
-  handle_no_reports_found:
-    description: 'If no coverage reports are found, do not raise an exception.'
-    required: false
-    default: 'false'
-  job_code:
-    description: ''
+  move_coverage_to_trash:
+    description: 'Move discovered coverage reports to the trash'
     required: false
   name:
-    description: 'Custom defined name of the upload. Visible in the Codecov UI'
-    required: false
-  network_filter:
-    description: 'Specify a filter on the files listed in the network section of the Codecov report. This will only add files whose path begin with the specified filter. Useful for upload-specific path fixing.'
-    required: false
-  network_prefix:
-    description: 'Specify a prefix on files listed in the network section of the Codecov report. Useful to help resolve path fixing.'
-    required: false
-  os:
-    description: 'Override the assumed OS. Options available at cli.codecov.io'
+    description: 'User defined upload name. Visible in Codecov UI'
     required: false
   override_branch:
-    description: 'Specify the branch to be displayed with this commit on Codecov'
+    description: 'Specify the branch name'
     required: false
   override_build:
-    description: 'Specify the build number manually'
-    required: false
-  override_build_url:
-    description: 'The URL of the build where this is running'
+    description: 'Specify the build number'
     required: false
   override_commit:
-    description: 'Commit SHA (with 40 chars)'
+    description: 'Specify the commit SHA'
     required: false
   override_pr:
-    description: 'Specify the pull request number manually. Used to override pre-existing CI environment variables.'
+    description: 'Specify the pull request number'
     required: false
-  plugins:
-    description: 'Comma-separated list of plugins to run. Specify `noop` to turn off all plugins'
-    required: false
-  report_code:
-    description: 'The code of the report if using local upload. If unsure, leave default. Read more here https://docs.codecov.com/docs/the-codecov-cli#how-to-use-local-upload'
-    required: false
-  report_type:
-    description: 'The type of file to upload, coverage by default. Possible values are "testing", "coverage".'
+  override_tag:
+    description: 'Specify the git tag'
     required: false
   root_dir:
-    description: 'Root folder from which to consider paths on the network section. Defaults to current working directory.'
+    description: 'Used when not in git/hg project to identify project root directory'
     required: false
-  skip_validation:
-    description: 'Skip integrity checking of the CLI. This is NOT recommended.'
-    required: false
-    default: 'false'
   slug:
-    description: '[Required when using the org token] Set to the owner/repo slug used instead of the private repo token. Only applicable to some Enterprise users.'
-    required: false
-  swift_project:
-    description: 'Specify the swift project name. Useful for optimization.'
-    required: false
-  token:
-    description: 'Repository Codecov token. Used to authorize report uploads'
+    description: 'Specify the slug manually (Enterprise use)'
     required: false
   url:
-    description: 'Set to the Codecov instance URl. Used by Dedicated Enterprise Cloud customers.'
+    description: 'Change the upload host (Enterprise use)'
     required: false
-  use_legacy_upload_endpoint:
-    description: 'Use the legacy upload endpoint.'
-    required: false
-    default: 'false'
-  use_oidc:
-    description: 'Use OIDC instead of token. This will ignore any token supplied'
-    required: false
-    default: 'false'
   verbose:
-    description: 'Enable verbose logging'
+    description: 'Specify whether the Codecov output should be verbose'
     required: false
-    default: 'false'
-  version:
-    description: "Which version of the Codecov CLI to use (defaults to 'latest')"
-    required: false
-    default: 'latest'
   working-directory:
     description: 'Directory in which to execute codecov.sh'
     required: false
-
 branding:
   color: 'red'
   icon: 'umbrella'
-
 runs:
-  using: "composite"
-  steps:
-    - name: Set safe directory
-      if: ${{ inputs.set_safe_directory != 'true' }}
-      shell: bash
-      run: |
-        git config --global --add safe.directory ${{ github.workspace }}
-
-    - name: Get and set token
-      shell: bash
-      run: |
-        if [ ${{ inputs.use_oidc }} == 'true' ];
-        then
-          # {"count":1984,"value":"***"}
-          CODECOV_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=api://AzureADTokenExchange" | cut -d\' -f6)
-          echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> $GITHUB_ENV
-        else
-          if [ -n ${{ inputs.token }} ];
-          then
-            CODECOV_TOKEN=${{ inputs.token }}
-            echo "CODECOV_TOKEN=$CODECOV_TOKEN" >> $GITHUB_ENV
-          fi
-        fi
-
-    - name: Override branch for forks
-      shell: bash
-      run: |
-        if [ -z "$CC_BRANCH" ] && [ -z "$CODECOV_TOKEN" ] && [ "${GITHUB_EVENT_PULL_REQUEST_REPO_FULL_NAME}" != "$GITHUB_REPOSITORY" ];
-        then
-          echo -e "\033[0;32m==>\033[0m Fork detected, tokenless uploading used"
-          TOKENLESS="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
-          CC_BRANCH="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
-          echo "TOKENLESS=$TOKENLESS" >> $GITHUB_ENV
-        fi
-
-        echo "CC_BRANCH=$CC_BRANCH" >> $GITHUB_ENV
-      env:
-        CC_BRANCH: ${{ inputs.override_branch }}
-        GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL: ${{ github.event.pull_request.head.label }}
-        GITHUB_EVENT_PULL_REQUEST_REPO_FULL_NAME: ${{ github.event.pull_request.repo.full_name }}
-        GITHUB_REPOSITORY: ${{ github.repository }}
-
-    - name: Upload coverage to Codecov
-      run: ${GITHUB_ACTION_PATH}/dist/codecov.sh
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      env:
-        CC_BINARY: ${{ inputs.binary }}
-        CC_BRANCH: $CC_BRANCH
-        CC_BUILD: ${{ inputs.override_build }}
-        CC_BUILD_URL: ${{ inputs.override_build_url }}
-        CC_CODE: ${{ inputs.report_code }}
-        CC_DIR: ${{ inputs.directory }}
-        CC_DISABLE_FILE_FIXES: ${{ inputs.disable_file_fixes }}
-        CC_DISABLE_SEARCH: ${{ inputs.disable_search }}
-        CC_DRY_RUN: ${{ inputs.dry_run }}
-        CC_ENTERPRISE_URL: ${{ inputs.url }}
-        CC_ENV: ${{ inputs.env_vars }}
-        CC_EXCLUDES: ${{ inputs.exclude }}
-        CC_FAIL_ON_ERROR: ${{ inputs.fail_ci_if_error }}
-        CC_FILES: ${{ inputs.files }}
-        CC_FLAGS: ${{ inputs.flags }}
-        CC_GCOV_ARGS: ${{ inputs.gcov_args }}
-        CC_GCOV_EXECUTABLE: ${{ inputs.gcov_executable }}
-        CC_GCOV_IGNORE: ${{ inputs.gcov_ignore }}
-        CC_GCOV_INCLUDE: ${{ inputs.gcov_include }}
-        CC_GIT_SERVICE: ${{ inputs.git_service }}
-        CC_HANDLE_NO_REPORTS_FOUND: ${{ inputs.handle_no_reports_found }}
-        CC_JOB_CODE: ${{ inputs.job_code }}
-        CC_LEGACY: ${{ inputs.use_legacy_upload_endpoint }}
-        CC_NAME: ${{ inputs.name }}
-        CC_NETWORK_FILTER: ${{ inputs.network_filter }}
-        CC_NETWORK_PREFIX: ${{ inputs.network_prefix }}
-        CC_NETWORK_ROOT_FOLDER: ${{ inputs.root_dir }}
-        CC_OS: ${{ inputs.os }}
-        CC_PARENT_SHA: ${{ inputs.commit_parent }}
-        CC_PLUGINS: ${{ inputs.plugins }}
-        CC_PR: ${{ inputs.override_pr }}
-        CC_REPORT_TYPE: ${{ inputs.report_type }}
-        CC_SHA: ${{ inputs.override_commit }}
-        CC_SKIP_VALIDATION: ${{ inputs.skip_validation }}
-        CC_SLUG: ${{ inputs.slug }}
-        CC_SWIFT_PROJECT: ${{ inputs.swift_project }}
-        CC_TOKEN: $CODECOV_TOKEN
-        CC_VERBOSE: ${{ inputs.verbose }}
-        CC_VERSION: ${{ inputs.version }}
-        CC_YML_PATH: ${{ inputs.codecov_yml_path }}
+  using: 'node12'
+  main: 'dist/index.js'

dist/codecov.sh

@@ -1,238 +0,0 @@
-#!/usr/bin/env bash
-CC_WRAPPER_VERSION="0.0.24"
-set +u
-say() {
-  echo -e "$1"
-}
-exit_if_error() {
-  say "$r==> $1$x"
-  if [ $CC_FAIL_ON_ERROR = true ];
-  then
-     say "$r    Exiting...$x"
-     exit 1;
-  fi
-}
-lower() {
-  echo $(echo $1 | sed 's/CC//' | sed 's/_/-/g' | tr '[:upper:]' '[:lower:]')
-}
-write_existing_args() {
-  if [ -n "$(eval echo \$$1)" ];
-  then
-    echo " -$(lower "$1") $(eval echo \$$1)"
-  fi
-}
-write_truthy_args() {
-  if [ "$(eval echo \$$1)" = "true" ] || [ "$(eval echo \$$1)" = "1" ];
-  then
-    echo " -$(lower $1)"
-  fi
-}
-b="\033[0;36m"  # variables/constants
-g="\033[0;32m"  # info/debug
-r="\033[0;31m"  # errors
-x="\033[0m"
-say "     _____          _
-    / ____|        | |
-   | |     ___   __| | ___  ___ _____   __
-   | |    / _ \\ / _\` |/ _ \\/ __/ _ \\ \\ / /
-   | |___| (_) | (_| |  __/ (_| (_) \\ V /
-    \\_____\\___/ \\__,_|\\___|\\___\\___/ \\_/
-                           $r Wrapper-$CC_WRAPPER_VERSION$x
-                                  "
-CC_VERSION="${CC_VERSION:-latest}"
-CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
-if [ -n "$CC_BINARY" ];
-then
-  if [ -f "$CC_BINARY" ];
-  then
-    cc_filename=$CC_BINARY
-  else
-    exit_if_error "Could not find binary file $CC_BINARY"
-  fi
-else
-  if [ -n "$CC_OS" ];
-  then
-    say "$g==>$x Overridden OS: $b${CC_OS}$x"
-    export cc_os=${CC_OS}
-  else
-    CC_OS="linux"
-    family=$(uname -s | tr '[:upper:]' '[:lower:]')
-    cc_os="windows"
-    [[ $family == "darwin" ]] && cc_os="macos"
-    [[ $family == "linux" ]] && cc_os="linux"
-    [[ $cc_os == "linux" ]] && \
-      osID=$(grep -e "^ID=" /etc/os-release | cut -c4-)
-    [[ $osID == "alpine" ]] && cc_os="alpine"
-    [[ $(arch) == "aarch64" && $family == "linux" ]] && cc_os+="-arm64"
-    say "$g==>$x Detected $b${cc_os}$x"
-    export cc_os=${cc_os}
-  fi
-  export cc_version=${CC_VERSION}
-  cc_filename="codecov"
-  [[ $cc_os == "windows" ]] && cc_filename+=".exe"
-  export cc_filename=${cc_filename}
-  [[ $cc_os == "macos" ]]  && \
-    ! command -v gpg 2>&1 >/dev/null && \
-    HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg
-  cc_url="https://cli.codecov.io"
-  cc_url="$cc_url/${CC_VERSION}"
-  cc_url="$cc_url/${cc_os}/${cc_filename}"
-  say "$g ->$x Downloading $b${cc_url}$x"
-  curl -Os $cc_url
-  say "$g==>$x Finishing downloading $b${cc_os}:${CC_VERSION}$x"
-  version_url="https://cli.codecov.io/${cc_os}/${CC_VERSION}"
-  version=$(curl -s $version_url -H "Accept:application/json" | jq -r '.version')
-  say "      Version: $b$version$x"
-  say " "
-fi
-if [ "$CC_SKIP_VALIDATION" = "true" ] || [ -n "$CC_BINARY" ];
-then
-  say "$r==>$x Bypassing validation as requested by user"
-else
-CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
-  echo "${CC_PUBLIC_PGP_KEY}"  | \
-    gpg --no-default-keyring --import
-  # One-time step
-  say "$g==>$x Verifying GPG signature integrity"
-  sha_url="https://cli.codecov.io"
-  sha_url="${sha_url}/${cc_version}/${cc_os}"
-  sha_url="${sha_url}/${cc_filename}.SHA256SUM"
-  say "$g ->$x Downloading $b${sha_url}$x"
-  say "$g ->$x Downloading $b${sha_url}.sig$x"
-  say " "
-  curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "$sha_url"
-  curl -Os --retry 5 --retry-delay 2 --connect-timeout 2 "${sha_url}.sig"
-  if ! gpg --verify "${cc_filename}.SHA256SUM.sig" "${cc_filename}.SHA256SUM";
-  then
-    exit_if_error "Could not verify signature. Please contact Codecov if problem continues"
-  fi
-  if ! (shasum -a 256 -c "${cc_filename}.SHA256SUM" || \
-    sha256sum -c "${cc_filename}.SHA256SUM");
-  then
-    exit_if_error "Could not verify SHASUM. Please contact Codecov if problem continues"
-  fi
-  say "$g==>$x CLI integrity verified"
-  say
-fi
-cc_cli_args=()
-cc_cli_args+=( $(write_existing_args CC_AUTO_LOAD_PARAMS_FROM) )
-cc_cli_args+=( $(write_existing_args CC_ENTERPRISE_URL) )
-cc_cli_args+=( $(write_existing_args CC_YML_PATH) )
-cc_cli_args+=( $(write_truthy_args CC_VERBOSE) )
-cc_cc_args=()
-cc_cc_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
-cc_cc_args+=( $(write_existing_args CC_GIT_SERVICE) )
-cc_cc_args+=( $(write_existing_args CC_PARENT_SHA) )
-cc_cc_args+=( $(write_existing_args CC_PR) )
-cc_cc_args+=( $(write_existing_args CC_SHA) )
-cc_cc_args+=( $(write_existing_args CC_SLUG) )
-cc_create_report_args=()
-cc_cr_args+=( $(write_existing_args CC_CODE) )
-cc_cr_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
-cc_cr_args+=( $(write_existing_args CC_GIT_SERVICE) )
-cc_cr_args+=( $(write_existing_args CC_PR) )
-cc_cr_args+=( $(write_existing_args CC_SHA) )
-cc_cr_args+=( $(write_existing_args CC_SLUG) )
-cc_du_args=()
-cc_du_args+=( $(write_existing_args CC_ENV) )
-OLDIFS=$IFS;IFS=,
-cc_du_args+=( $(write_existing_args CC_BRANCH) )
-cc_du_args+=( $(write_existing_args CC_BUILD) )
-cc_du_args+=( $(write_existing_args CC_BUILD_URL) )
-cc_du_args+=( $(write_existing_args CC_CODE) )
-cc_du_args+=( $(write_existing_args CC_DIR) )
-cc_du_args+=( $(write_truthy_args CC_DISABLE_FILE_FIXES) )
-cc_du_args+=( $(write_truthy_args CC_DISABLE_SEARCH) )
-cc_du_args+=( $(write_truthy_args CC_DRY_RUN) )
-if [ -n "$CC_EXCLUDES" ];
-then
-  for directory in $CC_EXCLUDES; do
-    cc_du_args+=( " --exclude " "$directory" )
-  done
-fi
-cc_du_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
-if [ -n "$CC_FILES" ];
-then
-  for file in $CC_FILES; do
-    cc_du_args+=( " --file " "$file" )
-  done
-fi
-if [ -n "$CC_FLAGS" ];
-then
-  for flag in $CC_FLAGS; do
-    cc_du_args+=( " --flag " "$flag" )
-  done
-fi
-cc_du_args+=( $(write_existing_args CC_GCOV_ARGS) )
-cc_du_args+=( $(write_existing_args CC_GCOV_EXECUTABLE) )
-cc_du_args+=( $(write_existing_args CC_GCOV_IGNORE) )
-cc_du_args+=( $(write_existing_args CC_GCOV_INCLUDE) )
-cc_du_args+=( $(write_existing_args CC_GIT_SERVICE) )
-cc_du_args+=( $(write_truthy_args CC_HANDLE_NO_REPORTS_FOUND) )
-cc_du_args+=( $(write_existing_args CC_JOB_CODE) )
-cc_du_args+=( $(write_truthy_args CC_LEGACY) )
-cc_du_args+=( $(write_existing_args CC_NAME) )
-cc_du_args+=( $(write_existing_args CC_NETWORK_FILTER) )
-cc_du_args+=( $(write_existing_args CC_NETWORK_PREFIX) )
-cc_du_args+=( $(write_existing_args CC_NETWORK_ROOT_FOLDER) )
-if [ -n "$CC_PLUGINS" ];
-then
-  for plugin in $CC_PLUGINS; do
-    cc_du_args+=( " --plugin " "$plugin" )
-  done
-fi
-cc_du_args+=( $(write_existing_args CC_PR) )
-cc_du_args+=( $(write_existing_args CC_REPORT_TYPE) )
-cc_du_args+=( $(write_existing_args CC_SHA) )
-cc_du_args+=( $(write_existing_args CC_SLUG) )
-cc_du_args+=( $(write_existing_args CC_SWIFT_PROJECT) )
-IFS=$OLDIFS
-unset NODE_OPTIONS
-# See https://github.com/codecov/uploader/issues/475
-chmod +x $cc_filename
-if [ -n "$CC_TOKEN_VAR" ];
-then
-  token="$(eval echo \$$CC_TOKEN_VAR)"
-else
-  token="$(eval echo $CC_TOKEN)"
-fi
-say "$g ->$x Token of length ${#token} detected"
-token_str=""
-token_arg=()
-if [ -n "$token" ];
-then
-  token_str+=" -t <redacted>"
-  token_arg+=( " -t " "$token")
-fi
-say "$g==>$x Running create-commit"
-say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") create-commit$token_str $(echo "${cc_cc_args[@]}")$x"
-if ! ./$cc_filename \
-  ${cc_cli_args[*]} \
-  create-commit \
-  ${token_arg[*]} \
-  ${cc_cc_args[*]};
-then
-  exit_if_error "Failed to create-commit"
-fi
-say " "
-say "$g==>$x Running create-report"
-say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") create-report$token_str $(echo "${cc_cr_args[@]}")$x"
-if ! ./$cc_filename \
-  ${cc_cli_args[*]} \
-  create-report \
-  ${token_arg[*]} \
-  ${cc_cr_args[*]};
-then
-  exit_if_error "Failed to create-report"
-fi
-say " "
-say "$g==>$x Running do-upload"
-say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") do-upload$token_str $(echo "${cc_du_args[@]}")$x"
-if ! ./$cc_filename \
-  ${cc_cli_args[*]} \
-  do-upload \
-  ${token_arg[*]} \
-  ${cc_du_args[*]};
-then
-  exit_if_error "Failed to upload"
-fi

dist/pgp_keys.asc

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq
+KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr
+sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv
+2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5
+GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL
+KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw
+HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y
+zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue
+IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q
+Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3
+ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB
+tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv
+biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L
+vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
+EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F
+V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u
+yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV
+PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61
+BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J
+Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz
+atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL
+BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f
+JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa
+Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q
+WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN
+BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X
+VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB
+8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b
+PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9
+HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ
+ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/
+TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh
+vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R
+kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE
+SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633
+e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2
+BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13
+mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701
+0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ
+WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7
+UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU
+dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF
+o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq
+dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5
+y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL
+QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU
+8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ
+3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ=
+=ch7z
+-----END PGP PUBLIC KEY BLOCK-----

hooks/pre-commit

@@ -2,5 +2,8 @@
 
 set -e
 
-cp src/scripts/dist/codecov.sh dist/codecov.sh
-git add dist/codecov.sh
+npm install
+npm run lint
+npm run build
+git add dist/
+git add package-lock.json

jest.config.js

@@ -0,0 +1,4 @@
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+};

package.json

@@ -0,0 +1,45 @@
+{
+  "name": "codecov-action",
+  "version": "2.0.2",
+  "description": "Upload coverage reports to Codecov from GitHub Actions",
+  "main": "index.js",
+  "scripts": {
+    "build": "ncc build src/index.ts --source-map",
+    "lint": "eslint src/**/*.ts",
+    "test": "npm run test-script && npm run test-calculator && npm run test-coverage",
+    "test-calculator": "jest --testPathPattern=demo/calculator/ --coverage --coverageDirectory=coverage/calculator",
+    "test-coverage": "jest --testPathPattern=demo/coverage-test/ --coverage --coverageDirectory=coverage/coverage-test",
+    "test-script": "jest --testPathPattern=src/ --coverage --coverageDirectory=coverage/script"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/codecov/codecov-action.git"
+  },
+  "keywords": [],
+  "author": "Ibrahim Ali",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/codecov/codecov-action/issues"
+  },
+  "homepage": "https://github.com/codecov/codecov-action#readme",
+  "dependencies": {
+    "@actions/core": "^1.4.0",
+    "@actions/exec": "^1.1.0",
+    "@actions/github": "^5.0.0",
+    "node-fetch": "^2.6.1",
+    "openpgp": "^5.0.0-4"
+  },
+  "devDependencies": {
+    "@types/jest": "^26.0.24",
+    "@types/node": "^16.4.0",
+    "@typescript-eslint/eslint-plugin": "^4.28.4",
+    "@typescript-eslint/parser": "^4.28.4",
+    "@vercel/ncc": "^0.29.0",
+    "eslint": "^7.31.0",
+    "eslint-config-google": "^0.14.0",
+    "jest": "^26.6.3",
+    "jest-junit": "^12.2.0",
+    "ts-jest": "^26.5.6",
+    "typescript": "^4.3.5"
+  }
+}

src/buildExec.test.ts

@@ -0,0 +1,108 @@
+import * as github from '@actions/github';
+
+import buildExec from './buildExec';
+
+/* eslint-disable  @typescript-eslint/no-var-requires */
+const {version} = require('../package.json');
+
+const context = github.context;
+
+test('no arguments', () => {
+  const {execArgs, failCi} = buildExec();
+
+  const args = [
+    '-n',
+    '',
+    '-Q',
+    `github-action-${version}`,
+  ];
+  if (context.eventName == 'pull_request') {
+    args.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  expect(execArgs).toEqual(args);
+  expect(failCi).toBeFalsy();
+});
+
+test('all arguments', () => {
+  const envs = {
+    'commit_parent': '83231650328f11695dfb754ca0f540516f188d27',
+    'directory': 'coverage/',
+    'dry_run': 'true',
+    'env_vars': 'OS,PYTHON',
+    'fail_ci_if_error': 'true',
+    'file': 'coverage.xml',
+    'files': 'dir1/coverage.xml,dir2/coverage.xml',
+    'flags': 'test,test2',
+    'functionalities':
+      'network',
+    'move_coverage_to_trash': 'true',
+    'name': 'codecov',
+    'override_branch': 'thomasrockhu/test',
+    'override_build': '1',
+    'override_commit': '9caabca5474b49de74ef5667deabaf74cdacc244',
+    'override_pr': '2',
+    'override_tag': 'v1.2',
+    'path_to_write_report': 'codecov/',
+    'root_dir': 'root/',
+    'slug': 'fakeOwner/fakeRepo',
+    'token': 'd3859757-ab80-4664-924d-aef22fa7557b',
+    'url': 'https://codecov.enterprise.com',
+    'verbose': 't',
+    'working-directory': 'src',
+  };
+
+  for (const env of Object.keys(envs)) {
+    process.env['INPUT_' + env.toUpperCase()] = envs[env];
+  }
+
+  const {execArgs, failCi} = buildExec();
+  expect(execArgs).toEqual([
+    '-n',
+    'codecov',
+    '-Q',
+    `github-action-${version}`,
+    '-c',
+    '-N',
+    '83231650328f11695dfb754ca0f540516f188d27',
+    '-d',
+    '-e',
+    'OS,PYTHON',
+    '-X',
+    'network',
+    '-Z',
+    '-f',
+    'coverage.xml',
+    '-f',
+    'dir1/coverage.xml',
+    '-f',
+    'dir2/coverage.xml',
+    '-F',
+    'test',
+    '-F',
+    'test2',
+    '-B',
+    'thomasrockhu/test',
+    '-b',
+    '1',
+    '-C',
+    '9caabca5474b49de74ef5667deabaf74cdacc244',
+    '-P',
+    '2',
+    '-T',
+    'v1.2',
+    '-R',
+    'root/',
+    '-s',
+    'coverage/',
+    '-r',
+    'fakeOwner/fakeRepo',
+    '-u',
+    'https://codecov.enterprise.com',
+    '-v',
+  ]);
+  expect(failCi).toBeTruthy();
+
+  for (const env of Object.keys(envs)) {
+    delete process.env['INPUT_' + env.toUpperCase()];
+  }
+});

src/buildExec.ts

@@ -0,0 +1,152 @@
+import * as core from '@actions/core';
+import * as github from '@actions/github';
+
+import {version} from '../package.json';
+
+const context = github.context;
+
+const isTrue = (variable) => {
+  const lowercase = variable.toLowerCase();
+  return (
+    lowercase === '1' ||
+    lowercase === 't' ||
+    lowercase === 'true' ||
+    lowercase === 'y' ||
+    lowercase === 'yes'
+  );
+};
+
+const buildExec = () => {
+  const clean = core.getInput('move_coverage_to_trash');
+  const commitParent = core.getInput('commit_parent');
+  const envVars = core.getInput('env_vars');
+  const dryRun = isTrue(core.getInput('dry_run'));
+  const failCi = isTrue(core.getInput('fail_ci_if_error'));
+  const file = core.getInput('file');
+  const files = core.getInput('files');
+  const flags = core.getInput('flags');
+  const functionalities = core.getInput('functionalities');
+  const name = core.getInput('name');
+  const overrideBranch = core.getInput('override_branch');
+  const overrideBuild = core.getInput('override_build');
+  const overrideCommit = core.getInput('override_commit');
+  const overridePr = core.getInput('override_pr');
+  const overrideTag = core.getInput('override_tag');
+  const rootDir = core.getInput('root_dir');
+  const searchDir = core.getInput('directory');
+  const slug = core.getInput('slug');
+  const token = core.getInput('token');
+  const verbose = isTrue(core.getInput('verbose'));
+  const url = core.getInput('url');
+  const workingDir = core.getInput('working-directory');
+
+  const execArgs = [];
+  execArgs.push(
+      '-n',
+      `${name}`,
+      '-Q',
+      `github-action-${version}`,
+  );
+
+  const options:any = {};
+  options.env = Object.assign(process.env, {
+    GITHUB_ACTION: process.env.GITHUB_ACTION,
+    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID,
+    GITHUB_REF: process.env.GITHUB_REF,
+    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY,
+    GITHUB_SHA: process.env.GITHUB_SHA,
+    GITHUB_HEAD_REF: process.env.GITHUB_HEAD_REF || '',
+  });
+
+  const envVarsArg = [];
+  for (const envVar of envVars.split(',')) {
+    const envVarClean = envVar.trim();
+    if (envVarClean) {
+      options.env[envVarClean] = process.env[envVarClean];
+      envVarsArg.push(envVarClean);
+    }
+  }
+
+  if (token) {
+    options.env.CODECOV_TOKEN = token;
+  }
+  if (clean) {
+    execArgs.push('-c');
+  }
+  if (commitParent) {
+    execArgs.push('-N', `${commitParent}`);
+  }
+  if (dryRun) {
+    execArgs.push('-d');
+  }
+  if (envVarsArg.length) {
+    execArgs.push('-e', envVarsArg.join(','));
+  }
+  if (functionalities) {
+    functionalities.split(',').forEach((f) => {
+      execArgs.push('-X', `${f}`);
+    });
+  }
+  if (failCi) {
+    execArgs.push('-Z');
+  }
+  if (file) {
+    execArgs.push('-f', `${file}`);
+  }
+  if (files) {
+    files.split(',').forEach((f) => {
+      execArgs.push('-f', `${f}`);
+    });
+  }
+  if (flags) {
+    flags.split(',').forEach((f) => {
+      execArgs.push('-F', `${f}`);
+    });
+  }
+  if (overrideBranch) {
+    execArgs.push('-B', `${overrideBranch}`);
+  }
+  if (overrideBuild) {
+    execArgs.push('-b', `${overrideBuild}`);
+  }
+  if (overrideCommit) {
+    execArgs.push('-C', `${overrideCommit}`);
+  } else if (
+    `${context.eventName}` == 'pull_request' ||
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    execArgs.push('-C', `${context.payload.pull_request.head.sha}`);
+  }
+  if (overridePr) {
+    execArgs.push('-P', `${overridePr}`);
+  } else if (
+    `${context.eventName}` == 'pull_request_target'
+  ) {
+    execArgs.push('-P', `${context.payload.number}`);
+  }
+  if (overrideTag) {
+    execArgs.push('-T', `${overrideTag}`);
+  }
+  if (rootDir) {
+    execArgs.push('-R', `${rootDir}`);
+  }
+  if (searchDir) {
+    execArgs.push('-s', `${searchDir}`);
+  }
+  if (slug) {
+    execArgs.push('-r', `${slug}`);
+  }
+  if (url) {
+    execArgs.push('-u', `${url}`);
+  }
+  if (verbose) {
+    execArgs.push('-v');
+  }
+  if (workingDir) {
+    options.cwd = workingDir;
+  }
+
+  return {execArgs, options, failCi};
+};
+
+export default buildExec;

src/helpers.ts

@@ -0,0 +1,41 @@
+import * as core from '@actions/core';
+
+const PLATFORMS = ['alpine', 'linux', 'macos', 'windows'];
+
+const setFailure = (message: string, failCi: boolean): void => {
+    failCi ? core.setFailed(message) : core.warning(message);
+    if (failCi) {
+      process.exit();
+    }
+};
+
+const getUploaderName = (): string => {
+  if (isWindows()) {
+    return 'codecov.exe';
+  } else {
+    return 'codecov';
+  }
+};
+
+const isValidPlatform = (): boolean => {
+  return PLATFORMS.includes(getPlatform());
+};
+
+const isWindows = (): boolean => {
+  return getPlatform() === 'windows';
+};
+
+const getPlatform = (): string => {
+  return process.env.RUNNER_OS.toLowerCase();
+};
+
+const BASEURL = `https://uploader.codecov.io/latest/${getPlatform()}/${getUploaderName()}`;
+
+export {
+  BASEURL,
+  getPlatform,
+  getUploaderName,
+  isValidPlatform,
+  isWindows,
+  setFailure,
+};

src/index.ts

@@ -0,0 +1,69 @@
+import * as fs from 'fs';
+import * as https from 'https';
+import * as path from 'path';
+
+import * as exec from '@actions/exec';
+
+import buildExec from './buildExec';
+import {
+  BASEURL,
+  getPlatform,
+  getUploaderName,
+  isValidPlatform,
+  setFailure,
+} from './helpers';
+
+import verify from './validate';
+
+let failCi;
+
+try {
+  const {execArgs, options, failCi} = buildExec();
+  const platform = getPlatform();
+  if (!isValidPlatform()) {
+    setFailure(
+        `Codecov: Encountered an unexpected platform: ${platform}`,
+        failCi,
+    );
+  }
+  const filename = path.join( __dirname, getUploaderName());
+  https.get(BASEURL, (res) => {
+    // Image will be stored at this path
+    const filePath = fs.createWriteStream(filename);
+    res.pipe(filePath);
+    filePath
+        .on('error', (err) => {
+          setFailure(
+              `Codecov: Failed to write uploader binary: ${err.message}`,
+              true,
+          );
+        }).on('finish', async () => {
+          filePath.close();
+
+          await verify(filename);
+          await fs.chmodSync(filename, '777');
+
+          const unlink = () => {
+            fs.unlink(filename, (err) => {
+              if (err) {
+                setFailure(
+                    `Codecov: Could not unlink uploader: ${err.message}`,
+                    failCi,
+                );
+              }
+            });
+          };
+          await exec.exec(filename, execArgs, options)
+              .catch((err) => {
+                setFailure(
+                    `Codecov: Failed to properly upload: ${err.message}`,
+                    failCi,
+                );
+              }).then(() => {
+                unlink();
+              });
+        });
+  });
+} catch (err) {
+  setFailure(`Codecov: Encountered an unexpected error ${err.message}`, failCi);
+}

src/pgp_keys.asc

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGCsMn0BEACiCKZOhkbhUjb+obvhH49p3ShjJzU5b/GqAXSDhRhdXUq7ZoGq
+KEKCd7sQHrCf16Pi5UVacGIyE9hS93HwY15kMlLwM+lNeAeCglEscOjpCly1qUIr
+sN1wjkd2cwDXS6zHBJTqJ7wSOiXbZfTAeKhd6DuLEpmA+Rz4Yc+4qZP+fVxVG3Pv
+2v06m+E5CP/JQVQPO8HYi+S36hJImTh+zaDspu+VujSai5KzJ6YKmgwslVNIp5X5
+GnEr2uAh5w6UTnt9UQUjFFliAvQ3lPLWzm7DWs6AP9hslYxSWzwbzVF5qbOIjUJL
+KfoUpvCYDs2ObgRn8WUQO0ndkRCBIxhlF3HGGYWKQaCEsiom7lyi8VbAszmUCDjw
+HdbQHFmm5yHLpTXJbg+iaxQzKnhWVXzye5/x92IJmJswW81Ky346VxYdC1XFL/+Y
+zBaj9oMmV7WfRpdch09Gf4TgosMzWf3NjJbtKE5xkaghJckIgxwzcrRmF/RmCJue
+IMqZ8A5qUUlK7NBzj51xmAQ4BtkUa2bcCBRV/vP+rk9wcBWz2LiaW+7Mwlfr/C/Q
+Swvv/JW2LsQ4iWc1BY7m7ksn9dcdypEq/1JbIzVLCRDG7pbMj9yLgYmhe5TtjOM3
+ygk25584EhXSgUA3MZw+DIqhbHQBYgrKndTr2N/wuBQY62zZg1YGQByD4QARAQAB
+tEpDb2RlY292IFVwbG9hZGVyIChDb2RlY292IFVwbG9hZGVyIFZlcmlmaWNhdGlv
+biBLZXkpIDxzZWN1cml0eUBjb2RlY292LmlvPokCTgQTAQoAOBYhBCcDTn/bhQ4L
+vCxi/4Brsortd5hpBQJgrDJ9AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
+EIBrsortd5hpxLMP/3Fbgx5EG7zUUOqPZ+Ya9z8JlZFIkh3FxYMfMFE8jH9Es26F
+V2ZTJLO259MxM+5N0XzObi3h4XqIzBn42pDRfwtojY5wl2STJ9Bzu+ykPog7OB1u
+yfWXDRKcqPTUIxI1/WdU+c0/WNE6wjyzK+lRc1YUlp4pdNU7l+j2vKN+jGi2b6nV
+PTPRsMcwy3B90fKf5h2wNMNqO+KX/rjgpG9Uhej+xyFWkGM1tZDQQYFj+ugQUj61
+BMsQrUmxOnaVVnix21cHnACDCaxqgQZH3iZyEOKPNMsRFRP+0fLEnUMP+DVnQE6J
+Brk1Z+XhtjGI9PISQVx5KKDKscreS/D5ae2Cw/FUlQMf57kir6mkbZVhz2khtccz
+atD0r59WomNywIDyk1QfAKV0+O0WeJg8A69/Jk6yegsrUb5qEfkih/I38vvI0OVL
+BYve/mQIHuQo5ziBptNytCrN5TXHXzguX9GOW1V1+3DR+w/vXcnz67sjlYDysf1f
+JUZv9edZ2RGKW7agbrgOw2hB+zuWZ10tjoEcsaSGOLtKRGFDfmu/dBxzl8yopUpa
+Tn79QKOieleRm5+uCcKCPTeKV0GbhDntCZJ+Yiw6ZPmrpcjDowAoMQ9kiMVa10+Q
+WwwoaRWuqhf+dL6Q2OLFOxlyCDKVSyW0YF4Vrf3fKGyxKJmszAL+NS1mVcdxuQIN
+BGCsMn0BEADLrIesbpfdAfWRvUFDN+PoRfa0ROwa/JOMhEgVsowQuk9No8yRva/X
+VyiA6oCq6na7IvZXMxT7di4FWDjDtw5xHjbtFg336IJTGBcnzm7WIsjvyyw8kKfB
+8cvG7D2OkzAUF8SVXLarJ1zdBP/Dr1Nz6F/gJsx5+BM8wGHEz4DsdMRV7ZMTVh6b
+PaGuPZysPjSEw62R8MFJ1fSyDGCKJYwMQ/sKFzseNaY/kZVR5lq0dmhiYjNVQeG9
+HJ6ZCGSGT5PKNOwx/UEkT6jhvzWgfr2eFVGJTcdwSLEgIrJIDzP7myHGxuOiuCmJ
+ENgL1f7mzGkJ/hYXq1RWqsn1Fh2I9KZMHggqu4a+s3RiscmNcbIlIhJLXoE1bxZ/
+TfYZ9Aod6Bd5TsSMTZNwV2am9zelhDiFF60FWww/5nEbhm/X4suC9W86qWBxs3Kh
+vk1dxhElRjtgwUEHA5OFOO48ERHfR7COH719D/YmqLU3EybBgJbGoC/yjlGJxv0R
+kOMAiG2FneNKEZZihReh8A5Jt6jYrSoHFRwL6oJIZfLezB7Rdajx1uH7uYcUyIaE
+SiDWlkDw/IFM315NYFA8c1TCSIfnabUYaAxSLNFRmXnt+GQpm44qAK1x8EGhY633
+e5B4FWorIXx0tTmsVM4rkQ6IgAodeywKG+c2Ikd+5dQLFmb7dW/6CwARAQABiQI2
+BBgBCgAgFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmCsMn0CGwwACgkQgGuyiu13
+mGkYWxAAkzF64SVpYvY9nY/QSYikL8UHlyyqirs6eFZ3Mj9lMRpHM2Spn9a3c701
+0Ge4wDbRP2oftCyPP+p9pdUA77ifMTlRcoMYX8oXAuyE5RT2emBDiWvSR6hQQ8bZ
+WFNXal+bUPpaRiruCCUPD2b8Od1ftzLqbYOosxr/m5Du0uahgOuGw6zlGBJCVOo7
+UB2Y++oZ8P7oDGF722opepWQ+bl2a6TRMLNWWlj4UANknyjlhyZZ7PKhWLjoC6MU
+dAKcwQUdp+XYLc/3b00bvgju0e99QgHZMX2fN3d3ktdN5Q2fqiAi5R6BmCCO4ISF
+o5j10gGU/sdqGHvNhv5C21ibun7HEzMtxBhnhGmytfBJzrsj7GOReePsfTLoCoUq
+dFMOAVUDciVfRtL2m8cv42ZJOXtPfDjsFOf8AKJk40/tc8mMMqZP7RVBr9RWOoq5
+y9D37NfI6UB8rPZ6qs0a1Vfm8lIh2/k1AFECduXgftMDTsmmXOgXXS37HukGW7AL
+QKWiWJQF/XopkXwkyAYpyuyRMZ77oF7nuqLFnl5VVEiRo0Fwu45erebc6ccSwYZU
+8pmeSx7s0aJtxCZPSZEKZ3mn0BXOR32Cgs48CjzFWf6PKucTwOy/YO0/4Gt/upNJ
+3DyeINcYcKyD08DEIF9f5tLyoiD4xz+N23ltTBoMPyv4f3X/wCQ=
+=ch7z
+-----END PGP PUBLIC KEY BLOCK-----

src/validate.ts

@@ -0,0 +1,74 @@
+import * as crypto from 'crypto';
+import * as fs from 'fs';
+import * as path from 'path';
+
+import * as core from '@actions/core';
+import * as openpgp from 'openpgp';
+import * as fetch from 'node-fetch';
+
+import {
+  BASEURL,
+  getUploaderName,
+  setFailure,
+} from './helpers';
+
+const verify = async (filename: string) => {
+  try {
+    const uploaderName = getUploaderName();
+
+    // Read in public key
+    const publicKeyArmored = await fs.readFileSync(
+        path.join(__dirname, 'pgp_keys.asc'),
+        'utf-8',
+    );
+
+    // Get SHASUM and SHASUM signature files
+    const shasumRes = await fetch( `${BASEURL}.SHA256SUM`);
+    const shasum = await shasumRes.text();
+
+    const shaSigRes = await fetch( `${BASEURL}.SHA256SUM.sig`);
+    const shaSig = await shaSigRes.text();
+
+    // Verify shasum
+    const verified = await openpgp.verify({
+      message: await openpgp.createMessage({text: shasum}),
+      signature: await openpgp.readSignature({armoredSignature: shaSig}),
+      verificationKeys: await openpgp.readKeys({armoredKeys: publicKeyArmored}),
+    });
+    const valid = await verified.signatures[0].verified;
+    if (valid) {
+      core.info('==> SHASUM file signed by key id ' +
+          verified.signatures[0].keyID.toHex(),
+      );
+    } else {
+      setFailure('Codecov: Error validating SHASUM signature', true);
+    }
+
+    const calculateHash = async (filename: string) => {
+      const stream = fs.createReadStream(filename);
+      const uploaderSha = crypto.createHash(`sha256`);
+      stream.pipe(uploaderSha);
+
+      return new Promise((resolve, reject) => {
+        stream.on('end', () => resolve(
+            `${uploaderSha.digest('hex')}  ${uploaderName}`,
+        ));
+        stream.on('error', reject);
+      });
+    };
+
+    const hash = await calculateHash(filename);
+    if (hash === shasum) {
+      core.info(`==> Uploader SHASUM verified (${hash})`);
+    } else {
+      setFailure(
+          'Codecov: Uploader shasum does not match -- ' +
+            `uploader hash: ${hash}, public hash: ${shasum}`,
+          true,
+      );
+    }
+  } catch (err) {
+    setFailure(`Codecov: Error validating uploader: ${err.message}`, true);
+  }
+};
+export default verify;

src/version

@@ -1 +0,0 @@
-CODECOV_ACTION_VERSION="5.0.1"

tsconfig.json

@@ -0,0 +1,17 @@
+{
+  "compilerOptions": {
+    "esModuleInterop": true,
+    "moduleResolution": "node",
+    "outDir": "dist/",
+    "resolveJsonModule": true,
+    "rootDir": ".",
+    "sourceMap": true,
+    "target": "es2015"
+  },
+  "include": [
+    "src/**/*.ts"
+  ],
+  "exclude": [
+    "src/**/*.test.ts"
+  ]
+}