fix: try skip validation

Co-authored-by: codecov-releaser <devops+releaser@codecov.io>

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.27.5
+      uses: github/codeql-action/init@v3.27.9
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.27.5
+      uses: github/codeql-action/autobuild@v3.27.9
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.27.5
+      uses: github/codeql-action/analyze@v3.27.9

.github/workflows/main.yml

@@ -24,16 +24,17 @@ jobs:
         with:
           fail_ci_if_error: true
           files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
+          flags: script-${{ matrix.os }}
           name: codecov-script
           verbose: true
+          skip_validation: true
           token: ${{ secrets.CODECOV_TOKEN }}
       - name: Upload coverage to Codecov (demo)
         uses: ./
         with:
           fail_ci_if_error: true
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: demo,${{ matrix.os }}
+          flags: demo-${{ matrix.os }}
           name: codecov-demo
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -42,7 +43,7 @@ jobs:
         with:
           fail_ci_if_error: true
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: version,${{ matrix.os }}
+          flags: version-${{ matrix.os }}
           name: codecov-version
           version: v9.1.0
           verbose: true
@@ -65,7 +66,7 @@ jobs:
         with:
           fail_ci_if_error: true
           files: ./coverage/script/coverage-final.json
-          flags: script,macos-latest-xlarge
+          flags: script-macos-latest-xlarge
           name: codecov-script
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -74,7 +75,7 @@ jobs:
         with:
           fail_ci_if_error: true
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: demo,macos-latest-xlarge
+          flags: demo-macos-latest-xlarge
           name: codecov-demo
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -82,7 +83,7 @@ jobs:
         uses: ./
         with:
           files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
+          flags: script-${{ matrix.os }}
           name: codecov-script
           use_oidc: true
           verbose: true
@@ -91,7 +92,7 @@ jobs:
         with:
           fail_ci_if_error: true
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: version,maxos-latest-xlarge
+          flags: version-maxos-latest-xlarge
           name: codecov-version
           version: v9.1.0
           verbose: true
@@ -112,7 +113,7 @@ jobs:
         uses: ./
         with:
           files: ./coverage/script/coverage-final.json
-          flags: script,${{ matrix.os }}
+          flags: script-${{ matrix.os }}
           name: codecov-script
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -120,7 +121,7 @@ jobs:
         uses: ./
         with:
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: demo,${{ matrix.os }}
+          flags: demo-${{ matrix.os }}
           name: codecov-demo
           verbose: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -128,7 +129,7 @@ jobs:
         uses: ./
         with:
           files: ./coverage/calculator/coverage-final.json,./coverage/coverage-test/coverage-final.json,./coverage/coverage-final.json
-          flags: version,${{ matrix.os }}
+          flags: version-${{ matrix.os }}
           name: codecov-version
           version: v9.1.0
           verbose: true

.github/workflows/scorecards-analysis.yml

@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.27.5 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.27.9 # v1.0.26
         with:
           sarif_file: results.sarif

CHANGELOG.md

@@ -1,3 +1,25 @@
+## v5.1.2
+
+### What's Changed
+* fix: update statment by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1726
+* fix: update action script by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1725
+* fix: prevent oidc on tokenless due to permissioning by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1724
+* chore(release): wrapper-0.0.31 by @app/codecov-releaser-app in https://github.com/codecov/codecov-action/pull/1723
+* Put quotes around `${{ inputs.token }}` in `action.yml` by @jwodder in https://github.com/codecov/codecov-action/pull/1721
+* build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1722
+* Remove mistake from options table by @Acconut in https://github.com/codecov/codecov-action/pull/1718
+* build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1717
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2
+
+
+## v5.1.1
+### What's Changed
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.0..v5.1.1
+
 ## v5.1.0
 ### What's Changed
 * fix: hide unnecessary error on shasum by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1692
@@ -987,4 +1009,4 @@ for the full list.
 ### Dependencies and Misc
 - #166 Bump requestretry from 4.1.1 to 4.1.2
 - #169 Bump typescript from 4.0.5 to 4.1.2
-- #178 Bump @types/jest from 26.0.15 to 26.0.19
+- #178 Bump @types/jest from 26.0.15 to 26.0.19

Makefile

@@ -1,5 +1,5 @@
 deploy:
-	$(eval VERSION := $(shell cat src/version | grep 'CODECOV_ACTION_VERSION=' | cut -d\" -f2))
+	$(eval VERSION := $(shell cat src/version))
 	git tag -d v5
 	git push origin :v5
 	git tag v5

README.md

@@ -106,8 +106,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d
 | Input  | Description | Required |
 | :---       |     :---     |    :---:   |
 | `binary` | The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed. | Optional
-| `codecov_yml_path` | The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be locate
-d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
+| `codecov_yml_path` | The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be located as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
 | `commit_parent` | SHA (with 40 chars) of what should be the parent of this commit. | Optional
 | `directory` | Folder to search for coverage files. Default to the current working directory | Optional
 | `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports | Optional
@@ -118,7 +117,6 @@ d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-f
 | `exclude` | Comma-separated list of folders to exclude from search. | Optional
 | `fail_ci_if_error` | On error, exit with non-zero code | Optional
 | `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable-search" to disable uploading other files. | Optional
-tional
 | `flags` | Comma-separated list of flags to upload to group coverage metrics. | Optional
 | `git_service` | Override the git_service (e.g. github_enterprise) | Optional
 | `gcov_args` | Extra arguments to pass to gcov | Optional

action.yml

@@ -28,6 +28,10 @@ inputs:
     description: 'Disable setting safe directory. Set to true to disable.'
     required: false
     default: 'false'
+  disable_telem:
+    description: 'Disable sending telemetry data to Codecov. Set to true to disable.'
+    required: false
+    default: 'false'
   dry_run:
     description: "Don't upload files to Codecov"
     required: false
@@ -157,7 +161,7 @@ runs:
     - name: Action version
       shell: bash
       run: |
-        CC_ACTION_VERSION=$(cat ${GITHUB_ACTION_PATH}/src/version | grep 'CODECOV_ACTION_VERSION=' | cut -d\" -f2)
+        CC_ACTION_VERSION=$(cat ${GITHUB_ACTION_PATH}/src/version)
         echo -e "\033[0;32m==>\033[0m Running Action version $CC_ACTION_VERSION"
     - name: Set safe directory
       if: ${{ inputs.disable_safe_directory != 'true' }}
@@ -165,21 +169,40 @@ runs:
       run: |
         git config --global --add safe.directory ${{ github.workspace }}
 
+    - name: Set fork
+      shell: bash
+      run: |
+        CC_FORK="false"
+        if [ -n "$GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME" ] && [ "$GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME" != "$GITHUB_REPOSITORY" ];
+        then
+          echo -e "\033[0;32m==>\033[0m Fork detected"
+          CC_FORK="true"
+        fi
+        echo "CC_FORK=$CC_FORK" >> "$GITHUB_ENV"
+      env:
+        GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL: ${{ github.event.pull_request.head.label }}
+        GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
+        GITHUB_REPOSITORY: ${{ github.repository }}
+
+
     - name: Get and set token
       shell: bash
       run: |
-        if [ "${{ inputs.use_oidc }}" == 'true' ];
+        if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ];
         then
           # {"count":1984,"value":"***"}
+          echo -e "\033[0;32m==>\033[0m Requesting OIDC token from '$ACTIONS_ID_TOKEN_REQUEST_URL'"
           CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io" | cut -d\" -f6)
           echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
         elif [ -n "${{ env.CODECOV_TOKEN }}" ];
         then
+          echo -e "\033[0;32m==>\033[0m Token set from env"
             echo "CC_TOKEN=${{ env.CODECOV_TOKEN }}" >> "$GITHUB_ENV"
         else
-          if [ -n ${{ inputs.token }} ];
+          if [ -n "${{ inputs.token }}" ];
           then
-            CC_TOKEN=$(echo ${{ inputs.token }} | tr -d '\n')
+            echo -e "\033[0;32m==>\033[0m Token set from input"
+            CC_TOKEN=$(echo "${{ inputs.token }}" | tr -d '\n')
             echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
           fi
         fi
@@ -187,9 +210,9 @@ runs:
     - name: Override branch for forks
       shell: bash
       run: |
-        if [ -z "$CC_BRANCH" ] && [ -z "$CC_TOKEN" ] && [ -n "$GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME" ] && [ "${GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME}" != "$GITHUB_REPOSITORY" ];
+        if [ -z "$CC_BRANCH" ] && [ -z "$CC_TOKEN" ] && [ "$CC_FORK" == 'true' ]
         then
-          echo -e "\033[0;32m==>\033[0m Fork detected, tokenless uploading used"
+          echo -e "\033[0;32m==>\033[0m Fork detected, setting branch to $GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
           TOKENLESS="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
           CC_BRANCH="$GITHUB_EVENT_PULL_REQUEST_HEAD_LABEL"
           echo "TOKENLESS=$TOKENLESS" >> "$GITHUB_ENV"
@@ -235,6 +258,7 @@ runs:
         CC_DIR: ${{ inputs.directory }}
         CC_DISABLE_FILE_FIXES: ${{ inputs.disable_file_fixes }}
         CC_DISABLE_SEARCH: ${{ inputs.disable_search }}
+        CC_DISABLE_TELEM: ${{ inputs.disable_telem }}
         CC_DRY_RUN: ${{ inputs.dry_run }}
         CC_ENTERPRISE_URL: ${{ inputs.url }}
         CC_ENV: ${{ inputs.env_vars }}

changelog.py

@@ -4,8 +4,7 @@ import subprocess
 
 def update_changelog():
     with open('src/version', 'r') as f:
-        raw_version = f.read()
-    version = re.search('\"(.*)\"', raw_version).groups()[0]
+        version = f.read()
     changelog = [f"## v{version}"]
     changelog.append("### What\'s Changed")
 

dist/codecov.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-CC_WRAPPER_VERSION="0.0.29"
+CC_WRAPPER_VERSION="0.0.32"
 set +u
 say() {
   echo -e "$1"
@@ -52,6 +52,7 @@ then
   if [ -f "$CC_BINARY" ];
   then
     cc_filename=$CC_BINARY
+    cc_command=$CC_BINARY
   else
     exit_if_error "Could not find binary file $CC_BINARY"
   fi
@@ -59,34 +60,30 @@ else
   if [ -n "$CC_OS" ];
   then
     say "$g==>$x Overridden OS: $b${CC_OS}$x"
-    export cc_os=${CC_OS}
   else
-    CC_OS="linux"
+    CC_OS="windows"
     family=$(uname -s | tr '[:upper:]' '[:lower:]')
-    cc_os="windows"
-    [[ $family == "darwin" ]] && cc_os="macos"
-    [[ $family == "linux" ]] && cc_os="linux"
-    [[ $cc_os == "linux" ]] && \
+    [[ $family == "darwin" ]] && CC_OS="macos"
+    [[ $family == "linux" ]] && CC_OS="linux"
+    [[ $CC_OS == "linux" ]] && \
       osID=$(grep -e "^ID=" /etc/os-release | cut -c4-)
-    [[ $osID == "alpine" ]] && cc_os="alpine"
-    [[ $(arch) == "aarch64" && $family == "linux" ]] && cc_os+="-arm64"
-    say "$g==>$x Detected $b${cc_os}$x"
-    export cc_os=${cc_os}
+    [[ $osID == "alpine" ]] && CC_OS="alpine"
+    [[ $(arch) == "aarch64" && $family == "linux" ]] && CC_OS+="-arm64"
+    say "$g==>$x Detected $b${CC_OS}$x"
   fi
-  export cc_version=${CC_VERSION}
   cc_filename="codecov"
-  [[ $cc_os == "windows" ]] && cc_filename+=".exe"
-  export cc_filename=${cc_filename}
-  [[ $cc_os == "macos" ]]  && \
+  [[ $CC_OS == "windows" ]] && cc_filename+=".exe"
+  cc_command="./$cc_filename"
+  [[ $CC_OS == "macos" ]]  && \
     ! command -v gpg 2>&1 >/dev/null && \
     HOMEBREW_NO_AUTO_UPDATE=1 brew install gpg
   cc_url="https://cli.codecov.io"
   cc_url="$cc_url/${CC_VERSION}"
-  cc_url="$cc_url/${cc_os}/${cc_filename}"
+  cc_url="$cc_url/${CC_OS}/${cc_filename}"
   say "$g ->$x Downloading $b${cc_url}$x"
   curl -Os "$cc_url"
-  say "$g==>$x Finishing downloading $b${cc_os}:${CC_VERSION}$x"
-  version_url="https://cli.codecov.io/${cc_os}/${CC_VERSION}"
+  say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x"
+  version_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}"
   version=$(curl -s "$version_url" -H "Accept:application/json" | jq -r '.version')
   say "      Version: $b$version$x"
   say " "
@@ -101,7 +98,7 @@ CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
   # One-time step
   say "$g==>$x Verifying GPG signature integrity"
   sha_url="https://cli.codecov.io"
-  sha_url="${sha_url}/${cc_version}/${cc_os}"
+  sha_url="${sha_url}/${CC_VERSION}/${CC_OS}"
   sha_url="${sha_url}/${cc_filename}.SHA256SUM"
   say "$g ->$x Downloading $b${sha_url}$x"
   say "$g ->$x Downloading $b${sha_url}.sig$x"
@@ -120,6 +117,15 @@ CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
   say "$g==>$x CLI integrity verified"
   say
 fi
+if [ -n "$CC_BINARY_LOCATION" ];
+then
+  mkdir -p "$CC_BINARY_LOCATION" && mv "$cc_filename" $_
+  say "$g==>$x Codecov binary moved to ${CC_BINARY_LOCATION}"
+fi
+if [ "$CC_DOWNLOAD_ONLY" = "true" ];
+then
+  say "$g==>$x Codecov download only called. Exiting..."
+fi
 cc_cli_args=()
 cc_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM))
 cc_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL))
@@ -128,6 +134,7 @@ then
   cc_cli_args+=( "--codecov-yml-path" )
   cc_cli_args+=( "$CC_YML_PATH" )
 fi
+cc_cli_args+=( $(write_truthy_args CC_DISABLE_TELEM) )
 cc_cli_args+=( $(write_truthy_args CC_VERBOSE) )
 cc_uc_args=()
 # Args for create commit
@@ -192,7 +199,7 @@ cc_uc_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT))
 IFS=$OLDIFS
 unset NODE_OPTIONS
 # See https://github.com/codecov/uploader/issues/475
-chmod +x $cc_filename
+chmod +x $cc_command
 if [ -n "$CC_TOKEN_VAR" ];
 then
   token="$(eval echo \$$CC_TOKEN_VAR)"
@@ -208,8 +215,8 @@ then
   token_arg+=( " -t " "$token")
 fi
 say "$g==>$x Running upload-coverage"
-say "      $b./$cc_filename $(echo "${cc_cli_args[@]}") upload-coverage$token_str $(echo "${cc_uc_args[@]}")$x"
-if ! ./$cc_filename \
+say "      $b$cc_command $(echo "${cc_cli_args[@]}") upload-coverage$token_str $(echo "${cc_uc_args[@]}")$x"
+if ! $cc_command \
   ${cc_cli_args[*]} \
   upload-coverage \
   ${token_arg[*]} \

src/version

@@ -1 +1 @@
-CODECOV_ACTION_VERSION="5.1.0"
+5.1.2