chore(release): bump to 5.2.0 (#1748)

Fix typo

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.27.9
+      uses: github/codeql-action/init@v3.28.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.27.9
+      uses: github/codeql-action/autobuild@v3.28.1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.27.9
+      uses: github/codeql-action/analyze@v3.28.1

.github/workflows/scorecards-analysis.yml

@@ -49,7 +49,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.27.9 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.28.1 # v1.0.26
         with:
           sarif_file: results.sarif

CHANGELOG.md

@@ -1,3 +1,19 @@
+## v5.2.0
+
+### What's Changed
+* Fix typo in README by @tserg in https://github.com/codecov/codecov-action/pull/1747
+* Th/add commands by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1745
+* use correct audience when requesting oidc token by @juho9000 in https://github.com/codecov/codecov-action/pull/1744
+* build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1742
+* build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1743
+* chore(deps): bump wrapper to 0.0.32 by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1740
+* feat: add disable-telem feature by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1739
+* fix: remove erroneous linebreak in readme by @Vampire in https://github.com/codecov/codecov-action/pull/1734
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0
+
+
 ## v5.1.2
 
 ### What's Changed

README.md

@@ -106,8 +106,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d
 | Input  | Description | Required |
 | :---       |     :---     |    :---:   |
 | `binary` | The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed. | Optional
-| `codecov_yml_path` | The location of the codecov.yml file. This is crrently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be locate
-d as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
+| `codecov_yml_path` | The location of the codecov.yml file. This is currently ONLY used for automated test selection (https://docs.codecov.com/docs/getting-started-with-ats). Note that for all other cases, the Codecov yaml will need to be located as described here: https://docs.codecov.com/docs/codecov-yaml#can-i-name-the-file-codecovyml | Optional
 | `commit_parent` | SHA (with 40 chars) of what should be the parent of this commit. | Optional
 | `directory` | Folder to search for coverage files. Default to the current working directory | Optional
 | `disable_file_fixes` | Disable file fixes to ignore common lines from coverage (e.g. blank lines or empty brackets). Read more here https://docs.codecov.com/docs/fixing-reports | Optional

action.yml

@@ -4,6 +4,9 @@ name: 'Codecov'
 description: 'GitHub Action that uploads coverage reports for your repository to codecov.io'
 author: 'Thomas Hu <@thomasrockhu-codecov> | Codecov'
 inputs:
+  base_sha:
+    description: 'The base SHA to select. This is only used in the "pr-base-picking" run command'
+    required: false
   binary:
     description: 'The file location of a pre-downloaded version of the CLI. If specified, integrity checking will be bypassed.'
     required: false
@@ -28,6 +31,10 @@ inputs:
     description: 'Disable setting safe directory. Set to true to disable.'
     required: false
     default: 'false'
+  disable_telem:
+    description: 'Disable sending telemetry data to Codecov. Set to true to disable.'
+    required: false
+    default: 'false'
   dry_run:
     description: "Don't upload files to Codecov"
     required: false
@@ -48,6 +55,9 @@ inputs:
   flags:
     description: 'Comma-separated list of flags to upload to group coverage metrics.'
     required: false
+  force:
+    description: 'Only used for empty-upload run command'
+    required: false
   git_service:
     description: 'Override the git_service (e.g. github_enterprise)'
     required: false
@@ -111,6 +121,10 @@ inputs:
   root_dir:
     description: 'Root folder from which to consider paths on the network section. Defaults to current working directory.'
     required: false
+  run_command:
+    description: 'Choose which CLI command to run. Options are "upload-coverage", "empty-upload", "pr-base-picking", "send-notifications". "upload-coverage" is run by default.'
+    required: false
+    default: 'upload-coverage'
   skip_validation:
     description: 'Skip integrity checking of the CLI. This is NOT recommended.'
     required: false
@@ -188,7 +202,7 @@ runs:
         then
           # {"count":1984,"value":"***"}
           echo -e "\033[0;32m==>\033[0m Requesting OIDC token from '$ACTIONS_ID_TOKEN_REQUEST_URL'"
-          CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://codecov.io" | cut -d\" -f6)
+          CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$CC_OIDC_AUDIENCE" | cut -d\" -f6)
           echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
         elif [ -n "${{ env.CODECOV_TOKEN }}" ];
         then
@@ -202,6 +216,8 @@ runs:
             echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
           fi
         fi
+      env:
+        CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}
 
     - name: Override branch for forks
       shell: bash
@@ -247,6 +263,7 @@ runs:
       shell: bash
       working-directory: ${{ inputs.working-directory }}
       env:
+        CC_BASE_SHA: ${{ inputs.base_sha }}
         CC_BINARY: ${{ inputs.binary }}
         CC_BUILD: ${{ inputs.override_build }}
         CC_BUILD_URL: ${{ inputs.override_build_url }}
@@ -254,6 +271,7 @@ runs:
         CC_DIR: ${{ inputs.directory }}
         CC_DISABLE_FILE_FIXES: ${{ inputs.disable_file_fixes }}
         CC_DISABLE_SEARCH: ${{ inputs.disable_search }}
+        CC_DISABLE_TELEM: ${{ inputs.disable_telem }}
         CC_DRY_RUN: ${{ inputs.dry_run }}
         CC_ENTERPRISE_URL: ${{ inputs.url }}
         CC_ENV: ${{ inputs.env_vars }}
@@ -261,6 +279,7 @@ runs:
         CC_FAIL_ON_ERROR: ${{ inputs.fail_ci_if_error }}
         CC_FILES: ${{ inputs.files }}
         CC_FLAGS: ${{ inputs.flags }}
+        CC_FORCE: ${{ inputs.force }}
         CC_GCOV_ARGS: ${{ inputs.gcov_args }}
         CC_GCOV_EXECUTABLE: ${{ inputs.gcov_executable }}
         CC_GCOV_IGNORE: ${{ inputs.gcov_ignore }}
@@ -277,6 +296,8 @@ runs:
         CC_PARENT_SHA: ${{ inputs.commit_parent }}
         CC_PLUGINS: ${{ inputs.plugins }}
         CC_REPORT_TYPE: ${{ inputs.report_type }}
+        CC_RUN_COMMAND: ${{ inputs.run_command }}
+        CC_SERVICE: ${{ inputs.git_service }}
         CC_SKIP_VALIDATION: ${{ inputs.skip_validation }}
         CC_SLUG: ${{ inputs.slug }}
         CC_SWIFT_PROJECT: ${{ inputs.swift_project }}

dist/codecov.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-CC_WRAPPER_VERSION="0.0.31"
+CC_WRAPPER_VERSION="0.0.34"
 set +u
 say() {
   echo -e "$1"
@@ -47,6 +47,7 @@ say "     _____          _
                                   "
 CC_VERSION="${CC_VERSION:-latest}"
 CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
+CC_RUN_COMMAND="${CC_RUN_COMMAND:-upload-coverage}"
 if [ -n "$CC_BINARY" ];
 then
   if [ -f "$CC_BINARY" ];
@@ -84,7 +85,7 @@ else
   curl -Os "$cc_url"
   say "$g==>$x Finishing downloading $b${CC_OS}:${CC_VERSION}$x"
   version_url="https://cli.codecov.io/api/${CC_OS}/${CC_VERSION}"
-  version=$(curl -s "$version_url" -H "Accept:application/json" | jq -r '.version')
+  version=$(curl -s "$version_url" -H "Accept:application/json" | tr \{ '\n' | tr , '\n' | tr \} '\n' | grep "\"version\"" | awk  -F'"' '{print $4}' | tail -1)
   say "      Version: $b$version$x"
   say " "
 fi
@@ -117,6 +118,15 @@ CC_PUBLIC_PGP_KEY=$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)
   say "$g==>$x CLI integrity verified"
   say
 fi
+if [ -n "$CC_BINARY_LOCATION" ];
+then
+  mkdir -p "$CC_BINARY_LOCATION" && mv "$cc_filename" $_
+  say "$g==>$x Codecov binary moved to ${CC_BINARY_LOCATION}"
+fi
+if [ "$CC_DOWNLOAD_ONLY" = "true" ];
+then
+  say "$g==>$x Codecov download only called. Exiting..."
+fi
 cc_cli_args=()
 cc_cli_args+=( $(k_arg AUTO_LOAD_PARAMS_FROM) $(v_arg AUTO_LOAD_PARAMS_FROM))
 cc_cli_args+=( $(k_arg ENTERPRISE_URL) $(v_arg ENTERPRISE_URL))
@@ -125,71 +135,8 @@ then
   cc_cli_args+=( "--codecov-yml-path" )
   cc_cli_args+=( "$CC_YML_PATH" )
 fi
+cc_cli_args+=( $(write_truthy_args CC_DISABLE_TELEM) )
 cc_cli_args+=( $(write_truthy_args CC_VERBOSE) )
-cc_uc_args=()
-# Args for create commit
-cc_uc_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
-cc_uc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
-cc_uc_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA))
-cc_uc_args+=( $(k_arg PR) $(v_arg PR))
-cc_uc_args+=( $(k_arg SHA) $(v_arg SHA))
-cc_uc_args+=( $(k_arg SLUG) $(v_arg SLUG))
-# Args for create report
-cc_uc_args+=( $(k_arg CODE) $(v_arg CODE))
-# Args for do upload
-cc_uc_args+=( $(k_arg ENV) $(v_arg ENV))
-OLDIFS=$IFS;IFS=,
-cc_uc_args+=( $(k_arg BRANCH) $(v_arg BRANCH))
-cc_uc_args+=( $(k_arg BUILD) $(v_arg BUILD))
-cc_uc_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL))
-cc_uc_args+=( $(k_arg DIR) $(v_arg DIR))
-cc_uc_args+=( $(write_truthy_args CC_DISABLE_FILE_FIXES) )
-cc_uc_args+=( $(write_truthy_args CC_DISABLE_SEARCH) )
-cc_uc_args+=( $(write_truthy_args CC_DRY_RUN) )
-if [ -n "$CC_EXCLUDES" ];
-then
-  for directory in $CC_EXCLUDES; do
-    cc_uc_args+=( "--exclude" "$directory" )
-  done
-fi
-if [ -n "$CC_FILES" ];
-then
-  for file in $CC_FILES; do
-    cc_uc_args+=( "--file" "$file" )
-  done
-fi
-if [ -n "$CC_FLAGS" ];
-then
-  for flag in $CC_FLAGS; do
-    cc_uc_args+=( "--flag" "$flag" )
-  done
-fi
-cc_uc_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS))
-cc_uc_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE))
-cc_uc_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE))
-cc_uc_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE))
-cc_uc_args+=( $(write_truthy_args CC_HANDLE_NO_REPORTS_FOUND) )
-cc_uc_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE))
-cc_uc_args+=( $(write_truthy_args CC_LEGACY) )
-if [ -n "$CC_NAME" ];
-then
-  cc_uc_args+=( "--name" "$CC_NAME" )
-fi
-cc_uc_args+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER))
-cc_uc_args+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX))
-cc_uc_args+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER))
-if [ -n "$CC_PLUGINS" ];
-then
-  for plugin in $CC_PLUGINS; do
-    cc_uc_args+=( "--plugin" "$plugin" )
-  done
-fi
-cc_uc_args+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE))
-cc_uc_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT))
-IFS=$OLDIFS
-unset NODE_OPTIONS
-# See https://github.com/codecov/uploader/issues/475
-chmod +x $cc_command
 if [ -n "$CC_TOKEN_VAR" ];
 then
   token="$(eval echo \$$CC_TOKEN_VAR)"
@@ -204,13 +151,101 @@ then
   token_str+=" -t <redacted>"
   token_arg+=( " -t " "$token")
 fi
-say "$g==>$x Running upload-coverage"
-say "      $b$cc_command $(echo "${cc_cli_args[@]}") upload-coverage$token_str $(echo "${cc_uc_args[@]}")$x"
+if [ "$CC_RUN_COMMAND" == "upload-coverage" ]; then
+cc_run_args=()
+# Args for create commit
+cc_run_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
+cc_run_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+cc_run_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA))
+cc_run_args+=( $(k_arg PR) $(v_arg PR))
+cc_run_args+=( $(k_arg SHA) $(v_arg SHA))
+cc_run_args+=( $(k_arg SLUG) $(v_arg SLUG))
+# Args for create report
+cc_run_args+=( $(k_arg CODE) $(v_arg CODE))
+# Args for do upload
+cc_run_args+=( $(k_arg ENV) $(v_arg ENV))
+OLDIFS=$IFS;IFS=,
+cc_run_args+=( $(k_arg BRANCH) $(v_arg BRANCH))
+cc_run_args+=( $(k_arg BUILD) $(v_arg BUILD))
+cc_run_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL))
+cc_run_args+=( $(k_arg DIR) $(v_arg DIR))
+cc_run_args+=( $(write_truthy_args CC_DISABLE_FILE_FIXES) )
+cc_run_args+=( $(write_truthy_args CC_DISABLE_SEARCH) )
+cc_run_args+=( $(write_truthy_args CC_DRY_RUN) )
+if [ -n "$CC_EXCLUDES" ];
+then
+  for directory in $CC_EXCLUDES; do
+    cc_run_args+=( "--exclude" "$directory" )
+  done
+fi
+if [ -n "$CC_FILES" ];
+then
+  for file in $CC_FILES; do
+    cc_run_args+=( "--file" "$file" )
+  done
+fi
+if [ -n "$CC_FLAGS" ];
+then
+  for flag in $CC_FLAGS; do
+    cc_run_args+=( "--flag" "$flag" )
+  done
+fi
+cc_run_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS))
+cc_run_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE))
+cc_run_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE))
+cc_run_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE))
+cc_run_args+=( $(write_truthy_args CC_HANDLE_NO_REPORTS_FOUND) )
+cc_run_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE))
+cc_run_args+=( $(write_truthy_args CC_LEGACY) )
+if [ -n "$CC_NAME" ];
+then
+  cc_run_args+=( "--name" "$CC_NAME" )
+fi
+cc_run_args+=( $(k_arg NETWORK_FILTER) $(v_arg NETWORK_FILTER))
+cc_run_args+=( $(k_arg NETWORK_PREFIX) $(v_arg NETWORK_PREFIX))
+cc_run_args+=( $(k_arg NETWORK_ROOT_FOLDER) $(v_arg NETWORK_ROOT_FOLDER))
+if [ -n "$CC_PLUGINS" ];
+then
+  for plugin in $CC_PLUGINS; do
+    cc_run_args+=( "--plugin" "$plugin" )
+  done
+fi
+cc_run_args+=( $(k_arg REPORT_TYPE) $(v_arg REPORT_TYPE))
+cc_run_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT))
+IFS=$OLDIFS
+elif [ "$CC_RUN_COMMAND" == "empty-upload" ]; then
+cc_run_args=()
+cc_run_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
+cc_run_args+=( $(write_truthy_args CC_FORCE) )
+cc_run_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+cc_run_args+=( $(k_arg SHA) $(v_arg SHA))
+cc_run_args+=( $(k_arg SLUG) $(v_arg SLUG))
+elif [ "$CC_RUN_COMMAND" == "pr-base-picking" ]; then
+cc_run_args=()
+cc_run_args+=( $(k_arg BASE_SHA) $(v_arg BASE_SHA))
+cc_run_args+=( $(k_arg PR) $(v_arg PR))
+cc_run_args+=( $(k_arg SLUG) $(v_arg SLUG))
+cc_run_args+=( $(k_arg SERVICE) $(v_arg SERVICE))
+elif [ "$CC_RUN_COMMAND" == "send-notifications" ]; then
+cc_run_args=()
+cc_run_args+=( $(k_arg SHA) $(v_arg SHA))
+cc_run_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) )
+cc_run_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE))
+cc_run_args+=( $(k_arg SLUG) $(v_arg SLUG))
+else
+  exit_if_error "Invalid run command specified: $CC_RUN_COMMAND"
+  exit
+fi
+unset NODE_OPTIONS
+# See https://github.com/codecov/uploader/issues/475
+chmod +x "$cc_command"
+say "$g==>$x Running $CC_RUN_COMMAND"
+say "      $b$cc_command $(echo "${cc_cli_args[@]}")$CC_RUN_COMMAND$token_str $(echo "${cc_run_args[@]}")$x"
 if ! $cc_command \
   ${cc_cli_args[*]} \
-  upload-coverage \
+  ${CC_RUN_COMMAND} \
   ${token_arg[*]} \
-  "${cc_uc_args[@]}";
+  "${cc_run_args[@]}";
 then
-  exit_if_error "Failed to upload coverage"
+  exit_if_error "Failed to run $CC_RUN_COMMAND"
 fi

src/version

@@ -1 +1 @@
-5.1.2
+5.2.0