chore(release): 5.5.0

2025-12-09 00:26:25 +00:00 · 2025-03-11 09:13:54 -07:00
5 changed files with 13 additions and 33 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -41,7 +41,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.28.13
+      uses: github/codeql-action/init@v3.28.11
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.28.13
+      uses: github/codeql-action/autobuild@v3.28.11

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.28.13
+      uses: github/codeql-action/analyze@v3.28.11
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -49,7 +49,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
        with:
          name: SARIF file
          path: results.sarif
@@ -57,6 +57,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.28.13 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.28.11 # v1.0.26
        with:
          sarif_file: results.sarif
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,23 +1,11 @@
-## v5.4.2
+## v5.5.0

 ### What's Changed
-
-
-**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2
-
-
-## v5.4.1
-
-### What's Changed
-* fix: use the github core methods by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1807
-* build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1803
-* build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1797
-* build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1798
 * chore(release): wrapper -0.2.1 by @app/codecov-releaser-app in https://github.com/codecov/codecov-action/pull/1788
 * build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1786


-**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.5.0


 ## v5.4.0
@@ -1082,4 +1070,4 @@ for the full list.
 ### Dependencies and Misc
 - #166 Bump requestretry from 4.1.1 to 4.1.2
 - #169 Bump typescript from 4.0.5 to 4.1.2
- #178 Bump @types/jest from 26.0.15 to 26.0.19
+- #178 Bump @types/jest from 26.0.15 to 26.0.19
--- a/action.yml
+++ b/action.yml
@@ -202,23 +202,16 @@ runs:
        GITHUB_EVENT_PULL_REQUEST_HEAD_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}
        GITHUB_REPOSITORY: ${{ github.repository }}

-    - name: Get OIDC token
-      if: ${{ inputs.use_oidc == 'true' }}
-      uses: actions/github-script@v7
-      id: oidc
-      with:
-        script: |
-          const id_token = await core.getIDToken(process.env.CC_OIDC_AUDIENCE)
-          return id_token
-      env:
-        CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}

    - name: Get and set token
      shell: bash
      run: |
        if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ];
        then
-          echo "CC_TOKEN=$CC_OIDC_TOKEN" >> "$GITHUB_ENV"
+          # {"count":1984,"value":"***"}
+          echo -e "\033[0;32m==>\033[0m Requesting OIDC token from '$ACTIONS_ID_TOKEN_REQUEST_URL'"
+          CC_TOKEN=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$CC_OIDC_AUDIENCE" | cut -d\" -f6)
+          echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
        elif [ -n "${{ env.CODECOV_TOKEN }}" ];
        then
          echo -e "\033[0;32m==>\033[0m Token set from env"
@@ -232,7 +225,6 @@ runs:
          fi
        fi
      env:
-        CC_OIDC_TOKEN: ${{ steps.oidc.outputs.result }}
        CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}

    - name: Override branch for forks
--- a/src/version
+++ b/src/version
@@ -1 +1 @@
-5.4.2
+5.5.0
@@ -1 +1 @@
 .4.2
 .5.0