chore(release): 5.5.1 (#1873)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/codeql-analysis.yml

@@ -37,11 +37,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4.2.2
+      uses: actions/checkout@v5.0.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.28.18
+      uses: github/codeql-action/init@v3.30.0
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.28.18
+      uses: github/codeql-action/autobuild@v3.30.0
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.28.18
+      uses: github/codeql-action/analyze@v3.30.0

.github/workflows/main.yml

@@ -12,13 +12,13 @@ jobs:
         os: [macos-latest, windows-latest, ubuntu-latest]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: "true"
       - name: Install dependencies
-        run: pip install -r src/scripts/app/requirements.txt
+        run: pip install -r app/requirements.txt
       - name: Run tests and collect coverage
-        run: pytest src/scripts/app/ --cov
+        run: pytest app/ --cov
 
       - name: Upload coverage to Codecov (script)
         uses: ./
@@ -50,17 +50,17 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
 
   run-macos-latest-xlarge:
-    if: github.head.repo.full_name == 'codecov/codecov-action'
+    if: github.event.pull_request.head.repo.full_name == 'codecov/codecov-action'
     runs-on: macos-latest-xlarge
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: "true"
       - name: Install dependencies
-        run: pip install -r src/scripts/app/requirements.txt
+        run: pip install -r app/requirements.txt
       - name: Run tests and collect coverage
-        run: pytest src/scripts/app/ --cov
+        run: pytest app/ --cov
       - name: Upload coverage to Codecov (script)
         uses: ./
         with:
@@ -103,7 +103,7 @@ jobs:
     container: python:latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: "true"
       - name: Install deps
@@ -144,7 +144,7 @@ jobs:
         run: |
           apk add git
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: "true"
       - name: Upload coverage to Codecov (should fail due to missing dependencies)
@@ -175,7 +175,7 @@ jobs:
         run: |
           apk add git curl gnupg bash
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: "true"
       - name: Upload coverage to Codecov (should succeed)
@@ -212,7 +212,7 @@ jobs:
         run: |
           apk add git curl
       - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           submodules: "true"
       - name: Upload coverage to Codecov (should fail due to missing gpg and bash)

.github/workflows/scorecards-analysis.yml

@@ -25,12 +25,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.2.2 # v3.0.0
+        uses: actions/checkout@v5.0.0 # v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.28.18 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.30.0 # v1.0.26
         with:
           sarif_file: results.sarif

.gitignore

@@ -93,3 +93,6 @@ public/
 
 # macOS Finder metadata
 .DS_Store
+
+# pycache dirs
+__pycache__/

CHANGELOG.md

@@ -1,3 +1,19 @@
+## v5.5.1
+
+### What's Changed
+* fix: overwrite pr number on fork by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1871
+* build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1868
+* build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1867
+* fix: update to use local app/ dir by @thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1872
+* docs: fix typo in README by @datalater in https://github.com/codecov/codecov-action/pull/1866
+* Document a `codecov-cli` version reference example by @webknjaz in https://github.com/codecov/codecov-action/pull/1774
+* build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1861
+* build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1833
+
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1
+
+
 ## v5.5.0
 
 ### What's Changed

README.md

@@ -14,8 +14,8 @@
 
 The `v5` release also coincides with the opt-out feature for tokens for public repositories. In the `Global Upload Token` section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see [how to upload without a token](https://docs.codecov.com/docs/codecov-tokens#uploading-without-a-token).
 
-> [!WARNING] > **The following arguments have been changed**
->
+> [!WARNING]
+> **The following arguments have been changed**
 > - `file` (this has been deprecated in favor of `files`)
 > - `plugin` (this has been deprecated in favor of `plugins`)
 
@@ -174,7 +174,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d
 | `use_oidc` | Use OIDC instead of token. This will ignore any token supplied | Optional
 | `use_pypi` | Use the pypi version of the CLI instead of from cli.codecov.io. If specified, integrity checking will be bypassed. | Optional
 | `verbose` | Enable verbose logging | Optional
-| `version` | Which version of the Codecov CLI to use (defaults to 'latest') | Optional
+| `version` | Which version of the Codecov CLI to use (defaults to 'latest', must start with a leading 'v'; example: `v10.0.1`) | Optional
 | `working-directory` | Directory in which to execute codecov.sh | Optional
 
 ### Example `workflow.yml` with Codecov Action

action.yml

@@ -282,7 +282,7 @@ runs:
         then
           CC_SHA="$GITHUB_EVENT_PULL_REQUEST_HEAD_SHA"
         fi
-        if [ -z "$CC_PR" ] && [ "${GITHUB_EVENT_NAME}" == "pull_request_target" ];
+        if [ -z "$CC_PR" ] && [ "$CC_FORK" == 'true' ];
         then
           CC_PR="$GITHUB_EVENT_NUMBER"
         fi

app/calculator.py

@@ -0,0 +1,15 @@
+class Calculator:
+
+    def add(x, y):
+        return x + y
+
+    def subtract(x, y):
+        return x - y
+
+    def multiply(x, y):
+        return x * y
+
+    def divide(x, y):
+        if y == 0:
+            return 'Cannot divide by 0'
+        return x * 1.0 / y

app/requirements.txt

@@ -0,0 +1 @@
+pytest-cov

app/test_calculator.py

@@ -0,0 +1,31 @@
+from .calculator import Calculator
+
+
+def test_add():
+    assert Calculator.add(1, 2) == 3.0
+    assert Calculator.add(1.0, 2.0) == 3.0
+    assert Calculator.add(0, 2.0) == 2.0
+    assert Calculator.add(2.0, 0) == 2.0
+    assert Calculator.add(-4, 2.0) == -2.0
+
+def test_subtract():
+    assert Calculator.subtract(1, 2) == -1.0
+    assert Calculator.subtract(2, 1) == 1.0
+    assert Calculator.subtract(1.0, 2.0) == -1.0
+    assert Calculator.subtract(0, 2.0) == -2.0
+    assert Calculator.subtract(2.0, 0.0) == 2.0
+    assert Calculator.subtract(-4, 2.0) == -6.0
+
+def test_multiply():
+    assert Calculator.multiply(1, 2) == 2.0
+    assert Calculator.multiply(1.0, 2.0) == 2.0
+    assert Calculator.multiply(0, 2.0) == 0.0
+    assert Calculator.multiply(2.0, 0.0) == 0.0
+    assert Calculator.multiply(-4, 2.0) == -8.0
+
+def test_divide():
+    # assert Calculator.divide(1, 2) == 0.5
+    assert Calculator.divide(1.0, 2.0) == 0.5
+    assert Calculator.divide(0, 2.0) == 0
+    assert Calculator.divide(-4, 2.0) == -2.0
+    # assert Calculator.divide(2.0, 0.0) == 'Cannot divide by 0'

src/version

@@ -1 +1 @@
-5.5.0
+5.5.1