build(deps): bump actions/checkout from 5.0.0 to 6.0.3

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5.0.0...v6.0.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
chore(release): 7.0.0 (#1957 )
2026-06-29 18:37:03 +00:00 · 2026-06-08 04:42:31 +00:00 · 2026-06-06 20:43:45 -05:00 · 2026-05-22 06:26:10 -06:00
9 changed files with 26 additions and 30 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -37,7 +37,7 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v6.0.3

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
--- a/.github/workflows/enforce-license-compliance.yml
+++ b/.github/workflows/enforce-license-compliance.yml
@@ -1,14 +0,0 @@
-name: Enforce License Compliance
-
-on:
-  pull_request:
-    branches: [main]
-
-jobs:
-  enforce-license-compliance:
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Enforce License Compliance'
-        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
-        with:
-          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -12,7 +12,7 @@ jobs:
        os: [macos-latest, windows-latest, ubuntu-latest]
    steps:
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.3
        with:
          submodules: "true"
      - name: Install dependencies
@@ -54,7 +54,7 @@ jobs:
    runs-on: macos-latest-xlarge
    steps:
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.3
        with:
          submodules: "true"
      - name: Install dependencies
@@ -103,7 +103,7 @@ jobs:
    container: python:latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.3
        with:
          submodules: "true"
      - name: Install deps
@@ -144,7 +144,7 @@ jobs:
        run: |
          apk add git
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.3
        with:
          submodules: "true"
      - name: Upload coverage to Codecov (should fail due to missing dependencies)
@@ -175,7 +175,7 @@ jobs:
        run: |
          apk add git curl gnupg bash
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.3
        with:
          submodules: "true"
      - name: Upload coverage to Codecov (should succeed)
@@ -212,7 +212,7 @@ jobs:
        run: |
          apk add git curl
      - name: Checkout
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.3
        with:
          submodules: "true"
      - name: Upload coverage to Codecov (should fail due to missing gpg and bash)
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -25,7 +25,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@v5.0.0 # v3.0.0
+        uses: actions/checkout@v6.0.3 # v3.0.0
        with:
          persist-credentials: false

--- a/6
+++ b/6
@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat src/version))
-	git tag -d v6
-	git push origin :v6
-	git tag v6
+	git tag -d v7
+	git push origin :v7
+	git tag v7
 	git tag v$(VERSION) -s -m ""
 	git push origin --tags
--- a/README.md
+++ b/README.md
@@ -6,6 +6,10 @@

 ### Easily upload coverage reports to Codecov from GitHub Actions

+## v7 Release
+
+`v7` of the Codecov GitHub Action bumps the [Codecov Wrapper](https://github.com/codecov/wrapper) submodule, which now fetches the Codecov Uploader PGP verification key from the `codecovsecops` Keybase account.
+
 ## v6 Release

 `v6` of the Codecov GitHub Action support node24
--- a/dist/codecov.sh
+++ b/dist/codecov.sh
@@ -37,7 +37,7 @@ g="\033[0;32m"  # info/debug
 r="\033[0;31m"  # errors
 x="\033[0m"
 retry="--retry 5 --retry-delay 2"
-CC_WRAPPER_VERSION="0.2.7"
+CC_WRAPPER_VERSION="0.2.9"
 CC_VERSION="${CC_VERSION:-latest}"
 CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
 CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}"
@@ -69,7 +69,13 @@ then
    exit_if_error "Could not install via pypi."
    exit
  fi
-  CC_COMMAND="${CC_CLI_TYPE}"
+  if [[ "$CC_CLI_TYPE" == "codecov-cli" ]]; then
+    CC_COMMAND="codecovcli"
+  elif [[ "$CC_CLI_TYPE" == "sentry-prevent-cli" ]]; then
+    CC_COMMAND="sentry-prevent-cli"
+  else
+    CC_COMMAND="${CC_CLI_TYPE}"
+  fi
 else
  if [ -n "$CC_OS" ];
  then
@@ -110,7 +116,7 @@ then
    chmod +x "$CC_COMMAND"
  fi
 else
-  echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
+  echo "$(curl -s https://keybase.io/codecovsecops/pgp_keys.asc)" | \
    gpg --no-default-keyring --import
  # One-time step
  say "$g==>$x Verifying GPG signature integrity"
--- a/src/scripts
+++ b/src/scripts
--- a/src/version
+++ b/src/version
@@ -1 +1 @@
-6.0.1
+7.0.0
@@ -1 +1 @@
 .0.1
 .0.0