chore(release): 5.5.5

Co-authored-by: Cursor <cursoragent@cursor.com>

CHANGELOG.md

@@ -1,3 +1,11 @@
+## v5.5.5
+
+### What's Changed
+* fix: fetch Codecov PGP key from keybase.io/codecovsecops
+
+**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.5.4..v5.5.5
+
+
 ## v5.5.2
 
 ### What's Changed

Makefile

@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat src/version))
-	git tag -d v6
-	git push origin :v6
-	git tag v6
+	git tag -d v5
+	git push origin :v5
+	git tag v5
 	git tag v$(VERSION) -s -m ""
 	git push origin --tags

README.md

@@ -6,10 +6,6 @@
 
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
-## v6 Release
-
-`v6` of the Codecov GitHub Action support node24
-
 ## v5 Release
 
 `v5` of the Codecov GitHub Action will use the [Codecov Wrapper](https://github.com/codecov/wrapper) to encapsulate the [CLI](https://github.com/codecov/codecov-cli). This will help ensure that the Action gets updates quicker.

action.yml

@@ -177,8 +177,6 @@ runs:
   steps:
     - name: Check system dependencies
       shell: sh
-      env:
-        INPUT_SKIP_VALIDATION: ${{ inputs.skip_validation }}
       run: |
         missing_deps=""
 
@@ -190,7 +188,7 @@ runs:
         done
 
         # Check for gpg only if validation is not being skipped
-        if [ "$INPUT_SKIP_VALIDATION" != "true" ]; then
+        if [ "${{ inputs.skip_validation }}" != "true" ]; then
           if ! command -v gpg >/dev/null 2>&1; then
             missing_deps="$missing_deps gpg"
           fi
@@ -232,7 +230,7 @@ runs:
         GITHUB_REPOSITORY: ${{ github.repository }}
 
     - name: Get OIDC token
-      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
       id: oidc
       with:
         script: |
@@ -247,27 +245,24 @@ runs:
     - name: Get and set token
       shell: bash
       run: |
-        if [ "$INPUT_USE_OIDC" == 'true' ] && [ "$CC_FORK" != 'true' ];
+        if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ];
         then
           echo "CC_TOKEN=$CC_OIDC_TOKEN" >> "$GITHUB_ENV"
-        elif [ -n "$INPUT_CODECOV_TOKEN" ];
+        elif [ -n "${{ env.CODECOV_TOKEN }}" ];
         then
           echo -e "\033[0;32m==>\033[0m Token set from env"
-            echo "CC_TOKEN=$INPUT_CODECOV_TOKEN" >> "$GITHUB_ENV"
+            echo "CC_TOKEN=${{ env.CODECOV_TOKEN }}" >> "$GITHUB_ENV"
         else
-          if [ -n "$INPUT_TOKEN" ];
+          if [ -n "${{ inputs.token }}" ];
           then
             echo -e "\033[0;32m==>\033[0m Token set from input"
-            CC_TOKEN=$(echo "$INPUT_TOKEN" | tr -d '\n')
+            CC_TOKEN=$(echo "${{ inputs.token }}" | tr -d '\n')
             echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
           fi
         fi
       env:
         CC_OIDC_TOKEN: ${{ steps.oidc.outputs.result }}
         CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}
-        INPUT_USE_OIDC: ${{ inputs.use_oidc }}
-        INPUT_TOKEN: ${{ inputs.token }}
-        INPUT_CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }}
 
     - name: Override branch for forks
       shell: bash

dist/codecov.sh

@@ -110,7 +110,7 @@ then
     chmod +x "$CC_COMMAND"
   fi
 else
-  echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
+  echo "$(curl -s https://keybase.io/codecovsecops/pgp_keys.asc)" | \
     gpg --no-default-keyring --import
   # One-time step
   say "$g==>$x Verifying GPG signature integrity"

src/version

@@ -1 +1 @@
-6.0.1
+5.5.5