build(deps): bump actions/github-script from 8.0.0 to 9.0.0

Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](ed597411d8...3a2844b7e9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 02:16:57 +00:00 · 2026-04-13 04:56:47 +00:00
7 changed files with 29 additions and 30 deletions
--- a/.github/workflows/enforce-license-compliance.yml
+++ b/.github/workflows/enforce-license-compliance.yml
@@ -0,0 +1,14 @@
+name: Enforce License Compliance
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  enforce-license-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Enforce License Compliance'
+        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
+        with:
+          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}
--- a/6
+++ b/6
@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat src/version))
-	git tag -d v7
-	git push origin :v7
-	git tag v7
+	git tag -d v6
+	git push origin :v6
+	git tag v6
 	git tag v$(VERSION) -s -m ""
 	git push origin --tags
--- a/README.md
+++ b/README.md
@@ -6,10 +6,6 @@

 ### Easily upload coverage reports to Codecov from GitHub Actions

-## v7 Release
-
-`v7` of the Codecov GitHub Action bumps the [Codecov Wrapper](https://github.com/codecov/wrapper) submodule, which now fetches the Codecov Uploader PGP verification key from the `codecovsecops` Keybase account.
-
 ## v6 Release

 `v6` of the Codecov GitHub Action support node24
--- a/action.yml
+++ b/action.yml
@@ -177,8 +177,6 @@ runs:
  steps:
    - name: Check system dependencies
      shell: sh
-      env:
-        INPUT_SKIP_VALIDATION: ${{ inputs.skip_validation }}
      run: |
        missing_deps=""

@@ -190,7 +188,7 @@ runs:
        done

        # Check for gpg only if validation is not being skipped
-        if [ "$INPUT_SKIP_VALIDATION" != "true" ]; then
+        if [ "${{ inputs.skip_validation }}" != "true" ]; then
          if ! command -v gpg >/dev/null 2>&1; then
            missing_deps="$missing_deps gpg"
          fi
@@ -232,7 +230,7 @@ runs:
        GITHUB_REPOSITORY: ${{ github.repository }}

    - name: Get OIDC token
-      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
      id: oidc
      with:
        script: |
@@ -247,27 +245,24 @@ runs:
    - name: Get and set token
      shell: bash
      run: |
-        if [ "$INPUT_USE_OIDC" == 'true' ] && [ "$CC_FORK" != 'true' ];
+        if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ];
        then
          echo "CC_TOKEN=$CC_OIDC_TOKEN" >> "$GITHUB_ENV"
-        elif [ -n "$INPUT_CODECOV_TOKEN" ];
+        elif [ -n "${{ env.CODECOV_TOKEN }}" ];
        then
          echo -e "\033[0;32m==>\033[0m Token set from env"
-            echo "CC_TOKEN=$INPUT_CODECOV_TOKEN" >> "$GITHUB_ENV"
+            echo "CC_TOKEN=${{ env.CODECOV_TOKEN }}" >> "$GITHUB_ENV"
        else
-          if [ -n "$INPUT_TOKEN" ];
+          if [ -n "${{ inputs.token }}" ];
          then
            echo -e "\033[0;32m==>\033[0m Token set from input"
-            CC_TOKEN=$(echo "$INPUT_TOKEN" | tr -d '\n')
+            CC_TOKEN=$(echo "${{ inputs.token }}" | tr -d '\n')
            echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
          fi
        fi
      env:
        CC_OIDC_TOKEN: ${{ steps.oidc.outputs.result }}
        CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}
-        INPUT_USE_OIDC: ${{ inputs.use_oidc }}
-        INPUT_TOKEN: ${{ inputs.token }}
-        INPUT_CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }}

    - name: Override branch for forks
      shell: bash
--- a/dist/codecov.sh
+++ b/dist/codecov.sh
@@ -37,7 +37,7 @@ g="\033[0;32m"  # info/debug
 r="\033[0;31m"  # errors
 x="\033[0m"
 retry="--retry 5 --retry-delay 2"
-CC_WRAPPER_VERSION="0.2.9"
+CC_WRAPPER_VERSION="0.2.7"
 CC_VERSION="${CC_VERSION:-latest}"
 CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
 CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}"
@@ -69,13 +69,7 @@ then
    exit_if_error "Could not install via pypi."
    exit
  fi
-  if [[ "$CC_CLI_TYPE" == "codecov-cli" ]]; then
-    CC_COMMAND="codecovcli"
-  elif [[ "$CC_CLI_TYPE" == "sentry-prevent-cli" ]]; then
-    CC_COMMAND="sentry-prevent-cli"
-  else
-    CC_COMMAND="${CC_CLI_TYPE}"
-  fi
+  CC_COMMAND="${CC_CLI_TYPE}"
 else
  if [ -n "$CC_OS" ];
  then
@@ -116,7 +110,7 @@ then
    chmod +x "$CC_COMMAND"
  fi
 else
-  echo "$(curl -s https://keybase.io/codecovsecops/pgp_keys.asc)" | \
+  echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
    gpg --no-default-keyring --import
  # One-time step
  say "$g==>$x Verifying GPG signature integrity"
--- a/src/scripts
+++ b/src/scripts
--- a/src/version
+++ b/src/version
@@ -1 +1 @@
-7.0.0
+6.0.0
@@ -1 +1 @@
 .0.0
 .0.0