diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 38ea5d3000..c6d76f2baf 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.1 + uses: github/codeql-action/init@v3.28.10 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.1 + uses: github/codeql-action/autobuild@v3.28.10 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -66,4 +66,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.1 + uses: github/codeql-action/analyze@v3.28.10 diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index ac24936d89..68c3c4d9a6 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3.28.1 # v1.0.26 + uses: github/codeql-action/upload-sarif@v3.28.10 # v1.0.26 with: sarif_file: results.sarif diff --git a/CHANGELOG.md b/CHANGELOG.md index 7adc9e201b..45dc685e72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +## v5.4.0 + +### What's Changed +* update wrapper submodule to 0.2.0, add recurse_submodules arg by @matt-codecov in https://github.com/codecov/codecov-action/pull/1780 +* build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1775 +* build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1776 +* build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1777 +* Clarify in README that `use_pypi` bypasses integrity checks too by @webknjaz in https://github.com/codecov/codecov-action/pull/1773 +* Fix use of safe.directory inside containers by @Flamefire in https://github.com/codecov/codecov-action/pull/1768 +* Fix description for report_type input by @craigscott-crascit in https://github.com/codecov/codecov-action/pull/1770 +* build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1765 +* Fix a typo in the example by @miranska in https://github.com/codecov/codecov-action/pull/1758 +* build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1757 +* build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @app/dependabot in https://github.com/codecov/codecov-action/pull/1753 + + +**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0 + + ## v5.3.1 ### What's Changed diff --git a/README.md b/README.md index ac10887299..79008bf378 100644 --- a/README.md +++ b/README.md @@ -141,8 +141,9 @@ Codecov's Action supports inputs from the user. These inputs, along with their d | `override_commit` | Commit SHA (with 40 chars) | Optional | `override_pr` | Specify the pull request number manually. Used to override pre-existing CI environment variables. | Optional | `plugins` | Comma-separated list of plugins to run. Specify `noop` to turn off all plugins | Optional +| `recurse_submodules` | Whether to enumerate files inside of submodules for path-fixing purposes. Off by default. | Optional | `report_code` | The code of the report if using local upload. If unsure, leave unset. Read more here https://docs.codecov.com/docs/the-codecov-cli#how-to-use-local-upload | Optional -| `report_type` | The type of file to upload, coverage by default. Possible values are "testing", "coverage". | Optional +| `report_type` | The type of file to upload, coverage by default. Possible values are "test_results", "coverage". | Optional | `root_dir` | Root folder from which to consider paths on the network section. Defaults to current working directory. | Optional | `run_command` | Choose which CLI command to run. Options are "upload-coverage", "empty-upload", "pr-base-picking", "send-notifications". "upload-coverage" is run by default.' | Optional | `skip_validation` | Skip integrity checking of the CLI. This is NOT recommended. | Optional @@ -152,7 +153,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d | `url` | Set to the Codecov instance URl. Used by Dedicated Enterprise Cloud customers. | Optional | `use_legacy_upload_endpoint` | Use the legacy upload endpoint. | Optional | `use_oidc` | Use OIDC instead of token. This will ignore any token supplied | Optional -| `use_pypi` | Use the pypi version of the CLI instead of from cli.codecov.io | Optional +| `use_pypi` | Use the pypi version of the CLI instead of from cli.codecov.io. If specified, integrity checking will be bypassed. | Optional | `verbose` | Enable verbose logging | Optional | `version` | Which version of the Codecov CLI to use (defaults to 'latest') | Optional | `working-directory` | Directory in which to execute codecov.sh | Optional @@ -176,7 +177,7 @@ jobs: - name: Setup Python uses: actions/setup-python@main with: - python-version: 3.10 + python-version: '3.10' - name: Generate coverage report run: | pip install pytest diff --git a/action.yml b/action.yml index 5333ef67ce..aa709a1c81 100644 --- a/action.yml +++ b/action.yml @@ -112,11 +112,14 @@ inputs: plugins: description: 'Comma-separated list of plugins to run. Specify `noop` to turn off all plugins' required: false + recurse_submodules: + description: 'Whether to enumerate files inside of submodules for path-fixing purposes. Off by default.' + default: 'false' report_code: description: 'The code of the report if using local upload. If unsure, leave default. Read more here https://docs.codecov.com/docs/the-codecov-cli#how-to-use-local-upload' required: false report_type: - description: 'The type of file to upload, coverage by default. Possible values are "testing", "coverage".' + description: 'The type of file to upload, coverage by default. Possible values are "test_results", "coverage".' required: false root_dir: description: 'Root folder from which to consider paths on the network section. Defaults to current working directory.' @@ -181,7 +184,8 @@ runs: if: ${{ inputs.disable_safe_directory != 'true' }} shell: bash run: | - git config --global --add safe.directory ${{ github.workspace }} + git config --global --add safe.directory "${{ github.workspace }}" + git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Set fork shell: bash @@ -299,6 +303,7 @@ runs: CC_OS: ${{ inputs.os }} CC_PARENT_SHA: ${{ inputs.commit_parent }} CC_PLUGINS: ${{ inputs.plugins }} + CC_RECURSE_SUBMODULES: ${{ inputs.recurse_submodules }} CC_REPORT_TYPE: ${{ inputs.report_type }} CC_RUN_CMD: ${{ inputs.run_command }} CC_SERVICE: ${{ inputs.git_service }} diff --git a/dist/codecov.sh b/dist/codecov.sh index d29497c574..f2bc8e44ca 100755 --- a/dist/codecov.sh +++ b/dist/codecov.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -CC_WRAPPER_VERSION="0.1.0" +CC_WRAPPER_VERSION="0.2.0" set +u say() { echo -e "$1" @@ -27,7 +27,7 @@ v_arg() { echo "$(eval echo \$"CC_$1")" fi } -write_truthy_args() { +write_bool_args() { if [ "$(eval echo \$$1)" = "true" ] || [ "$(eval echo \$$1)" = "1" ]; then echo "-$(lower $1)" @@ -143,8 +143,8 @@ then cc_cli_args+=( "--codecov-yml-path" ) cc_cli_args+=( "$CC_YML_PATH" ) fi -cc_cli_args+=( $(write_truthy_args CC_DISABLE_TELEM) ) -cc_cli_args+=( $(write_truthy_args CC_VERBOSE) ) +cc_cli_args+=( $(write_bool_args CC_DISABLE_TELEM) ) +cc_cli_args+=( $(write_bool_args CC_VERBOSE) ) if [ -n "$CC_TOKEN_VAR" ]; then token="$(eval echo \$$CC_TOKEN_VAR)" @@ -162,7 +162,7 @@ fi if [ "$CC_RUN_CMD" == "upload-coverage" ]; then cc_args=() # Args for create commit -cc_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) ) +cc_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) cc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) cc_args+=( $(k_arg PARENT_SHA) $(v_arg PARENT_SHA)) cc_args+=( $(k_arg PR) $(v_arg PR)) @@ -177,9 +177,9 @@ cc_args+=( $(k_arg BRANCH) $(v_arg BRANCH)) cc_args+=( $(k_arg BUILD) $(v_arg BUILD)) cc_args+=( $(k_arg BUILD_URL) $(v_arg BUILD_URL)) cc_args+=( $(k_arg DIR) $(v_arg DIR)) -cc_args+=( $(write_truthy_args CC_DISABLE_FILE_FIXES) ) -cc_args+=( $(write_truthy_args CC_DISABLE_SEARCH) ) -cc_args+=( $(write_truthy_args CC_DRY_RUN) ) +cc_args+=( $(write_bool_args CC_DISABLE_FILE_FIXES) ) +cc_args+=( $(write_bool_args CC_DISABLE_SEARCH) ) +cc_args+=( $(write_bool_args CC_DRY_RUN) ) if [ -n "$CC_EXCLUDES" ]; then for directory in $CC_EXCLUDES; do @@ -202,9 +202,10 @@ cc_args+=( $(k_arg GCOV_ARGS) $(v_arg GCOV_ARGS)) cc_args+=( $(k_arg GCOV_EXECUTABLE) $(v_arg GCOV_EXECUTABLE)) cc_args+=( $(k_arg GCOV_IGNORE) $(v_arg GCOV_IGNORE)) cc_args+=( $(k_arg GCOV_INCLUDE) $(v_arg GCOV_INCLUDE)) -cc_args+=( $(write_truthy_args CC_HANDLE_NO_REPORTS_FOUND) ) +cc_args+=( $(write_bool_args CC_HANDLE_NO_REPORTS_FOUND) ) +cc_args+=( $(write_bool_args CC_RECURSE_SUBMODULES) ) cc_args+=( $(k_arg JOB_CODE) $(v_arg JOB_CODE)) -cc_args+=( $(write_truthy_args CC_LEGACY) ) +cc_args+=( $(write_bool_args CC_LEGACY) ) if [ -n "$CC_NAME" ]; then cc_args+=( "--name" "$CC_NAME" ) @@ -223,8 +224,8 @@ cc_args+=( $(k_arg SWIFT_PROJECT) $(v_arg SWIFT_PROJECT)) IFS=$OLDIFS elif [ "$CC_RUN_CMD" == "empty-upload" ]; then cc_args=() -cc_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) ) -cc_args+=( $(write_truthy_args CC_FORCE) ) +cc_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) +cc_args+=( $(write_bool_args CC_FORCE) ) cc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) cc_args+=( $(k_arg SHA) $(v_arg SHA)) cc_args+=( $(k_arg SLUG) $(v_arg SLUG)) @@ -237,7 +238,7 @@ cc_args+=( $(k_arg SERVICE) $(v_arg SERVICE)) elif [ "$CC_RUN_CMD" == "send-notifications" ]; then cc_args=() cc_args+=( $(k_arg SHA) $(v_arg SHA)) -cc_args+=( $(write_truthy_args CC_FAIL_ON_ERROR) ) +cc_args+=( $(write_bool_args CC_FAIL_ON_ERROR) ) cc_args+=( $(k_arg GIT_SERVICE) $(v_arg GIT_SERVICE)) cc_args+=( $(k_arg SLUG) $(v_arg SLUG)) else @@ -245,9 +246,9 @@ else exit fi unset NODE_OPTIONS -# See https://github.com/codecov/uploader/issues/475 +# https://github.com/codecov/uploader/issues/475 say "$g==>$x Running $CC_RUN_CMD" -say " $b$cc_command $(echo "${cc_cli_args[@]}")$CC_RUN_CMD$token_str $(echo "${cc_args[@]}")$x" +say " $b$cc_command $(echo "${cc_cli_args[@]}") $CC_RUN_CMD$token_str $(echo "${cc_args[@]}")$x" if ! $cc_command \ ${cc_cli_args[*]} \ ${CC_RUN_CMD} \ diff --git a/src/scripts b/src/scripts index ad7c6465b6..96f8531c88 160000 --- a/src/scripts +++ b/src/scripts @@ -1 +1 @@ -Subproject commit ad7c6465b6a6a1bc64d0be39ff1312b8ac76c6ea +Subproject commit 96f8531c88a811b53ea0b4ea7bbd691400d369c9 diff --git a/src/version b/src/version index c7cb1311a6..8a30e8f94a 100644 --- a/src/version +++ b/src/version @@ -1 +1 @@ -5.3.1 +5.4.0