build(deps): bump codecov/codecov-action from 4 to 5

[dependabot]

Bumps codecov/codecov-action from 4 to 5.

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

• file (this has been deprecated in favor of files)
• plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

• binary
• gcov_args
• gcov_executable
• gcov_ignore
• gcov_include
• report_type
• skip_validation
• swift_project

You can see their usage in the action.yml file.

What's Changed

• chore(deps): bump to eslint9+ and remove eslint-config-google by @​thomasrockhu-codecov in codecov/codecov-action#1591
• build(deps-dev): bump @​octokit/webhooks-types from 7.5.1 to 7.6.1 by @​dependabot in codecov/codecov-action#1595
• build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @​dependabot in codecov/codecov-action#1604
• build(deps-dev): bump @​typescript-eslint/parser from 8.8.0 to 8.8.1 by @​dependabot in codecov/codecov-action#1601
• build(deps): bump @​actions/core from 1.11.0 to 1.11.1 by @​dependabot in codecov/codecov-action#1597
• build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @​dependabot in codecov/codecov-action#1596
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @​dependabot in codecov/codecov-action#1600
• build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @​dependabot in codecov/codecov-action#1598
• build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @​dependabot in codecov/codecov-action#1609
• build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @​dependabot in codecov/codecov-action#1608
• build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @​dependabot in codecov/codecov-action#1607
• build(deps-dev): bump @​typescript-eslint/parser from 8.8.1 to 8.9.0 by @​dependabot in codecov/codecov-action#1612
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @​dependabot in codecov/codecov-action#1611
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @​dependabot in codecov/codecov-action#1615
• build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @​dependabot in codecov/codecov-action#1618
• build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @​dependabot in codecov/codecov-action#1617
• build(deps-dev): bump @​typescript-eslint/parser from 8.9.0 to 8.10.0 by @​dependabot in codecov/codecov-action#1614
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @​dependabot in codecov/codecov-action#1620
• build(deps-dev): bump @​typescript-eslint/parser from 8.10.0 to 8.11.0 by @​dependabot in codecov/codecov-action#1619
• build(deps-dev): bump @​types/jest from 29.5.13 to 29.5.14 by @​dependabot in codecov/codecov-action#1622
• build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @​dependabot in codecov/codecov-action#1625
• build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @​dependabot in codecov/codecov-action#1624
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @​dependabot in codecov/codecov-action#1626
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @​dependabot in codecov/codecov-action#1629

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

• #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

• No current support for aarch64 and alpine architectures.
• Tokenless uploading is unsuported
• Various arguments to the Action have been removed

3.1.4

Fixes

• #967 Fix typo in README.md
• #971 fix: add back in working dir
• #969 fix: CLI option names for uploader

Dependencies

• #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
• #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
• #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

• #960 fix: allow for aarch64 build

Dependencies

• #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
• #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
• #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

• #718 Update README.md
• #851 Remove unsupported path_to_write_report argument
• #898 codeql-analysis.yml
• #901 Update README to contain correct information - inputs and negate feature
• #955 fix: add in all the extra arguments for uploader

Dependencies

• #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
• #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
• #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
• #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
• #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
• #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
• #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
• #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

• 5c47607 fix: override commit and pr values for PR cases (#1657)
• 3b1354a chore(release): 5.0.1 (#1656)
• 2e2a9c6 fix: update tokenless branch logic (#1650)
• cfc521b Update README.md
• 0642541 fix: use marketplace v5 badge (#1646)
• 9688725 Update README.md
• 2112eae chore(deps): bump wrapper to 0.0.23 (#1644)
• 193421c fixL use the correct source (#1642)
• 6018df7 fix: update container builds (#1640)
• eff1a64 fix: add missing vars (#1638)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[llamapreview]

Auto Pull Request Review from LlamaPReview

1. Change Overview

1.1 Core Changes

• Primary purpose and scope: The PR aims to update the Codecov action used in the GitHub workflow from version 4 to version 5.
• Key components modified: The .github/workflows/build.yaml file is updated to use the new version of the Codecov action.
• Cross-component impacts: The change affects the CI/CD pipeline, specifically the part responsible for uploading coverage reports to Codecov.
• Business value alignment: The update aims to enhance the coverage reporting functionality by leveraging the latest features and improvements in the Codecov action.

1.2 Technical Architecture

• System design modifications: The PR changes the dependency version for the Codecov action.
• Component interaction changes: The interaction between the GitHub workflow and Codecov remains the same, but the internal mechanics of the Codecov action may have changed.
• Integration points impact: The integration with Codecov is updated to use the latest version, which may include new features, bug fixes, and optimizations.
• Dependency changes and implications: The dependency on the Codecov action is updated from version 4 to version 5. This change includes several new features, deprecations, and potential breaking changes that need to be reviewed.

2. Deep Technical Analysis

2.1 Code Logic Analysis

• [File Path] - .github/workflows/build.yaml
  • Submitted PR Code:

    - name: Upload coverage to Codecov
      if: runner.os == 'Windows' && matrix.python-version == '3.12'
    -        uses: codecov/codecov-action@v4
    +        uses: codecov/codecov-action@v5
      with:
        token: ${{ secrets.CODECOV_TOKEN }}

  • Analysis:
    • Current logic and potential issues: The change updates the Codecov action version. This could introduce new features, deprecations, and potential breaking changes.
    • Edge cases and error handling: The potential breaking changes include deprecated arguments (file and plugin) and new arguments (binary, gcov_args, etc.), which need to be reviewed and handled.
    • Cross-component impact : The update may affect the CI/CD pipeline, particularly the coverage reporting functionality.
    • Business logic considerations : The update aligns with the goal of keeping dependencies up-to-date and leveraging the latest features.
  • LlamaPReview Suggested Improvements: Ensure that the new version of the Codecov action is compatible with the existing configuration and that any deprecated arguments are handled appropriately.

    - name: Upload coverage to Codecov
      if: runner.os == 'Windows' && matrix.python-version == '3.12'
      uses: codecov/codecov-action@v5
      with:
        token: ${{ secrets.CODECOV_TOKEN }}
        files: ${{ matrix.coverage-files }}  # Update deprecated argument
        plugins: ${{ matrix.coverage-plugins }}  # Update deprecated argument

  • Improvement rationale
    • Technical benefits: Ensures compatibility with the new version and leverages the latest features.
    • Business value: Keeps the dependency up-to-date, improving coverage reporting functionality.
    • Risk assessment: Potential breaking changes need to be handled to avoid disruptions in the CI/CD pipeline.

2.2 Implementation Quality

• Code Structure:

  • Organization and modularity: The change is localized to the .github/workflows/build.yaml file, maintaining the modularity of the workflow configuration.
  • Design pattern adherence: The change adheres to the design pattern of updating dependencies in the GitHub workflow.
  • Reusability aspects: The change does not affect the reusability of the workflow configuration.
  • Maintainability factors: The updated dependency version improves maintainability by leveraging the latest features and optimizations.

• Error Handling:

  • Exception scenarios coverage: The change does not introduce new error handling scenarios.
  • Recovery mechanisms: The existing recovery mechanisms remain unchanged.
  • Logging and monitoring: The logging and monitoring configurations remain unchanged.
  • User experience impact: The update should not affect the user experience, assuming the new version is compatible with the existing configuration.

• Performance Considerations:

  • Resource utilization: The update may introduce performance optimizations in the Codecov action.
  • Scalability aspects: The update does not affect the scalability of the CI/CD pipeline.
  • Bottleneck analysis: The update does not introduce new bottlenecks.
  • Optimization opportunities: The new version of the Codecov action may include optimizations that improve performance.

3. Risk Assessment

3.1 Critical Issues

🔴 P0 (Must Fix):

• Issue: Deprecated arguments in the Codecov action need to be updated.
• Impact:
  • Technical implications: The deprecated arguments (file and plugin) need to be updated to avoid breaking the CI/CD pipeline.
  • Business consequences: Failure to update the deprecated arguments may result in disruptions in the coverage reporting functionality.
  • User experience effects: Users may experience issues with coverage reporting if the deprecated arguments are not updated.
• Resolution:
  • Specific code changes: Update the deprecated arguments to use the new arguments (files and plugins).
  • Configuration updates: Ensure that the new arguments are compatible with the existing configuration.
  • Testing requirements: Test the updated configuration to ensure compatibility with the new version of the Codecov action.

3.2 Important Improvements

🟡 P1 (Should Fix):

• Issue: Ensure compatibility with the new version of the Codecov action.
• Current Impact:
  • Performance implications: The new version may include performance optimizations.
  • Maintenance overhead: The update reduces maintenance overhead by leveraging the latest features and optimizations.
  • Future scalability: The update does not affect the scalability of the CI/CD pipeline.
• Suggested Solution:
  • Implementation approach: Update the deprecated arguments and ensure compatibility with the new version.
  • Migration strategy: Test the updated configuration in a staging environment before deploying to production.
  • Testing considerations: Ensure that the CI/CD pipeline functions correctly with the new version of the Codecov action.

3.3 Minor Suggestions

🟢 P2 (Consider):

• Area: Documentation updates
• Improvement Opportunity:
  • Code quality enhancement: Update the documentation to reflect the changes in the Codecov action version.
  • Best practice alignment: Ensure that the documentation is up-to-date and aligns with best practices.
  • Documentation updates: Update the README and any relevant documentation to reflect the changes in the Codecov action version.

4. Requirements Analysis

4.1 Functional Coverage

• Requirements mapping:
  • Implemented features: The update implements the latest features and optimizations in the Codecov action.
  • Missing elements: None identified.
  • Edge cases handling: The update may introduce new edge cases that need to be handled.
• Business Logic:
  • Use case coverage: The update covers the use case of keeping dependencies up-to-date.
  • Business rule implementation: The update aligns with the business rule of leveraging the latest features and optimizations.
  • Data flow correctness: The update does not affect the data flow correctness.

4.2 Non-functional Aspects

• Performance metrics: The update may introduce performance optimizations.
• Security considerations: The update does not introduce new security considerations.
• Scalability factors: The update does not affect the scalability of the CI/CD pipeline.
• Maintainability aspects: The update improves maintainability by leveraging the latest features and optimizations.

5. Testing Strategy

• Test Coverage:
  • Unit test requirements: None identified.
  • Integration test scenarios: Test the updated configuration in a staging environment to ensure compatibility with the new version of the Codecov action.
  • Edge case validation: Validate edge cases related to the new version of the Codecov action.
• Quality Metrics:
  • Current coverage: The update does not affect the current test coverage.
  • Critical paths: The update may affect the critical path related to coverage reporting.
  • Performance benchmarks: The update may introduce performance optimizations.

6. Final Assessment

6.1 Key Action Items

1. Critical Changes (P0):

   • Update the deprecated arguments (file and plugin) to use the new arguments (files and plugins).
   • Ensure compatibility with the new version of the Codecov action.

2. Important Improvements (P1):

   • Test the updated configuration in a staging environment before deploying to production.
   • Ensure that the CI/CD pipeline functions correctly with the new version of the Codecov action.

3. Suggested Enhancements (P2):

   • Update the documentation to reflect the changes in the Codecov action version.
   • Ensure that the documentation is up-to-date and aligns with best practices.

6.2 Overall Evaluation

• Technical assessment: The update introduces new features, deprecations, and potential breaking changes that need to be reviewed and handled.
• Business impact: The update aligns with the goal of keeping dependencies up-to-date and leveraging the latest features.
• Risk evaluation: Potential breaking changes need to be handled to avoid disruptions in the CI/CD pipeline.
• Implementation quality: The update improves maintainability by leveraging the latest features and optimizations.

---

💡 LlamaPReview Community
Have feedback on this AI Code review tool? Join our GitHub Discussions to share your thoughts and help shape the future of LlamaPReview.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 52.35%. Comparing base (4260d39) to head (af15555).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #205   +/-   ##
=======================================
  Coverage   52.35%   52.35%           
=======================================
  Files         948      948           
  Lines       37348    37348           
=======================================
  Hits        19552    19552           
  Misses      17796    17796           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.