In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.
v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.
Breaking Changes
The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.
Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.
OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our CLI download page
Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs
v3 versions and below will not have access to CLI features (e.g. global upload token, ATS).
v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.
Breaking Changes
No current support for aarch64 and alpine architectures.
Upload pages artifact with upload-artifact v4-beta @konradpabjan (#78)
To deploy a GitHub Pages site which has been uploaded with this version of actions/upload-pages-artifact, you must also use actions/deploy-pages@v4 or newer.
Removed chmod as we moved towards trusting correct file permissions have been set. In the event this isn't the case then we raise an error in the action related to the file permissions.
@woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.
📝 What's Documented
@virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @xuanzhi33💰 later corrected the markdown syntax there via #216.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 7 updates:
3
4
4
5
3
4
1
3
2
4
2
3
1.8.11
1.8.12
Updates
actions/checkout
from 3 to 4Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
b4ffde6
Link to release page from what's new section (#1514)8530928
Correct link to GitHub Docs (#1511)7cdaf2f
Update CODEOWNERS to Launch team (#1510)8ade135
Prepare 4.1.0 release (#1496)c533a0a
Add support for partial checkout filters (#1396)72f2cec
Update README.md for V4 (#1452)3df4ab1
Release 4.0.0 (#1447)8b5e8b7
Support fetching without the --progress option (#1067)97a652b
Update default runtime to node20 (#1436)Updates
actions/setup-python
from 4 to 5Release notes
Sourced from actions/setup-python's releases.
... (truncated)
Commits
0a5c615
Update action to node20 (#772)0ae5836
Add example of GraalPy to docs (#773)b64ffca
update actions/checkout to v4 (#761)8d28961
Examples now use checkout@v4 (#738)7bc6abb
advanced-usage.md: Encourage the use actions/checkout@v4 (#729)e8111ce
Bump@babel/traverse
from 7.9.0 to 7.23.2 (#743)a00ea43
add fix for graalpy ci (#741)8635b1c
Change deprecation comment to past tense (#723)f6cc428
Use non-deprecated versions in examples (#724)5f2af21
Add GraalPy support (#694)Updates
codecov/codecov-action
from 3 to 4Release notes
Sourced from codecov/codecov-action's releases.
... (truncated)
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
54bcd87
chore(release): v4.1.0 (#1307)8ba77ef
build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#1305)c60aa80
build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 (#1306)2fc4847
fix: set safe directory (#1304)0cfda1d
chore(release): bump to 4.0.2 (#1302)7d3a55e
build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1286)fe84a0b
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 6.21.0 to 7.0.0 (...e12c940
Use updated syntax for GitHub Markdown notes (#1300)ef7f8a5
build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#1298)b8a1d6a
build(deps-dev): bump@typescript-eslint/eslint-plugin
from 6.20.0 to 6.21.0 ...Updates
actions/upload-pages-artifact
from 1 to 3Release notes
Sourced from actions/upload-pages-artifact's releases.
... (truncated)
Commits
56afc60
Merge pull request #94 from SilverRainZ/maind12fdfb
Merge branch 'main' into mainaef5542
Merge pull request #88 from uiolee/patch-129cedd7
Merge branch 'main' into patch-1a69c22e
Merge pull request #92 from actions/dependabot/github_actions/non-breaking-ch...794e304
Group tar's output to prevent it from messing up logs14007f6
Bump the non-breaking-changes group with 1 update0191170
Merge pull request #91 from actions/dependabot-grouping0e7832d
Update Dependabot config to group non-breaking changes1a6d9fa
Update README.mdUpdates
actions/deploy-pages
from 2 to 4Release notes
Sourced from actions/deploy-pages's releases.
... (truncated)
Commits
decdde0
Merge pull request #295 from lmammino/patch-10b3be6b
Update distributablesc2c861c
Update tests294fbcd
Merge branch 'main' into patch-12a4b535
Merge pull request #298 from SimonSiefke/fix/typo4825f57
Merge branch 'main' into fix/typofa29843
Merge pull request #310 from actions/dependabot/npm_and_yarn/actions/artifact...d005625
Update distributables after Dependabot 🤖636701b
Bump@actions/artifact
from 2.0.1 to 2.1.125b8009
Merge pull request #307 from actions/dependabot-groupingUpdates
docker/setup-qemu-action
from 2 to 3Release notes
Sourced from docker/setup-qemu-action's releases.
Commits
6882732
Merge pull request #103 from docker/dependabot/npm_and_yarn/actions/core-1.10.1183f4af
chore: update generated contentf174935
build(deps): bump@actions/core
from 1.10.0 to 1.10.12e423eb
Merge pull request #89 from docker/dependabot/npm_and_yarn/semver-6.3.1ecc406a
Bump semver from 6.3.0 to 6.3.112dec5e
Merge pull request #102 from crazy-max/update-node20c29b312
chore: node 20 as default runtime34ae628
chore: update generated content1f3d2e1
chore: fix author in package.json277dbe8
vendor: bump@docker/actions-toolkit
from 0.3.0 to 0.12.0Updates
pypa/gh-action-pypi-publish
from 1.8.11 to 1.8.12Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
Commits
e53eb8b
Clarify the error during OIDC exchange on PRs from forksedfa8f3
Merge pull request #216 from xuanzhi33/unstable/v1aeff019
docs(fix): Fix a markdown alert24c5d5c
Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42...c13b4aa
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements72a79c8
Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42...751e5b8
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements0580fcb
Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42...a524841
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements3f824c7
Merge pull request #204 from pypa/pre-commit-ci-update-configDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show