From 854819dd7e2bc57afcdfa184b313b9e773de38a3 Mon Sep 17 00:00:00 2001
From: Ashley Scopes <73482956+ascopes@users.noreply.github.com>
Date: Fri, 9 Sep 2022 08:34:27 +0100
Subject: [PATCH] Integrity check codecov scripts

---
 .github/workflows/build.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 34df3f904..6b910632d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -120,7 +120,15 @@ jobs:
       - name: Publish to codecov
         continue-on-error: true
         if: always()
-        run: bash <(curl -s https://codecov.io/bash)
+        run: |-
+          curl --fail https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import # One-time step
+          curl --fail -Os https://uploader.codecov.io/latest/linux/codecov
+          curl --fail -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
+          curl --fail -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig
+          gpgv codecov.SHA256SUM.sig codecov.SHA256SUM
+          shasum -a 256 -c codecov.SHA256SUM
+          chmod -v +x codecov
+          ./codecov 
 
       - name: Publish unit test results
         uses: EnricoMi/publish-unit-test-result-action@v2