chore(deps): update codecov/codecov-action action to v6 - abandoned#175
chore(deps): update codecov/codecov-action action to v6 - abandoned#175renovate[bot] wants to merge 2 commits into
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
✅MegaLinter analysis: Success
See detailed reports in MegaLinter artifacts Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining
|
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
There was a problem hiding this comment.
Pull request overview
Updates the Go CI workflow’s Codecov upload step to use the latest major version of the official Codecov GitHub Action.
Changes:
- Bump
codecov/codecov-actionfromv5.5.3tov6.0.0(pinned by SHA) in the Go CI workflow.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| - name: 📄 Upload coverage to Codecov | ||
| uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 | ||
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 |
There was a problem hiding this comment.
codecov/codecov-action v6 is a major bump and (per the release notes in the PR description) requires a Node 24 runtime. Please confirm the GitHub runner image used here (ubuntu-latest) supports Node 24 for JavaScript actions; otherwise this step may fail at runtime. If Node 24 isn’t guaranteed, keep using v5.x (or switch to an uploader approach that doesn’t depend on the runner’s Node version).
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 | |
| uses: codecov/codecov-action@v5 |
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
renovate
Bot
changed the title
Pull request was closed
* ci: scope reusable-workflow App tokens to least privilege Add explicit permission-* inputs to the six create-github-app-token steps that minted unscoped tokens (inheriting blanket GitHub App installation permissions), clearing the six standing zizmor/github-app code-scanning alerts (#170-#175). Each token is scoped to exactly what its consuming steps need, mirroring each job's already-declared permissions block: - enable-auto-merge (auto-merge): contents, pull-requests - create-release (release): contents, issues, pull-requests (semantic-release) - sync-cluster-policies (sync-policies): contents, pull-requests - validate-go-project (tidy, golangci-lint): contents, pull-requests - validate-go-project (lint): contents, issues, pull-requests Additive and backward-compatible: the token scope only narrows; no caller interface changes. update-copilot-skills.yaml was already scoped in #240. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci: narrow git-push-only App tokens to contents-only The App tokens in the tidy, golangci-lint, and mega-linter jobs are used only as the git credential for checkout + git-auto-commit-action (pushing linter auto-fixes). They are never used for PR/issue API calls — MegaLinter's PR/issue reporting uses the default GITHUB_TOKEN, governed by the unchanged job-level permissions block. So the App tokens need contents:write only; drop the unused permission-pull-requests/permission-issues inputs to keep them least-privileged (addresses the Copilot review on PR #245). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This PR contains the following updates:
v5.5.3→v6.0.0Release Notes
codecov/codecov-action (codecov/codecov-action)
v6.0.0Compare Source
v5.5.4Compare Source
This is a mirror of
v5.5.2.v6will be released which requiresnode24What's Changed
Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.