Update paambaati/codeclimate-action action to v8 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
paambaati/codeclimate-action	action	major	v6.0.0 -> v8.0.0

---

Release Notes

paambaati/codeclimate-action (paambaati/codeclimate-action)

v8.0.0

Compare Source

⚠ BREAKING CHANGES

• declare new environment verification option in action.yml
• new environment verification flag
• new environment verification flag
• migrate everything to ESM-only
• upgrade module to ESM
• ci: this doesn't change the functionality of the core action, but it does change how releases are made in the future.
• Trying to make semantic-release push a new release
• this should ideally get published as v5
• this should ideally get published as v5
• core: Support Windows, now that CodeClimate has released a Windows binary of the reporter – see codeclimate.com/changelog/7dd79ee1cf1af7141b2bd18b
• core: Support Windows, now that CodeClimate has released a Windows binary of the reporter
• ci: semantic-release and its process is fundamentally broken when the repo moved from master to main for its main branch. This is an attempt to try to unfuck the git log/ref notes

core

• Support Windows (9af890c)
• Support Windows (3434c61)

Features

• ci: replace semantic-release with Google's release-please. (854ea46)
• core/internal: migrate to Japa as test runner. (c909795)
• core: cleanup downloaded artifacts (f331896), closes #​639
• core: migrate everything to ESM-only (6e2b10b)
• core: support fork PRs. (70a75ac), closes #​627
• core: Support Windows (f0efca8)
• core: Support Windows (9787ba6)
• migrate everything to ESM-only (fed36ec)
• new environment verification flag (fa81470)
• new environment verification flag (6007e34)
• run action using Node.js 20.x (859e71d)
• run action using Node.js 20.x (096c232)
• run action using Node.js 20.x (7642145)
• run action using Node.js 20.x (f01d194)
• run action using Node.js 20.x (a5d0e4f)
• run action using Node.js 20.x (052f893)
• upgrade module to ESM (797e381)
• utils: refactor coverage config line parser into own util (e03d453)

Bug Fixes

• ci: better version tagging (e7ede07)
• ci: checkout EVERYTHING so semantic-release has all the data it could need (a16dca5)
• ci: debug outputs (11ed927)
• ci: do not cancel all matrix builds for one (1471593)
• ci: fix invalid YAML (8f95f43)
• ci: fix the tag detection logic for new releases (f787a56)
• ci: rebuild and republish to use new branch and workflows (0c99fb3)
• ci: release broken release process (746f1d2)
• ci: republish so latest changes get applied (8f00eaa)
• ci: republish so latest changes get applied (fa71c1f)
• ci: set up correct (?) condition to trigger publish (3e9c9ce)
• ci: set up correct regex that replaces the 'v' prefixes for tags (b3bcc0e)
• ci: try once again to publish new version (bcd27f6)
• ci: use Node 22.x so the import loader will work as expected (d56acf0)
• ci: use the un-broken latest version of the workflow (0fe0643)
• ci: validate empty new release version (2b9684a)
• core: handle globs correctly in windows (54ac87c)
• core: parse coverage path correctly on all platforms (923001d)
• core: support ARM 64-bit environments (ea13673)
• core: support ARM 64-bit environments (ea13673)
• core: support ARM 64-bit environments (99e22b3)
• create hash from windows (077e614)
• declare new environment verification option in action.yml (3d46dc1)
• deps: add missing dev-only dep to unblock typescript build (9e22dcb)
• fix up last of the TS errors from tap API change (d99b041)
• go back to tap because japa doesn't seem active (19034a0)
• incorrect references to __dirname (cb821ab)
• keep windows-style line endings for .bat files (67549ff)
• make sure the action can actually run as ESM (fd0ae9c)
• revert 47793be (e512c4b)
• set up gitattributes to stop the line ending fuckery (4246a36)
• set up gitattributes to stop the line ending fuckery (9181fd8)
• tests: add back missing import (9eb6690)
• tests: additional windows-style test fixes (def6f6d)
• tests: fix tests for Windows (18e310b)
• tests: fix the Windows path (6e02942)
• tests: make sure the special variable in script are quoted to make string comparison work (c796f65)
• tests: mock checksum verification too (2befa84)
• tests: more windows-specific test fixes (de37362)
• tests: more windows-specific test fixes (e44e0a3)
• tests: more windows-specific test fixes (0b2f6f8)
• tests: more windows-specific test fixes (9a9184a)
• tests: more windows-specific test fixes (1c1a7eb)
• tests: more windows-specific test fixes (8d2edab)
• tests: more windows-specific test fixes (e05d58f)
• tests: more windows-specific tests (e9e87cc)
• tests: more windows-specific tests (13ff2e3)
• tests: more windows-specific tests (80aa61e)
• tests: more windows-specific tests (498dee1)
• tests: more windows-specific tests (f4dff2a)
• tests: more windows-specific tests (4b48851)
• tests: OS-agnostic line separators for all strings (2fc4cc3)
• tests: remove windows-only test and start writing os-independent logic (29cbd91)
• tests: run checksum verification pre-checks only for fixtures on their own target platforms (4dc408b)
• tests: set up correct file mode on Windows (4edff7e)
• tests: set up Windows fixtures (c29289f)
• tests: skip integration tests on unsupported platforms (00e5b40)
• tests: try correcting extra spaces in checksum files generated on Windows (edc5e97)
• test: try fixing tests on Windows (maybe) (47793be)
• test: use the @​tapjs/tsx import loader to fix TS issues (295386a)
• try LF-only line endings for all files (e2c94ee)
• upgrade tap to fix the plugin issues (f97429e)
• util: follow redirects in fetch (a258bd9)

Miscellaneous Chores

• release 6.0.0 (5c9d4de)
• release 7.0.0 (bae515b)
• release 8.0.0 (26b2a65)

v7.0.0

Compare Source

⚠ BREAKING CHANGES

• new environment verification flag
• new environment verification flag
• migrate everything to ESM-only
• upgrade module to ESM
• ci: this doesn't change the functionality of the core action, but it does change how releases are made in the future.
• Trying to make semantic-release push a new release
• this should ideally get published as v5
• this should ideally get published as v5
• core: Support Windows, now that CodeClimate has released a Windows binary of the reporter – see codeclimate.com/changelog/7dd79ee1cf1af7141b2bd18b
• core: Support Windows, now that CodeClimate has released a Windows binary of the reporter
• ci: semantic-release and its process is fundamentally broken when the repo moved from master to main for its main branch. This is an attempt to try to unfuck the git log/ref notes

core

• Support Windows (9af890c)
• Support Windows (3434c61)

Features

• ci: replace semantic-release with Google's release-please. (854ea46)
• core/internal: migrate to Japa as test runner. (c909795)
• core: cleanup downloaded artifacts (f331896), closes #​639
• core: migrate everything to ESM-only (6e2b10b)
• core: support fork PRs. (70a75ac), closes #​627
• core: Support Windows (f0efca8)
• core: Support Windows (9787ba6)
• migrate everything to ESM-only (fed36ec)
• new environment verification flag (fa81470)
• new environment verification flag (6007e34)
• run action using Node.js 20.x (859e71d)
• run action using Node.js 20.x (096c232)
• run action using Node.js 20.x (7642145)
• run action using Node.js 20.x (f01d194)
• run action using Node.js 20.x (a5d0e4f)
• run action using Node.js 20.x (052f893)
• upgrade module to ESM (797e381)
• utils: refactor coverage config line parser into own util (e03d453)

Bug Fixes

• ci: better version tagging (e7ede07)
• ci: checkout EVERYTHING so semantic-release has all the data it could need (a16dca5)
• ci: debug outputs (11ed927)
• ci: do not cancel all matrix builds for one (1471593)
• ci: fix invalid YAML (8f95f43)
• ci: fix the tag detection logic for new releases (f787a56)
• ci: rebuild and republish to use new branch and workflows (0c99fb3)
• ci: release broken release process (746f1d2)
• ci: republish so latest changes get applied (8f00eaa)
• ci: republish so latest changes get applied (fa71c1f)
• ci: set up correct (?) condition to trigger publish (3e9c9ce)
• ci: set up correct regex that replaces the 'v' prefixes for tags (b3bcc0e)
• ci: try once again to publish new version (bcd27f6)
• ci: use Node 22.x so the import loader will work as expected (d56acf0)
• ci: use the un-broken latest version of the workflow (0fe0643)
• ci: validate empty new release version (2b9684a)
• core: handle globs correctly in windows (54ac87c)
• core: parse coverage path correctly on all platforms (923001d)
• core: support ARM 64-bit environments (ea13673)
• core: support ARM 64-bit environments (ea13673)
• core: support ARM 64-bit environments (99e22b3)
• create hash from windows (077e614)
• deps: add missing dev-only dep to unblock typescript build (9e22dcb)
• fix up last of the TS errors from tap API change (d99b041)
• go back to tap because japa doesn't seem active (19034a0)
• incorrect references to __dirname (cb821ab)
• keep windows-style line endings for .bat files (67549ff)
• revert 47793be (e512c4b)
• set up gitattributes to stop the line ending fuckery (4246a36)
• set up gitattributes to stop the line ending fuckery (9181fd8)
• tests: add back missing import (9eb6690)
• tests: additional windows-style test fixes (def6f6d)
• tests: fix tests for Windows (18e310b)
• tests: fix the Windows path (6e02942)
• tests: make sure the special variable in script are quoted to make string comparison work (c796f65)
• tests: mock checksum verification too (2befa84)
• tests: more windows-specific test fixes (de37362)
• tests: more windows-specific test fixes (e44e0a3)
• tests: more windows-specific test fixes (0b2f6f8)
• tests: more windows-specific test fixes (9a9184a)
• tests: more windows-specific test fixes (1c1a7eb)
• tests: more windows-specific test fixes (8d2edab)
• tests: more windows-specific test fixes (e05d58f)
• tests: more windows-specific tests (e9e87cc)
• tests: more windows-specific tests (13ff2e3)
• tests: more windows-specific tests (80aa61e)
• tests: more windows-specific tests (498dee1)
• tests: more windows-specific tests (f4dff2a)
• tests: more windows-specific tests (4b48851)
• tests: OS-agnostic line separators for all strings (2fc4cc3)
• tests: remove windows-only test and start writing os-independent logic (29cbd91)
• tests: run checksum verification pre-checks only for fixtures on their own target platforms (4dc408b)
• tests: set up correct file mode on Windows (4edff7e)
• tests: set up Windows fixtures (c29289f)
• tests: skip integration tests on unsupported platforms (00e5b40)
• tests: try correcting extra spaces in checksum files generated on Windows (edc5e97)
• test: try fixing tests on Windows (maybe) (47793be)
• test: use the @​tapjs/tsx import loader to fix TS issues (295386a)
• try LF-only line endings for all files (e2c94ee)
• upgrade tap to fix the plugin issues (f97429e)
• util: follow redirects in fetch (a258bd9)

Miscellaneous Chores

• release 6.0.0 (5c9d4de)
• release 7.0.0 (bae515b)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Sunday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/paambaati/codeclimate-action	8.0.0	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/8 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
actions/paambaati/codeclimate-action	6.0.0	🟢 4.4	Details Check Score Reason Code-Review ⚠️ 0 Found 0/8 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/continuous-integration.yml

• paambaati/codeclimate-action@8.0.0
• paambaati/codeclimate-action@6.0.0

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 57.89%. Comparing base (f17f56b) to head (7d766fb).

Additional details and impacted files

@@            Coverage Diff            @@
##             master      #49   +/-   ##
=========================================
  Coverage     57.89%   57.89%           
  Complexity        8        8           
=========================================
  Files             3        3           
  Lines            57       57           
=========================================
  Hits             33       33           
  Misses           24       24           

Flag	Coverage Δ
php-8.1	57.89% <ø> (ø)
phpunit	57.89% <ø> (ø)
ubuntu-22.04	57.89% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coveralls]

Pull Request Test Coverage Report for Build 9531374891

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 61.905%

---

Totals
Change from base Build 9437377087:	0.0%
Covered Lines:	39
Relevant Lines:	63

---

💛 - Coveralls

[coveralls]

Pull Request Test Coverage Report for Build 9534895748

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 61.905%

---

Totals
Change from base Build 9534885941:	0.0%
Covered Lines:	39
Relevant Lines:	63

---

💛 - Coveralls

[coveralls]

Pull Request Test Coverage Report for Build 9535222934

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 61.905%

---

Totals
Change from base Build 9535214491:	0.0%
Covered Lines:	39
Relevant Lines:	63

---

💛 - Coveralls