chore(deps): bump codecov/codecov-action from 6 to 7#1269
Conversation
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6 to 7. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v6...v7) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
Hi @dependabot[bot]. Thanks for your PR. I'm waiting for a codeready-toolchain member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
WalkthroughCodecov GitHub Action version bumped from v6 to v7 in the upload-coverage workflow for uploading coverage reports. ChangesCodecov Action Version Update
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/upload-coverage.yml:
- Line 22: Replace the mutable GitHub Action tag for the Codecov step (currently
referenced as codecov/codecov-action@v7) with the pinned release commit SHA to
reduce supply-chain risk; update the uses value to
codecov/codecov-action@7a4a0d6a4e8c1e1f8a5c8c5c0a2d3e4f5b6c7d8e so the workflow
always runs that exact commit instead of the floating v7 tag.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 08baea45-b41a-4e5e-af73-a733b8bc0212
📒 Files selected for processing (1)
.github/workflows/upload-coverage.yml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: test
- GitHub Check: govulncheck
- GitHub Check: GolangCI Lint
- GitHub Check: Build & push operator bundles & dashboard image for e2e tests
🧰 Additional context used
🪛 zizmor (1.25.2)
.github/workflows/upload-coverage.yml
[error] 22-22: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🔀 Multi-repo context codeready-toolchain/registration-service, codeready-toolchain/member-operator, codeready-toolchain/toolchain-common
codeready-toolchain/registration-service
- .github/workflows/upload-coverage.yml — Upload step uses codecov/codecov-action@v6 (Upload to Codecov step). [::codeready-toolchain/registration-service::]
codeready-toolchain/member-operator
- .github/workflows/upload-coverage.yml — Upload step uses codecov/codecov-action@v6 (Upload to Codecov step). [::codeready-toolchain/member-operator::]
- .github/workflows/test-with-coverage.yml — CI test upload uses codecov/codecov-action@v5 (Upload code coverage step). [::codeready-toolchain/member-operator::]
codeready-toolchain/toolchain-common
- .github/workflows/upload-coverage.yml — Upload step uses codecov/codecov-action@v6 (Upload to Codecov step). [::codeready-toolchain/toolchain-common::]
Conclusion: Multiple repositories still reference v5/v6 of codecov/codecov-action (see files above); they may need coordinated updates to v7 if the change in host-operator is meant to be applied org-wide.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dependabot[bot], MatousJobanek The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
|



Bumps codecov/codecov-action from 6 to 7.
Release notes
Sourced from codecov/codecov-action's releases.
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by CodeRabbit