Skip to content

chore(deps): bump codecov/codecov-action from 6 to 7#1269

Merged
MatousJobanek merged 2 commits into
masterfrom
dependabot/github_actions/codecov/codecov-action-7
Jun 12, 2026
Merged

chore(deps): bump codecov/codecov-action from 6 to 7#1269
MatousJobanek merged 2 commits into
masterfrom
dependabot/github_actions/codecov/codecov-action-7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps codecov/codecov-action from 6 to 7.

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Updated code coverage GitHub Action to the latest version.

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6 to 7.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v6...v7)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 8, 2026
@openshift-ci openshift-ci Bot requested review from mfrancisc and xcoulon June 8, 2026 12:33
@openshift-ci

openshift-ci Bot commented Jun 8, 2026

Copy link
Copy Markdown

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a codeready-toolchain member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Walkthrough

Codecov GitHub Action version bumped from v6 to v7 in the upload-coverage workflow for uploading coverage reports.

Changes

Codecov Action Version Update

Layer / File(s) Summary
Codecov action version bump
.github/workflows/upload-coverage.yml
The codecov/codecov-action reference is updated from v6 to v7 in the coverage upload step.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Suggested reviewers

  • fbm3307
  • xcoulon
  • MatousJobanek
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title clearly and specifically describes the main change: bumping the codecov/codecov-action dependency from version 6 to 7, which matches the file changes in the pull request.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/github_actions/codecov/codecov-action-7

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot removed the dependencies Pull requests that update a dependency file label Jun 8, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/upload-coverage.yml:
- Line 22: Replace the mutable GitHub Action tag for the Codecov step (currently
referenced as codecov/codecov-action@v7) with the pinned release commit SHA to
reduce supply-chain risk; update the uses value to
codecov/codecov-action@7a4a0d6a4e8c1e1f8a5c8c5c0a2d3e4f5b6c7d8e so the workflow
always runs that exact commit instead of the floating v7 tag.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 08baea45-b41a-4e5e-af73-a733b8bc0212

📥 Commits

Reviewing files that changed from the base of the PR and between df355ef and 3927954.

📒 Files selected for processing (1)
  • .github/workflows/upload-coverage.yml
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: test
  • GitHub Check: govulncheck
  • GitHub Check: GolangCI Lint
  • GitHub Check: Build & push operator bundles & dashboard image for e2e tests
🧰 Additional context used
🪛 zizmor (1.25.2)
.github/workflows/upload-coverage.yml

[error] 22-22: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🔀 Multi-repo context codeready-toolchain/registration-service, codeready-toolchain/member-operator, codeready-toolchain/toolchain-common

codeready-toolchain/registration-service

  • .github/workflows/upload-coverage.yml — Upload step uses codecov/codecov-action@v6 (Upload to Codecov step). [::codeready-toolchain/registration-service::]

codeready-toolchain/member-operator

  • .github/workflows/upload-coverage.yml — Upload step uses codecov/codecov-action@v6 (Upload to Codecov step). [::codeready-toolchain/member-operator::]
  • .github/workflows/test-with-coverage.yml — CI test upload uses codecov/codecov-action@v5 (Upload code coverage step). [::codeready-toolchain/member-operator::]

codeready-toolchain/toolchain-common

  • .github/workflows/upload-coverage.yml — Upload step uses codecov/codecov-action@v6 (Upload to Codecov step). [::codeready-toolchain/toolchain-common::]

Conclusion: Multiple repositories still reference v5/v6 of codecov/codecov-action (see files above); they may need coordinated updates to v7 if the change in host-operator is meant to be applied org-wide.

Comment thread .github/workflows/upload-coverage.yml

@MatousJobanek MatousJobanek left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/ok-to-test
/lgtm

@openshift-ci

openshift-ci Bot commented Jun 9, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dependabot[bot], MatousJobanek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved label Jun 9, 2026
@openshift-ci openshift-ci Bot removed the lgtm label Jun 9, 2026
@MatousJobanek

Copy link
Copy Markdown
Contributor

/lgtm

@openshift-ci openshift-ci Bot added the lgtm label Jun 9, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jun 9, 2026

Copy link
Copy Markdown

@MatousJobanek MatousJobanek merged commit c8948ee into master Jun 12, 2026
9 of 11 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/codecov/codecov-action-7 branch June 12, 2026 08:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved github_actions Pull requests that update GitHub Actions code lgtm ok-to-test

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant