Commit 0082d13
ci: bump codecov-action v5.5.4 -> v5.5.5 (keybase key-migration fix)
The coverage lane's only failure was the Codecov CLI's GPG signature-integrity
check:
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: Can't check signature: No public key
==> Could not verify signature.
This is Codecov's own keybase key-migration breakage, not a libhttpserver
problem: the `codecovsecurity` keybase account was deleted, so v5.5.4's key
fetch imports zero keys and can't verify the downloaded CLI. codecov-action
v5.5.5 is a pure patch that "only contains the keybase.io change" (upstream
issue #1956) — it points the key fetch at the new `codecovsecops` account with
the original GPG key. Re-pin to the v5.5.5 commit SHA
(0fb7174895f61a3b6b78fc075e0cd60383518dac); stays on the v5 line (no behavioral
change beyond the key source) and keeps signature verification ON.
fail_ci_if_error: true is unchanged, so real upload errors still hard-fail
(TASK-090); the workflow-pinning structural gate (40-hex SHA + fail_ci_if_error)
stays green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NpysYDDJac63yz2mZKKiDf1 parent 47c3747 commit 0082d13
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1456 | 1456 | | |
1457 | 1457 | | |
1458 | 1458 | | |
1459 | | - | |
| 1459 | + | |
1460 | 1460 | | |
1461 | 1461 | | |
1462 | 1462 | | |
| |||
0 commit comments