Skip to content

Commit 0082d13

Browse files
etrclaude
andcommitted
ci: bump codecov-action v5.5.4 -> v5.5.5 (keybase key-migration fix)
The coverage lane's only failure was the Codecov CLI's GPG signature-integrity check: gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: Can't check signature: No public key ==> Could not verify signature. This is Codecov's own keybase key-migration breakage, not a libhttpserver problem: the `codecovsecurity` keybase account was deleted, so v5.5.4's key fetch imports zero keys and can't verify the downloaded CLI. codecov-action v5.5.5 is a pure patch that "only contains the keybase.io change" (upstream issue #1956) — it points the key fetch at the new `codecovsecops` account with the original GPG key. Re-pin to the v5.5.5 commit SHA (0fb7174895f61a3b6b78fc075e0cd60383518dac); stays on the v5 line (no behavioral change beyond the key source) and keeps signature verification ON. fail_ci_if_error: true is unchanged, so real upload errors still hard-fail (TASK-090); the workflow-pinning structural gate (40-hex SHA + fail_ci_if_error) stays green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01NpysYDDJac63yz2mZKKiDf
1 parent 47c3747 commit 0082d13

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/verify-build.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1456,7 +1456,7 @@ jobs:
14561456
if: ${{ matrix.os-type == 'ubuntu' && matrix.c-compiler == 'gcc' && matrix.debug == 'debug' && matrix.coverage == 'coverage' && success() }}
14571457

14581458
- name: Upload coverage to Codecov
1459-
uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4
1459+
uses: codecov/codecov-action@0fb7174895f61a3b6b78fc075e0cd60383518dac # v5.5.5
14601460
with:
14611461
token: ${{ secrets.CODECOV_TOKEN }}
14621462
files: build/coverage.xml

0 commit comments

Comments
 (0)