Skip to content

ci(coverage): bump codecov-action v5 -> v7 for Keybase GPG key migration#412

Merged
mfaferek93 merged 1 commit into
mainfrom
fix/codecov-action-v7-keybase-migration
Jun 8, 2026
Merged

ci(coverage): bump codecov-action v5 -> v7 for Keybase GPG key migration#412
mfaferek93 merged 1 commit into
mainfrom
fix/codecov-action-v7-keybase-migration

Conversation

@bburda

@bburda bburda commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

The coverage job has failed on every push to main since June 7 at the Upload coverage to Codecov step:

gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
==> Verifying GPG signature integrity
gpg: Can't check signature: No public key
==> Could not verify signature. Please contact Codecov if problem continues
    Exiting...

Codecov migrated the Keybase account that hosts the uploader's GPG public key. codecov/codecov-action@v5 fetches that key from the pre-migration path, receives non-OpenPGP data, so the key import yields 0 keys and the subsequent signature check of the downloaded CLI fails. Because the step runs with fail_ci_if_error: true, the whole coverage job goes red. All tests pass and the HTML coverage artifact uploads fine - only the third-party uploader's GPG self-verification breaks.

Upstream released codecov-action@v7.0.0 specifically to fix the migrated key path (see codecov/codecov-action#1956, #1955). This bumps @v5 -> @v7. GPG verification and fail_ci_if_error: true stay enabled - no validation is skipped.

Issue

N/A - one-line CI hotfix for an upstream tooling breakage.

Type

  • Bug fix
  • New feature or tests
  • Breaking change
  • Documentation only

Testing

The Codecov step is gated to push on main, so PR CI does not exercise it; it runs on the first push to main after merge. Change is config-only (action major-version bump); the rest of CI validates the workflow parses and runs.

Checklist

  • Breaking changes are clearly described (and announced in docs / changelog if needed)
  • Tests were added or updated if needed
  • Docs were updated if behavior or public API changed

@bburda
ci(coverage): bump codecov-action v5 -> v7 for Keybase GPG key migration
1b65913 
Codecov migrated the Keybase account hosting the uploader's GPG public
key. With codecov-action@v5 the wrapper fetches that key from the old
path, gets non-OpenPGP data, and the upload step fails verification with
"gpg: no valid OpenPGP data found" / "Can't check signature: No public
key", breaking the coverage job on every push to main.

v7.0.0 points the uploader at the migrated key and restores coverage
uploads. GPG verification and fail_ci_if_error stay enabled.
Copilot AI review requested due to automatic review settings June 8, 2026 12:16
Copilot AI reviewed Jun 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the CI coverage workflow to use a newer Codecov GitHub Action version to address a GPG public key migration issue that caused the “Upload coverage to Codecov” step to fail on main.

Changes:

  • Bump codecov/codecov-action from v5 to v7 in the coverage job.

@mfaferek93 mfaferek93 self-requested a review June 8, 2026 13:12
@mfaferek93 mfaferek93 merged commit a0162ad into main Jun 8, 2026
13 checks passed
@bburda bburda deleted the fix/codecov-action-v7-keybase-migration branch June 8, 2026 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mfaferek93 mfaferek93 mfaferek93 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bburda @mfaferek93