From eac39c8389959c044b0a5bc77fa822250b0ff4c3 Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Wed, 21 Feb 2024 17:32:15 -0800
Subject: [PATCH 1/2] Update GitHub Actions actions to Node 20
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Node 16 actions are deprecated.

The Codecov action upgrade introduces a new upload token requirement, which pull requests from forks (which don’t receive the secret) are exempt from according to the action’s documentation.
---
 .github/workflows/codeql-analysis.yml | 6 +++---
 .github/workflows/tests.yml           | 9 +++++----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5c094ac7c..78429f36c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -27,15 +27,15 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         queries: +security-extended,security-and-quality
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1e25cbe52..1bf9fbc4e 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -30,10 +30,10 @@ jobs:
         image: memcached:1.5-alpine
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Cache npm dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.npm
           key: cache-${{ runner.os }}-npm-${{ hashFiles('package-lock.json') }}
@@ -41,7 +41,7 @@ jobs:
             cache-${{ runner.os }}-npm-
 
       - name: Cache Poetry dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.cache/pypoetry
           key: cache-${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }}
@@ -83,6 +83,7 @@ jobs:
           .venv/bin/coverage xml
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           file: ./coverage.xml
+          token: ${{ secrets.CODECOV_TOKEN }}

From 2127edae4acf4e79bd1b093dc80cd545be58cee2 Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Thu, 16 May 2024 20:01:09 -0700
Subject: [PATCH 2/2] Revert update of Codecov action
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Codecov’s v4 action (still) doesn’t work on Alpine despite the new uploader being distributed as a latest-download “universal binary” PGP-verified (ineffectively, since it seems to run the binary even if verification fails?) by the action instead of something sane.
---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1bf9fbc4e..35136b690 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -83,7 +83,7 @@ jobs:
           .venv/bin/coverage xml
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v3
         with:
           file: ./coverage.xml
           token: ${{ secrets.CODECOV_TOKEN }}