Skip to content

Bump codecov/codecov-action from 5 to 6#89

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/codecov/codecov-action-6
Open

Bump codecov/codecov-action from 5 to 6#89
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/codecov/codecov-action-6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Copy link
Copy Markdown

Bumps codecov/codecov-action from 5 to 6.

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

v5.5.1

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump codecov/codecov-action from 5 to 6
d5f8aa4 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v5...v6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 20, 2026
@RobotSail

RobotSail commented Apr 28, 2026

Copy link
Copy Markdown
Collaborator

@claude-code why is this failing?

@claude

claude Bot commented Apr 28, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Claude finished @RobotSail's task in 51s —— View job

CI Failure Analysis

  • Check CI status and identify failing jobs
  • Analyze failure logs
  • Provide explanation

The "Test with Coverage" job is failing at the "Upload coverage results to Codecov" step. All actual tests pass fine.

Root Cause

The Codecov upload is returning an HTTP 400 error:

Token required because branch is protected

The CODECOV_TOKEN secret is not available to this Dependabot PR. GitHub Actions does not expose repository secrets to PRs opened by Dependabot by default (this is a security measure). The workflow references ${{ secrets.CODECOV_TOKEN }} at line 124 of pr-tests.yml, but that secret resolves to an empty string for Dependabot PRs. Combined with fail_ci_if_error: true (line 126), the upload failure causes the job to fail, which cascades to the "All Required Tests Passed" gate job.

The codecov/codecov-action v5 to v6 bump itself is fine — the failure would happen on v5 too since it's a secrets/permissions issue, not a version issue.

Options to Resolve

  1. Merge as-is — The actual tests all pass. You can manually merge, trusting that the codecov upload will work on main where the secret is available.
  2. Add fail_ci_if_error: false — Change line 126 to make codecov upload failures non-blocking, so Dependabot PRs aren't gated on it. This is the most common fix for this class of issue.
  3. Grant Dependabot access to secrets — In repo Settings > Secrets and variables > Actions, you can enable "Make secrets available to Dependabot" for CODECOV_TOKEN.
    | Failing job log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RobotSail