From 29eb4eedab85e5e9db0267a3887d72934d6de7d2 Mon Sep 17 00:00:00 2001
From: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Date: Sun, 17 Oct 2021 18:43:14 +0100
Subject: [PATCH] Use new CodeCov uploader (#2447)

Per https://about.codecov.io/blog/introducing-codecovs-new-uploader/ the Bash uploader has been deprecated.
The Bash uploader will randomly stop working, meaning we won't be able to inspect our code coverage reports.

Instead, we should be using the new uploader.
We should also check its integrity to avoid a repeat of the security vulnerability in the Bash uploader.
---
 .github/workflows/ci.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 736a30cb93..4c1bdba165 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -64,7 +64,18 @@ jobs:
     - name: 7. Upload coverage report
       run: |
         ./gradlew coverageReport -s --scan && cp build/reports/jacoco/mockitoCoverage/mockitoCoverage.xml jacoco.xml
-        bash <(curl -s https://codecov.io/bash)
+        curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import # One-time step
+
+        curl -Os https://uploader.codecov.io/latest/linux/codecov
+        curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
+        curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig
+
+        gpgv codecov.SHA256SUM.sig codecov.SHA256SUM
+        shasum -a 256 -c codecov.SHA256SUM
+
+        chmod +x codecov
+        ./codecov
+
 
   #
   # Release job, only for pushes to the main development branch