move codecov from token to oidc

[bckohan]

No description provided.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Moves Codecov uploads in CI from using a repository secret token to GitHub OIDC, and updates the release workflow to support the new auth mechanism.

Changes:

• Remove CODECOV_TOKEN secret wiring from the reusable test.yml workflow and its callers
• Enable OIDC for the Codecov upload step and grant id-token: write permission to the coverage job
• Adjust release workflow behavior by removing the --prerelease flag from GitHub Release creation

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/test.yml	Switch Codecov upload from token auth to OIDC and update permissions accordingly
.github/workflows/release.yml	Stop passing Codecov token into reusable workflow; add OIDC permission; change release creation flags

Comments suppressed due to low confidence (1)

.github/workflows/test.yml:1

• With the move to use_oidc: true, the workflow now depends on Codecov’s OIDC configuration (and the expected OIDC claims) rather than a token. Consider adding a short inline comment near this step linking to the repo’s Codecov OIDC setup requirements (or internal docs) so future maintainers know what must be configured in Codecov for uploads to succeed.

name: Test

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.