fix: update codecov-action to v6.0.2 for GPG key fix

[ompushkara]

PR Summary by Qodo

Update Codecov GitHub Action pin to v6.0.2 (GPG key fix)
⚙️ Configuration changes 🕐 Less than 5 minutes

Walkthroughs

User Description

Summary

Checklist

• All commits are signed-off, using DCO
• All new code has docstrings and type annotations
• All new code is covered by tests. Aim for at least 90% coverage. CI is configured to highlight lines not covered by tests.
• Public facing changes are paired with documentation changes
• Release note has been added to CHANGELOG.md if needed

AI Description

• Bump pinned Codecov GitHub Action to v6.0.2 to pick up GPG key fix.
• Keep coverage upload behavior unchanged (still only on Ubuntu + Python 3.12).

Diagram

graph TD
  A["Unit tests workflow"] --> B["Codecov action v6.0.2"] --> C{{"Codecov service"}}

Loading

High-Level Assessment

The following are alternative approaches to this PR:

1. Pin by version tag (e.g., codecov/codecov-action@v6.0.2)

• ➕ Easier to read/maintain than raw commit SHA
• ➕ Simplifies future patch updates
• ➖ Less supply-chain strict than a full SHA pin
• ➖ Tag retargeting risk (even if unlikely)

2. Keep SHA pinning, add Dependabot updates for GitHub Actions

• ➕ Retains strongest pinning while automating update PRs
• ➕ Reduces time-to-patch for action security fixes
• ➖ Adds ongoing PR noise without careful scheduling/grouping

Recommendation: The current approach (updating the pinned SHA to the v6.0.2 commit) is appropriate for supply-chain safety while picking up the upstream GPG key fix. Consider adding Dependabot for GitHub Actions if you want to ensure timely future action security updates without manual tracking.

File Changes

Other (1)

unit_tests.yml Bump Codecov action pin to v6.0.2 +1/-1

Bump Codecov action pin to v6.0.2

• Updates the workflow step that uploads coverage to Codecov to use the v6.0.2 pinned commit SHA (instead of the prior v6 SHA) to incorporate the upstream GPG key fix. Execution conditions and inputs remain the same.

.github/workflows/unit_tests.yml

---

[qodo-for-securesign]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.70%. Comparing base (ae71693) to head (08c3ab9).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #79   +/-   ##
=======================================
  Coverage   79.70%   79.70%           
=======================================
  Files          21       21           
  Lines        1922     1922           
=======================================
  Hits         1532     1532           
  Misses        390      390           

Flag	Coverage Δ
unit	79.70% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.