From 76d01fce5cf704af6a7aa116cb85cf79f875229b Mon Sep 17 00:00:00 2001
From: Tom Hu <thomas.hu@sentry.io>
Date: Wed, 20 Nov 2024 18:45:35 -0500
Subject: [PATCH 1/3] fix: test tokenless

---
 .github/workflows/ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5e42465a..5b711bfc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,5 @@
 name: Workflow for Codecov example-python
-on: [push, pull_request]
+on: [push, pull_request, pull_request_target]
 jobs:
   run:
     runs-on: ubuntu-latest
@@ -15,9 +15,9 @@ jobs:
       - name: Install dependencies
         run: pip install -r requirements.txt
       - name: Run tests and collect coverage
-        run: pytest --cov app ${{ env.CODECOV_ATS_TESTS }}
+        run: pytest --cov app
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@th/fix-head-repo-for-tokenless
         with:
           verbose: true
         env:

From 195747d77b39018107588a9c5bb3a56bfff68ab0 Mon Sep 17 00:00:00 2001
From: Tom Hu <thomas.hu@sentry.io>
Date: Wed, 20 Nov 2024 18:46:46 -0500
Subject: [PATCH 2/3] fix: test it all

---
 .github/workflows/ci.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5b711bfc..45685b49 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,8 @@
 name: Workflow for Codecov example-python
 on: [push, pull_request, pull_request_target]
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read
 jobs:
   run:
     runs-on: ubuntu-latest
@@ -16,9 +19,18 @@ jobs:
         run: pip install -r requirements.txt
       - name: Run tests and collect coverage
         run: pytest --cov app
-      - name: Upload coverage to Codecov
+      - name: Upload coverage to Codecov (token)
         uses: codecov/codecov-action@th/fix-head-repo-for-tokenless
         with:
           verbose: true
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      - name: Upload coverage to Codecov (oidc)
+        uses: codecov/codecov-action@th/fix-head-repo-for-tokenless
+        with:
+          verbose: true
+          use_oidc: true
+      - name: Upload coverage to Codecov (no token)
+        uses: codecov/codecov-action@th/fix-head-repo-for-tokenless
+        with:
+          verbose: true

From b0d6d326d67d7df82aad348e9b1db251e7f707a9 Mon Sep 17 00:00:00 2001
From: Tom Hu <thomas.hu@sentry.io>
Date: Wed, 20 Nov 2024 18:50:39 -0500
Subject: [PATCH 3/3] fix: oidc wont work

---
 .github/workflows/ci.yml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 45685b49..d9c8d31d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,3 +1,4 @@
+---
 name: Workflow for Codecov example-python
 on: [push, pull_request, pull_request_target]
 permissions:
@@ -25,11 +26,6 @@ jobs:
           verbose: true
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      - name: Upload coverage to Codecov (oidc)
-        uses: codecov/codecov-action@th/fix-head-repo-for-tokenless
-        with:
-          verbose: true
-          use_oidc: true
       - name: Upload coverage to Codecov (no token)
         uses: codecov/codecov-action@th/fix-head-repo-for-tokenless
         with: