From b3a69f9726d070991c51caf014f16e63f98abe86 Mon Sep 17 00:00:00 2001
From: Angad Misra <angaddd@amazon.com>
Date: Tue, 30 Sep 2025 11:13:04 -0700
Subject: [PATCH] fix: use OIDC for Codecov

---
 .github/workflows/maven.yml | 40 ++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 13dd4db..871cf8b 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -5,28 +5,32 @@ name: Java CI with Maven
 
 on:
   push:
-    branches: [ "master", "v2" ]
+    branches: ["master", "v2"]
   pull_request:
-    branches: [ "master", "v2" ]
+    branches: ["master", "v2"]
+
+permissions:
+  contents: read
+  id-token: write
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v5
-    - name: Set up JDK 21
-      uses: actions/setup-java@v5
-      with:
-        java-version: '21'
-        distribution: 'corretto'
-        cache: maven
-    - name: Maven version
-      run: mvn --version
-    - name: Build with Maven
-      run: mvn clean package
-    - name: Codecov
-      uses: codecov/codecov-action@v5
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
+      - uses: actions/checkout@v5
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          java-version: "21"
+          distribution: "corretto"
+          cache: maven
+      - name: Maven version
+        run: mvn --version
+      - name: Build with Maven
+        run: mvn clean package
+      - name: Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          fail_ci_if_error: true
+          use_oidc: true