fix(test): fix codecov GPG issues in container mode using github-script helpers

[Copilot]

Fixes the codecov action failing when running tests in container mode due to GPG signature verification issues from pkgxdev-installed gnupg.

Root Cause

pkgxdev/setup installs gnupg with a gpgconf.ctl file containing unexpanded environment variables like ${GNUPG_BUILD_ROOT:-/github/home/.pkgx/gnupg.org/v2.4.8}/, causing GPG operations to fail.

Changes Made

The fix modifies actions/test/action.yml to:

1. Check if dependencies exist before installing - Added a "Check and install Codecov dependencies" step using actions/github-script:

   • Uses io.which() to check if git, curl, and gpg already exist
   • Only installs via pkgxdev if dependencies are missing

2. Fix GPG configuration using GitHub Script helpers - Replaced bash script with actions/github-script:

   • Uses io.which() to locate the gpgconf binary
   • Uses io.rmRF() to remove the malformed gpgconf.ctl file
   • Uses io.mkdirP() to create GNUPGHOME directory
   • Uses fs.chmodSync() for setting proper permissions (700)

This properly fixes the pkgxdev gnupg installation issue while maintaining all codecov-action dependencies (bash, curl, git, gpg).

• Fixes fix(test): codecov is failing when running in container #355

Original prompt

---

This section details on the original issue you should resolve

<issue_title>fix(test): codecov is failing when running in container</issue_title>
<issue_description>When running tests for reusable workflow "continuous-integration" with provied container, the codecov action is failing:

gpg: invalid rootdir '${GNUPG_BUILD_ROOT:-/github/home/.pkgx/gnupg.org/v2.4.8}/' specified in gpgconf.ctl
gpg: directory '/github/home/.gnupg' created
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
==> Verifying GPG signature integrity
 -> Downloading https://cli.codecov.io/latest/linux/codecov.SHA256SUM
 -> Downloading https://cli.codecov.io/latest/linux/codecov.SHA256SUM.sig
 
gpg: invalid rootdir '${GNUPG_BUILD_ROOT:-/github/home/.pkgx/gnupg.org/v2.4.8}/' specified in gpgconf.ctl
gpg: can't open 'codecov.SHA256SUM.sig': No such file or directory
gpg: verify signatures failed: No such file or directory
==> Could not verify signature. Please contact Codecov if problem continues
sha256sum: codecov.SHA256SUM: No such file or directory
==> Could not verify SHASUM. Please contact Codecov if problem continues
==> CLI integrity verified

Example: https://github.com/hoverkraft-tech/ci-github-nodejs/actions/runs/19762218966/job/56626889360</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes fix(test): codecov is failing when running in container #355

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[github-actions]

Code Coverage Report

Coverage Results

Coverage

Metric	Covered	Total	Percentage
Lines	2	2	100.00%
Functions	1	1	100.00%

Overall: 100.00% 🟢
🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩

[neilime]

@copilot this is stupid workaround, the codecov action requiresbash, curl, git, and gpg (https://github.com/codecov/codecov-action?tab=readme-ov-file#usage), so skipping validation, will just move the issue the step after.

[Copilot]

@copilot this is stupid workaround, the codecov action requiresbash, curl, git, and gpg (https://github.com/codecov/codecov-action?tab=readme-ov-file#usage), so skipping validation, will just move the...

You're right. I've revised the fix in d248c7f. Instead of skipping validation, I now:

1. Restored gnupg.org in pkgxdev dependencies
2. Added a "Fix GPG configuration" step that removes the malformed gpgconf.ctl file (which contains unexpanded ${GNUPG_BUILD_ROOT:-...} variables)
3. Sets up the GNUPGHOME directory properly

This keeps all codecov-action dependencies (bash, curl, git, gpg) working correctly.

[neilime]

@copilot handle feedbacks