From d6c7a3b80462556291accc33e4802ffde6f87efa Mon Sep 17 00:00:00 2001
From: "Dr. Andrew Annex" <ama6fy@virginia.edu>
Date: Fri, 28 Jun 2024 14:37:07 -0700
Subject: [PATCH] switch codecov to use oidc (#484)

* switch codecov to use oidc
---
 .github/workflows/ci-build.yml                      | 12 ++++++++++++
 .github/workflows/publish-to-test-and-live-pypi.yml |  9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 3b12bb83..c73bfa7b 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -56,6 +56,9 @@ jobs:
     name: Test SpiceyPy 🌶️ 🥧
     needs: build
     runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
     strategy:
       matrix:
         os: [ubuntu-latest, macos-14, windows-latest]
@@ -121,8 +124,12 @@ jobs:
         with:
           fail_ci_if_error: false
           verbose: true
+          use_oidc: true
   test_offline_shared:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Checkout 🌶️ 🥧
         uses: actions/checkout@v4
@@ -169,8 +176,12 @@ jobs:
         with:
           fail_ci_if_error: false
           verbose: true
+          use_oidc: true
   test_offline_cspice_install:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Checkout 🌶️ 🥧
         uses: actions/checkout@v4
@@ -216,3 +227,4 @@ jobs:
         with:
           fail_ci_if_error: false
           verbose: true
+          use_oidc: true
diff --git a/.github/workflows/publish-to-test-and-live-pypi.yml b/.github/workflows/publish-to-test-and-live-pypi.yml
index bcbc5207..8909b369 100644
--- a/.github/workflows/publish-to-test-and-live-pypi.yml
+++ b/.github/workflows/publish-to-test-and-live-pypi.yml
@@ -1,5 +1,5 @@
 name: Publish Python 🐍 distributions 📦 to PyPI and TestPyPI
-
+ 
 on:
   pull_request: 
   push:
@@ -12,6 +12,9 @@ jobs:
   build_sdist:
     name: Make SpiceyPy 🌶️ 🥧 Python 🐍 source distribution
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Checkout 🌶️ 🥧
         uses: actions/checkout@v4
@@ -39,6 +42,7 @@ jobs:
         with:
           fail_ci_if_error: false
           verbose: true
+          use_oidc: true
       - name: Check dists
         run: |
           twine check dist/*
@@ -130,6 +134,9 @@ jobs:
     name: Publish SpiceyPy 🌶️ 🥧 Python 🐍 distributions 📦 to PyPI and TestPyPI
     needs: [build_wheels, build_sdist]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/download-artifact@v4
         with: