chore(deps): bump codecov/codecov-action from 4 to 5 #486

	name: build

	on:
	push:
	branches:
	- "main"
	tags:
	- "v*"
	pull_request:

	jobs:
	govulncheck:
	uses: caarlos0/meta/.github/workflows/govulncheck.yml@main
	semgrep:
	uses: caarlos0/meta/.github/workflows/semgrep.yml@main
	ruleguard:
	uses: caarlos0/meta/.github/workflows/ruleguard.yml@main
	build:
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest, windows-latest]
	go-version: [1.18, oldstable, stable]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-go@v5
	with:
	go-version: ${{ matrix.go-version }}
	- run: make setup ci
	- uses: codecov/codecov-action@v5
	if: matrix.os == 'ubuntu-latest' && matrix.go-version == 'stable'
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	file: ./coverage.txt
	- uses: goreleaser/goreleaser-action@v6
	if: success() && startsWith(github.ref, 'refs/tags/') && matrix.os == 'ubuntu-latest' && matrix.go-version == 'stable' # editorconfig-checker-disable-line
	with:
	version: latest
	distribution: goreleaser-pro
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
	dependabot:
	needs: [build]
	runs-on: ubuntu-latest
	permissions:
	pull-requests: write
	contents: write
	if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
	steps:
	- id: metadata
	uses: dependabot/fetch-metadata@v2
	with:
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	- run: \|
	gh pr review --approve "$PR_URL"
	gh pr merge --squash --auto "$PR_URL"
	env:
	PR_URL: ${{github.event.pull_request.html_url}}
	GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

Provide feedback