From 9ce07801d5a62407ec523ff4a4a955cc9fea82d7 Mon Sep 17 00:00:00 2001
From: Niclas Larsson <niclas@edgesystems.se>
Date: Tue, 9 Jun 2026 19:15:15 +0200
Subject: [PATCH] ci: install codecov CLI from PyPI to avoid GPG keyserver
 flake

The uploader wrapper fetches codecov's public key from a keyserver to
verify the CLI signature; that download intermittently returns empty,
failing verification and the whole job. use_pypi routes the CLI install
through pip, which never touches the keyserver and verifies via hashes.
---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fe7b8ff..8e83dc2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -203,6 +203,7 @@ jobs:
         uses: codecov/codecov-action@v7
         with:
           fail_ci_if_error: true # we weren't posting previously
+          use_pypi: true # avoid flaky GPG keyserver verification
           flags: ${{ runner.os }}
           name: ${{ runner.os }}-coverage
           token: ${{ secrets.CODECOV_TOKEN }}