diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ef0a765f..9fca7291 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,7 +43,9 @@ jobs: tox -e py311 - name: Submit code coverage data run: | - curl https://keybase.io/codecovsecurity/pgp_keys.asc | gpg --no-default-keyring --keyring trustedkeys.gpg --import + # Codecov's keybase.io identity was removed; fetch the uploader signing key + # (fingerprint 27034E7FDB850E0BBC2C62FF806BB28AED779869) from a keyserver instead. + curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x27034E7FDB850E0BBC2C62FF806BB28AED779869" | gpg --no-default-keyring --keyring trustedkeys.gpg --import curl -Os https://uploader.codecov.io/latest/linux/codecov curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM curl -Os https://uploader.codecov.io/latest/linux/codecov.SHA256SUM.sig