CI: use OIDC for CodeCov

pjonsson · pjonsson · commit fd4fdfc2848a · 2025-08-12T07:14:00.000+02:00
This uses a short-lived token
which is better for security.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -69,6 +69,8 @@ jobs:
 
   test-wheels:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     container:
       image: ${{ env.DOCKER_IMAGE }}:latest
       credentials:
@@ -154,6 +156,6 @@ jobs:
 
         uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
         with:
-          token: ${{ secrets.CODECOV_TOKEN }}
+          use_oidc: true
           fail_ci_if_error: false
           verbose: false
