ci: update codecov action

[Pouyanpi]

Description

Updates the Codecov GitHub Action from v5 to v7 in the reusable test workflow.

The Python 3.11 PR test leg is the only matrix entry that uploads coverage, and it failed after tests passed because Codecov could not verify the downloaded CLI signature:

• Failing job: https://github.com/NVIDIA-NeMo/Guardrails/actions/runs/27142627876/job/80111644388?pr=2007

• Codecov v7 release note says the wrapper now fetches the uploader PGP verification key from the codecovsecops Keybase account: https://github.com/codecov/codecov-action

  Related Iss

Summary by CodeRabbit

• Chores
  • Updated the code coverage reporting tool to a newer version in the CI/CD workflow.

[greptile-apps]

Greptile Summary

This PR bumps the codecov/codecov-action reference in the reusable test workflow from v5 to v7, fixing a CI failure where the Codecov CLI uploader's PGP signature could not be verified during the Python 3.11 coverage upload step.

• The single-line change (@v5 → @v7) resolves the upstream signature-verification breakage described in the PR; no other inputs, secrets, or workflow logic were modified.
• The action is still pinned to a floating major-version tag (same convention as the rest of the workflow), which is consistent with the existing posture for actions/checkout, actions/setup-python, and actions/cache.

Confidence Score: 5/5

This is a safe one-line CI dependency bump with no changes to test logic, secrets handling, or workflow inputs.

The only change is upgrading the Codecov action version tag to unblock a broken CI step caused by an upstream PGP signature issue. All other workflow steps, inputs, and secrets remain unchanged, and the new version is the current stable release of the action.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/_test.yml	Bumps codecov/codecov-action from v5 to v7 to resolve a CI signature-verification failure; no other logic changed.

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions Runner
    participant Tests as pytest (make test-coverage)
    participant Codecov as codecov/codecov-action@v7
    participant CC as Codecov Server

    GHA->>Tests: Run pytest with coverage (if with-coverage)
    Tests-->>GHA: coverage.xml + reports generated

    GHA->>Codecov: Upload coverage (token, files, flags)
    Codecov->>Codecov: Fetch uploader binary + verify PGP sig (Keybase/codecovsecops)
    Codecov->>CC: Upload coverage.xml
    CC-->>GHA: Upload acknowledged

Loading

_{Reviews (1): Last reviewed commit: "ci: update codecov action" | Re-trigger Greptile}

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

The test workflow's Codecov upload step version is bumped from codecov/codecov-action@v5 to codecov/codecov-action@v7. All other upload configuration including coverage directory, files, flags, token, and failure behavior remain unchanged.

Changes

CI Workflow Update

Layer / File(s)	Summary
Codecov action version bump .github/workflows/_test.yml	The Codecov upload action is updated from v5 to v7 while maintaining all other configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: update codecov action' accurately and concisely summarizes the main change: upgrading the Codecov GitHub Action from v5 to v7 in the CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Test Results For Major Changes	✅ Passed	This is a minor change (single-line Codecov action version bump in CI workflow); no test results required per custom check instructions for minor changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/codecov-action-v7

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}