Bump CI actions versions

[JamesWrigley]

I noticed that some of the CI actions versions were out of date so I took the liberty of updating them.

I think an admin will need to add a CODECOV_TOKEN secret to the repo before this is merged because tokenless uploading is unsupported now: https://github.com/codecov/codecov-action?tab=readme-ov-file#breaking-changes
That might be why the last commit shown on codecov is from 5 months ago: https://app.codecov.io/gh/JuliaLang/Downloads.jl/commits

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.68%. Comparing base (05f9ec2) to head (eae0eef).
Report is 6 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #252      +/-   ##
==========================================
+ Coverage   89.70%   90.68%   +0.97%     
==========================================
  Files           5        5              
  Lines         583      612      +29     
==========================================
+ Hits          523      555      +32     
+ Misses         60       57       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[StefanKarpinski]

@DilumAluthge or @staticfloat, either of you know where to get a CODECOV_TOKEN secret?

[giordano]

https://app.codecov.io/account/gh/JuliaLang/org-upload-token (need to be an admin of the github org). It can be added to org secrets, so that not every repo needs to add it.

[DilumAluthge]

I can do this later tonight. I'll do it organization-wide.

[DilumAluthge]

I now remember that I already did this organization-wide for the JuliaLang repo. We should be good to go. Let me re-trigger CI, and then let's check the logs and make sure that the Codecov upload worked.

[giordano]

Since this PR was opened from a fork, the token is irrelevant, since codecov will always do the tokenless upload

[giordano]

It's probably just me, but I hate failing CI when codecov is broken.

[DilumAluthge]

Could we set this to false if the PR is from a fork, and true if the PR is not from a fork?

The Codecov upload should be pretty reliable on non-fork PRs, because we use our CODECOV_TOKEN secret in that case.

[giordano]

It's not about the token being available, but in my experience codecov sometimes fails randomly because it isn't particularly reliable (and they have a track record as a company of mess-ups, remember https://about.codecov.io/security-update/?)

[DilumAluthge]

🤦

You are correct.

[DilumAluthge]

So we can just merge this as soon as CI is done.

[DilumAluthge]

The CODECOV_TOKEN and the Codecov upload are working correctly, see e.g. https://github.com/JuliaLang/Downloads.jl/actions/runs/11225825897/job/31205214404