chore(ci): bump codecov-action from v2 to v5

[ruflin]

Summary

codecov/codecov-action@v2 is several majors behind the current v5.5.x
line. Bump to v5 and align with the new input contract:

• Pass token from the CODECOV_TOKEN secret (still works for the
  tokenless fallback if no secret is configured).
• Set fail_ci_if_error: false so a flaky upload does not block the
  build.
• Conditionally enable use_oidc to work around the
  v5.4.1 regression
  that breaks OIDC token requests on fork pull requests.

Identified during a P0/P1 code-review pass.

Test plan

• Run the workflow once on this PR; confirm coverage upload succeeds.
• Validate YAML.

Summary by CodeRabbit

• Chores
  • Enhanced continuous integration workflow with upgraded code coverage tracking, improved error handling, and better security integration for more reliable builds

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 01164aa4-9de7-4c2d-848c-2762be99697e

📥 Commits

Reviewing files that changed from the base of the PR and between d0c0d60 and 885f12e.

📒 Files selected for processing (2)

• .github/workflows/continuous-integration.yaml
• CHANGELOG.md

---

📝 Walkthrough

Walkthrough

The Codecov GitHub Action in the CI workflow was upgraded from v2 to v5 with updated configuration parameters including explicit coverage file paths, token handling, failure tolerance, and conditional OIDC support. This change was documented in the changelog.

Changes

Cohort / File(s)	Summary
CI/CD Workflow Configuration .github/workflows/continuous-integration.yaml	Updated Codecov action from v2 to v5 with explicit unit and functional coverage XML file paths, added CODECOV_TOKEN secret, set fail_ci_if_error: false, and conditionally enabled use_oidc except for forked pull requests.
Documentation CHANGELOG.md	Added changelog entry documenting the Codecov action upgrade and its v5 input contract fields including token, fail_ci_if_error: false, and conditional use_oidc.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Hop, hop, the CI takes flight,
Codecov's v5 shines so bright,
OIDC hopping, tokens gleam,
Coverage flows like a carrot dream! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: updating the codecov-action GitHub Action from v2 to v5. It is concise, directly related to the primary objective of the PR, and provides meaningful context for scanning commit history.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-codecov-action

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 1/8 review remaining, refill in 46 minutes and 11 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates the CI workflow to use the current Codecov GitHub Action major version and adapts configuration to the v5 input contract to keep coverage uploads working reliably.

Changes:

• Bumped codecov/codecov-action from v2 to v5 in the CI workflow.
• Added v5-specific inputs (token, fail_ci_if_error: false) and a conditional use_oidc setting to avoid fork PR OIDC issues.
• Documented the change in CHANGELOG.md.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
CHANGELOG.md	Notes the Codecov action bump and related input changes under Unreleased.
.github/workflows/continuous-integration.yaml	Switches to codecov/codecov-action@v5 and updates inputs, including conditional OIDC behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

uses: entries in this workflow are consistently quoted (e.g., 'actions/checkout@v4', 'shivammathur/setup-php@v2'). For consistency (and to avoid YAML edge cases with @), quote codecov/codecov-action@v5 as well.

Suggested change

	uses: codecov/codecov-action@v5
	uses: 'codecov/codecov-action@v5'

[Copilot]

This changelog’s bullet entries in the surrounding section don’t end with periods; this new entry does. Consider removing the trailing period for consistency.

Suggested change

	* Bumped `codecov/codecov-action` from `v2` to `v5` and aligned it with the v5 input contract (`token`, `fail_ci_if_error: false`, conditional `use_oidc`).
	* Bumped `codecov/codecov-action` from `v2` to `v5` and aligned it with the v5 input contract (`token`, `fail_ci_if_error: false`, conditional `use_oidc`)