From 3cfa40360ad922e73b8ce90e8f9feef1fe4d2023 Mon Sep 17 00:00:00 2001
From: Ben Manes <ben.manes@gmail.com>
Date: Sun, 22 Sep 2024 02:56:41 -0700
Subject: [PATCH] use github action to avoid downloadThenRun scorecard warning

---
 .github/workflows/build.yml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 45c335d7c4..7e28c4b67d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -263,13 +263,12 @@ jobs:
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
         continue-on-error: true
       - name: Publish to DeepSource
-        env:
-          DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
+        uses: deepsourcelabs/test-coverage-action@e02a039827236fa21a95866e7cd0b1c52ca61e76 # v1.1.2
         continue-on-error: true
-        run: |
-          curl https://deepsource.io/cli | sh
-          ./bin/deepsource report --analyzer test-coverage --key java \
-            --value-file ./build/reports/jacoco/jacocoFullReport/jacocoFullReport.xml
+        with:
+          key: java
+          dsn: ${{ secrets.DEEPSOURCE_DSN }}
+          coverage-file: ./build/reports/jacoco/jacocoFullReport/jacocoFullReport.xml
       - name: Publish to SonarQube
         uses: ./.github/actions/run-gradle
         env: