Open vitalijr2 opened 1 month ago
Internal ticket created : TCE-969
There is strange behavior of the action:
PR Bump mockito.version from 5.11.0 to 5.12.0:
secrets
option but reverted changed backLooks like I have found solution.
First I used versions from Codacy action and Codacy documentation:
...
uses: codacy/codacy-analysis-cli-action@3ff...4f93
...
uses: codacy/codacy-coverage-reporter-action@v1
...
The dependency bot sometimes updated codacy-analysis-cli-action but never updated codacy-coverage-reporter-action.
When I dealt with this issue, I noticed that the version of codacy-coverage-reporter-action is very old. Then I decided to update both versions manually. And now the issue is no longer observed in all four repositories where it was before.
my current Codacy workflow looks like:
name: "Codacy"
on:
push:
branches: [ "**" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "**" ]
jobs:
build:
name: Maven build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Java JDK
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Build with Maven
run: ./mvnw --batch-mode
- name: Temporarily save target and test requests
uses: actions/upload-artifact@master
with:
name: tests-and-target
path: |
target
retention-days: 1
codacy-security-scan:
name: Codacy Security Scan
needs: build
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@v4.4.1
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
gh-code-scanning-compat: true
max-allowed-issues: 2147483647
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
codacy-coverage-reporter:
name: Codacy Coverage Reporter
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Retrieve saved test requests and target
uses: actions/download-artifact@master
with:
name: tests-and-target
path: target
- name: Run Codacy Coverage Reporter
uses: codacy/codacy-coverage-reporter-action@v1.3.0
with:
coverage-reports: target/site/jacoco/jacoco.xml
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
Is it still working for you?
Last Sunday I met this issue on my ijhttp-tools repo, see PRs 1, 2, 3.
Then I update the development branch (base for these PRs): changed versions both codacy/codacy-analysis-cli-action and codacy/codacy-coverage-reporter-action to v4.4.1
and v1.3.0
respectively. Then merged changes back to branches - all workflows done well.
I will not close the PR yet - maybe it will be useful for you.
Maybe one picture better then 1000 words :)
I was wrong: it happend again. And again. Even with updated versions for both actions: coverage and security check.
Codacy Coverage Reporter is failed on missed API token https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472577/job/26281254400?pr=30 https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472459/job/26281254992?pr=30
But some other Codacy actions can find it! https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472577/job/26281254484?pr=30 https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472459/job/26281255094?pr=30 https://github.com/vitalijr2/aws-lambda-slf4j/pull/30/checks?check_run_id=26281290537 https://github.com/vitalijr2/aws-lambda-slf4j/pull/30/checks?check_run_id=26281290518 etc.
Also Codacy Static Code Analysis fails https://github.com/vitalijr2/aws-lambda-slf4j/pull/30/checks?check_run_id=26281275633 but Codacy says nothing what is happend https://app.codacy.com/gh/vitalijr2/aws-lambda-slf4j/pull-requests/30 and logs are empty
Now I have three PR from dependency bot https://github.com/vitalijr2/aws-lambda-slf4j/pull/30 https://github.com/vitalijr2/aws-lambda-slf4j/pull/29 https://github.com/vitalijr2/aws-lambda-slf4j/pull/28 and all of them are failed because of Codacy Coverage Reporter (that says he could not find project API token) and Codacy Static Code Analysis (that says nothing)
Another two cases, same issues with reporter and static code analyser https://github.com/vitalijr2/ijhttp-tools/pull/32 https://github.com/vitalijr2/ijhttp-tools/pull/31
Uhhh, looks like it GitHub feature especially for dependebot:
When a Dependabot event triggers a workflow, the only secrets available to the workflow are Dependabot secrets. See:
I have copied the CODACY_PROJECT_TOKEN Settings => Secrets and variables => Dependabot secrets then re-run coverage jobs and all are green. The static code analyser's issue still exists.
Uhhh, looks like it GitHub feature especially for dependebot:
When a Dependabot event triggers a workflow, the only secrets available to the workflow are Dependabot secrets. See:
* [Dependabot triggered Actions cant access secrets or use a writable token](https://github.com/dependabot/dependabot-core/issues/3253) * [Automating Dependabot with GitHub Actions: Accessing secrets](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#accessing-secrets)
I have copied the CODACY_PROJECT_TOKEN Settings => Secrets and variables => Dependabot secrets then re-run coverage jobs and all are green. The static code analyser's issue still exists.
Oh, THIS makes sense.
I am using Codacy actions for many my projects, but since March I have met the issue of Coverate Reporter.
It says that cannot find project token while other Codacy's action work well.
The issue
Action source is here https://github.com/vitalijr2/tidy-chat/blob/main/.github/workflows/codacy.yml
Related issue: TCE-897 Pull-Request from contributors can't find CODACY_PROJECT_TOKEN