Closed jmgrady closed 7 months ago
Same here, Codecov still states this is not required for public projects, but bumping to v4
fails to publish it
Same here https://github.com/cakephp/localized/actions/runs/7790301113 Used to work fine with v3
I'm getting this as well.
I believe this is due to this incident. @dereuromark are you still getting the issue?
Yes, reran the workflow just now, same thing https://github.com/cakephp/localized/actions/runs/7806912790
Same issue here, using codecov v4 and a PR from a fork: https://github.com/lab-cosmo/metatensor/actions/runs/7817731428/job/21326326361
EDIT: seems fixed after a restart, might have been transient. Here is the old log for reference:
==> Uploader SHASUM verified (103bfefcc56f76473179e600b96eb8150b0f349ad94836b0f63f03ffac469ad7 codecov)
info - 2024-02-07 16:21:44,309 -- ci service found: github-actions
info - 2024-02-07 16:21:44,504 -- The PR is happening in a forked repo. Using tokenless upload.
info - 2024-02-07 16:21:44,733 -- Process Commit creating complete
error - 2024-02-07 16:21:44,733 -- Commit creating failed: {"error": "Server Error (500)"}
Traceback (most recent call last):
File "codecov_cli/main.py", line 81, in <module>
File "codecov_cli/main.py", line 77, in run
File "click/core.py", line 1157, in __call__
File "click/core.py", line 1078, in main
File "click/core.py", line 1688, in invoke
File "click/core.py", line 1434, in invoke
File "click/core.py", line 783, in invoke
File "click/decorators.py", line 33, in new_func
File "codecov_cli/commands/commit.py", line 64, in create_commit
File "codecov_cli/services/commit/__init__.py", line 39, in create_commit_logic
File "codecov_cli/helpers/request.py", line 133, in log_warnings_and_errors_if_any
NameError: name 'exit' is not defined
[4757] Failed to execute script 'main' due to unhandled exception!
Error: Codecov: Failed to properly create commit: The process '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov' failed with exit code 1
@dereuromark you need to add the Codecov token
Error: Codecov token not found. Please provide Codecov token with -t flag.
Instructions to do so are here
Getting the same server error on all my repos
Example: https://github.com/gdalle/DifferentiationInterface.jl/actions/runs/7818651755/job/21329350528
you need to add the Codecov token
We never had to enter any tokens for the last decade. Since those are all open source repos. And I sure dont want to add them for 30+ repos I manage.. There must be a better way.
Note that v3 is working just fine I would expect https://github.com/cakephp/localized/commit/d8125f33e8be931df2951e7e71b4729f30a10141 to be the only change needed to continue working with v4.
And I sure dont want to add them for 30+ repos I manage.. There must be a better way.
Remember that secrets are not passed to workflow triggered by PR from fork.
Remember that secrets are not passed to workflow triggered by PR from fork.
Both PR and main branch CI worked so far with v3 afaik
Yes. I point a problem with v4. Where token will not help for typical OSS.
Hi @Czaki @dereuromark something I'd like to clarify here
On requiring a token This is primarily a performance need. Codecov works by making an API call to GitHub to confirm that the repo and commit are the correct values. Making this call for thousands of repositories causes our GitHub token to hit the limit causing the issues that many of you may have seen - see https://github.com/codecov/feedback/issues/126 as an example
On impacting contribution flows
We're aware that for open source contributors, the fork->commit-> PR workflow (which is by far the most common) would be impacted if we enforced token usage aggresively, so currently we DO NOT require forked repos to setup a token. You can read more on our blog (look for the section called Future of tokenless
On adding a single token for multiple repos
This usecase is served by using Codecov's GLOBAL UPLOAD TOKEN. Here's how to set that up (docs)
I hope this helps, please don't hesitate to reach out if you have challenges with this.
@rohan-at-sentry This is PR to update codecov to version 4 in my repository https://github.com/4DNucleome/PartSeg/pull/1066 As you can see, it is open source, and it is failing. This repository has already set up the codecov token and PR is done from the same repository (dependabot creates a branch from the same repository in my case). And even on PR from the same repo, the secret is not passed.
I try to play with workflow_run
trigger. Like this:
on:
workflow_run:
workflows: [Tests]
types:
- completed
But it ends with codecov failing to determine PR/commit.
If you could fix codecov action to work in workflow triggered by workflow_run
, then it is possible to provide tokens for the uploader. And provide extensible instructions on how to upload codevov results using action/upload@v4
and download the results in the next workflow (triggered by workflow_run
) to have a properly working upload.
This usecase is served by using Codecov's GLOBAL UPLOAD TOKEN. Here's how to set that up (docs)
Is there a way to have a global token for a user, and not just an org?
@Czaki I suspect that the token is not being set correctly in that example you shared.
Is it possible for you to try the following and see if it works
name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@gdalle
Is there a way to have a global token for a user, and not just an org?
Not currently... Can you describe your usecase? Maybe there's a way we can already help now
Not currently... Can you describe your usecase? Maybe there's a way we can already help now
In my case I have 30+ repos in my github user account (personal), is there a way to set up the env token once across all of them? I only saw sth like that for an org.
Sorry to chime in.
@rohan-at-sentry Why use env variable instead of pass in as a parameter?
Oh I think I misunderstood the original question.
@dereuromark - I believe if you navigate to https://app.codecov.io/account/gh/settings
tab, you should find the ability to set the Global Upload Token
@gdalle if your usecase is similar to above, then you can try this as well
I believe if you navigate to https://app.codecov.io/account/gh/
, and click the settings tab, you should find the ability to set the Global Upload Token
Well, I generated a token there, not setting one But then I still need to put it somewhere, from my understanding this would have to be on github side if you want it to work with
- uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
in all 30+ repos of my github account and CI
@rohan-at-sentry After adding verbose, the upload passed. But I'm not sure if it is a proper solution.
@Czaki if you are referring to https://github.com/4DNucleome/PartSeg/pull/1066 when you say adding verbose fixed it, (that you mentioned in this comment)
I don't think it was the verbose option that made the upload run. I think it was the fact that it was your user (or pre-commit ci app) triggered the workflow that happen to have the verbose option in it.
Apparently dependabot can't access repo secrets (see here)
so the action didn't have the token to upload when dependabot tried to run it. Because that PR comes from the same repo, it needs a token (and so it failed).
On the other hand, when your user (or pre-commit ci app) triggered the action would have access to the token, and the upload would then run.
Apart from my personal account, which cannot be fixed for now, I also tried the org approach Here, I set a global secret and it seems to pull it into the repos and so far it also seems to work But the final lines of the v4 action give a bit mixed feedback: https://github.com/php-collective/decimal-object/actions/runs/7836624847/job/21384669898#step:6:50
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload -C 0e00248c6eefc7cfcbf5b8d59662058d4f96a46e
info - 2024-02-08 22:12:04,446 -- ci service found: github-actions
warning - 2024-02-08 22:12:04,449 -- No config file could be found. Ignoring config.
warning - 2024-02-08 22:12:04,455 -- xcrun is not installed or can't be found.
warning - 2024-02-08 22:12:04,496 -- No gcov data found.
warning - 2024-02-08 22:12:04,496 -- coverage.py is not installed or can't be found.
info - 2024-02-08 22:12:04,506 -- Found 1 coverage files to upload
info - 2024-02-08 22:12:04,506 -- > /home/runner/work/decimal-object/decimal-object/coverage.xml
info - 2024-02-08 22:12:04,616 -- Process Upload complete
error - 2024-02-08 22:12:04,617 -- Upload failed: {"detail":"You do not have permission to perform this action."}
The last message sounds like it actually still failed? And apparently, inside codecov backend, the commit never arrived. Previous PRs in the old action worked.
it looks working now. I will provide it more time for test.
This is also happening on my repository here https://github.com/CharlieTap/cachemap/pull/17
Apart from my personal account, which cannot be fixed for now, I also tried the org approach Here, I set a global secret and it seems to pull it into the repos and so far it also seems to work But the final lines of the v4 action give a bit mixed feedback: https://github.com/php-collective/decimal-object/actions/runs/7836624847/job/21384669898#step:6:50
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload' /home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload -C 0e00248c6eefc7cfcbf5b8d59662058d4f96a46e info - 2024-02-08 22:12:04,446 -- ci service found: github-actions warning - 2024-02-08 22:12:04,449 -- No config file could be found. Ignoring config. warning - 2024-02-08 22:12:04,455 -- xcrun is not installed or can't be found. warning - 2024-02-08 22:12:04,496 -- No gcov data found. warning - 2024-02-08 22:12:04,496 -- coverage.py is not installed or can't be found. info - 2024-02-08 22:12:04,506 -- Found 1 coverage files to upload info - 2024-02-08 22:12:04,506 -- > /home/runner/work/decimal-object/decimal-object/coverage.xml info - 2024-02-08 22:12:04,616 -- Process Upload complete error - 2024-02-08 22:12:04,617 -- Upload failed: {"detail":"You do not have permission to perform this action."}
The last message sounds like it actually still failed? And apparently, inside codecov backend, the commit never arrived. Previous PRs in the old action worked.
@dereuromark hmm that is unexpected 🤔
That does look like a 403 which suggests to me that the token may not be scoped for the repo.
Just to confirm, you did the following steps -
decimal_object
repo as a New repository secret
or an Org secret
@CharlieTap can you confirm you did the steps above as well?
Hi @rohan-at-sentry
I followed the guide on the website when you create a new repository thats asks you to create a repository token specifically. Maybe this isn't correct? I can confirm that the secret exists on cachemap
@CharlieTap a repo token set as a repo secret should also be sufficient. Can you ensure you didn't include the CODECOV_TOKEN=
in the SECRET
field? Asking because that is a common thing we've had to troubleshoot (we're looking at improving this in the near term)
OK my bad in thinking my personal global update token works here, I used the token generated earlier on my own name, and not the org (different flow on the codecov website apparntly, And global update token doesnt work here. The repo token from the org works then.
@rohan-at-sentry Unfortunately not I can confirm the token is correct and does not include the name (I do understand how someone could do that however as the UI lets you copy the name and token like an env variable). Not that it should matter but my usecase involves workflow call dispatch, maybe there are some quirks to ingesting secrets provided in workflow call?
@dereuromark just want to confirm things are working for you (if I understood you correctly)
I had the same issue "could not properly create a commit" and warnings that token was missing with v4 (as mentioned in other issues here). Downgrading to v3 uploads data, but I still see:
[2024-02-13T21:56:57.488Z] ['info'] => Project root located at: /home/runner/work/speccer/speccer
[2024-02-13T21:56:57.489Z] ['info'] -> No token specified or token is empty
I have followed the setup guide to the point, and added a repository secret correctly
I just saw https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#create-a-repository-variable Maybe this could be a way to provide a script that could auto-add it to all repos necessary?
Would be quicker than having to do this manually for like 30+ repos.
//EDIT For secrets this one : https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-a-repository-secret
@phun-ky can you link me to your repo so I can help debug?
@rohan-at-sentry sorry for the late reply, here is the action in question: https://github.com/phun-ky/speccer/actions/runs/7944034137
@phun-ky I think you need to do
env:
CODECOV_TOKEN: ${{ secrets...
I believe if you navigate to https://app.codecov.io/account/gh/
, and click the settings tab, you should find the ability to set the Global Upload Token Well, I generated a token there, not setting one But then I still need to put it somewhere, from my understanding this would have to be on github side if you want it to work with
- uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }}
in all 30+ repos of my github account and CI
@dereuromark You need to create a new access token on https://app.codecov.io/account/gh/dereuromark/access
Then try this script (you need gh
)
#!/usr/bin/env bash
if [[ -z "$CODECOV_TOKEN" ]]; then
echo "CODECOV_TOKEN is not set" >&2
exit 1
fi
GITHUB_USER="dereuromark"
GITHUB_REPOS=("$@")
if [[ ${#GITHUB_REPOS[@]} -eq 0 ]]; then
IFS=" " read -r -a GITHUB_REPOS <<< "$(
gh api --paginate \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/users/$GITHUB_USER/repos" \
--jq '.[] | select(.archived == false) | .name' \
| cat
)"
fi
for GITHUB_REPO in "${GITHUB_REPOS[@]}"; do
echo "[$GITHUB_REPO]"
CODECOV_UPLOAD_TOKEN=$(
curl -s -q "https://api.codecov.io/api/v2/github/$GITHUB_USER/repos/$GITHUB_REPO/config/" \
-H 'accept: application/json' \
-H "authorization: Bearer $CODECOV_TOKEN" 2>/dev/null | jq -r '.upload_token // ""'
)
if [[ -z "$CODECOV_UPLOAD_TOKEN" ]]; then
echo -e "\033[0;31m✗\033[0m Error getting CODECOV_UPLOAD_TOKEN" >&2
echo
continue
fi
echo -e "\033[0;32m✓\033[0m Upload token: $CODECOV_UPLOAD_TOKEN"
gh secret set CODECOV_TOKEN --body "$CODECOV_UPLOAD_TOKEN" --repo "$GITHUB_USER/$GITHUB_REPO"
gh secret set CODECOV_TOKEN --body "$CODECOV_UPLOAD_TOKEN" --repo "$GITHUB_USER/$GITHUB_REPO" --app dependabot
echo
done
@jmgrady can you confirm this is working for you now?
For everyone else, please note that this thread is getting a little bit crazy. There are a few root causes that we have since patched. If you are still experiencing this issue, please open a new issue so that we can track.
@thomasrockhu-codecov I apologize for not replying earlier. I missed your question earlier but have now fixed my GitHub config.
I am still seeing the problem. I am using codecov/codecov-action@v4.1.0
:
- name: Upload coverage report
uses: codecov/codecov-action@v4.1.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
files: coverage.cobertura.xml
flags: backend
name: Backend
The failure message matches the one in my original post.
Use env
in GHA to pass the value from secrets
:
- name: Upload coverage report to Codecov
uses: codecov/codecov-action@v4
with:
directory: /tmp/.scaffold-coverage-html
fail_ci_if_error: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
After updating
codecov/codecov-action
to v4 in our GitHub workflows, the coverage reports fail to upload. The upload fails because of a connection error or timeout. The GitHub Action output is: