osv-scanner: general issues

[G-Rath]

We've been having on-going problems with Codecov over the last few months - we seemed to have addressed a few of them now that we've gotten the token in place and upgraded to v4, but we've still got at least one immterimate failure that seems to be happening for forks and primarily on macOS runners whereby codecov reports that a token has not been provided:

Run codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be
  with:
    fail_ci_if_error: true
==> macos OS detected
https://cli.codecov.io/latest/macos/codecov.SHA256SUM
==> Running version latest
==> Running version v0.5.2
==> Running git config --global --add safe.directory /Users/runner/work/osv-scanner/osv-scanner
/opt/homebrew/bin/git config --global --add safe.directory /Users/runner/work/osv-scanner/osv-scanner
==> Running command '/Users/runner/work/_actions/codecov/codecov-action/5ecb98a3c6b747ed38dc09f787459979aebb39be/dist/codecov create-commit'
/Users/runner/work/_actions/codecov/codecov-action/5ecb98a3c6b747ed38dc09f787459979aebb39be/dist/codecov create-commit --git-service github -C a11bd38832c6eaac6b74f7201[70](https://github.com/google/osv-scanner/actions/runs/8978083643/job/24657957118#step:5:73)aca0f7386cfa6 -Z
info - 2024-05-07 01:14:43,239 -- ci service found: github-actions
warning - 2024-05-07 01:14:43,255 -- No config file could be found. Ignoring config.
Error: Codecov token not found. Please provide Codecov token with -t flag.
Error: Codecov: Failed to properly create commit: The process '/Users/runner/work/_actions/codecov/codecov-action/5ecb98a3c6b747ed38dc09f787459979aebb39be/dist/codecov' failed with exit code 1

• https://github.com/google/osv-scanner/actions/runs/8978083643/job/24657957118
• https://github.com/google/osv-scanner/actions/runs/8991490192/job/24699289191
• https://github.com/google/osv-scanner/actions/runs/8977049118/job/24655123927
• https://github.com/google/osv-scanner/actions/runs/8913711222/job/24479820517 (this is an example of a non macOS failure)

[G-Rath]

Ok we've just had an instance of this happening for Windows on the main branch too: https://github.com/google/osv-scanner/actions/runs/8996190561/job/24712328014

[G-Rath]

@thomasrockhu-codecov just fyi I've created this issue - I can dig out some of our comments from other issues later if you like

[G-Rath]

@thomasrockhu-codecov any update on this? we're still having issues

[G-Rath]

We've had to disable this for macOS given how flakey it's been: https://github.com/google/osv-scanner/pull/1020

[thomasrockhu-codecov]

@G-Rath sorry for the delay here, I'm still trying to debug why this is happening on macos. I have an idea of where to start, but I think I can get a fix out by EOW

[thomasrockhu-codecov]

This is coming from the CLI when making a request to GitHub. It seems that the call is unauthenticated and hits a rate limiting issue.

You can see logs here.

Digging more here how to pass in this data or make an authenticated call from inside the CLI.