Open cidrblock opened 1 month ago
ssbarnea
commented
1 month ago I keep seeing the same more and more often. When OIDC was introduced we were not told that it does not work as real token replacement and that is affected by api limitations of the tokenless option.
https://github.com/ansible/vscode-ansible/actions/runs/9454363931/job/26041754863?pr=1348
@thomasrockhu-codecov If you can take a look, we will really appreciate.
cidrblock
commented
1 month ago Here's a more recent example of the same issue if needed:
https://github.com/ansible/molecule/actions/runs/9465727251/job/26076225688?pr=4222#step:9:48
thomasrockhu-codecov
commented
1 month ago @ssbarnea @cidrblock would you mind trying 4.5.0? I think this will fix the issue
ssbarnea
commented
3 weeks ago @thomasrockhu-codecov Based on results I seen on https://github.com/ansible/ansible-creator/actions/runs/9609497816/job/26504809239?pr=233#step:9:51 i believe that is does not fully work. Workflow uses v4 tag, which means it should taked latest v4.
The job is defined inside https://github.com/ansible/ansible-creator/blob/main/.github/workflows/tox.yml and reuses workflow from https://github.com/ansible/team-devtools/blob/main/.github/workflows/tox.yml
I doubt this has anything to do with the use of reusable workflows because I use the same workflow on other projects and the codecov upload succeeded there, like https://github.com/ansible/vscode-ansible/actions/runs/9611712751/job/26510856390?pr=1318
One thing that worries me is that is see this while oidc is configured. Maybe the oidc does not work for forks?
==> Fork detected, tokenless uploading usedYup, thank you for updating the repo so v4 points to 4.5.0, that'll save us some work.
That being saide, @ssbarnea is right, we're seeing different errors now:
https://github.com/ansible/ansible-creator/actions/runs/9615967343/job/26524494680?pr=235#step:9:46
cidrblock
commented
3 weeks ago I just noticed it appears to be running the same command twice, I'm not sure if that is intentional:
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit --git-service github -C 50401634ae07f13974b176395b9[43](https://github.com/ansible/ansible-creator/actions/runs/9615967343/job/26524494680?pr=235#step:9:44)4540b3ff370 -Z
info - 2024-06-21 15:24:36,697 -- ci service found: github-actions
info - 2024-06-21 15:24:36,707 -- The PR is happening in a forked repo. Using tokenless upload.
info - 2024-06-21 15:24:36,910 -- Process Commit creating complete
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-report'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-report --git-service github -C 50401634ae07f13974b176395b943[45](https://github.com/ansible/ansible-creator/actions/runs/9615967343/job/26524494680?pr=235#step:9:46)40b3ff370 -Z
info - 2024-06-21 15:24:37,657 -- ci service found: github-actions
Error: Codecov token not found. Please provide Codecov token with -t flag.
Error: Codecov:
Failed to properly create report: The process '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov' failed with exit code 1
We are getting the following errors:
We have oidc auth configured and have confirmed that
id-token: writeis configured.Example: https://github.com/ansible/ansible-dev-tools/blob/1905e099f98b3df29c51174c626383cbaaca0ea4/.github/workflows/tox.yml#L148
We were under the impression that OIDC would work fine with coverage from a fork, although it appears the coverage CLI is unaware that OIDC is configured and does not take that into account:
https://github.com/codecov/codecov-cli/blob/7432bad76c619e34d6617b578e039e7d733e3f00/codecov_cli/helpers/git.py#L100
Is this a bug or a misunderstanding?
Thanks- Brad