codecov / codecov-action

GitHub Action that uploads coverage to Codecov :open_umbrella:
https://www.codecov.io
MIT License
1.49k stars 210 forks source link

Error: `Commit creating failed: {"detail":"You do not have permission to perform this action."}` #1508

Closed josecelano closed 1 week ago

josecelano commented 4 months ago

I'm using a token, but I'm getting this error:

evenName: workflow_run
evenName: workflow_run
evenName: workflow_run
==> linux OS detected
https://cli.codecov.io/latest/linux/codecov.SHA256SUM
Received SHA256SUM 8777a6078323948d31cbd81b7776254d1fbfd6888c33dc899b1447b208d717f6  codecov
Received SHA256SUM signature -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEJwNOf9uFDgu8LGL/gGuyiu13mGkFAmaAJWsACgkQgGuyiu13
mGkQ3A//dLrJ/XHpPp2thv4B5t4Vh2uREsyAYcxiZsp756tQkt+ITwWbyAGRBcrq
Pi9t/eLpo/AcNQhzVeApLMoBr7oe0Ysk98TAv7IaEUhpI8ewjCnYXLK7zn+dSkf7
/igUw+LPNS9a0eHnWuZAheVbAsBpHM5fDzp7/FiOzDsSwLCboyqZLb0VSkOY/UOo
2kPXTrf+ousvHeGeMbKlZhyVv6FHXP9BSwij+cwnBCFuJL0lRrPHK84AEpQ5a1hZ
siQ1jOzh3zecsCEH897EARf2006q4EVe6tLs6HyS0jCApek6nqnqtu2mJ7qNaP8e
snY6t65I9uYkyLWCHSm/90ukilIDOvuZQk+ywDDKPMh2MHQKw8CfD7hgllTDDQOj
1zFMvMIOaJx7XoxPPqCfm/ZllT5PlzwL+F2jIczFiMMTFa1xNKTfdnIfL5jZalgr
VElcqr/+RgYMVtIXhKhOXww7AHfzpSQzehiP/RYeDMM5/bxn5ATMo8Zq/MNL99V0
CdWBNJWALkruSev30uf4gX3hLqNDT5mt0oMQapRZAUIQFswHil3+gb46SojIq9lM
opyItwBNiI5O5sJ8UzZCn7RLfUXDnEWR3O2YUb2elZk9m24W3CW2gTtjShx5mrSb
bYleDtjW9Q2caH0Nv3toX3s+C5yDuHg7RBKHzzXDXA4LrFkGnec=
=EZuw
-----END PGP SIGNATURE-----

gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: Signature made Sat Jun 29 15:16:59 2024 UTC
gpg:                using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C  62FF 806B B28A ED77 9869
==> Uploader SHASUM verified (8777a6078323948d31cbd81b7776254d1fbfd6888c33dc899b1447b208d717f6  codecov)
==> Running version latest
==> Running version v0.7.2
==> Running git config --global --add safe.directory /home/runner/work/pull_request_target/pull_request_target
/usr/bin/git config --global --add safe.directory /home/runner/work/pull_request_target/pull_request_target
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov -v create-commit'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov -v create-commit --git-service github -C 244db3b3de5d01bca44a92c3ffb45e067e1d3ba9 --pr 16 -Z
info - 2024-07-[12](https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/27370651458#step:5:13) 11:42:10,908 -- ci service found: github-actions
debug - 2024-07-12 11:42:10,911 -- versioning system found: <class 'codecov_cli.helpers.versioning_systems.GitVersioningSystem'>
debug - 2024-07-12 11:42:10,9[14](https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/27370651458#step:5:15) -- versioning system found: <class 'codecov_cli.helpers.versioning_systems.GitVersioningSystem'>
warning - 2024-07-12 11:42:10,9[16](https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/27370651458#step:5:17) -- No config file could be found. Ignoring config.
debug - 2024-07-12 11:42:10,917 -- No codecov_yaml found
debug - 2024-07-12 11:42:10,9[17](https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/27370651458#step:5:18) -- Starting create commit process --- {"commit_sha": "244db3b3de5d01bca44a92c3ffb45e067e1d3ba9", "parent_sha": null, "pr": "16", "branch": "develop", "slug": "josecelano-test/pull_request_target", "token": "e******************", "service": "github", "enterprise_url": null}
info - [20](https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/27370651458#step:5:21)24-07-12 11:42:11,096 -- Process Commit creating complete
debug - 2024-07-12 11:42:11,097 -- Commit creating result --- {"result": "RequestResult(error=RequestError(code='HTTP Error 403', params={}, description='{\"detail\":\"You do not have permission to perform this action.\"}'), warnings=[], status_code=403, text='{\"detail\":\"You do not have permission to perform this action.\"}')"}
error - 20[24](https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/27370651458#step:5:25)-07-12 11:42:11,097 -- Commit creating failed: {"detail":"You do not have permission to perform this action."}

The workflow: https://github.com/josecelano-test/pull_request_target/blob/develop/.github/workflows/upload_coverage_pr.yaml#L104-L119

I have another workflow using version 3, and it works:

https://github.com/josecelano-test/pull_request_target/blob/develop/.github/workflows/coverage.yaml#L78-L85

josecelano commented 3 months ago

It's also failing with the latest version: 4.5.0. See https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/28115928698#step:1:29

Download action repository 'codecov/codecov-action@v4' (SHA:e28ff129e5465c2c0dcc6f003fc735cb6ae0c673)
Spacetown commented 3 months ago

It's also failing with the latest version: 4.5.0. See https://github.com/josecelano-test/pull_request_target/actions/runs/9907290283/job/28115928698#step:1:29

Download action repository 'codecov/codecov-action@v4' (SHA:e28ff129e5465c2c0dcc6f003fc735cb6ae0c673)

Same for me. I'm wondering why in the log the first character of the token isn't masked: "token": "e******************"

For me (https://github.com/gcovr/gcovr/actions/runs/10461552705/job/28970126469) it shows "token": "6******************" but the token doesn't start with a 6.

ajfriend commented 3 months ago

We seem to be having the same issue here: https://github.com/uber/h3-py/pull/389

beat-buesser commented 2 months ago

We see the same issue in https://github.com/Trusted-AI/adversarial-robustness-toolbox. The new action codecov-action@v4 and secret for Dependabot have worked for the Dependabot-PR updating to codecov-action@v4, but it seems not to work for PRs already opened by Dependabot before upgrading to codecov-action@v4. I have not yet observed new Dependabot PRs and if codecov-action@v4 would work there.

thomasrockhu-codecov commented 2 weeks ago

@josecelano we made some changes to the backend, do you mind trying v4 again?

josecelano commented 2 weeks ago

Hi @thomasrockhu-codecov, I've tried to re-try the workflow execution but now I have an error in the cargo build command. It seems one of the Rust flags I'm using was removed in the meantime. And the action I use to generate the coverage data looks unmaintained, too :-(

https://github.com/alekitto/grcov

I need to fix all those issues to recheck.

The error:

Run echo ""
  echo ""
  cargo clean 
  cargo build 
  cargo test -- --nocapture
  shell: /usr/bin/bash -e {0}
  env:
    CARGO_TERM_COLOR: always
    CARGO_INCREMENTAL: 0
    RUSTFLAGS: -Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests
    RUSTDOCFLAGS: -Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests
    CARGO_HOME: /home/runner/.cargo
    CACHE_ON_FAILURE: false

     Removed 0 files
error: failed to run `rustc` to learn about target-specific information

Caused by:
  process didn't exit successfully: `/home/runner/.rustup/toolchains/nightly-x86_6[4](https://github.com/josecelano-test/pull_request_target/actions/runs/11687789182/job/32546696039?pr=17#step:12:4)-unknown-linux-gnu/bin/rustc - --crate-name ___ --print=file-names -Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests --crate-type bin --crate-type rlib --crate-type dylib --crate-type cdylib --crate-type staticlib --crate-type proc-macro --print=sysroot --print=split-debuginfo --print=crate-name --print=cfg` (exit status: 1)
  --- stderr
  warning: the `-Cinline-threshold` flag is deprecated and does nothing (consider using `-Cllvm-args=--inline-threshold=...`)

  error: unknown unstable option: `profile`
thomasrockhu-codecov commented 2 weeks ago

Oh geez, sorry to see that @josecelano. To be honest I'm not a rust developer, so I'm really not sure how to help, but let me know if there is something I can do

josecelano commented 2 weeks ago

Hi @thomasrockhu-codecov I've created a new workflow in my sample project:

https://github.com/josecelano-test/pull_request_target/blob/develop/.github/workflows/coverage_v2.yaml

In the lastest workflow execution, the report was generated successfully, and it was also uploaded to codecov:

https://github.com/josecelano-test/pull_request_target/actions/runs/11690464665/job/32555468619

However, the repot page on codecov is empty:

https://app.codecov.io/github/josecelano/pull_request_target/commit/990630ba59542eb5f04911ad94e514df7a9ebabf

I'm trying to generate the report without using a GitHub action. I can see the report locally in HTML format, this is the coverage info I'm uploading:

lcov.info

SF:/home/josecelano/Documents/git/committer/me/github/josecelano-test/pull_request_target/src/main.rs
FN:7,_RNvCsgzubYbVaq0u_19pull_request_target9greetings
FN:18,_RNvNtCsgzubYbVaq0u_19pull_request_target5testss_15it_should_greet
FN:3,_RNvCsgzubYbVaq0u_19pull_request_target4main
FNDA:1,_RNvCsgzubYbVaq0u_19pull_request_target9greetings
FNDA:1,_RNvNtCsgzubYbVaq0u_19pull_request_target5testss_15it_should_greet
FNDA:0,_RNvCsgzubYbVaq0u_19pull_request_target4main
FNF:3
FNH:2
DA:3,0
DA:4,0
DA:5,0
DA:7,1
DA:8,1
DA:9,1
DA:18,1
DA:20,114
DA:21,113
DA:22,113
DA:24,1
DA:25,1
BRF:0
BRH:0
LF:12
LH:9
end_of_record
thomasrockhu-codecov commented 2 weeks ago

@josecelano are you running this as a pull_request or push event? I see workflow_run and pull_request_target, and I was curious about your use case. I haven't tested those flows out in awhile and want to make sure that I understand

josecelano commented 2 weeks ago

@josecelano are you running this as a pull_request or push event? I see workflow_run and pull_request_target, and I was curious about your use case. I haven't tested those flows out in awhile and want to make sure that I understand

Hi @thomasrockhu-codecov in that case is a push event.

Is there an example of using the codecov client with a valid Lcov file somewhere?

thomasrockhu-codecov commented 2 weeks ago

@josecelano ok, I'm actually seeing a permissions error on our side. Can you try 2 things

  1. switch to v5-beta tag for the codecov-action?
  2. double-check that the token supplied is for this particular repo from codecov.io?
josecelano commented 1 week ago

@josecelano ok, I'm actually seeing a permissions error on our side. Can you try 2 things

  1. switch to v5-beta tag for the codecov-action?
  2. double-check that the token supplied is for this particular repo from codecov.io?

Hey @thomasrockhu-codecov, the token was wrong. I probably thought that the token was per user, not per project. After changing the token, I was able to see a new error. I have continued working on the example, and it works now. Thank you very much for your support!!! And sorry for my mistake.

The full working example is here: https://github.com/josecelano-test/pull_request_target

And the latest coverage report: https://app.codecov.io/github/josecelano-test/pull_request_target/commit/bb0e9789b1417b857e2d09c2c76e1596b96a98e0

Image

thomasrockhu-codecov commented 1 week ago

@josecelano no worries, glad that it worked for you! Pesky tokens