Code coverage uploads sometimes fail

[mgeisler]

Hi @kdarkhan, I've seen a few Codecov uploads fail. An example is in this run. The error is

[2024-01-15T13:13:27.254Z] ['error'] There was an error running the uploader: Error uploading to https://codecov.io: Error: There was an error fetching the storage URL during POST: 503 - upstream connect error or disconnect/reset before headers. reset reason: connection failure Error: Codecov: Failed to properly upload: The process '/home/runner/work/_actions/codecov/codecov-action/v3/dist/codecov' failed with exit code 255

Do you have any idea what could trigger this?

[kdarkhan]

Right, I saw this yesterday. I could not find a definitive answer but it might be resolved by using a project specific token instead of tokenless authentication. To implement it, somebody in google Github org needs to copy the token from here into repository secrets here. The name of the secret should be CODECOV_TOKEN. Once that is done, I can adjust the workflow file to test it.

[mgeisler]

The name of the secret should be CODECOV_TOKEN. Once that is done, I can adjust the workflow file to test it.

Thanks, I added the repository secret.

[kdarkhan]

I merged the PR for using the new token. I am not sure if it will resolve this issue. Let's monitor for several weeks and can resolve this if the pipeline is stable.

[mgeisler]

Sounds good, thanks for looking into this so quickly!

[kdarkhan]

There was another failure. The error message is

[2024-01-22T21:51:51.270Z] ['error'] There was an error running the uploader: Error uploading to https://codecov.io: Error: There was an error fetching the storage URL during POST: 404 - {'detail': ErrorDetail(string='Unable to locate build via Github Actions API. Please upload with the Codecov repository upload token to resolve issue.', code='not_found')}

According to this article, adding the token should improve the situation but will not guarantee 100% success rate.

Researching this further, I found this comment which implies that tokens/secrets are not available for PR runners from forked repositories to prevent abuse/secret theft. Very surprising.

From the last link, this article describes a way to use secrets. It is a bit verbose and requires creation of a separate workflow but doable. I will try to implement it this week.

[mgeisler]

From the last link, this article describes a way to use secrets. It is a bit verbose and requires creation of a separate workflow but doable. I will try to implement it this week.

Oh nice! I think this could also be used to comment on Comprehensive Rust PRs with timing information like @djmitche tried to do recently: https://github.com/google/comprehensive-rust/pull/1576.

[kdarkhan]

The PR I merged does not seem to work as expected - codecov reports are executed against the main branch instead of PR branch. Might be something wrong with env vars or I did not copy them properly. It was working for me on my own fork yesterday. I will take another look at this later today.