Open michael-doubez opened 3 weeks ago
For info:
I see that you introduced the GHA build 2 years ago in https://github.com/jenkinsci/oic-auth-plugin/commit/fc9ee865ed0831a9a00cdd24901711f5e8f02749 but I don't see any associated PR which could have documented. @michael-doubez Do you remember how was it configured and by whom?
The secret CODECOV_TOKEN
might comes from:
There's no organisation or repository level CODECOV_TOKEN
OIDC auth looks to be the easiest if you could try use that: https://github.com/codecov/codecov-action#using-oidc
Hi @michael-doubez any news or feedback?
Closing as there are no actionnable for the Jenkins infra team, and no response from the requester.
Please, feel free to reopen with details if the provided solutions does not work!
Sorry I was on vacations.
@dduportal I don't remember, I think it used to be part of the plugin modernisation checklist but I can no longer find it.
I expect the token comes from an APP installed on the github org. I could use my personal token but it doesn't work because I don't have the relevant rights in codecov org.
@michael-doubez no problem, I hope you nejoyed vacations! 👍 I've reopened the issue.
As indicated by Tim above:
OIDC auth looks to be the easiest if you could try use that: https://github.com/codecov/codecov-action#using-oidc
You should be able to switch to a tokenless coverage upload by changing the GitHub Actions workflow. Would that work?
I tried it just now and it failed (I gues OIDC is not enabled).
Error: Codecov: Failed to get OIDC token with url: https://codecov.io./ Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable
See: https://github.com/jenkinsci/oic-auth-plugin/commit/f0ef5863a6b15954cfbe270f0dc3bfb67e08418a
The root cause may be on codecov side: https://github.com/codecov/codecov-action/issues/1359
I don't understand why other plugins don't havee the issue. Ex: https://github.com/jenkinsci/badge-plugin/blob/master/.github/workflows/codecov.yml#L25
I don't understand why other plugins don't havee the issue. Ex: https://github.com/jenkinsci/badge-plugin/blob/master/.github/workflows/codecov.yml#L25
Ping @timja (as you have admin access to jenkinsci
GH org which I don't)
The badge plugin has someones personal token setup
Looks like you haven't added the permission to id-token, see https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings
The badge plugin has someones personal token setup
I tried that but my ID was not allowed in codecov org/repo.
Looks like you haven't added the permission to id-token, see https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings
Damned. I ll try that. Thanks
Service(s)
GitHub
Summary
Hello,
CodeCov report upload stopped working 1 month ago. I could not find any reference in documentation - is codcov usage deprecated ?
I still see the GitHubApp installed but the GitHub action fails with an error about a missing token. I tried to provide my own personnal token but I didn't have the rights to upload a report.
Reproduction steps
See https://github.com/jenkinsci/oic-auth-plugin/blob/master/.github/workflows/ci.yml