Open redboltz opened 4 years ago
@ygj6 , I merged #833 then codecov upload is triggered.
But I got the following error. https://github.com/msgpack/msgpack-c/runs/388300918#step:7:29297
I got Upload Token from https://codecov.io/gh/msgpack/msgpack-c and set xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
format hex value as CODECOV_TOKEN
at https://github.com/msgpack/msgpack-c/settings/secrets.
I'm not sure why upload is failed. Any ideas?
I do the same as you. Maybe you should try Regenerate
to get a new token in https://codecov.io/gh/msgpack/msgpack-c/settings
Ok, I will try to regenarate.
BTW, I added github secret CODECOV_TOKEN to my own repository then I push master. The coverage data successfully uploaded.
I regenerated the secret but got the same result.
I tried some updates on my pull request #834
I got the following result. In my own repository the coverage upload is successfully finished but in msgpack-c, it failed.
I tried to echo
${{ secret.CODECOV_TOKEN }}
. In msgpack-c, it returns nothing (empty string).
I guess that it is permission problem.
I found the following document on github.
Secrets are environment variables that are encrypted and only exposed to selected actions. Anyone with collaborator access to this repository can use these secrets in a workflow.
Secrets are not passed to workflows that are triggered by a pull request from a fork. Learn more.
@nobu-k , do you know something about this?
I tried hard coding CODECOV_TOKEN, then upload is successfully finished on msgpack-c repository:
So the problem is "How to access secret on https://github.com/msgpack/msgpack-c/ from pull requests". I'm not sure when I merge the PR to master but CODECOV_TOKEN access is failed.
Anyway, I think that it is worth trying to reserach other open source project on github approach.
A workaround I just come up with is using travis-ci for codecov. codecov doesn't require token.
There is the following document on codecov setting page:
The token below is used exclusively for uploading coverage reports.
Note: Token not required for public repositories uploading from Travis, CircleCI or AppVeyor.
Here is the current conclusion.
I'd like to use hard-coded token. I consider the risk. Anyone can see the token, so anyone can upload coverage data. It is not good but the damage is very limited I guess. If something wrong happened, I can re-generate the token to stop something wrong thing.
@ygj6, what do you think ?
Coveralls
is an alternatives to Codecov
, I will try it. your opinion?
I don't know much about Coveralls but it is worth trying.
I just glanced the page https://github.com/marketplace/actions/coveralls-github-action, GITHUB_TOKEN seems to be required.
I need filtering target functionality as #834 The result is https://codecov.io/gh/msgpack/msgpack-c/pull/834/tree
If you try it, please let me know the result.
I guess that as long as the coverage service requires to provide github secret, the problem isn't solved.
@ygj6 could you try codecov support? I guess that it requires some github setting. I will do this.