Open redboltz opened 4 years ago
redboltz
commented
4 years ago @ygj6 , I merged #833 then codecov upload is triggered.
But I got the following error. https://github.com/msgpack/msgpack-c/runs/388300918#step:7:29297
I got Upload Token from https://codecov.io/gh/msgpack/msgpack-c and set xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx format hex value as CODECOV_TOKEN at https://github.com/msgpack/msgpack-c/settings/secrets.
I'm not sure why upload is failed. Any ideas?
ygj6
commented
4 years ago I do the same as you. Maybe you should try Regenerate to get a new token in https://codecov.io/gh/msgpack/msgpack-c/settings
redboltz
commented
4 years ago Ok, I will try to regenarate.
BTW, I added github secret CODECOV_TOKEN to my own repository then I push master. The coverage data successfully uploaded.
redboltz
commented
4 years ago I regenerated the secret but got the same result.
I tried some updates on my pull request #834
I got the following result. In my own repository the coverage upload is successfully finished but in msgpack-c, it failed.
I tried to echo ${{ secret.CODECOV_TOKEN }}. In msgpack-c, it returns nothing (empty string).
I guess that it is permission problem.
I found the following document on github.
Secrets are environment variables that are encrypted and only exposed to selected actions. Anyone with collaborator access to this repository can use these secrets in a workflow.
Secrets are not passed to workflows that are triggered by a pull request from a fork. Learn more.
redboltz
commented
4 years ago @nobu-k , do you know something about this?
redboltz
commented
4 years ago I tried hard coding CODECOV_TOKEN, then upload is successfully finished on msgpack-c repository:
So the problem is "How to access secret on https://github.com/msgpack/msgpack-c/ from pull requests". I'm not sure when I merge the PR to master but CODECOV_TOKEN access is failed.
Anyway, I think that it is worth trying to reserach other open source project on github approach.
redboltz
commented
4 years ago A workaround I just come up with is using travis-ci for codecov. codecov doesn't require token.
There is the following document on codecov setting page:
The token below is used exclusively for uploading coverage reports.
Note: Token not required for public repositories uploading from Travis, CircleCI or AppVeyor.
redboltz
commented
4 years ago redboltz
commented
4 years ago redboltz
commented
4 years ago Here is the current conclusion.
I'd like to use hard-coded token. I consider the risk. Anyone can see the token, so anyone can upload coverage data. It is not good but the damage is very limited I guess. If something wrong happened, I can re-generate the token to stop something wrong thing.
@ygj6, what do you think ?
ygj6
commented
4 years ago Coveralls is an alternatives to Codecov, I will try it. your opinion?
redboltz
commented
4 years ago I don't know much about Coveralls but it is worth trying.
I just glanced the page https://github.com/marketplace/actions/coveralls-github-action, GITHUB_TOKEN seems to be required.
I need filtering target functionality as #834 The result is https://codecov.io/gh/msgpack/msgpack-c/pull/834/tree
If you try it, please let me know the result.
redboltz
commented
4 years ago I guess that as long as the coverage service requires to provide github secret, the problem isn't solved.
@ygj6 could you try codecov support? I guess that it requires some github setting. I will do this.