codecov-action: Action fails to upload when using pull_request_target on GitHub

The addition of pull_request_target events allows PRs from forked repos coming into the head repo to utilize some functions that pull_request alone cannot do if PR is coming from a forked repo.

With that in mind the action always fail because GITHUB_REF is the PR Base Branch path (refs/heads/branch name). Is there a way this can be fixed through actions to detect the PR number that actions is running that will also allow usage of pull_request_target?

For the time being I am manually using the bash uploader but manually parsing through the event and extracting the PR number, which I then force the uploader to use it via -P. While this works, there’s nothing shown on that Pull Request from CodeCov unfortunately.

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 1
Comments: 18 (5 by maintainers)

Commits related to this issue

Fix Codecov uploading Codecov fails with pull_request_target. See https://github.com/codecov/codecov-action/issues/155 — committed to JosephDuffy/Persist by JosephDuffy 4 years ago
Fix Codecov uploading Codecov fails with pull_request_target. See https://github.com/codecov/codecov-action/issues/155 — committed to JosephDuffy/Partial by JosephDuffy 4 years ago
attempt to fix according to https://github.com/codecov/codecov-action/issues/155#issuecomment-786850886 — committed to petrsvihlik/WopiHost by petrsvihlik 3 years ago
fetch-depth: 2 as suggested in https://github.com/codecov/codecov-action/issues/155#issuecomment-788446492 — committed to petrsvihlik/WopiHost by petrsvihlik 3 years ago

Most upvoted comments

Took a bit of trial and error, but this step seems to work:

      - name: Publish Code Coverage
        uses: codecov/codecov-action@v1
        if: github.event_name == 'pull_request_target'
        with:
          override_pr: ${{ github.event.number }}
          override_sha: ${{ github.event.pull_request.head.sha }}
          files: ./coverage/clover.xml
          flags: tests
          fail_ci_if_error: true

itavero on Feb 26, 2021

I think I still need the workaround, I just don’t need the fetch-depth. Doing this worked for me:

- name: Upload Codecov report (pull_request)
  if: startsWith(github.event_name, 'pull_request')
  uses: codecov/codecov-action@v1.3.1
  with:
   directory: .
   override_pr: ${{ github.event.number }}
   override_commit: ${{ github.event.pull_request.head.sha }}

RohanNagar on Mar 28, 2021

@kennethtran93, this is excellent, I’ll work on deploying a fix over the next few days.

thomasrockhu on Nov 5, 2020

I am also interested. The release v1.2.2 seems to be addressing the issue via #244. @RohanNagar why don’t you give it a try? I might do so too later this week.

petrsvihlik on Mar 25, 2021

@petrsvihlik, it should work if you use fetch-depth: 2 on the actions/checkout step as marked here

thomasrockhu on Mar 2, 2021

With my alternate way, I’m using GitHub’s Pull Request Object:

      - name: Codecov.io Alternative Coverage Upload
        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
        env:
          PR_NUM: ${{ github.event.pull_request.number }}
        run: bash ./.github/codecov_alt.sh $GITHUB_EVENT_PATH

The $GITHUB_EVENT_PATH passed in is the event object, though at this time I’m not parsing anything from it so it can be removed. And from within the bash script

if [ -z "$PR_NUM" ]; then
  bash <(curl -s https://codecov.io/bash) -f ./coverage/* -Z
  exit $?
else
  bash <(curl -s https://codecov.io/bash) -f ./coverage/* -P $PR_NUM -Z
  exit $?
fi

As for the build URL…I’m not sure what you need exactly from me. Here’s one of the runs that uses this action within: https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/runs/1290859899?check_suite_focus=true

kennethtran93 on Oct 23, 2020