codecov-action: [v4] `Error: Codecov token not found` in a PR from a fork to a pubilc repo
My understanding was that a token would not be required when creating a PR from a fork to a public, open-source project. However, in the run https://github.com/JuliaMath/FFTW.jl/actions/runs/7854977161/job/21436255573?pr=295, I encounter
Run codecov/codecov-action@v4
with:
fail_ci_if_error: true
file: lcov.info
env:
JULIA_NUM_THREADS: 2
JULIA_PKG_SERVER_REGISTRY_PREFERENCE: eager
==> windows OS detected
https://cli.codecov.io/latest/windows/codecov.exe.SHA256SUM
==> Running version latest
==> Running version v0.4.6
==> Running command 'D:\a\_actions\codecov\codecov-action\v4\dist\codecov.exe create-commit'
D:\a\_actions\codecov\codecov-action\v4\dist\codecov.exe create-commit -C 798f370e7c6e3cf60fbf6866b3a1b9d36e4db012 -Z
gpg: directory '/c/Users/runneradmin/.gnupg' created
gpg: keybox '/c/Users/runneradmin/.gnupg/pubring.kbx' created
gpg: /c/Users/runneradmin/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg: imported: 1
info - 2024-02-10 12:50:54,352 -- ci service found: github-actions
gpg: Signature made Fri Feb 2 14:15:51 2024 CUT
gpg: using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C 62FF 806B B28A ED77 9869
==> Uploader SHASUM verified (64a905e31c4ab88dd999052685656280bc68dafc6bbaaed941a68e6d6a00f24c codecov.exe)
warning - 2024-02-10 12:50:54,410 -- No config file could be found. Ignoring config.
Error: Codecov token not found. Please provide Codecov token with -t flag.
Error: Codecov: Failed to properly create commit: The process 'D:\a\_actions\codecov\codecov-action\v4\dist\codecov.exe' failed with exit code 1
Other runs in the matrix do succeed without a token, e.g. https://github.com/JuliaMath/FFTW.jl/actions/runs/7854977161/job/21436254781?pr=295, as is expected.
About this issue
- Original URL
- State: open
- Created 5 months ago
- Reactions: 5
- Comments: 25 (5 by maintainers)
Commits related to this issue
- fix: reset codecov-action back to v3 (#1304) ## PR Checklist - [x] Addresses an existing open issue: fixes #1303 - [x] That issue was marked as [`status: accepting prs`](https://github.com/Joshu... — committed to JoshuaKGoldberg/create-typescript-app by JoshuaKGoldberg 5 months ago
- Update Codecov token environment variable in workflow https://github.com/codecov/codecov-action/issues/1292#issuecomment-1947688106. — committed to meltir/imdb-review-scraper by meltir 4 months ago
- Fix workflow https://github.com/codecov/codecov-action/issues/1292#issuecomment-1947688106 — committed to acuarica/evm by acuarica 4 months ago
- fixup! see https://github.com/codecov/codecov-action/issues/1292 — committed to aleph-im/pyaleph by hoh 4 months ago
- Reverted codecov to v3. See: https://github.com/codecov/codecov-action/issues/1292 — committed to hildjj/peggy-tracks by hildjj 4 months ago
- ci: pass Codecov token as environment variable Passing it as an input does not seem to work in workflow_calls for unknown reasons. [1] Instead we try to pass it as an environment variable what is als... — committed to winft/como by romangg 4 months ago
- ci: reenacted codecov secret token With codecov action v3 or v4, even with _official_ tokenless support for open source repos, our CI sometimes fails because codecov hits a rate limit on github API. ... — committed to fredbi/go-swagger by fredbi 4 months ago
- ci: reenacted codecov secret token With codecov action v3 or v4, even with _official_ tokenless support for open source repos, our CI sometimes fails because codecov hits a rate limit on github API. ... — committed to fredbi/go-swagger by fredbi 4 months ago
- ci: reenacted codecov secret token With codecov action v3 or v4, even with _official_ tokenless support for open source repos, our CI sometimes fails because codecov hits a rate limit on github API. ... — committed to go-swagger/go-swagger by fredbi 4 months ago
- Have to revert codecov back to v3 Details about the error: https://github.com/codecov/codecov-action/issues/1292 — committed to a13xp0p0v/kernel-hardening-checker by a13xp0p0v 4 months ago
- Revert "Bump codecov/codecov-action from 3.1.4 to 4.1.0" This reverts commit eb0ec90e08ae24823e266b0128b852022d212982. Refer to: https://github.com/codecov/codecov-action/issues/1292 — committed to pycontribs/jira by adehad 3 months ago
- refactor(ci): provide codecov token via env https://github.com/codecov/codecov-action/issues/1292 — committed to orhun/rustypaste by orhun 3 months ago
- Downgrade codecov from v4 to v3 because the tokenless upload does not work as described in the repository's README in some cases for a public repository - https://github.com/codecov/codecov-action/iss... — committed to KatsukiFujimoto/meilisearch-rails by KatsukiFujimoto 3 months ago
- revert codecov action to v3. It looks like there's a [bug](https://github.com/codecov/codecov-action/issues/1292) in v4 — committed to adrianoc/cecilifier by adrianoc 3 months ago
- Revert to codecov/codecov-action@v3 See https://github.com/codecov/codecov-action/issues/1292 — committed to astrophpeter/blast by manning-ncsa 2 months ago
@jayqi Hello, I have experienced this too. That’s because dependabot is not allowed to read Github Action Secrets based on this documentation. If you put CODECOV_TOKEN in the Github Secret then dependabot definitely won’t be able to read the secret. So that CODECOV_TOKEN can be read by dependabot, you need to put it in Dependabot Secret.
Navigate to the repository settings, then look in the left panel in the “Secrets and variables” section, there is a dropdown option, now you select Dependabot and add CODECOV_TOKEN there. Hope that helps solve your problem.
@carlosmondra nice point, i miss the docs. Thanks for pointing it.
And for everyone, I was surprised because codecov gave the wrong guide, here is an example of the guide I got when setting up a new repo
as you can see, it should using
withinstead ofenv. Based on the readme statedand via environment variable
Again, it was my fault not read the docs. But the guide needs to be fixed soon. Thanks.
Getting the same error in my own public repo when running
v4triggered by a release event on main branch. You can see verbose logs here: https://github.com/georgebv/drf-pydantic/actions/runs/7896620245/job/21550933382As you can see, re-running (once) didn’t help.
Rolling back to
v3solved this.https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-inputs-and-secrets-in-a-reusable-workflow
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecrets
They hit in limits of calling GitHub API required for identifying workflow run. If you upload with a token, they save GitHub API calls. Best will be if they will have higher limit, but it depends on GitHub itself.
is there a reason for why we need a token for public repos while we didn’t before? that’s creating a lot of churn/changes
@JoseLion @clemenscodes if you can open a different issue, while I take a look that would be appreciated. This will help me track better. FWIW @clemenscodes - my understanding is that it looks to be separate from this issue (which is about forks).
Closing this as the original issue is resolved
I can confirm re-running the job does not lead to the issue, so it could certainly be a rate limit. It’s just a bit puzzling when jobs fail at random. Perhaps the error message may be improved?