codecov-action: v4 fails to upload: "Failed to properly create commit"

After updating codecov/codecov-action to v4 in our GitHub workflows, the coverage reports fail to upload. The upload fails because of a connection error or timeout. The GitHub Action output is:

Run codecov/codecov-action@f30e4959ba63075080d4f7f90cacc18d9f3fafd7
  with:
    token: ***
    fail_ci_if_error: true
    files: coverage.cobertura.xml
    flags: backend
    name: Backend
    verbose: true
==> linux OS detected
https://cli.codecov.io/latest/linux/codecov.SHA[2](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:2)56SUM
Received SHA256SUM 10[3](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:3)bfefcc56f76[4](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:4)73179e600b96eb81[5](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:5)0b0f349ad9483[6](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:6)b0f63f03ffac469ad[7](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:7)  codecov
Received SHA256SUM signature -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEJwNOf9uFDgu[8](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:8)LGL/gGuyiu13mGkFAmW8+QUACgkQgGuyiu13
mGll6A/8CVDQ3LQaqpgQEIekCJUNKU/+tpF1EGpuUsMi7DZZ0RA6cmazUJFUlZK2
GS7Ptcwly+SYTT+a61SzeVlewPLa47XZIFyC+7tgSO6XgUNlJ+KTevyeL6GG0Qs1
YaciuJv8IHAqaaYT4[9](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:10)iKpWE99OME1VXY3fIm4uEHlc4pgnmLv+FNdxnit4AYLGlw
2JHzdDMd5aHlnYYIyYJ9UbM8fFVWgddL1venoYl59NKc5gXjH1/+yPPWz2R+4f22
jZfofI04aEJxNhGinfV5Vykb9asyfMupmLUweArgTIF3wzIEoYo/pK0nVgRBiROE
1hiaH5lti8brA2NF+pzp4+xFEyCU1m/mgN/rj1VRkDs0CW4S86eYWVbfuHEb0ymQ
o7Oe/rST6IjqM72B8eleEdT1DKdeX8DYSXnKvR2J1POyoPMMt/HUoCxphiNOq6Ei
416xOCgqWwOEGbeZ1pxp4Eovf6fffbd2F9MUcJTzgWocOqLh3lZB/EX3G9eLKsyf
WLW3s3NXzajS9j4zEPZxGPmnqAadfm9dzffwokFZnqMTJ7HB4qXH87BPgwPbq8R+
y/1Hv7hHEbJJhbE1fitwHFMg4gfUP6q39VtrfooQSBRYYDzrstowO/L2xsr+AkwW
EQGY70I4SY4XPKKzs8tF3Jch7Oa+xgeNMM1qSGyb2Vjn0KKSDMk=
=jEIQ
-----END PGP SIGNATURE-----

==> Running version latest
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

gpg: Signature made Fri Feb  2 14:15:33 2024 UTC
gpg:                using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C  62FF 806B B28A ED77 9869

==> Running version v0.4.6
==> Running command '/home/runner/work/_actions/codecov/codecov-action/f30e4959ba63075080d4f7f90cacc18d9f3fafd7/dist/codecov -v create-commit'
/home/runner/work/_actions/codecov/codecov-action/f30e4959ba63075080d4f7f90cacc18d9f3fafd7/dist/codecov -v create-commit -C 3ae8c57c7413fde413ca1f6c254dfcc18b29b6ce
==> Uploader SHASUM verified ([10](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:11)3bfefcc56f76473179e600b96eb8150b0f349ad94836b0f63f03ffac469ad7  codecov)
info - 2024-02-06 19:24:32,215 -- ci service found: github-actions
debug - 2024-02-06 19:24:32,215 -- versioning system found: <class 'codecov_cli.helpers.versioning_systems.GitVersioningSystem'>
debug - 2024-02-06 19:24:32,216 -- versioning system found: <class 'codecov_cli.helpers.versioning_systems.GitVersioningSystem'>
debug - 2024-02-06 19:24:32,219 -- Loading config from /home/runner/work/TheCombine/TheCombine/codecov.yml
debug - 2024-02-06 19:24:32,227 -- Starting create commit process --- {"commit_sha": "3ae8c57c7413fde413ca1f6c254dfcc18b29b6ce", "parent_sha": null, "pr": "2941", "branch": "codecov-v4", "slug": "sillsdev/TheCombine", "token": "9******************", "service": "github", "enterprise_url": null}
warning - 2024-02-06 19:24:33,252 -- Request failed. Retrying --- {"retry": 0}
warning - 2024-02-06 19:24:34,756 -- Request failed. Retrying --- {"retry": 1}
warning - 2024-02-06 19:24:36,772 -- Request failed. Retrying --- {"retry": 2}
Traceback (most recent call last):
  File "codecov_cli/main.py", line 81, in <module>
  File "codecov_cli/main.py", line 77, in run
  File "click/core.py", line [11](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:12)57, in __call__
  File "click/core.py", line 1078, in main
  File "click/core.py", line 1688, in invoke
  File "click/core.py", line 1434, in invoke
  File "click/core.py", line 783, in invoke
  File "click/decorators.py", line 33, in new_func
  File "codecov_cli/commands/commit.py", line 64, in create_commit
  File "codecov_cli/services/commit/__init__.py", line 28, in create_commit_logic
  File "codecov_cli/services/commit/__init__.py", line 64, in send_commit_data
  File "codecov_cli/helpers/request.py", line 65, in wrapper
Exception: Request failed after too many retries
[21[12](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:13)] Failed to execute script 'main' due to unhandled exception!
Error: Codecov: Failed to properly create commit: The process '/home/runner/work/_actions/codecov/codecov-action/f30e4959ba63075080d4f7f90cacc[18](https://github.com/sillsdev/TheCombine/actions/runs/7804991065/job/21288230413?pr=2941#step:6:19)d9f3fafd7/dist/codecov' failed with exit code 1

About this issue

Original URL
State: closed
Created 5 months ago
Reactions: 4
Comments: 41 (13 by maintainers)

Commits related to this issue

github/workflows: update GitHub actions to latest versions Fixes deprecation warnings such as: Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/set... — committed to Bastian-Krause/labgrid by Bastian-Krause 5 months ago
github/workflows: update GitHub actions to latest versions Fixes deprecation warnings such as: Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/set... — committed to Bastian-Krause/labgrid by Bastian-Krause 5 months ago
github/workflows: update GitHub actions to latest versions Fixes deprecation warnings such as: Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/set... — committed to Bastian-Krause/labgrid by Bastian-Krause 5 months ago
ci: reenacted codecov secret token With codecov action v3 or v4, even with _official_ tokenless support for open source repos, our CI sometimes fails because codecov hits a rate limit on github API. ... — committed to fredbi/go-swagger by fredbi 4 months ago
ci: reenacted codecov secret token With codecov action v3 or v4, even with _official_ tokenless support for open source repos, our CI sometimes fails because codecov hits a rate limit on github API. ... — committed to fredbi/go-swagger by fredbi 4 months ago
ci: reenacted codecov secret token With codecov action v3 or v4, even with _official_ tokenless support for open source repos, our CI sometimes fails because codecov hits a rate limit on github API. ... — committed to go-swagger/go-swagger by fredbi 4 months ago
ci: ignore Codecov token not found error PR from dependabot causes an error, so comment this out until the problem is resolved. See https://github.com/codecov/codecov-action/issues/1274 — committed to shu-mutou/dashboard by shu-mutou 3 months ago
Remove fail_ci_if_error option Having reports uploaded is not impotant, especially PR for dependency update. See following about bug for this option: https://github.com/codecov/codecov-action/issue... — committed to shu-mutou/dashboard by shu-mutou 3 months ago
ci: Fix CodeQL check and ignore codecov token error (#8827) * Fix CodeQL check As of now, we need to manually setup golang for 1.22. https://github.com/github/codeql/issues/15647#issuecomment-200376... — committed to kubernetes/dashboard by shu-mutou 3 months ago

Most upvoted comments

I believe if you navigate to https://app.codecov.io/account/gh/<your_GH_username> , and click the settings tab, you should find the ability to set the Global Upload Token

Well, I generated a token there, not setting one But then I still need to put it somewhere, from my understanding this would have to be on github side if you want it to work with
- uses: codecov/codecov-action@v4
  with:
    token: ${{ secrets.CODECOV_TOKEN }}
in all 30+ repos of my github account and CI

@dereuromark You need to create a new access token on https://app.codecov.io/account/gh/dereuromark/access

Then try this script (you need gh)

#!/usr/bin/env bash

if [[ -z "$CODECOV_TOKEN" ]]; then
    echo "CODECOV_TOKEN is not set" >&2
    exit 1
fi

GITHUB_USER="dereuromark"
GITHUB_REPOS=("$@")

if [[ ${#GITHUB_REPOS[@]} -eq 0 ]]; then
    IFS=" " read -r -a GITHUB_REPOS <<< "$(
        gh api --paginate \
            -H "Accept: application/vnd.github+json" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            "/users/$GITHUB_USER/repos" \
            --jq '.[] | select(.archived == false) | .name' \
            | cat
    )"
fi

for GITHUB_REPO in "${GITHUB_REPOS[@]}"; do
    echo "[$GITHUB_REPO]"

    CODECOV_UPLOAD_TOKEN=$(
        curl -s -q "https://api.codecov.io/api/v2/github/$GITHUB_USER/repos/$GITHUB_REPO/config/" \
            -H 'accept: application/json' \
            -H "authorization: Bearer $CODECOV_TOKEN" 2>/dev/null | jq -r '.upload_token // ""'
    )

     if [[ -z "$CODECOV_UPLOAD_TOKEN" ]]; then
        echo -e "\033[0;31m✗\033[0m Error getting CODECOV_UPLOAD_TOKEN" >&2
        echo

        continue
     fi

    echo -e "\033[0;32m✓\033[0m Upload token: $CODECOV_UPLOAD_TOKEN"

    gh secret set CODECOV_TOKEN --body "$CODECOV_UPLOAD_TOKEN" --repo "$GITHUB_USER/$GITHUB_REPO"
    gh secret set CODECOV_TOKEN --body "$CODECOV_UPLOAD_TOKEN" --repo "$GITHUB_USER/$GITHUB_REPO" --app dependabot

    echo
done

nhatthm on Mar 2, 2024

@dereuromark you need to add the Codecov token

Error: Codecov token not found. Please provide Codecov token with -t flag.

Instructions to do so are here

thomasrockhu-codecov on Feb 7, 2024

@jmgrady can you confirm this is working for you now?

For everyone else, please note that this thread is getting a little bit crazy. There are a few root causes that we have since patched. If you are still experiencing this issue, please open a new issue so that we can track.

thomasrockhu-codecov on Mar 7, 2024

OK my bad in thinking my personal global update token works here, I used the token generated earlier on my own name, and not the org (different flow on the codecov website apparntly, And global update token doesnt work here. The repo token from the org works then.

dereuromark on Feb 9, 2024

it looks working now. I will provide it more time for test.

Czaki on Feb 9, 2024

@rohan-at-sentry This is PR to update codecov to version 4 in my repository https://github.com/4DNucleome/PartSeg/pull/1066 As you can see, it is open source, and it is failing. This repository has already set up the codecov token and PR is done from the same repository (dependabot creates a branch from the same repository in my case). And even on PR from the same repo, the secret is not passed.

I try to play with workflow_run trigger. Like this:

on:
  workflow_run:
    workflows: [Tests]
    types:
      - completed

But it ends with codecov failing to determine PR/commit.

If you could fix codecov action to work in workflow triggered by workflow_run, then it is possible to provide tokens for the uploader. And provide extensible instructions on how to upload codevov results using action/upload@v4 and download the results in the next workflow (triggered by workflow_run) to have a properly working upload.

Czaki on Feb 8, 2024

Hi @Czaki @dereuromark something I’d like to clarify here

On requiring a token This is primarily a performance need. Codecov works by making an API call to GitHub to confirm that the repo and commit are the correct values. Making this call for thousands of repositories causes our GitHub token to hit the limit causing the issues that many of you may have seen - see https://github.com/codecov/feedback/issues/126 as an example

On impacting contribution flows

We’re aware that for open source contributors, the fork->commit-> PR workflow (which is by far the most common) would be impacted if we enforced token usage aggresively, so currently we DO NOT require forked repos to setup a token. You can read more on our blog (look for the section called Future of tokenless

On adding a single token for multiple repos

This usecase is served by using Codecov’s GLOBAL UPLOAD TOKEN. Here’s how to set that up (docs)

I hope this helps, please don’t hesitate to reach out if you have challenges with this.

rohan-at-sentry on Feb 8, 2024

Yes. I point a problem with v4. Where token will not help for typical OSS.

Czaki on Feb 8, 2024

Same here, Codecov still states this is not required for public projects, but bumping to v4 fails to publish it

gmazzo on Feb 6, 2024