Comments (12)
For us, it fails every time I've tried to upload because of the rate limiting, when doing tokenless. If I try to use the token then I get the problem @alexdlaird mentioned.
from codecov-action.
Thanks @rohan-at-sentry - but my questions were to take in the context of the GH rate-limiting issue when tokenless is used, so I'm trying to not use tokenless. If I understand correctly, @alexdlaird was saying that it's possible to pass tokens for forks PRs , which is what I don't understand because I can't make it work.
from codecov-action.
Same problem here. It really doesn't seem like codecov with github actions is going to work for our project. https://github.com/hyperledger/aries-cloudagent-python
I'm going to consider alternatives. Too many issues trying to get this working.
from codecov-action.
@alexdlaird @jamshale - my assumption is that you're looking to find a way to ensure forks of your repos are able to upload to Codecov. This is currently permitted without a token see here. Let me know if I have misunderstood
from codecov-action.
@jamshale is the codecov GitHub app installed for your org / is it given access to the repo in question? in general across codecov installing the app should give your org its own rate limit, and that should apply here as well
we're currently working on an improvement to upload authentication and tokenless behavior and will update docs accordingly soon
from codecov-action.
No, I am not referring to PRs from forked repos. A PR from with your same repo still does not have access to secrets with pull_request
trigger, only push
and pull_request_target
.
Previously, I was using tokenless uploads. I recently upgraded to the GitHub Action v4, and in that version, you are now requiring the token—from this, I surmised tokenless upload is going away (though it sounds like maybe that's not true, from what you're describing)? In either case, once I upgraded to v4 of the action and was required to provide a token via a secret, PR coverage reports stopped working for the reasons I've described above.
Obviously, I could roll back to an older version of the GitHub Action and use tokenless upload again, but that's why I raised this question (and like @jamshale, my experience for the last several years, on dozens of repos in my personal GitHub account, is very inconsistent behavior from tokenless uploads). What is the intent for the future here (since old versions of the GitHub Action also use legacy Node versions taht GitHub has stopped supporting)? This seems like it will be an issue for any coverage reporting tool that requires a token, so how are open source projects supposed to do this going forward?
GitHub used to allow secrets to be passed down via a pull_request
trigger, but since that change, I think that's where a lot of this confusion is coming from, and I'm just trying to understand what the solutions are going forward, for this tool, and for other tools.
from codecov-action.
And yes, I have the Codecov integration installed on my GitHub account, and it is enabled for all repos.
from codecov-action.
I see ya'll do this though:
https://github.com/codecov/codecov-action/blob/main/.github/workflows/main.yml#L26C1-L27C1
And it looks like PR comments still work for ya'll (example: #1410 (comment))
And now I'm wondering if I'm crazy. I went to find the docs I was referencing about pull_request
not passing secrets, and I see what you're saying now about the docs saying that applies to forked repos. But ... I dunno what to say, PRs from my own repo don't have access to secrets unless I see pull_request_target
(which I don't want to do), sooooo ... not sure what I'm missing here.
from codecov-action.
@alexdlaird would you be open to a call next week to help me understand how we could improve this? You can find time on my calendar if it's easier.
from codecov-action.
Alright, I believe I've resolved my issue with some additional research. It's not clearly documented, so going to leave my findings here, in case others stumble across this with a similar issue.
For clarity, the PRs I was specifically have issues with that appeared flaky to me were Dependabot PRs (though I didn't immediately make this correlation). Though Dependabot opens the PRs on the repo itself, they act similar to a forked repo in regards to permissions, which is to say, the dependabot[bot]
actor is only granted a read-only token and is not passed secrets (this changed in 2021, so it's not "new" behavior by any means, but if others are confused, it has changed) unless you trigger the workflow with pull_request_target
, which isn't a secure solution—this is where I was getting confused about the "fork" thing, since the behavior is similar. I actually discovered this while troubleshooting an auto-merge action I was using (sidebar on that in case that also brings others here, with GitHub's auto-merge feature now being a thing, a simple CLI command step is all you need for this now, not third-party action, which I've also found to be pretty flaky. CLI example here).
So, assuming you set CODECOV_TOKEN
as a secret on the repo, and assuming the PRs triggering the workflow aren't Dependabot PRs, the v4 Codecov Action is working for me now on regular PRs, just not ones opened by Dependabot (but that's fine, don't care about coverage in that case). If I remove the token, I do still see 429s, even on a single execution, but I don't really need to troubleshoot that issue if token uploads are working for me, which they are now. Hopefully this context helps someone else too. Thanks!
from codecov-action.
Hi @alexdlaird , thanks for your explanations, but there's still something confusing me: are you saying v4 works even on PRs coming from forked repos? Or does the PR have to come from the base repo itself?
My understanding was that secrets are not available on pull_request
events, hence it just cannot work, or is that assumption wrong?
Personally I'm still seeing this issue, with this log that shows that tokenless is being used:
Run codecov/codecov-action@v4
with:
files: ./cover.out
flags: unittests
fail_ci_if_error: true
verbose: true
env:
CODECOV_TOKEN:
evenName: pull_request
baseRef: netobserv:main | headRef: jpinsonneau:740
==> Fork detected, tokenless uploading used
Related side question: is it necessary to have a report upload in order to have the codecov comment posted in the PR? Wouldn't it be possible to just disable uploads, but keep posting comments, and have uploads only on push
events?
PS: I tried with both v4 and v4.4.1 ... not sure if "v4" acts as a pointer to latest
from codecov-action.
are you saying v4 works even on PRs coming from forked repos? Or does the PR have to come from the base repo itself?
V4 allows uploads from both forked as well as the base repo. PRs from forked repos don't need tokens for reports to be upload to codecov. PRs from the "upstream" repo, need a token today.
Related side question: is it necessary to have a report upload in order to have the codecov comment posted in the PR?
This is correct - Codecov will post a comment after it receives and successfully processes a coverage report.
from codecov-action.
Related Issues (20)
- Error: `Commit creating failed: {"detail":"You do not have permission to perform this action."}` HOT 4
- Request failed after too many retries HOT 3
- [v4] How to specify gcov options
- Unable to specify coverage reports flags per file HOT 1
- Codecov v4 - pull_request_review not trigger codecov build
- [CPU] Better CPU architecture detection
- Not valid tokenless upload even with a token HOT 2
- Intermittent GHA Failure HOT 2
- action fails to process non-ASCII Go source file on Windows
- Documentation of tokenless upload feature is no longer available
- Could not find a repository associated with upload token
- Exception: Request failed after too many retries HOT 5
- Not valid tokenless upload HOT 5
- `Unknown system error ` on `macos-13` runner HOT 2
- FileNotFoundError for non-ASCII file names HOT 1
- Coverage upload failure "Failed to properly create commit" HOT 2
- gitlab + monorepo + cli gives commit creating failed
- Uploads throttled while using token-based upload from public repo HOT 2
- upload crash with deprecated error [false alarm] HOT 1
- CodeCov is working on push, but not on PR HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codecov-action.