token: is required even for forks

[KATT]

@KATT , the CODECOV_TOKEN is currently required even for OSS-projects.

As for forks of repos, if the fork is creating a PR against itself, it will need its own CODECOV_TOKEN. However, if it is making a PR against the upstream repo, the token and access to the token are not required.

Originally posted by @thomasrockhu-codecov in #1368 (comment)

I've highlighted the bit in the message here that isn't working.

[...] if it is making a PR against the upstream repo, the token and access to the token are not required.

I updated our CI to use null as a token if it is a fork, but it doesn't work.

The .yaml

https://github.com/trpc/trpc/blob/3142da9dadfd01bca9bd58126b585381d9482517/.github/workflows/main.yml#L47-L51

Below, I'm passing null as a token if it is a fork.

- uses: codecov/codecov-action@v4
  with:
    fail_ci_if_error: true
    # only use token if not a fork PR
    token: ${{ github.event.pull_request.head.repo.fork == false && secrets.CODECOV_TOKEN || null }}

Failing PR

I tried doing a forked PR against my own repo to see if it worked

• chore: fix codecov for forks trpc/trpc#5688
• https://github.com/trpc/trpc/actions/runs/8868427032/job/24348000802?pr=5688

Full output

==> linux OS detected
https://cli.codecov.io/latest/linux/codecov.SHA256SUM
==> Running version latest
==> Running version v0.5.2
==> Running git config --global --add safe.directory /home/runner/work/trpc/trpc
/usr/bin/git config --global --add safe.directory /home/runner/work/trpc/trpc
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit --git-service github -C c5ca8af6f6939ebcec9351fe38b4a45b335ed72e -Z
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Error: write EPIPE
    at afterWriteDispatched (node:internal/stream_base_commons:160:15)
    at writeGeneric (node:internal/stream_base_commons:151:3)
    at Socket._writeGeneric (node:net:952:11)
    at Socket._write (node:net:964:8)
    at writeOrBuffer (node:internal/streams/writable:447:12)
    at _write (node:internal/streams/writable:389:10)
    at Socket.Writable.end (node:internal/streams/writable:665:17)
    at Socket.end (node:net:722:31)
    at module.exports (/home/runner/work/_actions/codecov/codecov-action/v4/node_modules/gpg/lib/spawnGPG.js:50:1)
    at Object.call (/home/runner/work/_actions/codecov/codecov-action/v4/node_modules/gpg/lib/gpg.js:28:1)

[KATT]

ah, empty string works, but not null

if anyone else struggles:

- uses: codecov/codecov-action@v4
  with:
    fail_ci_if_error: true
    # only use token if not a fork PR
    token: ${{ github.event.pull_request.head.repo.fork == false && secrets.CODECOV_TOKEN || '' }}

[thomasrockhu-codecov]

@KATT I think this is actually a symptom of something else. Yes, it needs to be not null, but just having ${{ secrets.CODECOV_TOKEN }} should default to '' if it's not present.

The EPIPE issue is unfortunately unrelated

[KATT]

Thanks for responding on a closed issue! 🙏