Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Unable to locate build via Github Actions API" for the public repository #126

Closed
AlekSi opened this issue Sep 26, 2022 · 65 comments · Fixed by opdt/keycloak-cassandra-extension#13

Comments

@AlekSi
Copy link

AlekSi commented Sep 26, 2022

Seems to be the same as closed codecov/codecov-action#557.
Similar to codecov/codecov-action#803 and codecov/codecov-action#598.
Here was a request to create a new issue in that case, so here it is.

https://github.com/FerretDB/FerretDB/actions/runs/3130125909/jobs/5080024795

@yurishkuro
Copy link

Getting the same several times today, but it is transient: https://github.com/jaegertracing/jaeger/actions/runs/3136909140/jobs/5094405179

@thomasrockhu-codecov
Copy link
Contributor

@AlekSi @yurishkuro if you have installed the Codecov GitHub app, the only reason I can think of for getting that message is that the access token used is hitting a GitHub rate limit. Do you use any other GitHub apps or know why that might be?

@yurishkuro
Copy link

@thomasrockhu-codecov
Copy link
Contributor

thomasrockhu-codecov commented Sep 28, 2022

@yurishkuro to be clear, those two things are not mutually exclusive. The app is used by Codecov to communicate with GitHub (e.g. check the codecov yaml, post the PR comment and status checks). The Action is used to upload coverage reports to Codecov.

@yurishkuro
Copy link

Yes, we do have Codecov app as well. But the errors are coming from GH Action.

@AlekSi
Copy link
Author

AlekSi commented Sep 28, 2022

to be clear, those two things are mutually exclusive

I guess you mean "are not".

Yes, we do have that app installed. We also use a few other GitHub apps. Do they all use the same token (and what token is that)?

@GiyoMoon
Copy link

GiyoMoon commented Sep 28, 2022

@AlekSi
Copy link
Author

AlekSi commented Sep 29, 2022

@jgarivera
Copy link

I also have the same error during this run. codecov/codecov-action@v2 was able to upload successfully though.

@YonatanKra
Copy link

Hi,
Worked fine this morning - started again now.

@GiyoMoon
Copy link

GiyoMoon commented Oct 3, 2022

Oh great, I just re-run my job and it worked too.

@thomasrockhu-codecov
Copy link
Contributor

thomasrockhu-codecov commented Oct 3, 2022

I am wondering if the disruption with GitHub had anything to do with this uptick in this issue. If so, apologies, I know the error message could have been far better crafted. We are working on making it more actionable.

As far as I know, this error message happens when we ping GitHub to confirm that the build being uploaded to Codecov matches with a real build for the same repository. This is one of the checks we do for public repositories that aren't using an upload token. I'm guessing that API call went a little haywire a few days ago.

@AlekSi
Copy link
Author

AlekSi commented Oct 3, 2022

That accident was resolved 6 days ago, but we are seeing the same issue right now: https://github.com/FerretDB/FerretDB/actions/runs/3175008916/jobs/5172514896

@thomasrockhu-codecov
Copy link
Contributor

Ok, I think I tracked down the underlying issue here. I've made a ticket for the product team

@thomasrockhu-codecov
Copy link
Contributor

I'll be tracking progress on this communty post

@thomasrockhu-codecov
Copy link
Contributor

In the short term if this is actively blocking you, I would suggest using the upload token 😬

@MetRonnie
Copy link

MetRonnie commented Oct 6, 2022

We've got a public repo, the Codecov GH app installed, CODECOV_TOKEN stored in secrets, using with: token: ${{ secrets.CODECOV_TOKEN }} but still getting "Passed token was 0 characters long"

Example (succeeded on this occasion, but failed another time before I enabled verbose mode): https://github.com/cylc/cylc-flow/actions/runs/3196165816/jobs/5217734063#step:16:102

@AlekSi
Copy link
Author

AlekSi commented Oct 6, 2022

Secrets are not available for pull_request events from forks: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflows-in-forked-repositories

@dixudx
Copy link

dixudx commented Oct 10, 2022

Github action codecov/codecov-action@v2 used to work, but failed these days.

So I try new version codecov/codecov-action@v3. It just goes back to normal. 😄

BenjaminBossan referenced this issue in BenjaminBossan/skops Oct 11, 2022
I'm observing a lot of:

> Error: Codecov: Failed to properly upload: The process
> '/Users/runner/work/_actions/codecov/codecov-action/v2/dist/codecov'
> failed with exit code 255

Recently. Unfortunately, this seems to be a hard to reproduce bug, as it
sometimes happens and sometimes not. Reading through some codecov
issues:

- https://github.com/codecov/codecov-action/issues/837
- codecov/codecov-action#598

updating their action to v3 was mentioned as a possible solution.
@MetRonnie
Copy link

So the problem seems to be that, without the token, the upload is getting rate limited sometimes, and thus failing. And using the token in the action does not work for PRs from forks as @AlekSi has pointed out.

(This is the case for v3 of the action)

@melink14
Copy link

melink14 commented Feb 7, 2024

@adamjstewart I might be missing something but I don't see where you uploaded the commit ref for later downloading in your coverage action. The action seems to be getting it from the github event object still.

@kdarkhan
Copy link

kdarkhan commented Feb 7, 2024

@adamjstewart I see you are using github.event.workflow_run.pull_requests.head.sha here - which does not work as I described in google/mdbook-i18n-helpers#168.

The syntax should have been github.event.workflow_run.pull_requests[0].head.sha - but due to a bug in Github actions event passing, it is flaky.

My workaround is to get this sha from the original PR as I described higher.

@adamjstewart
Copy link

Thanks for the link. I'm slowly rediscovering all the reasons you had to jump through so many hoops. I think I've managed to find a simpler way to download artifacts than what you're using, but it looks like all the rest of your JavaScript is still necessary.

Need to decide if we're expected to implement all of this ourselves or start looking for codecov alternatives. Would love an official response from codecov as to how they expect people to use their action.

@yurishkuro
Copy link

Even with v3, it works 50% of the time at best due to GitHub's API rate limits.

@adamjstewart could you elaborate how GitHub API rate limits are in play here? Why does having a Codecov token make a difference w.r.t. GH rate limits?

@rohan-at-sentry
Copy link

rohan-at-sentry commented Feb 7, 2024

@adamjstewart - I'm a PM on the codecov team.

I'll take a look at why you're having the issue you described here, what you're describing is not the intended set up experience here. I'll respond back here with an update as soon as I have one

@rohan-at-sentry
Copy link

@yurishkuro

To clarify, the reason why a token-less only approach has been so problematic over the past few years has been due to GitHub's rate limiting. Tokenless generally works by making an API call to GitHub to confirm that the repo and commit are the correct values. Making this call for thousands of repositories causes our GitHub token to hit the limit causing the issues that many of you have seen (e.g. Unable to locate build via Github Actions API).

As a result, we needed to make decisions on how best to serve our users. This means that tokenless uploading is not currently sustainable until GitHub allows for higher rate limited APIs.

The open source (OS) community is a major user and proponent of Codecov. A very common flow for them is to have outside contributors fork the repo, make changes, and open a PR to the upstream repository with that change. Unfortunately, GitHub does not have a way to share secrets with contributors. In order to provide support for these OS projects, we added a way for open source contributions to forks not require a token

@thomasrockhu-codecov
Copy link
Contributor

Hi all (@kdarkhan @adamjstewart @melink14), I'm moving the conversation over to this issue regarding workflow_run. I think this particular issue is unrelated.

@melink14
Copy link

To clarify for future readers, the reason it is related to this issue is that it explains how to securely use codecov for PRs from forks in public OS repos.

There's no problem except that GitHub has some bugs and makes the process annoying for security reasons (as far as I know).

I guess the other issue can be used to investigate simplifications to the process.

@ST-DDT
Copy link

ST-DDT commented Mar 12, 2024

I recently noticed an increased error rate regarding tokenless for PRs (we are using codecov action v4.1.0).

Is there a solution recommended by the codecov team on how to solve that?
Could you extend your Setup GithubAction guide to include that recommendation?

@thomasrockhu-codecov
Copy link
Contributor

@ST-DDT can you open a new issue about that? I'm going to close this one as the solution to the original is to add the token.

@ST-DDT
Copy link

ST-DDT commented Mar 12, 2024

can you open a new issue about that?

Done: #301

perlpunk added a commit to perlpunk/os-autoinst that referenced this issue Apr 9, 2024
The documentation is very confusing, but it seems to me that the new
version supports tokenless uploads in a better way.

It says everywhere that a token is really required, but then it also
says that PRs from forks are an exception to that (but that is
how it has been in the past anyway).

So let's see if this helps.

https://docs.codecov.com/docs/codecov-uploader#supporting-tokenless-uploads

https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954/22
codecov/feedback#126
codecov/engineering-team#665
https://github.com/codecov/codecov-action
alex-dzeda pushed a commit to CMSgov/bcda-app that referenced this issue Apr 24, 2024
## 🎫 Ticket

n/a

## 🛠 Changes

removing codecov from CI, since sonarqube is doing the same thing and
tokenless is hitting a github api limit.

## ℹ️ Context for reviewers

[Link to
discussion](codecov/feedback#126)
on tokenless codecov generation and rate limiting.

## ✅ Acceptance Validation

n/a

## 🔒 Security Implications

- [ ] This PR adds a new software dependency or dependencies.
- [ ] This PR modifies or invalidates one or more of our security
controls.
- [ ] This PR stores or transmits data that was not stored or
transmitted before.
- [ ] This PR requires additional review of its security implications
for other reasons.

If any security implications apply, add Jason Ashbaugh (GitHub username:
StewGoin) as a reviewer and do not merge this PR without his approval.
victorlin added a commit to nextstrain/augur that referenced this issue Jun 26, 2024
Not necessary for public repos but decreases chance of upload failures
due to GitHub rate limiting.

<codecov/feedback#126>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Waiting for: Product Owner
Development

Successfully merging a pull request may close this issue.