[v4] Upload failed: {"detail":"Invalid token."}

[kingbuzzman]

Migrating to v4 and getting this error on this PR.

==> linux OS detected
https://cli.codecov.io/latest/linux/codecov.SHA256SUM
==> Running version latest
==> Running version v0.4.6
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit -C ff8262c85073bd51450c5f271a3858464805aa9d
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

gpg: Signature made Fri Feb  2 14:15:33 2024 UTC
gpg:                using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C  62FF 806B B28A ED77 9869

==> Uploader SHASUM verified (103bfefcc56f76473179e600b96eb8150b0f349ad94836b0f63f03ffac469ad7  codecov)
info - 2024-02-02 18:[12](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:13):29,671 -- ci service found: github-actions
info - 2024-02-02 18:12:29,874 -- Process Commit creating complete
error - 2024-02-02 18:12:29,874 -- Commit creating failed: {"detail":"Invalid token."}
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-report'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-report -C ff8262c85073bd5[14](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:15)50c5f271a3858464805aa9d
info - 2024-02-02 [18](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:19):12:30,609 -- ci service found: github-actions
info - [20](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:21)[24](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:25)-02-02 18:12:30,774 -- Process Report creating complete
error - 2024-02-02 18:12:30,774 -- Report creating failed: {"detail":"Invalid token."}
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload -C ff8[26](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:27)2c85073bd51450c5f[27](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:28)1a[38](https://github.com/kingbuzzman/django-squash/actions/runs/7759864111/job/21164856902#step:7:39)58464805aa9d
info - 2024-02-02 18:12:31,495 -- ci service found: github-actions
warning - 2024-02-02 18:12:31,506 -- xcrun is not installed or can't be found.
warning - 2024-02-02 18:12:31,511 -- No gcov data found.
info - 2024-02-02 18:12:31,512 -- Generating coverage.xml report in /home/runner/work/django-squash/django-squash
info - 2024-02-02 18:12:31,662 -- Wrote XML report to coverage.xml
info - 2024-02-02 18:12:31,675 -- Found 1 coverage files to upload
info - 2024-02-02 18:12:31,675 -- > /home/runner/work/django-squash/django-squash/coverage.xml
info - 2024-02-02 18:12:31,831 -- Process Upload complete
error - 2024-02-02 18:12:31,831 -- Upload failed: {"detail":"Invalid token."}

under "Upload coverage to Codecov"

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v4
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

I ensured that secrets.CODECOV_TOKEN is correct. via echo "${{ secrets.CODECOV_TOKEN }}" | wc -c -- got 37 characters, looks good.

Funny thing is, it does NOT fail... It should, but doesn't. Im so confused, some guidance would be much appreciated.

[webknjaz]

Funny thing is, it does NOT fail... It should, but doesn't.

#266

[jonhoo]

I'm seeing the same thing in jonhoo/faktory-rs#52 when using:

      - name: Upload to codecov.io
        uses: codecov/codecov-action@v4
        with:
          fail_ci_if_error: true
          token: ${{ secrets.CODECOV_TOKEN }}
          env_vars: OS,RUST

Although my job does fail (since I set fail_ci_if_error).
I have confirmed that the CODECOV_TOKEN is indeed set in the repository secrets section, and even re-generated a new fresh token from codecov.io to use, but no dice.

[jonhoo]

Ah, I think I may have figured out what's wrong, though still confirming. On the codecov.io page, make sure you select the right branch in the "branch context" drop-down near the top. Mine was set to master, even though I've since renamed my primary branch to main. When I changed it to main, I got a different token. Trying that now.

[jonhoo]

Yep, that did the trick! Not sure why the wrong branch was selected originally, nor why the token for main was the one needed here (after all, the coverage report was for the PR's branch, not main), but it worked, so \o/

[kingbuzzman]

OK. Update, changed the action to what you suggested; but what i think did the trick was going to codecov.io > {my project} > settings > and using the token in the page.

I stupidly was using the Profile > api token.

Thank you for the support!

[thomasrockhu-codecov]

@rohan-at-sentry, something seems strange here, the token shouldn't have changed. Can you take a look into this?

[kingbuzzman]

So the code that worked for my dev branch is now failing on master. nothing changed (just got merged). https://github.com/kingbuzzman/django-squash/actions/runs/7865828819/job/21459307944#step:7:36 any ideas? -- im contemplating just going back to v3

[rohan-at-sentry]

@kingbuzzman I see from your your tests.yml that you've set the codecov token in the yaml. Can you confirm that you've obtained a token correctly? Use this to help. Pl. note, a lot of people do trip up on is copying the CODECOV_TOKEN= into the Secret field

[kingbuzzman]

It worked last week. My understanding is that these environment secrets are for all PRs/environments.

got it from here

[rohan-at-sentry]

Yeah that looks correct. Let me dig in more here. I do notice similar errors all the way back from last week https://github.com/kingbuzzman/django-squash/actions/runs/7777959713/job/21206973008#step:7:35 (for example), although that could be related to when you initially opened this issue

[joseph-sentry]

@kingbuzzman I think this is happening because the django-squash job in release.yml which runs on push to main is not inheriting secrets, so the token argument is not being passed to the codecov-action. I think the daily-tests job in daily_tests.yml is also not inheriting secrets.

[kingbuzzman]

I think the daily-tests job in daily_tests.yml is also not inheriting secrets.

Yup, thats was it. Thank you!!

[kingbuzzman]

closing.