Tokenless uploading for forks is hitting rate limits

[escopecz]

PRs on an open source GitHub repo are randomly failing with error:

Run codecov/codecov-action@v4
==> linux OS detected
https://cli.codecov.io/latest/linux/codecov.SHA256SUM
==> Running version latest
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED779869: public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

gpg: Signature made Thu Apr 18 16:30:38 2024 UTC
gpg:                using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C  62FF 806B B28A ED77 9869

==> Running version v0.5.2
==> Running git config --global --add safe.directory /home/runner/work/mautic/mautic
/usr/bin/git config --global --add safe.directory /home/runner/work/mautic/mautic
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit --git-service github -C 1931d118de7065782cbbc3654b348ca98fab15af -Z
==> Uploader SHASUM verified (e70beb7c9e3d894678e7d4d0fcb94e59[13](https://github.com/mautic/mautic/actions/runs/8848529286/job/24298910753?pr=13697#step:11:14)3212dbda5ca7406b625a0167ce4ca8  codecov)
info - 2024-04-26 13:06:01,971 -- ci service found: github-actions
info - 2024-04-26 13:06:02,272 -- The PR is happening in a forked repo. Using tokenless upload.
info - 2024-04-26 13:06:02,454 -- Process Commit creating complete
error - 2024-04-26 13:06:02,454 -- Commit creating failed: {"detail":"Tokenless has reached GitHub rate limit. Please upload using a token: https://docs.codecov.com/docs/adding-the-codecov-token. Expected available in 800 seconds."}
Error: Codecov: Failed to properly create commit: The process '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov' failed with exit code 1

See it live: https://github.com/mautic/mautic/actions/runs/8848529286/job/24298910753?pr=13697

The CODECOV_TOKEN is actually set here: https://github.com/mautic/mautic/blob/5.x/.github/workflows/tests.yml#L104 and in the GH Action secrets too.

I started the discussion here: codecov/codecov-action#1275 (comment) but was asked by @thomasrockhu-codecov to open a new issue as this seem to be an edge case.

[thomasrockhu-codecov]

jest-community/eslint-plugin-jest#1494 (comment)

[escopecz]

@thomasrockhu-codecov are you suggesting that the CODECOV_TOKEN secret is misconfigured? I tripple-ckecked that already and generated a new token to be sure the value was correct. I can't think of a way how it could be misconfigured.

[thomasrockhu-codecov]

No @escopecz I don't think your issue is a misconfiguration. I think this is an edge case that we are currently working on finding a solution for.

[thomasrockhu-codecov]

@escopecz @SimenB btw, this is high priority for me right now. I'm going to move this issue to our feedback repo for more visibility and will keep updated as I get updates.

[mmomtchev]

I have this issue even when using @v3 or the bash uploader and I am using a token in both cases. Any ideas for temporary workaround?

[Gsantomaggio]

Hi all,
Not sure if it is the same problem, but I have some pipe blocked on:

https://codecov.io/upload/v4?package=bash-1.0.6&token=<hidden>&package=bash-1.0.6&token=&branch=xxxx&commit=xxxxxxxxxxf&build=8924185770&build_url=https%3A%2F%2Fgit.luolix.top%.....

I left it running for > 20 minutes, and it is still there ...

Thank you

[escopecz]

Yes, it was happening on v3 for us as well. We upgraded to v4 only because it was suggested here. The only thing that was changed was the error message.

[thomasrockhu-codecov]

@mmomtchev, @Gsantomaggio can you point to a URL or logs of the issue?

[mmomtchev]

The three last failures are related: https://github.com/mmomtchev/pymport/actions

[thomasrockhu-codecov]

@mmomtchev this isn't from a fork so tokenless does not exist. You will need to add the token.

[thomasrockhu-codecov]

@Gsantomaggio please open a new issue for this as I think it's a different root cause and symptom

[mmomtchev]

@mmomtchev this isn't from a fork so tokenless does not exist. You will need to add the token.

I have the token. This workflow has been running for years, it suddenly stopped a few days ago.

[thomasrockhu-codecov]

@mmomtchev you don't seem to be passing it into the action

You also should see this log line

[2024-05-02T12:58:53.829Z] ['info'] -> No token specified or token is empty

[Gsantomaggio]

@mmomtchev here is the issue: https://github.com/rabbitmq/rabbitmq-stream-go-client/actions/runs/8924185770/job/24511690493

It worked for years without problems

Thank you

[thomasrockhu-codecov]

@Gsantomaggio you have a different issue, please see #354

[Spacetown]

I've the same issue. A token is configured but it isn't used since it's a PR from a fork to the upstream repository:

The log shows that the token is ignored and then we get the rate limit. This was working for years.

info - 2024-05-02 21:36:48,479 -- The PR is happening in a forked repo. Using tokenless upload.
info - 2024-05-02 21:36:48,736 -- Process Commit creating complete
debug - 2024-05-02 21:36:48,736 -- Commit creating result --- {"result": "RequestResult(error=RequestError(code='HTTP Error 429', params={}, description='{\"detail\":\"Tokenless has reached GitHub rate limit. Please upload using a token: https://docs.codecov.com/docs/adding-the-codecov-token. Expected available in 191 seconds.\"}'), warnings=[], status_code=429, text='{\"detail\":\"Tokenless has reached GitHub rate limit. Please upload using a token: https://docs.codecov.com/docs/adding-the-codecov-token. Expected available in 191 seconds.\"}')"}
error - 2024-05-02 21:36:48,736 -- Commit creating failed: {"detail":"Tokenless has reached GitHub rate limit. Please upload using a token: https://docs.codecov.com/docs/adding-the-codecov-token. Expected available in 191 seconds."}

[WSH032]

I have the same issue, and I'm using v3.

I have added a token to my repository, but PRs from forks are using the token-less mode, and all uploads are encountering rate limits.

---

EDIT

Upgrading to v4 has resolved this issue.

[leofeyer]

A token is configured but it isn't used since it's a PR from a fork to the upstream repository:

codecov/codecov-action#1471 could be a possible fix until codecov/engineering-team#1574 has been discussed and implemented.