v4 action and "You do not have permission to perform this action."

[hellt]

Hi,
I am facing issues with codecov v4 update.
Starting with docs not being updated to mention the new global token requirement (outside of the action repo).

I then added the token to my org, but now the codecov action defined like this:

      - name: Upload coverage to codecov
        uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}

errors with:

Run codecov/codecov-action@v4
  with:
    token: ***
  env:
    GO_VER: 1.[2](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:2)0.2
    CGO_ENABLED: 0
    MKDOCS_INS_VER: 9.1.4-insiders-4.[3](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:3)2.[4](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:4)-hellt
    GORELEASER_VER: v1.11.4
    PY_VER: 3.10
    GOROOT: /home/runner/work/containerlab/setup-go-faster/go/1.20.2/x64
==> linux OS detected
https://cli.codecov.io/latest/linux/codecov.SHA2[5](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:5)[6](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:6)SUM
==> Running version latest
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: /home/runner/.gnupg/trustdb.gpg: trustdb created
gpg: key 806BB28AED[7](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:7)79[8](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:8)6[9](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:9): public key "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" imported
gpg: Total number processed: 1
gpg:               imported: 1

gpg: Signature made Fri Feb  2 14:15:33 2024 UTC
gpg:                using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Good signature from "Codecov Uploader (Codecov Uploader Verification Key) <security@codecov.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2703 4E7F DB85 0E0B BC2C  62FF 806B B28A ED77 9869

==> Running version v0.4.6
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-commit -C a7469fee15f4c49bdba79411ef112e50e25060a7
==> Uploader SHASUM verified ([10](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:10)3bfefcc56f76473179e600b96eb8150b0f349ad94836b0f63f03ffac469ad7  codecov)
info - 2024-02-06 18:[11](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:12):03,990 -- ci service found: github-actions
info - 2024-02-06 18:11:04,133 -- Process Commit creating complete
error - 2024-02-06 18:11:04,133 -- Commit creating failed: {"detail":"You do not have permission to perform this action."}
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-report'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov create-report -C a7469fee15f4c49bdba79411ef1[12](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:13)e50e25060a7
info - 2024-02-06 18:11:04,866 -- ci service found: github-actions
info - 2024-02-06 18:11:04,987 -- Process Report creating complete
error - 2024-02-06 18:11:04,987 -- Report creating failed: {"detail":"You do not have permission to perform this action."}
==> Running command '/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload'
/home/runner/work/_actions/codecov/codecov-action/v4/dist/codecov do-upload -C a7469fee[15](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:16)f4c49bdba79411ef112e50e25060a7
info - 2024-02-06 [18](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:19):11:05,725 -- ci service found: github-actions
warning - [20](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:21)[24](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:25)-02-06 18:11:05,7[36](https://github.com/srl-labs/containerlab/actions/runs/7804013061/job/21285579533#step:7:37) -- xcrun is not installed or can't be found.
warning - 2024-02-06 18:11:05,746 -- No gcov data found.
warning - 2024-02-06 18:11:05,746 -- coverage.py is not installed or can't be found.
info - 2024-02-06 18:11:05,769 -- Found 1 coverage files to upload
info - 2024-02-06 18:11:05,769 -- > /home/runner/work/containerlab/containerlab/coverage.out
info - 2024-02-06 18:11:05,977 -- Process Upload complete
error - 2024-02-06 18:11:05,978 -- Upload failed: {"detail":"You do not have permission to perform this action."}

Is there anything else besides the upload token that needs to be done to make v4 work?

[thomasrockhu-codecov]

@rohan-at-sentry, do you mind taking a look into this? Looks like a global upload token thing

[thomasrockhu-codecov]

@hellt can you confirm that you pulled the token from the Codecov org page, not the repo page. And just to confirm that you've added it as an organization secret

[hellt]

@hellt can you confirm that you pulled the token from the Codecov org page, not the repo page. And just to confirm that you've added it as an organization secret

I've got the token from my codecov account (https://app.codecov.io/account/gh//org-upload-token) and added it as my Org secret

[matt-codecov]

@hellt the link in your last comment omits the username that you're getting the org upload token for. are you getting it for your own account (hellt) or for the owner of the repo in your logs (srl-labs)? in this case you'll need the latter

if that's the issue, the same page should have a dropdown where you can select other orgs. if you can't see the org token page for srl-labs you'll need to find someone who is an admin in codecov

if that isn't the issue, let us know

[hellt]

Thanks @matt-codecov!
this was indeed the case, was not at all obvious, but once you hinted about a different token scoped to the org level I figured it out.

[ssbarnea]

Still seeing problems with dependabot originated pull requests, even if I also added CODECOV_TOKEN not only the environment used by the job but also to the depentabot specific environment variables, so no reason to not find it. See https://github.com/ansible/ansible-dev-tools/actions/runs/8681427179/job/23804018212?pr=154

[drazisil-codecov]

Hi @ssbarnea ,

The action logs say the token starts with a 1. That does seem to match what I see as your upload token for that repo. Can you double-check?