Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code coverage uploads sometimes fail #148

Closed
mgeisler opened this issue Jan 16, 2024 · 7 comments · Fixed by #168
Closed

Code coverage uploads sometimes fail #148

mgeisler opened this issue Jan 16, 2024 · 7 comments · Fixed by #168
Assignees
@kdarkhan

Comments

@mgeisler
Copy link
Collaborator

mgeisler commented Jan 16, 2024
edited
Loading

Hi @kdarkhan, I've seen a few Codecov uploads fail. An example is in this run. The error is

[2024-01-15T13:13:27.254Z] ['error'] There was an error running the uploader: Error uploading to https://codecov.io: Error: There was an error fetching the storage URL during POST: 503 - upstream connect error or disconnect/reset before headers. reset reason: connection failure
Error: Codecov: Failed to properly upload: The process '/home/runner/work/_actions/codecov/codecov-action/v3/dist/codecov' failed with exit code 255

Do you have any idea what could trigger this?
@kdarkhan
Copy link
Collaborator

Right, I saw this yesterday. I could not find a definitive answer but it might be resolved by using a project specific token instead of tokenless authentication. To implement it, somebody in google Github org needs to copy the token from here into repository secrets here. The name of the secret should be CODECOV_TOKEN. Once that is done, I can adjust the workflow file to test it.

@mgeisler
Copy link
Collaborator Author

The name of the secret should be CODECOV_TOKEN. Once that is done, I can adjust the workflow file to test it.

Thanks, I added the repository secret.

kdarkhan added a commit to kdarkhan/mdbook-i18n-helpers that referenced this issue Jan 16, 2024
@kdarkhan
Use project specific codecov token for coverage reports
4b94abc 
This is an attempt at fixing 503 errors which occur sometimes
during coverage uploads
google#148.
@kdarkhan kdarkhan mentioned this issue Jan 16, 2024
Merged
@kdarkhan
Copy link
Collaborator

I merged the PR for using the new token. I am not sure if it will resolve this issue. Let's monitor for several weeks and can resolve this if the pipeline is stable.

@mgeisler
Copy link
Collaborator Author

Sounds good, thanks for looking into this so quickly!

@kdarkhan
Copy link
Collaborator

kdarkhan commented Jan 22, 2024
edited
Loading

There was another failure. The error message is

[2024-01-22T21:51:51.270Z] ['error'] There was an error running the uploader: Error uploading to https://codecov.io: Error: There was an error fetching the storage URL during POST: 404 - {'detail': ErrorDetail(string='Unable to locate build via Github Actions API. Please upload with the Codecov repository upload token to resolve issue.', code='not_found')}

According to this article, adding the token should improve the situation but will not guarantee 100% success rate.

Researching this further, I found this comment which implies that tokens/secrets are not available for PR runners from forked repositories to prevent abuse/secret theft. Very surprising.

From the last link, this article describes a way to use secrets. It is a bit verbose and requires creation of a separate workflow but doable. I will try to implement it this week.

@mgeisler
Copy link
Collaborator Author

From the last link, this article describes a way to use secrets. It is a bit verbose and requires creation of a separate workflow but doable. I will try to implement it this week.

Oh nice! I think this could also be used to comment on Comprehensive Rust PRs with timing information like @djmitche tried to do recently: google/comprehensive-rust#1576.

@djmitche djmitche mentioned this issue Jan 24, 2024
Closed
kdarkhan added a commit to kdarkhan/mdbook-i18n-helpers that referenced this issue Jan 30, 2024
@kdarkhan
Make codecov report use secret
8055a9c 
This addresses google#148. Codecov coverage report upload are not
stable. The suggested solution is to use
per project secret. This project have that enabled but it is
not usable for pull request workflows triggered from forks. Due to
Github's security restrictions, only PRs based on local branches
have access to secrets.

This PR amends the existing workflow by not pushing the reports
to Codecov. The reports are instead uploaded to Github artifacts.
The artifacts are stored for 90 days by default.

Then a new workflow is introduced which executes after every
successful execution of the existing workflow. It downloads
the artifact and uploads the report to Codecov using the security
token.
kdarkhan added a commit to kdarkhan/mdbook-i18n-helpers that referenced this issue Jan 30, 2024
@kdarkhan
Make codecov report use secret
52701fd 
This addresses google#148. Codecov coverage report upload are not
stable. The suggested solution is to use
per project secret. This project have that enabled but it is
not usable for pull request workflows triggered from forks. Due to
Github's security restrictions, only PRs based on local branches
have access to secrets.

This PR amends the existing workflow by not pushing the reports
to Codecov. The reports are instead uploaded to Github artifacts.
The artifacts are stored for 90 days by default.

Then a new workflow is introduced which executes after every
successful execution of the existing workflow. It downloads
the artifact and uploads the report to Codecov using the security
token.
@kdarkhan kdarkhan mentioned this issue Jan 30, 2024
Merged
kdarkhan added a commit to kdarkhan/mdbook-i18n-helpers that referenced this issue Jan 30, 2024
@kdarkhan
Make codecov report use secret
b2647be 
This addresses google#148. Codecov coverage report upload are not
stable. The suggested solution is to use
per project secret. This project have that enabled but it is
not usable for pull request workflows triggered from forks. Due to
Github's security restrictions, only PRs based on local branches
have access to secrets.

This PR amends the existing workflow by not pushing the reports
to Codecov. The reports are instead uploaded to Github artifacts
(the artifacts are stored for 90 days by default).

Then a new workflow is introduced which executes after every
successful execution of the existing workflow. It downloads
the artifact and uploads the report to Codecov using the security
token.
kdarkhan added a commit to kdarkhan/mdbook-i18n-helpers that referenced this issue Jan 30, 2024
@kdarkhan
Make codecov report use secret
6e006e5 
This addresses google#148. Codecov coverage report uploads are not
stable. The suggested solution is to use
per project secret. This project have that enabled but it is
not usable for pull request workflows triggered from forks. Due to
Github's security restrictions, only PRs based on local branches
have access to secrets.

This PR amends the existing workflow by not pushing the reports
to Codecov. The reports are instead uploaded to Github artifacts
(the artifacts are stored for 90 days by default).

Then a new workflow is introduced which executes after every
successful execution of the existing workflow. It downloads
the artifact and uploads the report to Codecov using the security
token.
kdarkhan added a commit to kdarkhan/mdbook-i18n-helpers that referenced this issue Jan 30, 2024
@kdarkhan
Make codecov report use secret
81bf2da 
This addresses google#148. Codecov coverage report uploads are not
stable. The suggested solution is to use
per project secret. This project have that enabled but it is
not usable for pull request workflows triggered from forks. Due to
Github's security restrictions, only PRs based on local branches
have access to secrets.

This PR amends the existing workflow by not pushing the reports
to Codecov. The reports are instead uploaded to Github artifacts
(the artifacts are stored for 90 days by default).

Then a new workflow is introduced which executes after every
successful execution of the existing workflow. It downloads
the artifact and uploads the report to Codecov using the security
token.
@kdarkhan
Copy link
Collaborator

The PR I merged does not seem to work as expected - codecov reports are executed against the main branch instead of PR branch. Might be something wrong with env vars or I did not copy them properly. It was working for me on my own fork yesterday. I will take another look at this later today.

@kdarkhan kdarkhan mentioned this issue Feb 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kdarkhan kdarkhan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix flaky codecov reports kdarkhan/mdbook-i18n-helpers
2 participants
@mgeisler @kdarkhan