403 on github webhook

Hi everyone,

Description

I’m trying to use codecov on a public repo (MikeDevresse/ApiResume) and I try to push my coverage files on codecov. The github actions works fine and says that it pushed it, but I don’t get anything on my panel and my webhooks tells me that I got a 403 error

{"detail":"You do not have permission to perform this action."}

Commit SHAs

22387efc2a62360d831278965ec52ae28e403b8e

Repository

MikeDevresse/ ApiResume

CI/CD or Build URL

Workflow file
Run result

Uploader

Github actions uploader

Codecov Output

==> linux OS detected
==> SHASUM file signed by key id 806bb28aed779869
==> Uploader SHASUM verified (f4daf62bfc474b5aeebb25b3cf1a467b01f930b404ba7e618abc6141b72a04a9  codecov)
/home/runner/work/_actions/codecov/codecov-action/v2/dist/codecov -n  -Q github-action-2.0.3 -f ./clover_application.xml -f ./clover_integration.xml -f ./clover_unit.xml -F tests -F  phpunit -F  symfony
[2021-08-25T10:55:48.493Z] ['info'] 
     _____          _
    / ____|        | |
   | |     ___   __| | ___  ___ _____   __
   | |    / _ \ / _` |/ _ \/ __/ _ \ \ / /
   | |___| (_) | (_| |  __/ (_| (_) \ V /
    \_____\___/ \__,_|\___|\___\___/ \_/

  Codecov report uploader 0.1.0
[2021-08-25T10:55:48.510Z] ['info'] => Project root located at: /home/runner/work/ApiResume/ApiResume
[2021-08-25T10:55:48.510Z] ['info'] ->  Token found by environment variables
[2021-08-25T10:55:48.517Z] ['info'] Searching for coverage files...
[2021-08-25T10:55:48.522Z] ['info'] => Found 3 possible coverage files:
  ./clover_application.xml
  ./clover_integration.xml
  ./clover_unit.xml
[2021-08-25T10:55:48.522Z] ['info'] Processing ./clover_application.xml...
[2021-08-25T10:55:48.523Z] ['info'] Processing ./clover_integration.xml...
[2021-08-25T10:55:48.524Z] ['info'] Processing ./clover_unit.xml...
[2021-08-25T10:55:48.525Z] ['info'] Detected GitHub Actions as the CI provider.
[2021-08-25T10:55:48.526Z] ['info'] Pinging Codecov: https://codecov.io/upload/v4?package=github-action-2.0.3-uploader-0.1.0&token=*******&branch=dev&build=1166199986&build_url=https%3A%2F%2Fgithub.com%2FMikeDevresse%2FApiResume%2Factions%2Fruns%2F1166199986&commit=22387efc2a62360d831278965ec52ae28e403b8e&job=Dev%20pull%20requests&pr=&service=github-actions&slug=MikeDevresse/ApiResume&name=&tag=&flags=tests&parent=
[2021-08-25T10:55:48.833Z] ['info'] Uploading...
[2021-08-25T10:55:49.044Z] ['info'] {"status":"success","resultURL":"https://codecov.io/github/MikeDevresse/ApiResume/commit/22387efc2a62360d831278965ec52ae28e403b8e"}

Expected Results

Some result on the pannel

Actual Results

Nothing :frowning:

Additional Information

Codecov action workflow part:

- name: Upload coverage to Codecov
        uses: codecov/codecov-action@v2
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ./clover_application.xml,./clover_integration.xml,./clover_unit.xml
          flags: tests, phpunit, symfony

I did try to change my secret and it is set.

Hi @MikeDevresse, apologies but I’m actually not sure what you mean by your panel. Also for public repos, the token is not necessary.

By panel I mean dashboard, the place where there is all my commits, when I go on a commit it tells me that an error occured

@MikeDevresse got it, ok well first thing is that I think the default branch isn’t set to dev. Just in case, you can change that here

@MikeDevresse part 2, are you doing a actions/checkout@v2 step before calling the Codecov uploader?

1 Like

That was it … Didn’t think I needed it since I push my artifacts and it did get my artifacts correctly

1 Like

I’m facing this same issue, but it seems like the repo with this problem has been deleted, so I’m not sure what change needed to be made. As above, every webhook delivery made by GitHub fails with a 403.

Here’s my repo and my workflow file (posted here for longevity):

name: CI
on:
  push:
    branches:
    - master
  pull_request:
    branches:
    - '*'
jobs:
  test:
    name: Julia ${{ matrix.version }} - ${{ matrix.os }} - ${{ matrix.arch }} - ${{ github.event_name }}
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        version:
          - '1'
        os:
          - ubuntu-latest
        arch:
          - x64          
    steps:
      - uses: actions/checkout@v3
      - uses: julia-actions/setup-julia@v1
        with:
          version: ${{ matrix.version }}
          arch: ${{ matrix.arch }}
      - uses: actions/cache@v1
        env:
          cache-name: cache-artifacts
        with:
          path: ~/.julia/artifacts
          key: ${{ runner.os }}-test-${{ env.cache-name }}-${{ hashFiles('**/Project.toml') }}
          restore-keys: |
            ${{ runner.os }}-test-${{ env.cache-name }}-
            ${{ runner.os }}-test-
            ${{ runner.os }}-
      - uses: julia-actions/julia-buildpkg@v1
      - uses: julia-actions/julia-runtest@v1
      - uses: julia-actions/julia-processcoverage@v1
      - uses: codecov/codecov-action@v3
        with:
          file: lcov.info

Here’s an example commit where it fails (983ea527832f2e395c580dd4684a9bd46171b85e) and here’s the result of the run. It doesn’t seem like it’s even running on main at all.

Here’s another example associated with a pull request: commit b9f2b660514867dd3f401a41c5e9650ed594e1e6, run results, and log below:

==> linux OS detected
https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
==> SHASUM file signed by key id 806bb28aed779869
==> Uploader SHASUM verified (20f9c9d78483fce977b6cc39e231a734a23bcd36f4d536bb7355222fb88d02bc  codecov)
==> Running version latest
==> Running version v0.3.2
/home/runner/work/_actions/codecov/codecov-action/v3/dist/codecov -n  -Q github-action-3.1.1 -f lcov.info -C b9f2b660514867dd3f401a41c5e9650ed594e1e6
[2022-10-13T05:20:47.233Z] ['info'] 
     _____          _
    / ____|        | |
   | |     ___   __| | ___  ___ _____   __
   | |    / _ \ / _` |/ _ \/ __/ _ \ \ / /
   | |___| (_) | (_| |  __/ (_| (_) \ V /
    \_____\___/ \__,_|\___|\___\___/ \_/

  Codecov report uploader 0.3.2
[2022-10-13T05:20:47.241Z] ['info'] => Project root located at: /home/runner/work/Xtal.jl/Xtal.jl
[2022-10-13T05:20:47.243Z] ['info'] -> No token specified or token is empty
[2022-10-13T05:20:47.251Z] ['info'] Searching for coverage files...
[2022-10-13T05:20:47.335Z] ['info'] => Found 1 possible coverage files:
  lcov.info
[2022-10-13T05:20:47.336Z] ['info'] Processing /home/runner/work/Xtal.jl/Xtal.jl/lcov.info...
[2022-10-13T05:20:47.341Z] ['info'] Detected GitHub Actions as the CI provider.
[2022-10-13T05:20:47.343Z] ['info'] Pinging Codecov: https://codecov.io/upload/v4?package=github-action-3.1.1-uploader-0.3.2&token=*******&branch=features%2Fauto-resolve-vasp&build=3239850988&build_url=https%3A%2F%2Fgithub.com%2Fbrainandforce%2FXtal.jl%2Factions%2Fruns%2F3239850988&commit=b9f2b660514867dd3f401a41c5e9650ed594e1e6&job=CI&pr=122&service=github-actions&slug=brainandforce%2FXtal.jl&name=&tag=&flags=&parent=
[2022-10-13T05:20:48.000Z] ['info'] https://app.codecov.io/github/brainandforce/Xtal.jl/commit/b9f2b660514867dd3f401a41c5e9650ed594e1e6
https://storage.googleapis.com/codecov/v4/raw/2022-10-13/009CE7AA34AC4CB0EB2A254D77A6EBA2/b9f2b660514867dd3f401a41c5e9650ed594e1e6/d9f51e52-6ff9-473e-b7f4-3a9e31c321d4.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=GOOG1EJOGFN2JQ4OCTGA2MU5AEIT7OT5Z7HTFOAN2SPG4NWSN2UJYOY5U6LZQ%2F20221013%2FUS%2Fs3%2Faws4_request&X-Amz-Date=20221013T052047Z&X-Amz-Expires=10&X-Amz-SignedHeaders=host&X-Amz-Signature=d6e8c4b3d4af3e38d984248aa7e3b4d646693a4e2b1481b3d4d1511acda9454a
[2022-10-13T05:20:48.000Z] ['info'] Uploading...
[2022-10-13T05:20:48.220Z] ['info'] {"status":"success","resultURL":"https://app.codecov.io/github/brainandforce/Xtal.jl/commit/b9f2b660514867dd3f401a41c5e9650ed594e1e6"}

I am new to this so I hope this is all of the information needed!

@brainandforce can you create a new topic for this? I’m not sure what the failure is here, Codecov didn’t run because the commit was made to main as opposed to master.