Report script fails after switching from Travis to Drone CI


We’ve recently switched from Travis CI to Drone CI with our OSS project PhotoPrism.
The official bash client is used to push new results to Codecov.

Our codecov token is provided as secret, so that it is replaced with “secret” in CI logs and can not be abused:

-> Pinging Codecov 1319

Fails with:

HTTP 400
Please provide the repository token to upload reports via -t :repository-token

This is confusing since the query parameter is token=... not -t=....

Maybe the way we inject the token via .drone.yml is wrong?


Looking at our old Travis CI logs, the query is not much different (in fact contains less information):


However, the docs say Travis CI is trusted and doesn’t need a token. So it may work anyway, even if the token is wrong or was wrongly replaced.



Drone CI


bash <(curl -s

Commit SHAs


Codecov YAML


Codecov Output


1288 _____ _
1289 / ____
1290 ___ __ ___ ___ _____ __
1291 / _ \ / _` / _ \/ __/ _ \ \ / /
1292 ___ (_) (_ __/ (_ (_) \ V /
1293 \_____\___/ \__,_ \___ \___\___/ \_/
1294 Bash-20200728-9fb7d93
1298 ==> Drone CI detected.
1299 project root: .
1300 Yaml found at: codecov.yml
1301 ==> Running gcov in . (disable via -X gcov)
1302 ==> Python coveragepy not found
1303 ==> Searching for coverage reports in:
1304 + .
1306 -> Found 2 reports
1307 ==> Detecting git/mercurial file structure
1308 ==> Reading reports
1309 + ./coverage.txt bytes=492957
1310 + ./frontend/coverage/ bytes=34640
1311 ==> Appending adjustments
1314 + Found adjustments
1315 ==> Gzipping contents
1316 ==> Uploading reports
1317 url:
1318 query: branch=develop&commit=d03cbdedecee06f488b1f0138cbdc0f4eaefb459&build=8&build_url=&name=&tag=&slug=photoprism%2Fphotoprism&
1320 -> Pinging Codecov
1323 HTTP 400
1324 Please provide the repository token to upload reports via `-t :repository-token`

@lastzero, I believe there is a misunderstanding here. The token is replaced with secret in the Codecov script here. You will need to run the bash script as bash <(curl -s -t {{ CODECOV_TOKEN }}.

I’m not familiar enough with Drone CI, but it will need to be the environment variable there.

1 Like

Thanks a lot! Fixed it by passing the token to docker-compose via -e like

docker-compose -f docker-compose.drone.yml exec -e CODECOV_TOKEN=$${CODECOV_TOKEN} -T photoprism make test-codecov

Complete config file:

Seems the root issue was that environment variables are only set once when a container starts, so changed / new values are ignored when running commands via docker-compose exec by default.

While the -t parameter for the codecov bash script works when providing a valid token, it should be enough to just set the CODECOV_TOKEN variable. If $CODECOV_TOKEN is empty, then setting the token via -t $CODECOV_TOKEN obviously also doesn’t work which is how I found out the value is missing completely. Note that Drone will also replace secret values with “secret” so it looked like the token was passed to the script.

Maybe modify the bash script so that “secret” is only shown when there actually is a secret and not just an empty string?

1 Like

Hi @lastzero, I think you’re actually right. The token should be able to be set via the environment variable. Would you be able check if it works for you removing the -t argument?

Yes, it works:

1 Like

Incredible, thanks @lastzero!