Team bot vs github app

Description

We are setting codecov bots for a GitHub organization: Open Cybersecurity Alliance · GitHub

And we would like to get some advice about team bot vs github app.

After reading the team bot instructions, it looks like we can either do team bot or github app. I understand the difference to be:

  1. github app is easy, but requires setup for each repo in the org.
  2. if we setup team bot with a dedicated bot account (github account), this will apply to all repos in the org, so we do not need to setup codecov again when a new repo is created.

My first question is whether my understand above is correct (whether this is the only difference). I encountered some rate limit issues before the team bot is setup, and I guess the set up of the team bot will resolve the issue, and there is no difference between the two regarding rate limit. Please correct me if my understanding is incorrect.

Now we create a new github user for the dedicated bot, grant access to our org, login the user, and setup the Global YAML section of the org under the user’s account:

codecov:
  bot: oca-codecov-bot

Then I created a PR in one of the repo under the org: codecov bot test by subbyte · Pull Request #222 · opencybersecurityalliance/kestrel-lang · GitHub
Good news is we get a codecov comment. However, the user of the comment is codecov-commenter, not oca-codecov-bot.

My second question is: is the commenting user correct? Or does this mean we setup the team bot successfully?

CI/CD URL

Codecov Output

Run codecov/codecov-action@v3
==> linux OS detected
https://uploader.codecov.io/latest/linux/codecov.SHA256SUM
==> SHASUM file signed by key id 806bb28aed779869
==> Uploader SHASUM verified (cae21e490c24b05c3802c7001a1540a7f83d46cb4f1eadf14e76627094c65cb8  codecov)
==> Running version latest
==> Running version v0.2.0
/home/runner/work/_actions/codecov/codecov-action/v3/dist/codecov -n  -Q github-action-3.1.0 -Z -C 30a4eb0ac4362ba25e7d02d3fb41e3e1a616862d -v
[2022-05-02T15:07:38.635Z] ['verbose'] Start of uploader: 1651504058635...
[2022-05-02T15:07:38.638Z] ['info'] 
     _____          _
    / ____|        | |
   | |     ___   __| | ___  ___ _____   __
   | |    / _ \ / _` |/ _ \/ __/ _ \ \ / /
   | |___| (_) | (_| |  __/ (_| (_) \ V /
    \_____\___/ \__,_|\___|\___\___/ \_/

  Codecov report uploader 0.2.0
[2022-05-02T15:07:38.645Z] ['info'] => Project root located at: /home/runner/work/kestrel-lang/kestrel-lang
[2022-05-02T15:07:38.647Z] ['info'] -> No token specified or token is empty
[2022-05-02T15:07:38.647Z] ['verbose'] Start of network processing...
[2022-05-02T15:07:38.647Z] ['verbose'] Searching for files in /home/runner/work/kestrel-lang/kestrel-lang
[2022-05-02T15:07:38.755Z] ['info'] Running coverage xml...
[2022-05-02T15:07:39.133Z] ['info'] Searching for coverage files...
[2022-05-02T15:07:39.198Z] ['info'] Warning: Some files located via search were excluded from upload.
[2022-05-02T15:07:39.199Z] ['info'] If Codecov did not locate your files, please review https://docs.codecov.com/docs/supported-report-formats
[2022-05-02T15:07:39.199Z] ['verbose'] Preparing to clean the following coverage paths: coverage.xml
[2022-05-02T15:07:39.199Z] ['info'] => Found 1 possible coverage files:
  coverage.xml
[2022-05-02T15:07:39.199Z] ['verbose'] End of network processing
[2022-05-02T15:07:39.200Z] ['info'] Processing /home/runner/work/kestrel-lang/kestrel-lang/coverage.xml...
[2022-05-02T15:07:39.204Z] ['info'] Detected GitHub Actions as the CI provider.
[2022-05-02T15:07:39.204Z] ['verbose'] -> Using the following env variables:
[2022-05-02T15:07:39.204Z] ['verbose']      GITHUB_ACTION: __codecov_codecov-action
[2022-05-02T15:07:39.205Z] ['verbose']      GITHUB_HEAD_REF: hotfix-codecov-bot-test
[2022-05-02T15:07:39.205Z] ['verbose']      GITHUB_REF: refs/pull/222/merge
[2022-05-02T15:07:39.205Z] ['verbose']      GITHUB_REPOSITORY: opencybersecurityalliance/kestrel-lang
[2022-05-02T15:07:39.205Z] ['verbose']      GITHUB_RUN_ID: 2258690224
[2022-05-02T15:07:39.205Z] ['verbose']      GITHUB_SERVER_URL: https://github.com
[2022-05-02T15:07:39.205Z] ['verbose']      GITHUB_SHA: 4ae26412cb5df683526f701bbac53bb0e36d0250
[2022-05-02T15:07:39.205Z] ['verbose']      GITHUB_WORKFLOW: Unit testing on PR
[2022-05-02T15:07:39.205Z] ['verbose'] Using the following upload parameters:
[2022-05-02T15:07:39.206Z] ['verbose'] branch
[2022-05-02T15:07:39.206Z] ['verbose'] build
[2022-05-02T15:07:39.206Z] ['verbose'] buildURL
[2022-05-02T15:07:39.206Z] ['verbose'] commit
[2022-05-02T15:07:39.206Z] ['verbose'] job
[2022-05-02T15:07:39.206Z] ['verbose'] pr
[2022-05-02T15:07:39.206Z] ['verbose'] service
[2022-05-02T15:07:39.207Z] ['verbose'] slug
[2022-05-02T15:07:39.207Z] ['verbose'] name
[2022-05-02T15:07:39.207Z] ['verbose'] tag
[2022-05-02T15:07:39.207Z] ['verbose'] flags
[2022-05-02T15:07:39.207Z] ['verbose'] parent
[2022-05-02T15:07:39.208Z] ['info'] Pinging Codecov: https://codecov.io/upload/v4?package=github-action-3.1.0-uploader-0.2.0&token=*******&branch=hotfix-codecov-bot-test&build=2258690224&build_url=https%3A%2F%2Fgithub.com%2Fopencybersecurityalliance%2Fkestrel-lang%2Factions%2Fruns%2F2258690224&commit=30a4eb0ac4362ba25e7d02d3fb41e3e1a616862d&job=Unit+testing+on+PR&pr=222&service=github-actions&slug=opencybersecurityalliance%2Fkestrel-lang&name=&tag=&flags=&parent=
[2022-05-02T15:07:39.208Z] ['verbose'] Passed token was 0 characters long
[2022-05-02T15:07:39.208Z] ['verbose'] https://codecov.io/upload/v4?package=github-action-3.1.0-uploader-0.2.0&branch=hotfix-codecov-bot-test&build=2258690224&build_url=https%3A%2F%2Fgithub.com%2Fopencybersecurityalliance%2Fkestrel-lang%2Factions%2Fruns%2F2258690224&commit=30a4eb0ac4362ba25e7d02d3fb41e3e1a616862d&job=Unit+testing+on+PR&pr=222&service=github-actions&slug=opencybersecurityalliance%2Fkestrel-lang&name=&tag=&flags=&parent=
        Content-Type: 'text/plain'
        Content-Encoding: 'gzip'
        X-Reduced-Redundancy: 'false'
[2022-05-02T15:07:39.657Z] ['info'] https://codecov.io/github/opencybersecurityalliance/kestrel-lang/commit/30a4eb0ac4362ba25e7d02d3fb41e3e1a616862d
https://storage.googleapis.com/codecov/v4/raw/2022-05-02/360D9E44D37ACDA426D54A8244C9E638/30a4eb0ac4362ba25e7d02d3fb41e3e1a616862d/72723f35-bda8-4d8e-8980-647fcaaa5c44.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=GOOG1EKKHVKCKHW7KBCGM7IHR55T63V2PAVJWLVFNITJHDU5G6R5IRN3LMWJA%2F20220502%2FUS%2Fs3%2Faws4_request&X-Amz-Date=20220502T150739Z&X-Amz-Expires=10&X-Amz-SignedHeaders=host&X-Amz-Signature=1e7e5032238f3c41fb742039841247136bd4c6d5a596db65826e35aec9b5f93e
[2022-05-02T15:07:39.658Z] ['verbose'] Returned upload url: https://storage.googleapis.com/codecov/v4/raw/2022-05-02/360D9E44D37ACDA426D54A8244C9E638/30a4eb0ac4362ba25e7d02d3fb41e3e1a616862d/72723f35-bda8-4d8e-8980-647fcaaa5c44.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=GOOG1EKKHVKCKHW7KBCGM7IHR55T63V2PAVJWLVFNITJHDU5G6R5IRN3LMWJA%2F20220502%2FUS%2Fs3%2Faws4_request&X-Amz-Date=20220502T150739Z&X-Amz-Expires=10&X-Amz-SignedHeaders=host&X-Amz-Signature=1e7e5032238f3c41fb742039841247136bd4c6d5a596db65826e35aec9b5f93e
[2022-05-02T15:07:39.658Z] ['info'] Uploading...
[2022-05-02T15:07:39.881Z] ['info'] {"status":"success","resultURL":"https://codecov.io/github/opencybersecurityalliance/kestrel-lang/commit/30a4eb0ac4362ba25e7d02d3fb41e3e1a616862d"}
[2022-05-02T15:07:39.881Z] ['verbose'] End of uploader: 1246 milliseconds

Expected Results

The commenting user may be oca-codecov-bot, not codecov-commenter in the PR page, I guess.

Hi @subbyte, it actually looks like the bot you used doesn’t have write permissions to that repository.

I would strongly recommend using the GitHub app integration as it is far easier to get set up.

Thank you @tom ! We will use GitHub app then.

1 Like