Upload Issues (`Unable to locate build via Github Actions API`)

tom · November 3, 2022, 8:02pm

Hi everyone,

We have recently seen an influx in issues regarding uploading with the error message Unable to locate build via Github Actions API. The reason for the failed uploads is due to Codecov’s inability to check the validity of a coverage upload when using tokenless uploads. The underlying issue is rate-limiting from GitHub.

Am I having this problem?
If you are not using GitHub Actions, this problem should not affect you. The best way to find out is to see if you have had any failed GitHub Actions checks with the following error message Unable to locate build via Github Actions API in the Codecov upload step.

What should I do about it?
Although there is no 100% way of guaranteeing success, we recommend two ways of dramatically increasing successful uploads:

Add in the Codecov upload token even if your project is public. It is recommended to add it as an environment secret as opposed to hard-coding.
Re-trying the upload step in CI/CD.

What is Codecov doing about it?
Right now, we are exploring various options to decrease our use of GitHub’s API. We anticipate a longer-term solution in the next few weeks.

EDIT 2023-03-13:
The issue is still ongoing, and we are taking steps to decrease our GitHub API use. At this point, we strongly recommend using the Codecov upload token to upload to Codecov.

Public repositories that rely on PRs via forks will find that they cannot effectively use Codecov if the token is stored as a GitHub secret. The scope of the Codecov token is only to confirm that the coverage uploaded comes from a specific repository, not to pull down source code or make any code changes.

For this reason, we recommend that teams with public repositories that rely on PRs via forks consider the security ramifications of making the Codecov token available as opposed to being in a secret.

A malicious actor would be able to upload incorrect or misleading coverage reports to a specific repository if they have access to your upload token, but would not be able to pull down source code or make any code changes.

briantist · November 3, 2022, 8:18pm

(this is the repository most affected for me, but I use codecov on several repositories)

melink14 · November 7, 2022, 11:27am

Hit this again when I had to retry twice to get this setp to pass. A side effect of retrying manually though is that the check which waits for Codecov’s analysis never seems to pass and I had to override and merge without waiting for codecov’s results.

Repo: https://github.com/melink14/rikaikun
user: melink14

joanise · November 7, 2022, 3:57pm

Thank you for offering to keep us posted. We’ve been affected too. We’ll be happy to get the follow ups on repo https://github.com/ReadAlongs/Studio . My GitHub user name is joanise.

I’ve added my codecov token to GH Actions, and so far that worked well, so thanks for that.

Your second suggestion is to retry the upload step, but we use codecov/codecov-action@v3 and I don’t see a retry parameter in there. Is there a straightforward way to retry while keeping that action plugin?

joanise · November 7, 2022, 4:06pm

One more question: Am I correct in assuming that when I use my CODECOV_TOKEN, the upload is actually more efficient because it’s pre-authentified and no further validation is required?

tom · November 14, 2022, 5:03pm

@jonny7 that is roughly correct

derekpierre · November 16, 2022, 8:59pm

Any update? This affects our repos as well:

GitHub repos: https://github.com/nucypher/nucypher
GitHub username: https://github.com/derekpierre

We use a codecov token, and we were able to upload earlier today, but the failure is consistently happening now, after multiple retries.

adrinjalali · December 15, 2022, 3:18pm

We see this more or less on a daily basis on this repo: GitHub - skops-dev/skops: skops is a Python library helping you share your scikit-learn based models and put them in production

GH username: adrinjalali (adrinjalali (Adrin Jalali) · GitHub)

We have added the token to the GH action, but the issue still persists. It doesn’t seem like a rate limit issue though.

tom · January 16, 2023, 5:23am

@adrinjalali, I don’t believe you are passing in a token, see this log

adrinjalali · January 19, 2023, 4:52pm

but we are passing the token here: skops/build-test.yml at 78c5ef4ff27f928b92c981a76a1278033212a170 · skops-dev/skops · GitHub

And we’re getting errors again all over: Fix for metadata having model format · skops-dev/skops@08cbffd · GitHub

tom · January 19, 2023, 9:49pm

@adrinjalali I believe there might be an issue with how you have set the token in GitHub. I’m seeing this log that no token is being passed in.

dilanSachi · January 26, 2023, 6:26am

Github username - dilanSachi
Repository - ballerina-platform/module-ballerina-ftp

danepowell · February 8, 2023, 7:46pm

@tom in November you said you hoped to have a long-term solution in a few weeks, do you have any update on this? It seems to still affect dozens of users, including our repo: GitHub - typhonius/acquia-php-sdk-v2: A PHP SDK for Acquia Cloud API v2 https://cloud.acquia.com/api-docs/#

Also just cross-referencing this GH sister issue: "Unable to locate build via Github Actions API" for the public repository · Issue #837 · codecov/codecov-action · GitHub

tom · February 8, 2023, 7:48pm

@danepowell I don’t have any updates, we are still working with the GitHub team to try to make tokenless work for our users.

If this is not working for you, please add the Codecov token to your CI environment variables

arthurio · February 28, 2023, 4:04pm

@tom I think saying “Adding in the Codecov upload token even if your project is public.” is a bit misleading and I have seen a fair amount of people mentioning hard coding that secret. Would it be possible to rephrase to encourage good practice and using an environment variable (whatever the CI tool might be)?

tom · March 2, 2023, 3:55am

Updated @arthurio, let me know if that makes sense.

AlekSi · March 2, 2023, 3:52pm

That’s the only possible way for GitHub Actions, public repos and PRs from forks – they don’t have access to secrets: Events that trigger workflows - GitHub Docs

arthurio · March 3, 2023, 6:10pm

I know, but Github Actions is not the only one CI provider That’s why I used the word “encourage”. Also, for Github, my understanding is that pull requests from forks to the main repo will trigger the actions from the main repo, which means they do have access to that secret. I’m not sure I see a benefit to letting forks upload coverage against your main repo if it’s not a PR for merging upstream, or am I missing something?

AlekSi · March 4, 2023, 11:29am

I know, but Github Actions is not the only one CI provider

This topic is about Github Actions, though

Also, for Github, my understanding is that pull requests from forks to the main repo will trigger the actions from the main repo, which means they do have access to that secret.

From the link I provided above: " With the exception of GITHUB_TOKEN , secrets are not passed to the runner when a workflow is triggered from a forked repository." That’s from the section pull_request.

Topic		Replies	Views
Upload_to_v4 ruby gem uploads failing because of Github actions?	1	254	May 2, 2021
Github Actions POST upload 404: requires Codecov repository upload token Support	9	1252	May 12, 2023
Codecov GitHub Action fails: 'Could not find a repository, try using upload token' Bug Fixes	8	2836	November 1, 2021
Codecov report does not get generated without any upload errors Support	5	192	March 15, 2023
Unable to find commit in Github in private repo Support github	3	260	April 5, 2022

Upload Issues (`Unable to locate build via Github Actions API`)

Related topics