oidc: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable #1594
Comments
|
Apparently v4.6.0 release included a single relevant change well hidden inside the long list of CI/build changes, as #1511 -- and it seems to be related to oidc. Less important, but I bet others will appreciate if you would tune the changelog generation to at least use sections for the type of changes made or even to hide the non-relevant changes, so they would be easier to read. |
|
@thomasrockhu-codecov can you please look into this? We have the confirmation that this was a regression introduced by v4.6.0. I would personally unpublish it or at least move the Minor version changes are not supposed to break integration. What makes it worse is the if we switch to |
|
Another workaround: - name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
use_oidc: ${{ !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) }}The error only happens when the |
oidc does not work on PR from a fork (issue: codecov/codecov-action#1594)
oidc does not work on PR from a fork (issue: codecov/codecov-action#1594)
drazisil-codecov
added
bug
For PR from forks, OIDC doesn't currently work with the latest version of the GitHub Action. [Example failure](https://github.com/aws/aws-cdk/actions/runs/11834319601/job/32974759899?pr=32121): ```console Run codecov/codecov-action@v4 Error: Codecov: Failed to get OIDC token with url: https://codecov.io/. Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable ``` See codecov/codecov-action#1594 Revert back to token until we validate a fix. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
@ssbarnea I'm so sorry this never showed up in my inbox. I see that the workaround given hopefully works, but I wanted to check up and see if this was still an issue. If so, can you point me to a recent CI run that is broken? Also, is v5 working for this instance? |
thomasrockhu-codecov
added
the
Area: Report Upload
This is based on the following comment: codecov/codecov-action#1594 (comment)
The fix is based on the following comment: codecov/codecov-action#1594 (comment)
v5 is not working but failing with a seemingly different error: https://github.com/cdklabs/cdk-from-cfn/actions/runs/12015198565/job/33492743470?pr=751#step:9:63 Also see #1705 |
* Revert "chore(deps): bump codecov/codecov-action from 4 to 5 (#747)" This reverts commit 6c47b8b. * use 4.5.0 See: codecov/codecov-action#1594 (comment) --------- Co-authored-by: Momo Kornher <[email protected]>
This is what we had until dependabot updated the action and broke the upload. Yes, the error does reproduce as the first thing I attempted was to rerun the job. I should mention that this is using codecov from within a reusable workflow. This means that some environment variables might not be available. Still, https://josh-ops.com/posts/github-actions-oidc-reusable-workflows/ makes me believe it should be. On the other hand. I seen there something very unstable, adding an url as argument to another url without escaping. Almost for sure this will produce an invalid URL. The code logic needs to be update and maybe make it easier to debug in case of failure. |
A very recent regression appeared for OIDC in the last couple of days and today I faces same error in two repositories that are using the OIDC authentication for uploading the coverage results.
We googled the error and we checked if we have the required permissions as below, but still we seen the failure.
Considering that https://github.com/codecov/codecov-action/releases/tag/v4.6.0 was release two days ago, I wonder if that regression was not introduce in this release as the upload was working fine before. We use the
v4versioning tag because we assumed that minor version bumps would not introduce breakages.Examples:
The text was updated successfully, but these errors were encountered: