codacy-coverage-reporter icon indicating copy to clipboard operation
codacy-coverage-reporter copied to clipboard

Published 20 hours ago verified publisher icon codacy

[TCE-969] Pull request and push are failed: project or account API token not found

Open vitalijr2 opened this issue 1 year ago • 11 comments
trafficstars

I am using Codacy actions for many my projects, but since March I have met the issue of Coverate Reporter.

It says that cannot find project token while other Codacy's action work well. screenshot_2024-05-13_07-50-59_542722647

The issue screenshot_2024-05-13_07-45-54_473328804

Action source is here https://github.com/vitalijr2/tidy-chat/blob/main/.github/workflows/codacy.yml

Related issue: TCE-897 Pull-Request from contributors can't find CODACY_PROJECT_TOKEN

vitalijr2 avatar May 13 '24 04:05 vitalijr2

Internal ticket created : TCE-969

github-actions[bot] avatar May 13 '24 04:05 github-actions[bot]

There is strange behavior of the action:

PR Bump mockito.version from 5.11.0 to 5.12.0:

  • first run was failed https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9051167759/job/24867381889
  • then I played with secrets option but reverted changed back
  • last run was successful https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9061334934/job/24892913096 but it only increments a dependency version https://github.com/vitalijr2/aws-lambda-slf4j/pull/19/files

vitalijr2 avatar May 13 '24 10:05 vitalijr2

Looks like I have found solution.

First I used versions from Codacy action and Codacy documentation:

...
uses: codacy/[email protected]
...
uses: codacy/codacy-coverage-reporter-action@v1
...

The dependency bot sometimes updated codacy-analysis-cli-action but never updated codacy-coverage-reporter-action.

When I dealt with this issue, I noticed that the version of codacy-coverage-reporter-action is very old. Then I decided to update both versions manually. And now the issue is no longer observed in all four repositories where it was before.

my current Codacy workflow looks like:

name: "Codacy"

on:
  push:
    branches: [ "**" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "**" ]

jobs:
  build:
    name: Maven build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Setup Java JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: 17
      - name: Build with Maven
        run: ./mvnw --batch-mode
      - name: Temporarily save target and test requests
        uses: actions/upload-artifact@master
        with:
          name: tests-and-target
          path: |
            target
          retention-days: 1
  codacy-security-scan:
    name: Codacy Security Scan
    needs: build
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Run Codacy Analysis CLI
        uses: codacy/[email protected]
        with:
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
          verbose: true
          output: results.sarif
          format: sarif
          gh-code-scanning-compat: true
          max-allowed-issues: 2147483647
      - name: Upload SARIF results file
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif
  codacy-coverage-reporter:
    name: Codacy Coverage Reporter
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Retrieve saved test requests and target
        uses: actions/download-artifact@master
        with:
          name: tests-and-target
          path: target
      - name: Run Codacy Coverage Reporter
        uses: codacy/[email protected]
        with:
          coverage-reports: target/site/jacoco/jacoco.xml
          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}

vitalijr2 avatar May 14 '24 20:05 vitalijr2

Is it still working for you?

asturio avatar May 26 '24 09:05 asturio

Last Sunday I met this issue on my ijhttp-tools repo, see PRs 1, 2, 3.

Then I update the development branch (base for these PRs): changed versions both codacy/codacy-analysis-cli-action and codacy/codacy-coverage-reporter-action to v4.4.1 and v1.3.0 respectively. Then merged changes back to branches - all workflows done well.

I will not close the PR yet - maybe it will be useful for you.

vitalijr2 avatar May 27 '24 12:05 vitalijr2

Maybe one picture better then 1000 words :) screenshot_2024-05-27_16-41-50_550688558

vitalijr2 avatar May 27 '24 13:05 vitalijr2

I was wrong: it happend again. And again. Even with updated versions for both actions: coverage and security check.

Codacy Coverage Reporter is failed on missed API token https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472577/job/26281254400?pr=30 https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472459/job/26281254992?pr=30

But some other Codacy actions can find it! https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472577/job/26281254484?pr=30 https://github.com/vitalijr2/aws-lambda-slf4j/actions/runs/9535472459/job/26281255094?pr=30 https://github.com/vitalijr2/aws-lambda-slf4j/pull/30/checks?check_run_id=26281290537 https://github.com/vitalijr2/aws-lambda-slf4j/pull/30/checks?check_run_id=26281290518 etc.

Also Codacy Static Code Analysis fails https://github.com/vitalijr2/aws-lambda-slf4j/pull/30/checks?check_run_id=26281275633 but Codacy says nothing what is happend https://app.codacy.com/gh/vitalijr2/aws-lambda-slf4j/pull-requests/30 and logs are empty screenshot_2024-06-17_13-40-11_371128510

vitalijr2 avatar Jun 17 '24 10:06 vitalijr2

Now I have three PR from dependency bot https://github.com/vitalijr2/aws-lambda-slf4j/pull/30 https://github.com/vitalijr2/aws-lambda-slf4j/pull/29 https://github.com/vitalijr2/aws-lambda-slf4j/pull/28 and all of them are failed because of Codacy Coverage Reporter (that says he could not find project API token) and Codacy Static Code Analysis (that says nothing)

vitalijr2 avatar Jun 17 '24 10:06 vitalijr2

Another two cases, same issues with reporter and static code analyser https://github.com/vitalijr2/ijhttp-tools/pull/32 https://github.com/vitalijr2/ijhttp-tools/pull/31

vitalijr2 avatar Jun 17 '24 10:06 vitalijr2

Uhhh, looks like it GitHub feature especially for dependebot:

When a Dependabot event triggers a workflow, the only secrets available to the workflow are Dependabot secrets. See:

I have copied the CODACY_PROJECT_TOKEN Settings => Secrets and variables => Dependabot secrets then re-run coverage jobs and all are green. The static code analyser's issue still exists.

vitalijr2 avatar Jun 17 '24 12:06 vitalijr2

Uhhh, looks like it GitHub feature especially for dependebot:

When a Dependabot event triggers a workflow, the only secrets available to the workflow are Dependabot secrets. See:

* [Dependabot triggered Actions cant access secrets or use a writable token](https://github.com/dependabot/dependabot-core/issues/3253)

* [Automating Dependabot with GitHub Actions: Accessing secrets](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#accessing-secrets)

I have copied the CODACY_PROJECT_TOKEN Settings => Secrets and variables => Dependabot secrets then re-run coverage jobs and all are green. The static code analyser's issue still exists.

Oh, THIS makes sense.

asturio avatar Jun 17 '24 13:06 asturio