Report script fails after switching from Travis to Drone CI

Description

We’ve recently switched from Travis CI to Drone CI with our OSS project PhotoPrism.
The official bash client is used to push new results to Codecov.

Our codecov token is provided as secret, so that it is replaced with “secret” in CI logs and can not be abused:

-> Pinging Codecov 1319 https://codecov.io/upload/v4?package=bash-20200728-9fb7d93&token=secret&branch=develop&commit=06df303f9f7fa32f0f47ff6b9e635d941284e9df&build=6&build_url=&name=&tag=&slug=photoprism%2Fphotoprism&service=drone.io&flags=&pr=&job=&cmd_args=

Fails with:

HTTP 400
Please provide the repository token to upload reports via -t :repository-token

This is confusing since the query parameter is token=... not -t=....

Maybe the way we inject the token via .drone.yml is wrong?

See https://github.com/photoprism/photoprism/blob/develop/.drone.yml

Looking at our old Travis CI logs, the query is not much different (in fact contains less information):

https://codecov.io/upload/v4?package=bash-20200728-9fb7d93&token=secret&branch=&commit=88fa66886fa6e336d7b8cfe895d0b7e50aa1f8f3&build=&build_url=&name=&tag=&slug=photoprism%2Fphotoprism&service=&flags=&pr=&job=&cmd_args=

See https://travis-ci.org/github/photoprism/photoprism/jobs/717621713#L1378

However, the docs say Travis CI is trusted and doesn’t need a token. So it may work anyway, even if the token is wrong or was wrongly replaced.

Repository

CI/CD

Drone CI

Uploader

bash <(curl -s https://codecov.io/bash)

Commit SHAs

d03cbded

Codecov YAML

See https://github.com/photoprism/photoprism/blob/develop/codecov.yml

Codecov Output

See https://drone.photoprism.app/photoprism/photoprism/8/1/3

scripts/codecov.sh
1287
1288 _____ _
1289 / ____
1290 ___ __ ___ ___ _____ __
1291 / _ \ / _` / _ \/ __/ _ \ \ / /
1292 ___ (_) (_ __/ (_ (_) \ V /
1293 \_____\___/ \__,_ \___ \___\___/ \_/
1294 Bash-20200728-9fb7d93
1295
1296
1297
1298 ==> Drone CI detected.
1299 project root: .
1300 Yaml found at: codecov.yml
1301 ==> Running gcov in . (disable via -X gcov)
1302 ==> Python coveragepy not found
1303 ==> Searching for coverage reports in:
1304 + .
1305
1306 -> Found 2 reports
1307 ==> Detecting git/mercurial file structure
1308 ==> Reading reports
1309 + ./coverage.txt bytes=492957
1310 + ./frontend/coverage/lcov.info bytes=34640
1311 ==> Appending adjustments
1312 https://docs.codecov.io/docs/fixing-reports
1313
1314 + Found adjustments
1315 ==> Gzipping contents
1316 ==> Uploading reports
1317 url: https://codecov.io
1318 query: branch=develop&commit=d03cbdedecee06f488b1f0138cbdc0f4eaefb459&build=8&build_url=&name=&tag=&slug=photoprism%2Fphotoprism&service=drone.io&flags=&pr=&job=&cmd_args=
1319
1320 -> Pinging Codecov
1321 https://codecov.io/upload/v4?package=bash-20200728-9fb7d93&token=secret&branch=develop&commit=d03cbdedecee06f488b1f0138cbdc0f4eaefb459&build=8&build_url=&name=&tag=&slug=photoprism%2Fphotoprism&service=drone.io&flags=&pr=&job=&cmd_args=
1322
1323 HTTP 400
1324 Please provide the repository token to upload reports via `-t :repository-token`

@lastzero, I believe there is a misunderstanding here. The token is replaced with secret in the Codecov script here. You will need to run the bash script as bash <(curl -s https://codecov.io/bash) -t {{ CODECOV_TOKEN }}.

I’m not familiar enough with Drone CI, but it will need to be the environment variable there.

1 Like

Thanks a lot! Fixed it by passing the token to docker-compose via -e like

docker-compose -f docker-compose.drone.yml exec -e CODECOV_TOKEN=$${CODECOV_TOKEN} -T photoprism make test-codecov

Complete config file: https://github.com/photoprism/photoprism/blob/develop/.drone.yml

Seems the root issue was that environment variables are only set once when a container starts, so changed / new values are ignored when running commands via docker-compose exec by default.

While the -t parameter for the codecov bash script works when providing a valid token, it should be enough to just set the CODECOV_TOKEN variable. If $CODECOV_TOKEN is empty, then setting the token via -t $CODECOV_TOKEN obviously also doesn’t work which is how I found out the value is missing completely. Note that Drone will also replace secret values with “secret” so it looked like the token was passed to the script.

Maybe modify the bash script so that “secret” is only shown when there actually is a secret and not just an empty string?

1 Like

Hi @lastzero, I think you’re actually right. The token should be able to be set via the environment variable. Would you be able check if it works for you removing the -t argument?

Yes, it works: https://drone.photoprism.app/photoprism/photoprism/33/1/3

1 Like

Incredible, thanks @lastzero!