Skip to content

[BUG] Upload failed: {"message":"Token required because branch is protected"} is unhelpful #1918

Description

@jsoref

Describe the bug
I'm trying to get tokenless to work in forks. And all I get is: https://github.com/check-spelling-sandbox/codecov-action/actions/runs/22902897563/job/66453728930#step:5:418

debug - 2026-03-10 12:40:22,886 -- Upload result --- {"result": "RequestResult(error=RequestError(code='HTTP Error 400', params={}, description='{\"message\":\"Token required because branch is protected\"}\\n'), warnings=[], status_code=400, text='{\"message\":\"Token required because branch is protected\"}\\n')"}
error - 2026-03-10 12:40:22,886 -- Upload failed: {"message":"Token required because branch is protected"}

To Reproduce
Steps to reproduce the behavior:

  1. Make some small changes to the codecov action to try to get tokenless to behave: check-spelling-sandbox@7eaa932
  2. https://github.com/check-spelling-sandbox/codecov-action/actions/runs/22902897563/job/66453728930#step:5:418

Expected behavior
Either:

  • A clear and concise error explaining what it's talking about. I promise that I did not set up a codecov account and mark the use-tokenless-for-fork branch as protected
  • It should work (which is to say, someone explains what additional changes I need to do to make this actually work at which time we can fix the branch and make a PR to this repository to fix the use case)

Regression
No

Screenshots

Image Image Image

Product Area
reporting

Versions

Commit and CI link
check-spelling-sandbox@7eaa932
https://github.com/check-spelling-sandbox/codecov-action/actions/runs/22902897563/job/66453728930

Additional context

There are probably a dozen bugs about tokenless and forks. Periodically I come and complain that it's a mess.

I'm currently here because dragonflyoss uses codecov and forks of their repository trigger codecov uploads which fail which results in every workflow failing: https://github.com/check-spelling-sandbox/nydus/actions/workflows/smoke.yml -- some of these fail exclusively because of codecov, and some would also fail because of some change I made. But because they always fail because of codecov, I can't easily see when I broke something. This defeats the point of having a smoketest or ci.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions