Skip to content

fix: Add retry logic and error handling for GPP key import (v0.2.8) #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
thomasrockhu-codecov wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: Add retry logic and error handling for GPP key import (v0.2.8) #66

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
807e1eb
fix: Add retry logic and error handling for GPG key import
thomasrockhu-codecov Nov 11, 2025
91f4849
chore(release): 0.2.8
thomasrockhu-codecov Nov 11, 2025
1daddc8
fix: address comments
thomasrockhu-codecov Nov 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 33 additions & 4 deletions dist/codecov.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ g="\033[0;32m" # info/debug
r="\033[0;31m" # errors
x="\033[0m"
retry="--retry 5 --retry-delay 2"
CC_WRAPPER_VERSION="0.2.7"
CC_WRAPPER_VERSION="0.2.8"
CC_VERSION="${CC_VERSION:-latest}"
CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}"
Expand Down Expand Up @@ -69,7 +69,11 @@ then
exit_if_error "Could not install via pypi."
exit
fi
CC_COMMAND="${CC_CLI_TYPE}"
if [[ "$CC_CLI_TYPE" == "codecov-cli" ]]; then
CC_COMMAND="codecovcli"
elif [[ "$CC_CLI_TYPE" == "sentry-prevent-cli" ]]; then
CC_COMMAND="sentry-prevent-cli"
fi
else
if [ -n "$CC_OS" ];
then
Expand Down Expand Up @@ -110,8 +114,33 @@ then
chmod +x "$CC_COMMAND"
fi
else
echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
gpg --no-default-keyring --import
# Import GPG key with retry logic and error handling
say "$g==>$x Importing GPG verification key..."
gpg_key_imported=false
for attempt in 1 2 3; do
say "$g ->$x Attempt $attempt to import GPG key"
if gpg_key=$(curl -f -s --retry 3 --retry-delay 2 https://keybase.io/codecovsecurity/pgp_keys.asc 2>&1); then
if [ -n "$gpg_key" ]; then
if echo "$gpg_key" | gpg --no-default-keyring --import 2>&1; then
gpg_key_imported=true
say "$g==>$x GPG key imported successfully"
break
else
say "$y==>$x GPG import failed on attempt $attempt"
fi
else
say "$y==>$x Empty GPG key received on attempt $attempt"
fi
else
say "$y==>$x Failed to download GPG key on attempt $attempt"
fi
if [ $attempt -lt 3 ]; then
sleep 2
fi
done
if [ "$gpg_key_imported" = false ]; then
exit_if_error "Failed to import GPG key after 3 attempts. Please check network connectivity or try setting CC_SKIP_VALIDATION=true"
fi
# One-time step
say "$g==>$x Verifying GPG signature integrity"
sha_url="https://cli.codecov.io"
Expand Down
2 changes: 1 addition & 1 deletion package.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,4 @@ def _get_script_from_line(line):

if __name__=="__main__":
package_scripts('scripts', 'run.sh', 'dist/codecov.sh')
package_scripts('scripts', 'run.sh', 'dist/prevent.sh')
# package_scripts('scripts', 'run.sh', 'dist/prevent.sh')
2 changes: 0 additions & 2 deletions scripts/download.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ then
CODECOV_COMMAND="codecovcli"
elif [[ "$CODECOV_CLI_TYPE" == "sentry-prevent-cli" ]]; then
CODECOV_COMMAND="sentry-prevent-cli"
else
CODECOV_COMMAND="${CODECOV_CLI_TYPE}"
Comment on lines -22 to -23
Copy link

@calvin-codecov calvin-codecov Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see an earlier check to make sure CODECOV_COMMAND is guaranteed "codecov-cli" or "sentry-prevent-cli" here like in codecov.sh.

fi
else
if [ -n "$CODECOV_OS" ];
Expand Down
2 changes: 1 addition & 1 deletion scripts/set_defaults.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/env bash

CODECOV_WRAPPER_VERSION="0.2.7"
CODECOV_WRAPPER_VERSION="0.2.8"
CODECOV_VERSION="${CODECOV_VERSION:-latest}"
CODECOV_FAIL_ON_ERROR="${CODECOV_FAIL_ON_ERROR:-false}"
CODECOV_RUN_CMD="${CODECOV_RUN_CMD:-upload-coverage}"
Expand Down
31 changes: 29 additions & 2 deletions scripts/validate.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,35 @@ then
chmod +x "$CODECOV_COMMAND"
fi
else
echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
gpg --no-default-keyring --import
# Import GPG key with retry logic and error handling
say "$g==>$x Importing GPG verification key..."
gpg_key_imported=false
for attempt in 1 2 3; do
say "$g ->$x Attempt $attempt to import GPG key"
if gpg_key=$(curl -f -s --retry 3 --retry-delay 2 https://keybase.io/codecovsecurity/pgp_keys.asc 2>&1); then
if [ -n "$gpg_key" ]; then
if echo "$gpg_key" | gpg --no-default-keyring --import 2>&1; then
gpg_key_imported=true
say "$g==>$x GPG key imported successfully"
break
else
say "$y==>$x GPG import failed on attempt $attempt"
fi
else
say "$y==>$x Empty GPG key received on attempt $attempt"
fi
else
say "$y==>$x Failed to download GPG key on attempt $attempt"
fi
if [ $attempt -lt 3 ]; then
sleep 2
fi
done

if [ "$gpg_key_imported" = false ]; then
exit_if_error "Failed to import GPG key after 3 attempts. Please check network connectivity or try setting CODECOV_SKIP_VALIDATION=true"
fi

# One-time step
say "$g==>$x Verifying GPG signature integrity"
sha_url="https://cli.codecov.io"
Expand Down