[BUG] Random fails due to uploader verification key import failing #1876
Description
Describe the bug
Some coverage upload jobs in GHA randomly fail to import the Codecov Uploader (Codecov Uploader Verification Key) <[email protected]> key to GPG, resulting in the later signature verification also failing due to the missing public key to verify with. Restarting the failed job usually works.
To Reproduce
Unknown, randomly happens. Likely external factors.
Expected behavior
Upload success
Regression
unknown
Screenshots
N/A
Product Area
Coverage upload
Versions
- OS: [e.g. linux, ubuntu@v24, macos arm64, windows]
- Git Host: GitHub
- CI/CD: GitHub Actions
- Uploader: [email protected]
Commit and CI link
https://github.com/aio-libs/aiomysql/tree/5b36eb25a969358020e2f4bc81c593c4ceb53f50
https://github.com/aio-libs/aiomysql/actions/runs/17621637277/job/50068536846
Run codecov/[email protected]
Run missing_deps=""
All required system dependencies are available.
Run CC_ACTION_VERSION=$(cat ${GITHUB_ACTION_PATH}/src/version)
==> Running Action version 5.5.1
Run git config --global --add safe.directory "/home/runner/work/aiomysql/aiomysql"
Run CC_FORK="false"
Run actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
Run if [ "false" == 'true' ] && [ "$CC_FORK" != 'true' ];
==> Token set from input
Run if [ -z "$CC_BRANCH" ] && [ -z "$CC_TOKEN" ] && [ "$CC_FORK" == 'true' ]
Run if [ -z "$CC_SHA" ];
Run ${GITHUB_ACTION_PATH}/dist/codecov.sh
_____ _
/ ____| | |
| | ___ __| | ___ ___ _____ __
| | / _ \ / _` |/ _ \/ __/ _ \ \ / /
| |___| (_) | (_| | __/ (_| (_) \ V /
\_____\___/ \__,_|\___|\___\___/ \_/
Wrapper-0.2.7
==> Detected linux
-> Downloading https://cli.codecov.io/latest/linux/codecov
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 10.6M 100 10.6M 0 0 78.2M 0 --:--:-- --:--:-- --:--:-- 78.4M
==> Finishing downloading linux:latest
Version: v11.2.0
gpg: directory '/home/runner/.gnupg' created
gpg: keybox '/home/runner/.gnupg/pubring.kbx' created
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
==> Verifying GPG signature integrity
-> Downloading https://cli.codecov.io/latest/linux/codecov.SHA256SUM
-> Downloading https://cli.codecov.io/latest/linux/codecov.SHA256SUM.sig
gpg: Signature made Thu Aug 21 16:12:56 2025 UTC
gpg: using RSA key 27034E7FDB850E0BBC2C62FF806BB28AED779869
gpg: Can't check signature: No public key
==> Could not verify signature. Please contact Codecov if problem continues
Exiting...
Error: Process completed with exit code 1.
Additional context
N/A