[BUG] Upload failed: {"message":"Token required because branch is protected"} is unhelpful #1918
Description
Describe the bug
I'm trying to get tokenless to work in forks. And all I get is: https://github.com/check-spelling-sandbox/codecov-action/actions/runs/22902897563/job/66453728930#step:5:418
debug - 2026-03-10 12:40:22,886 -- Upload result --- {"result": "RequestResult(error=RequestError(code='HTTP Error 400', params={}, description='{\"message\":\"Token required because branch is protected\"}\\n'), warnings=[], status_code=400, text='{\"message\":\"Token required because branch is protected\"}\\n')"}
error - 2026-03-10 12:40:22,886 -- Upload failed: {"message":"Token required because branch is protected"}
To Reproduce
Steps to reproduce the behavior:
- Make some small changes to the codecov action to try to get tokenless to behave: check-spelling-sandbox@7eaa932
- https://github.com/check-spelling-sandbox/codecov-action/actions/runs/22902897563/job/66453728930#step:5:418
Expected behavior
Either:
- A clear and concise error explaining what it's talking about. I promise that I did not set up a codecov account and mark the
use-tokenless-for-forkbranch as protected - It should work (which is to say, someone explains what additional changes I need to do to make this actually work at which time we can fix the branch and make a PR to this repository to fix the use case)
Regression
No
Screenshots
Product Area
reporting
Versions
- OS: ubuntu@24
- Git Host: GitHub
- CI/CD: GitHub Actions
- Uploader: codecov-action@7eaa93276766b8789b834df71e1ca5cb9ad9f9f1
Commit and CI link
check-spelling-sandbox@7eaa932
https://github.com/check-spelling-sandbox/codecov-action/actions/runs/22902897563/job/66453728930
Additional context
There are probably a dozen bugs about tokenless and forks. Periodically I come and complain that it's a mess.
I'm currently here because dragonflyoss uses codecov and forks of their repository trigger codecov uploads which fail which results in every workflow failing: https://github.com/check-spelling-sandbox/nydus/actions/workflows/smoke.yml -- some of these fail exclusively because of codecov, and some would also fail because of some change I made. But because they always fail because of codecov, I can't easily see when I broke something. This defeats the point of having a smoketest or ci.