Skip to content

Issue in bbc/ttml-validator #676

Closed
#695
Closed
Issue in bbc/ttml-validator#676
#695

Description

@ewjoachim
ewjoachim
opened on Jun 18, 2026

I'm also getting an error that's most likely a permissions error, which was introduced between 2026-05-21 (last time my workflow ran successfully) and 2026-06-05, during which time I didn't change any permissions on the repo.

The first time it failed was a Dependabot PR that updated actions/checkout from v6 to v6.0.2, which wasn't merged. Earlier Dependabot PRs had successful workflow runs, with the same workflow file.

The second time it failed was another Dependabot PR that updated astral-sh/setup-uv from 8.1.0 to 8.2.0. The actual checkout worked fine: the only thing that failed was the python-coverage-comment-action so I merged the PR just in case it was some artifact of the permissions associated with the PR. That triggered a workflow run from the default branch, which also failed with the same error.

The log result on the failing run, after successfully generating .coverage is un

Open to reveal log result 

Run py-cov-action/python-coverage-comment-action@v3.41
  with:
    GITHUB_TOKEN: ***
    GITHUB_BASE_URL: https://api.github.com/
    COVERAGE_DATA_BRANCH: python-coverage-comment-action-data
    COVERAGE_PATH: .
    COMMENT_ARTIFACT_NAME: python-coverage-comment-action
    COMMENT_FILENAME: python-coverage-comment-action.txt
    MINIMUM_GREEN: 100
    MINIMUM_ORANGE: 70
    MAX_FILES_IN_COMMENT: 25
    MERGE_COVERAGE_FILES: false
    ANNOTATE_MISSING_LINES: false
    ANNOTATION_TYPE: warning
    USE_GH_PAGES_HTML_URL: false
    VERBOSE: false
  env:
    pythonLocation: /opt/hostedtoolcache/Python/3.14.5/x64
    PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.14.5/x64/lib/pkgconfig
    Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.14.5/x64
    Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.14.5/x64
    Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.14.5/x64
    LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.14.5/x64/lib
    UV_PYTHON_INSTALL_DIR: /home/runner/work/_temp/uv-python-dir
    UV_CACHE_DIR: /home/runner/work/_temp/setup-uv-cache
/usr/bin/docker run --name e8d0ed34b744b48d784c6d00dee531_68a6cc --label 463353 --workdir /github/workspace --rm -e "pythonLocation" -e "PKG_CONFIG_PATH" -e "Python_ROOT_DIR" -e "Python2_ROOT_DIR" -e "Python3_ROOT_DIR" -e "LD_LIBRARY_PATH" -e "UV_PYTHON_INSTALL_DIR" -e "UV_CACHE_DIR" -e "INPUT_GITHUB_TOKEN" -e "INPUT_GITHUB_BASE_URL" -e "INPUT_GITHUB_PR_RUN_ID" -e "INPUT_COMMENT_TEMPLATE" -e "INPUT_COVERAGE_DATA_BRANCH" -e "INPUT_COVERAGE_PATH" -e "INPUT_COMMENT_ARTIFACT_NAME" -e "INPUT_COMMENT_FILENAME" -e "INPUT_SUBPROJECT_ID" -e "INPUT_MINIMUM_GREEN" -e "INPUT_MINIMUM_ORANGE" -e "INPUT_MAX_FILES_IN_COMMENT" -e "INPUT_MERGE_COVERAGE_FILES" -e "INPUT_ANNOTATE_MISSING_LINES" -e "INPUT_ANNOTATION_TYPE" -e "INPUT_USE_GH_PAGES_HTML_URL" -e "INPUT_VERBOSE" -e "GITHUB_BASE_URL" -e "GITHUB_TOKEN" -e "GITHUB_PR_RUN_ID" -e "COMMENT_TEMPLATE" -e "COVERAGE_DATA_BRANCH" -e "COVERAGE_PATH" -e "COMMENT_ARTIFACT_NAME" -e "COMMENT_FILENAME" -e "SUBPROJECT_ID" -e "MINIMUM_GREEN" -e "MINIMUM_ORANGE" -e "MERGE_COVER
Notice: Starting action
Notice: HTTP Request: GET https://api.github.com/repos/bbc/ttml-validator "HTTP/1.1 200 OK"
Notice: Computing coverage files & badge
Error: Critical error. This error possibly occurred because the permissions of the workflow are set incorrectly. You can see the correct setting of permissions here: https://github.com/py-cov-action/python-coverage-comment-action#basic-usage
Otherwise please look for open issues or open one in https://github.com/py-cov-action/python-coverage-comment-action/
Traceback (most recent call last):
  File "/workdir/coverage_comment/main.py", line 46, in main
    exit_code = action(
        config=config,
    ...<2 lines>...
        git=git,
    )
  File "/workdir/coverage_comment/main.py", line 93, in action
    return save_coverage_data_files(
        config=config,
    ...<2 lines>...
        repo_info=repo_info,
    )
  File "/workdir/coverage_comment/main.py", line 402, in save_coverage_data_files
    raw_coverage_data, coverage = coverage_module.get_coverage_info(
                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        merge=config.MERGE_COVERAGE_FILES,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        coverage_path=config.COVERAGE_PATH,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/workdir/coverage_comment/coverage.py", line 120, in get_coverage_info
    json_coverage = json.loads(
        subprocess.run("coverage", "json", "-o", "-", path=coverage_path)
    )
  File "/usr/local/lib/python3.14/json/__init__.py", line 352, in loads
    return _default_decoder.decode(s)
           ~~~~~~~~~~~~~~~~~~~~~~~^^^
  File "/usr/local/lib/python3.14/json/decoder.py", line 345, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
               ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.14/json/decoder.py", line 363, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

It looks like it's trying to decode a JSON file that possibly doesn't exist, or is empty, which is odd, and that this failure is being caught and reported as a possible permissions error.

My CI file: https://github.com/bbc/ttml-validator/blob/main/.github/workflows/ci.yml

I tried adding persist-credentials: true and it made no difference.

Any help much appreciated, I'm baffled!

Originally posted by @nigelmegitt in #610

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions