Blog Post

Codecov is Updating its Github Integration

January 10, 2023 Eli Hooten

Github Logo plus Codecov Logo

This week marks the kick-off of deprecating our current GitHub OAuth Application, which has been used to support GitHub Single Sign On to Codecov since Codecov’s inception in 2015. In the coming months, Codecov will transition to using the Codecov Github App Integration fully and totally sunsetting our GitHub OAuth application.

There are several reasons that Codecov is making the switch to the GitHub App Integration, the top 3 include:

  • GitHub Apps offer more granular permissions than OAuth Apps at the personal and organizational levels, making it easier to ensure Codecov is only asking for the minimum permissions required.
  • GitHub Apps give more control to organization owners in managing which integrations they choose to adopt and remove at the organization level.
  • GitHub Apps’ rate limits scale better than OAuth Apps because the rate limit is a function of organization size within Github Apps.

For more information regarding the differences between GitHub Apps and OAuth Apps, we recommend starting with this page in GitHub’s documentation.

The first phase of the process includes a message in the Codecov web application UI and PR Comment instructing you to install the Codecov GitHub App Integration for either your personal GitHub account or an organization in which you are a member. (If your organization or account already has the GitHub App Integration installed you will not see this message.)

Migrating Codecov’s login from the OAuth App to the GitHub App is not straightforward, and will require some period of time for us to accomplish fully. The precise timeline for this migration has not been determined, but we’re encouraging GitHub users to adopt the App Integration before March of 2023 to prevent any potential future interruption in service.

It is important to ensure that organizations using Codecov have the GitHub App Integration installed. If they do not, users will no longer be able to see the repositories of those organizations on Codecov after we make the switch to GitHub App Integration login.

If you are an organization administrator who sees a notification from Codecov either in the app or in a PR comment to install the GitHub App Integration, we strongly recommend you do so. If you see this notification and you are not an administrator, we ask that you inform your organization administrator of the need to install the Codecov GitHub App Integration. Once the GitHub App Integration is installed, these notifications will no longer be present in the Codecov UI or in the PR comment.

Currently, there are many organizations on Codecov that do not have the GitHub App Integration installed. Once we are confident that a switch would negatively impact less than 5% of our user base, we will announce a timeline for full deprecation of the GitHub Oauth App. However,

If you are a user who is not an organization administrator, there is nothing you need to do after the switch. You will simply be guided through the GitHub App Integration login flow the next time you log in to Codecov. If you are an organization administrator and you have installed the App Integration on your organization, there is no further action required. If you have any questions or feedback regarding this change, we encourage you to reach out directly at support@codecov.io

Before we redirect you to GitHub...
In order to use Codecov an admin must approve your org.