This week marks the kick-off of deprecating our current GitHub OAuth Application, which has been used to support GitHub Single Sign On to Codecov since Codecov’s inception in 2015. In the coming months, Codecov will transition to using the Codecov GitHub App Integration fully and totally sunsetting our GitHub OAuth application.
There are several reasons that Codecov is making the switch to the GitHub App Integration, the top 3 include:
- GitHub Apps offer more granular permissions than OAuth Apps at the personal and organizational levels, making it easier to ensure Codecov is only asking for the minimum permissions required.
- GitHub Apps give more control to organization owners in managing which integrations they choose to adopt and remove at the organization level.
- GitHub Apps’ rate limits scale better than OAuth Apps because the rate limit is a function of organization size within Github Apps.
For more information regarding the differences between GitHub Apps and OAuth Apps, we recommend starting with this page in GitHub’s documentation.
The first phase of the process includes a message in the Codecov web application UI and PR Comment instructing you to install the Codecov GitHub App Integration for either your personal GitHub account or an organization in which you are a member. (If your organization or account already has the GitHub App Integration installed you will not see this message.)
To make sure your organization members can continue to see or access your organization or any associated repositories, please make sure to install the GitHub App Integration during the timeline listed below:
May 8 – GitHub Login via the OAuth App is replaced with GitHub App Integration Login
May 15 – Codecov temporarily switches back to OAuth App Login.
May 22 – Codecov permanently switches to GitHub App Integration Login.
It is important to ensure that organizations using Codecov have the GitHub App Integration installed. If they do not, users will no longer be able to see the repositories of those organizations on Codecov after we make the switch to GitHub App Integration login.
Setting up the Codecov GitHub app integration
The app can be installed and configured on GitHub. Note: Obtaining email permission is required for us to use the GitHub App Integration for login.
If you are an organization administrator who sees a notification from Codecov either in the app or in a PR comment to install the GitHub App Integration, we strongly recommend you do so. If you see this notification and you are not an administrator, we ask that you inform your organization administrator of the need to install the Codecov GitHub App Integration. Once the GitHub App Integration is installed, these notifications will no longer be present in the Codecov UI or in the PR comment.
Currently, there are many organizations on Codecov that do not have the GitHub App Integration installed. Once we are confident that a switch would negatively impact less than 5% of our user base, we will announce a timeline for full deprecation of the GitHub Oauth App. However,
If you are a user who is not an organization administrator, there is nothing you need to do after the switch. You will simply be guided through the GitHub App Integration login flow the next time you log in to Codecov. If you are an organization administrator and you have installed the App Integration on your organization, there is no further action required. If you have any questions or feedback regarding this change, we encourage you to reach out directly at support@codecov.io
