eliatcodecov
commented
4 months ago While I consider this High priority, it's a deceptive amount of work. We will need to dedicate meaningful time to testing and updating this functionality. In addition, there may even be some UI changes involved to point out how workflows change if OIDC is used. We should likely include this as part of a larger epic to get OIDC fully across the finish line.
Description
I recently re-enabled OIDC auth (only for GH with app integration!). It is not mentioned anywhere in the docs that we support this as an auth method. This is the current extent to which we acknowledge OIDC auth.
I think many current users would switch over to OIDC if they knew it was available and if we had clear setup instructions.
The reason we haven't added documentation is because we haven't done our due diligence in terms of testing the setup with OIDC. We need to walk through the steps to document use - both for an existing repo converting to OIDC and setting up as a new user with OIDC. If we could set up canary repos that use OIDC, we could point to them in the docs, as well as have a way to know if we've accidentally made breaking changes.
Page(s)
Unfortunately, we would need to change every place we reference codecov token requirement, starting with the new repo page in gazebo (
CoverageOnboarding/NewRepoTab, screenshot below), since if you're using OIDC you don't need to do the stuff with therepository upload token(I haven't tested this, this is an assumption).https://docs.codecov.com/docs/quick-start#step-2-get-the-repository-upload-token
Current State
[] Broken Link [] Unclear Language [] Inconsistent Formatting [x] Missing Information [x] Missing Updates for New Features [] Deprecated Features
Additional Information