Release Notes for Codecov v4.4.12

v4.4.12 Changelog

New

  • (Enterprise) Support for AWS IAM Roles for Codecov Enterprise deployments in AWS that use minio with Amazon s3 for storage. More on this change in AWS IAM Role Support for Minio below.
  • (Enterprise) Added environment variable based authentication support for minio authentication. More on this change in AWS IAM Role Support for Minio below
  • Tokenless upload is now fully supported for GitHub Actions
  • Improved base picking behavior for GitHub pull requests for workflows that make heavy use of reverse merging of master into feature branches. Codecov should now better handle these cases and more reliably choose the correct base commit for coverage comparison.
  • (Pro Team) Improved support for incomplete and improper payment edge case behaviors.
  • Bash uploader improvements: better Appveyor support for windows and linux environments, support for new codebuild environment variables, applies adjustments to .swift files.

Fixes

  • Fixed a bug related to plan changes in GitHub Marketplace
  • Fixed an issue where the application could not properly determine the committer for commits made in BitBucket repositories. Due to the nature of BitBucket's API, it is not always possible to determine the commiter for every commit, but this functionality should be vastly improved over the previous implementation.

Minor

  • Removed misleading text related to no coverage changes being present in the Compare/Pulls view.
  • Updated yaml documentation around team bot and various error cases that can arise around the team bot not matching the user account provided in the team yaml.

AWS IAM Role Support for Minio

Thanks to this contribution to the minio python SDK from Codecov team members, AWS IAM Roles are now fully supported in the minio python SDK. As such, these improvements can be leveraged by Codecov Enterprise to support AWS IAM Roles for AWS-based deployments.

In addition to AWS IAM Role support, minio authentication can now occur in three different ways:

  1. Through the use of the MINIO_ACCESS_KEY and MINIO_SECRET_KEY environment variables.
  2. Through the use of the AWS_ACCESS_KEY and AWS_SECRET_KEY environment variables.
  3. Through IAM EC2 Metadata.

Minio attempts to authenticate against all three of these methods in the order indicated above. For example, if you want to utilize IAM EC2 Metadata, you should ensure that the MINIO_ACCESS_KEY and MINIO_SECRET_KEY variables are not provided.

To enable any of these authentication methods, you need to bypass Codecov's default minio connection methods, you can do so by adding the following the your codecov.yml for the Codecov Enteprise Install:

minio:
    iam_auth: true # defaults to false
    iam_endpoint: null # Optional, default is null which causes minio to use the minio/aws default of http://169.254.169.254, supply your own http(s) endpoint to override. See: https://github.com/minio/minio-py/blob/master/minio/credentials/aws_iam.py#L30

Codecov will create a new minio instance connection on each use internally, so as credentials rotate there should be no need to restart the Codecov service, etc.