GuidesAPIChangelogSupportStatusCodecov HomeTry Codecov for Free
These docs are for v4.6. Click to read the latest docs for v2023.

GitHub App Integration for Codecov Self-Hosted

Suggest Edits

Introduction

Rather than using a Team Bot, a GitHub App Integration can be used in GitHub (Cloud or Self-Hosted) to efficiently onboard new teams to Codecov.

This Github App integration is not a replacement for the Oauth Login setup, which is mandatory.

The App Integration will allow teams to add Codecov directly to their repositories via the GitHub user interface.

This integration is meant to be a replacement for the Team Bot for GitHub (Cloud or Self-Hosted). Using it will ensure that comments are posted to Pull Requests as Codecov, rather than a Team Bot user.

📘

This Approach works for both GitHub and GitHub Enterprise

Regardless of which github version you're using this approach can work for either. However you will need to be mindful of adapting the code snippets to your particular scenario (i.e., github, or github_enterprise in the codecov.yml)

Creating a GitHub App Integration

Copy the below url and replace YOUR_GITHUB_ORG with the organization you wish to create your GitHub app in. Replace CODECOV_URL with the url for your Codecov install. This will preconfigure the GitHub app as detailed below. 

https://github.com/organizations/YOUR_GITHUB_ORG/settings/apps/new?name=Codecov&url=https://CODECOV_URL&callback_urls[]=https://CODECOV_URL/login/github&request_oauth_on_install=true&webhook_active=true&webhook_url=https://CODECOV_URL/webhooks/github&public=false&administration=read&members=read&checks=write&statuses=write&contents=read&issues=read&pull_requests=write&emails=read&events[]=check_run&events[]=check_suite&events[]=create&events[]=delete&events[]=fork&events[]=member&events[]=membership&events[]=organization&events[]=public&events[]=pull_request&events[]=push&events[]=release&events[]=repository&events[]=status&events[]=team_add

🚧

Enable webhooks

Webhooks need to be enabled for the GitHub App to work. This is the method the app uses to connect and communicate with Codecov.

To create a GitHub App Integration for Codecov, first navigate to your organization in the GitHub UI.

708

You can use the drop down in the left sidebar of the Settings page in GitHub to access your organization.

Then from the Sidebar Click Developer Settings > GitHub Apps:

516

Choose "New GitHub App":

1296

🚧

Create the App for your Organization

When creating the GitHub app, ensure that you're creating it for your organization, not your personal account. The URL on the app creation page should read: https://github.com/settings/apps/new

And fill out the relevant fields for app creation:

It's important to set the proper callback URL. They should point to your Codecov Enterprise install as follows:

  • <your-codecov-enterprise-url>/login/ghe

For the webhook URL:

  • <your-codecov-enterprise-url>/webhooks/github_enterprise

You should provide a secret. 

github:
  
    webhook_secret: "<some-secret>"

Once provided, you will want to ensure that you properly provide the secret in the Codecov Enterprise codecov.yml.

Permissions

The following screenshot shows all permissions needed by the app integration, as well as the relevant events. For visibility permissions with a greater setting than "No Access" have been emphasized in green.

Repository Permissions

788

Required repository permissions.

Organization Permissions

768

Required organization permissions

User Permissions

No user permissions are required. All can be set to "No Access"

Events

834

Required user permissions.

📘

Using GitHub.com?

If you're not using GitHub Enterprise, make sure that you only publish this app for your organization.

Generate and Add a PEM file to Codecov.

After creating the GitHub App, Github will prompt you to create a .pem file from the github ui. This will result in a .pem file you can download. Once downloaded you will need to place this file in the same directory as your codecov.yml and docker-compose.yml and update your docker-compose.yml as follows:

web:
  #... other configuration
  volumes:
  	- ./file.pem:/config/file.pem 
worker:
  #... other configuration
  volumes:
  	- ./file.pem:/config/file.pem

You will need to add the integration and webhook_secret sections to the github (or github_enterprise) section of your codecov.yml as follows:

github: 
# ...
  webhook_secret: "ff523b3162ef64604f03c94459"

# values from the Github App integration
  integration:
    id: 63040 # App ID value shown on 
your integration's page in GitHub
    pem: /config/file.pem # path to the pem file you 
created in the `web` and `worker` containers.

Install App Integration to your organizations

Depending on your GitHub settings, you may have to install the Codecov Github App on any organizations that you wish to use it with. This can be done from the app settings screen.

1048

After installing the app you can verify installation on the organization's installed GitHub apps page.

1618

Troubleshooting

  • If you don't receive comments on Pull Requests for Repositories with the App Integration installed, visit the repo settings page for that particular repository on your Codecov Enterprise install:

For GitHub.com:
<your-codecov-enterprise-url>/gh/<org-name>/><repo-name>/settings

For GitHub Enterprise:
<your-codecov-enterprise-url>/ghe/<org-name>/><repo-name>/settings

Once there, check the "GitHub Webhook" section and press the "Create Web Hook" button if a webhook is not already set.

Updated over 1 year ago