You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using an account to generate an OAuth token with Codecov for the bot means:
A license must be used at GitLab purely for authenticating to Codecov (if you want a "bot" account)
If you want to save a license, you can use a user account, but then messages from Codecov are posted as that user which leads to confusion and ambiguity when reading MRs.
The OAuth expires without notice, so when using a GitLab user account, one day Codecov will just break without notification until after multiple days of having Codecov Support and my team troubleshoot the issue only to realize that just re-authenticating with the GitLab "bot" account to Codecov gets a new OAuth fixes everything, which leads to wasted resources and poor CX.
Goes against "general" security practices of token management and expiration for application integrations (managing a token fits in well to existing processes for 3rd party integration)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Instead of requiring a single user's OAuth token to interact with your repositories, supporting GitLab's Group, Project, and/or Personal Access Tokens would be beneficial.
Using an account to generate an OAuth token with Codecov for the bot means:
Thanks for listening!
Beta Was this translation helpful? Give feedback.
All reactions