Github login requesting unecessary elevated permissions

@tom as per indicated on Twitter

Description

As per the latest update (~1 day ago), login to codecov.io via Github always requests elevated access permissions to the repos. As seen in below image, after clicking the “Login with GitHub” option, the following appears requesting private access as well as many other functionalities I believe are not particularly required.

Furthermore, we can see that the organisation’s repo that I want to employ (Ouranosinc) is already permitted. I do not understand why or how to avoid allowing all these permissions (and even worst across all repos?), especially for private ones that I do not necessarily want to grant them.

The morning prior to the update (~1 day ago), I could login in to codecov.io directly via Github and I was not prompted with these either.

Repository

CI/CD

Uploader

Using bash python-codacy-coverage call:

Steps to Reproduce

  1. Login with Github

Expected behavior:
Provided that the repository has already granted access to codecov.io, it should not ask permissions during login.
Effectively, following travis-job that triggered coverage execution was correctly reported by codecov without issues, so no permission seems to be missing to do its task :

Actual behavior:
Invalid prompt requesting more access than needed or applicable.

Flakiness?
All the time since last update.

Additional Information

Hi @fmigneault, thanks for this. Could you try removing your cookies and trying to login again? You shouldn’t be seeing this prompt. Could you also supply network and console errors if you’re still getting prompted?

Clearing the cookies worked. Thanks

1 Like