Codecov Enterprise stores uploaded coverage reports in a persistent archive. This archive is optional, but much of Codecov's more advanced functionality -- such as overlaying coverage on diffs -- isn't possible without using it.
Starting with version 4.4.0, the archive is supported using minio, which provides an S3-like abstraction to any underlying storage. This allows Codecov to support a myriad of storage back ends that can allow you to tailor report archival directly to your needs and internal requirements.
? Cloud Storage is supported by Codecov Enterprise v4.4.4 or newer
Codecov Enterprise versions 4.4.0 to 4.4.3 do not support S3, Google Cloud Storage, etc as possible storage backends. If you're using one of these versions and wish to leverage cloud storage, it is recommended to upgrade first.
Some minio configuration is unique to v4.4.4+. This configuration is noted inline wherever configuration is displayed below.
? Archived reports may contain source code
Some languages include source code with coverage reports (ex., Swift, gcov, Lua).
There are two basic steps to archive deployment with minio:
Setup minio in accordance with your infrastructure/dev ops best practices
Provide credentials to access that minio install in your
codecov.yml configuration for minio is as follows:
1services: 2 minio: 3 hash_key: <random string used to obfuscate report data> 4 verify_ssl: false # use true for SSL termination on minio 5 host: minio # v4.4.4+ set to host where minio is installed 6 port: 9000 7 bucket: archive # bucket name in storage 8 region: None # region where bucket is stored (e.g., us-east1) 9 access_key_id: "codecov-default-key" 10 secret_access_key: "codecov-default-secret" 11 dsn: "http://minio:9000" #for v4.4.3 and below only. 12 periodic_callback_ms: 10800000 #bool or int. set to false to disable fully 13 expire_raw_after_n_days: 30 #int. default is 30 days. 14
This is the basic configuration for minio. Each of the sections is described below:
hash_key - a random string used to obfuscate the repositories for which reports are associated. Once this is set and reports are uploaded, do not change it. A default is supplied if this is not specified in your
verify_ssl - set this to true if you're deploying minio using SSL.
host - v4.4.4+ the host name of your minio deployment if it is deployed separately from your Codecov Enterprise install. Examples include:
minio.my-company.com. Defaults to
port - the port number where minio is accessible at
host. Defaults to 9000
region - for cloud storage backends, this is the region where the bucket was created.
access_key_id - the key used to access the minio ui, doubles as auth for some cloud storage backends. Default is "codecov-default-key", we highly recommend changing this
secret_access_key - the secret used to access the minio ui, doubles as auth for some cloud storage backends. Default is "codecov-default-secret" we highly recommend changing this.
periodic_callback_ms - If set to an int, N, codecov will attempt to periodically delete raw uploads from the archive that are older than
expire_raw_after_n_daysold every N ms. The default age is thirty days. Setting this to
falsewill preserve all uploaded reports in perpetuity.
expire_raw_after_n_days - The number of days to keep raw uploaded reports. By default, 30 days. This setting is ignored if
periodic_callback_msis set to
Configuration I: Minio with Docker Volume
The most basic deployment is to use minio as a docker container in your Enterprise
docker-compose.yml and back it with a Docker volume. The benefit to this approach is that it's very easy to setup and is generally recommended for the trial or proof of concept stage of your Codecov Enterprise deployment.
This is the default setup for archive storage if you follow the Codecov Enterprise Deploying with Docker install instructions. There is no need to update any configuration to use minio with a docker volume, it is the default supported use case.
To support minio with a docker volume, the following is used in
1minio: 2 image: minio/minio:RELEASE.2018-08-02T23-11-36Z #earliest known working release 3 command: server /export 4 labels: 5 - "traefik.tags=web" 6 - "traefik.backend=minio" 7 - "traefik.port=9000" 8 - "traefik.frontend.rule=PathPrefix: /archive,/minio" 9 ports: 10 - "9000" 11 environment: 12 - MINIO_ACCESS_KEY=codecov-default-key 13 - MINIO_SECRET_KEY=codecov-default-secret 14 volumes: 15 - archive-volume:/export 16 networks: 17 - codecov 18
Configurable options are as follows:
volumes - by default Codecov Enterprise uses a volume created in the
docker-compose.ymlfile. If you want to use a persistent storage option, such a mounted network drive, you do so by changing the volume parameter:
MINIO_ACCESS_KEY and MINIO_SECRET_KEY in this configuration these are only used as login credentials for the minio browser UI. They can be changed to anything you like as long as the appropriate changes are made in
1services: 2 minio: 3 access_key_id: <minio-access-key> 4 secret_access_key: <minio-secret-key> 5
In the default configuration, the
minio configuration in
codecov.yml is not needed. However, if you update the
MINIO_SECRET_KEYyou should include those changed values as demonstrated above.
? Configurations II and III assume you're using docker-compose.yml
Configurations II and III detail how to setup minio in your
backed with S3 or Google Cloud Storage. You can follow the examples below, and the minio docs for other storage options, such as Azure and NAS.
Configuration II: Minio with S3
? Create your Bucket First
When using S3 it is important to make sure that your bucket is created before starting Codecov Enterprise with minio in this configuration
? The following configuration requires Codecov Enterprise v4.4.4
Using minio with S3 is only available for Codecov Enterprise v4.4.4 and newer
You can use minio with s3 by updating the
1minio: 2 image: minio/minio 3 command: gateway s3 4 labels: 5 - "traefik.tags=web" 6 - "traefik.backend=minio" 7 - "traefik.port=9000" 8 - "traefik.frontend.rule=PathPrefix: /archive,/minio,/<aws-bucket-name>" 9 ports: 10 - "9000" 11 environment: 12 - MINIO_ACCESS_KEY=<AWS Acess Key> 13 - MINIO_SECRET_KEY=<AWS Secret> 14 networks: 15 - codecov 16
1services: 2 minio: 3 bucket: <bucket-name> 4 region: <bucket-region> 5 access_key_id: <AWS Access Key> 6 secret_access_key: <AWS Secret> 7 iam_auth: <boolean, default false> 8
Be sure to substitute
<aws-bucket-name>with the S3 bucket you created.
MINIO_SECRET_KEYmust be set to the AWS Access Key and Secret of an account that can properly access your bucket in S3.
secret_access_keyin the codecov.yml file must also match the AWS Access Key and AWS Secret provided in the
iam_authcan be set to true when running in AWS. It will attempt to authenticate via the role associated with the instance.
Configuration III: Minio with Google Cloud Storage
Create Your Bucket and Service Account First
Before restarting Codecov Enterprise to use a Google Cloud Storage bucket, make sure that bucket exists and you've created a service account that can properly access the bucket.
The following configuration requires Codecov Enterprise v4.4.4
Using minio with Google Cloud Storage is only available for Codecov Enterprise v4.4.4 and newer.
You can use minio with Google Cloud Storage by updating the
docker-compose.yml and the
In addition to creating the bucket in GCS first, you must take the extra step of creating a Google Cloud Service Account that can access minio. You must also download the corresponding credentials.json file for the service account. The minio documentation outlines how to do this.
After the bucket has been created and you've downloaded the credentials.json file, you can update your docker-compose.yml and codecov.yml
1minio: 2 image: minio/minio:RELEASE.2018-08-02T23-11-36Z 3 command: gateway gcs 4 labels: 5 - "traefik.tags=web" 6 - "traefik.backend=minio" 7 - "traefik.port=9000" 8 - "traefik.frontend.rule=PathPrefix: /archive,/minio,/<your-bucket-name>" 9 ports: 10 - "9000" 11 volumes: 12 - ./path/to/your/credentials.json:/credentials.json 13 environment: 14 - GOOGLE_APPLICATION_CREDENTIALS=/credentials.json 15 - MINIO_ACCESS_KEY=<minio-dashboard-username> 16 - MINIO_SECRET_KEY=<minio-dashboard-pass> 17 networks: 18 - codecov 19
1minio: 2 hash_key: <a-hash-key> 3 verify_ssl: <true/false> 4 bucket: <your-bucket-name> 5 region: <your-bucket-region> 6 access_key_id: <minio-dashboard-username> 7 secret_access_key: <minio-dashboard-pass> 8
Be sure to change
docker-compose.ymlwith the name of the bucket you create in GCS.
GOOGLE_APPLICATION_CREDENTIALSenvrionment variable should point to the location of the credentials file in the minio container (typically /credentials.json)
MINIO_SECRET_KEYare only used to login to the minio UI dashboard in this configuration.
Configuration IV: External Minio
? The following configuration requires Codecov Enterprise v4.4.4
External minio is only supported with Codecov Enterprise v4.4.4 and newer.
Finally, it may be desired to run minio outside the default docker-compose setup. This is typically required for more advanced deployments, such as those in kubernetes.
The minio site outlines various deployment strategies that may be of interest, and it is beyond the scope of this documentation to detail each one.
However, if you're going to deploy minio outside of docker-compose, you still need to update the
1services: 2 minio: 3 verify_ssl: false # use true for SSL termination on minio 4 host: minio.my-company.com 5 port: 9000 6 bucket: <your storage bucket name> 7 region: <your bucket region> 8 access_key_id: <your minio access key> 9 secret_access_key: <your minio secret key> 10
verify_sslto true if you want to use minio with HTTPS. You'll need to follow minio's TLS guide to ensure your minio server is configured properly for this.
regionparameters can be ommitted if your hosted version of minio does not use cloud storage.
Migrating Data from an Existing Setup
If you are using an older version of Codecov Enterprise and want to migrate your archived report data, please contact us at email@example.com, or other communication channels you may already have in place.
In nearly all cases, it is possible with some amount of effort to move legacy archival data to Codecov v4.4.x, and in some cases even migrate that data to a cloud based storage backend.
Was this article helpful?
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
We appreciate your effort and will try to fix the article