Login with Github always redirects back to the Login page

[rahul-roy-glean]

I'm trying out the self-hosted setup with Docker compose and trying to enable a login with GH.
I have setup the GH app as mentioned in the guide and trying to login with the same.
My docker compose looks like -

version: "3"

services:
  gateway:
    image: codecov/self-hosted-gateway:latest-stable #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    volumes:
      - ./config:/config
      - ${CODECOV_SSL_CERT-/cert/codecov.pem}:/etc/codecov/ssl/certs/cert.crt:ro # uncomment if using ssl
      - ${CODECOV_SSL_KEY-/cert/privkey.pem}:/etc/codecov/ssl/certs/cert.crt.key:ro
    ports:
      - "${CODECOV_PORT-8080}:8080"
      - "${CODECOV_SSL_PORT-8443}:8443" # uncomment if using ssl
    environment:
      - CODECOV_GATEWAY_MINIO_ENABLED=true
      - CODECOV_GATEWAY_SSL_ENABLED=true # uncomment if using ssl
    networks:
      - codecov
    depends_on:
      - api
      - frontend

  frontend:
    image: codecov/self-hosted-frontend:latest-stable #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    environment:
      - CODECOV_BASE_HOST=localhost:8443
      - CODECOV_API_HOST=localhost:8443
      - CODECOV_IA_HOST=localhost:8443
      - CODECOV_SCHEME=http
    volumes:
      - ./config:/config:z
      - ${CODECOV_SSL_CERT-/cert/codecov.pem}:/etc/nginx/codecov.crt:ro
      - ${CODECOV_SSL_KEY-/cert/privkey.pem}:/etc/nginx/codecov.key:ro
    ports:
      - "8080"
    networks:
      - codecov

  api:
    image: codecov/self-hosted-api:latest-stable #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    volumes:
      - ./config:/config:z
    networks:
      - codecov
    depends_on:
      - minio
      - timescale
      - postgres
      - redis

  worker:
    image: codecov/self-hosted-worker:latest-stable #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    environment:
      - RUN_ENV=ENTERPRISE
    volumes:
      - ./config:/config
      - archive-volume:/archive
    networks:
      - codecov
    depends_on:
      - minio
      - redis
      - postgres
      - timescale

  redis:
    image: redis:6-alpine
    volumes:
      - redis-volume:/data
    networks:
      - codecov

  postgres:
    image: postgres:14-alpine
    environment:
      - POSTGRES_PASSWORD=testpassword
      - POSTGRES_USER=postgres
      - POSTGRES_DB=postgres
    volumes:
      - postgres-volume:/var/lib/postgresql/data
    networks:
      - codecov

  timescale:
    image: timescale/timescaledb-ha:pg14-latest
    environment:
      - POSTGRES_PASSWORD=testpassword
      - POSTGRES_USER=postgres
      - POSTGRES_DB=postgres
    volumes:
      - timescale-volume:/var/lib/postgresql/data
    networks:
      - codecov

  minio:
    image: minio/minio:RELEASE.2020-04-15T00-39-01Z
    command: server /export
    ports:
      - "${CODECOV_MINIO_PORT-9000}:9000"
    environment:
      - MINIO_ACCESS_KEY=codecov-default-key
      - MINIO_SECRET_KEY=codecov-default-secret
    volumes:
      - archive-volume:/export
    networks:
      - codecov

volumes:
  postgres-volume:
  timescale-volume:
  redis-volume:
  archive-volume:

networks:
  codecov:
    driver: bridge

and my codecov.yml looks like

  codecov_url: https://35.188.12.198:8443
  enterprise_license: "<some_license>"
  # https://docs.codecov.com/docs/configuration#instance-wide-admins
  admins:
    - service: github
      username: "<GH Username>"
  http:
    cookie_secret: "1234abcxyz"
  timeseries:
    enabled: true
github:
  integration:
    id: 22
    pem: /config/file.pem
  client_id: "<some_id>"
  client_secret: "<some_secret>"
  global_upload_token: "<upload-token>"
services:
  redis_url: "redis://redis:6379"
  database_url: "postgres://postgres:testpassword@postgres:5432/postgres"
  timeseries_database_url: "postgres://postgres:testpassword@timescale:5432/postgres"
  minio:
    host: minio
    port: 9000

I haven't been able to perform a login with GH, in the worker logs i see something like -

{"message": "Warning: login request is missing state or has disagreeing state", "asctime": "2024-06-26 04:24:33,493", "name": "codecov_auth.views.base", "levelname": "WARNING", "lineno": 141, "pathname": "/app/codecov_auth/views/base.py", "funcName": "get_redirection_url_from_state", "threadName": "MainThread", "taskName": null, "logger.name": "codecov_auth.views.base", "logger.thread_name": "MainThread", "level": "WARNING"}
{"h": "192.168.240.9", "t": "[26/Jun/2024:04:24:33 +0000]", "r": "GET /login/gh?code=4521914e2b612b721886&state=5664647f224048439cad99a99de6444e HTTP/1.1", "s": "302", "b": "0", "f": "-", "a": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36", "taskName": null}
{"message": "GraphQL Request", "asctime": "2024-06-26 04:24:33,815", "name": "graphql_api.views", "levelname": "INFO", "lineno": 223, "pathname": "/app/graphql_api/views.py", "funcName": "post", "threadName": "ThreadPoolExecutor-9_0", "taskName": "Task-41", "server_hostname": "b77eb9829181", "request_method": "POST", "request_path": "/graphql/gh", "request_body": {"query": "query GetLoginProviders { config { loginProviders } }", "variables": {}}, "user": "AnonymousUser", "logger.name": "graphql_api.views", "logger.thread_name": "ThreadPoolExecutor-9_0", "level": "INFO"}

Could someone please help here ?

[bert0RM]

I am also seeing this issue. I've attached a video for reference.

Screen.Recording.2024-06-30.at.11.29.01.PM.mov

[tekkeitserktok]

Same than this one with gitlab : #34

[bert0RM]

This fixed the issue for me: #42
@rahul-roy-glean @tekkeitserktok Can you please test this on your end?
@jason-ford-codecov Can you review the PR?

[tekkeitserktok]

Hello @bert0RM, I use MY_IP.nip.io for codecov and gitlab.local domains for my local setup.
Will it work ? Or do I need to change other parameters in my config ?
I use "latest-calver" tag for docker images btw.

Thanks !

[bert0RM]

@tekkeitserktok The change works for the default docker compose setup. Im not sure how nip.io works but what did you set the cookies_domain to? and what host are you using for the self-hosted-frontend?

[tekkeitserktok]

@bert0RM , here is my config for the frontend part:
`
frontend:
image: codecov/self-hosted-frontend:latest-calver
environment:
- CODECOV_BASE_HOST=10.84.31.161.nip.io:8080
- CODECOV_API_HOST=10.84.31.161.nip.io:8080
- CODECOV_IA_HOST=10.84.31.161.nip.io:8080
- CODECOV_SCHEME=http
volumes:
- ./config:/config
ports:
- "8080"
networks:
- codecov

`

I tried "localhost" and "nip.io" for the cookie_domain config but it didn't work

[bert0RM]

Can you try 10.84.31.161 or 10.84.31.161.nip.io for the cookie_domain?

[hamzaaitbenyissa]

I am also seeing this issue. I've attached a video for reference.

Screen.Recording.2024-06-30.at.11.29.01.PM.mov

Thanks for your efforts to fix the issue. I am testing the same flow using Docker Compose and ngrok but am still encountering the same issue. When I tried using an older version of codecov-api. This issue disappeared, but other issues arose. I have also tested your proposed solutions by setting cookie_domain, but it did not resolve the problem. any idea ?

[tekkeitserktok]

Can you try 10.84.31.161 or 10.84.31.161.nip.io for the cookie_domain?

I tried, it didn't work :'(

[MrVinceZ]

I have the same problem
I've tried @bert0RM method with "localhost" or my domain name but without success.

I've tried the latest-calver, latest-stable and 24.4.1

[disberd]

Also having this same issue with a self-hosted gitlab instance

[garaemon]

@bert0RM 's PR fixed my issue! Thanks!

[adiRandom]

Hey!
Same issue here. I have the docker containers behind nginx. I tried setting cookie_domain to both localhost and the ip of the server (no domain attached to it), but without success

Edit: Here are the relevant configs:

  gateway:
    image: codecov/self-hosted-gateway:latest-calver #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    volumes:
      - ./config:/config
      #- ${CODECOV_SSL_CERT-/cert/codecov.crt}:/etc/codecov/ssl/certs/cert.crt:ro # uncomment if using ssl
    ports:
      - "${CODECOV_PORT-8080}:8080"
      #- "${CODECOV_SSL_PORT-8443}:8443" # uncomment if using ssl
    environment:
      - CODECOV_GATEWAY_MINIO_ENABLED=true
      #- CODECOV_GATEWAY_SSL_ENABLED=true # uncomment if using ssl
    networks:
      - codecov
    depends_on:
      - api
      - frontend

  frontend:
    image: codecov/self-hosted-frontend:latest-calver #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    environment:
      - CODECOV_BASE_HOST=18.156.69.72
      - CODECOV_API_HOST=18.156.69.72
      - CODECOV_IA_HOST=18.156.69.72
      - CODECOV_SCHEME=http
    volumes:
      - ./config:/config
    ports:
      - "8080"
    networks:
      - codecov

  api:
    image: codecov/self-hosted-api:latest-calver #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    volumes:
      - ./config:/config
    networks:
      - codecov
    depends_on:
      - minio
      - timescale
      - postgres
      - redis

setup:
  codecov_url: "http://18.156.69.72"
  enterprise_license: "<license>"
  admins:
    - service: github
      username: "adiRandom"
  http:
    cookie_secret: "<secret>"
    cookies_domain: localhost #also tried 18.156.69.72
  timeseries:
    enabled: true

[mrtnin]

@rahul-roy-glean @adiRandom and others using GitHub.com:
In the GitHub App settings, ensure that the callback URL is example.com/login/gh, not example.com/login/ghe
ghe = GitHub Enterprise