After renaming our GitHub organization, Codecov started rejecting tokenless uploads for a public repository with Token required - not valid tokenless upload, even though org settings were correctly configured to allow tokenless uploads.
The Codecov UI showed “Token authentication for public repositories: Not required” at both org and repo level, and the Codecov GitHub App was reinstalled. Uploads still failed for both maintainer PRs and branch builds unless a token was provided.
Expected behavior
Tokenless uploads should continue working for public repositories after an organization rename.
Actual behavior
Uploads fail with Token required - not valid tokenless upload until the repository is manually erased and re-synced in Codecov.
Resolution / Workaround
Erasing the repository in Codecov (“Danger Zone → Erase repository”) and re-syncing it fixes the issue. This suggests stale backend state tied to the pre-rename organization slug that is not cleared automatically.
Impact
This is non-obvious, disruptive for OSS projects, and results in loss of historical coverage data.
Suggestion
Codecov should automatically migrate or invalidate per-project auth state after an organization rename, or surface a clear warning with a guided fix.
After renaming our GitHub organization, Codecov started rejecting tokenless uploads for a public repository with
Token required - not valid tokenless upload, even though org settings were correctly configured to allow tokenless uploads.The Codecov UI showed “Token authentication for public repositories: Not required” at both org and repo level, and the Codecov GitHub App was reinstalled. Uploads still failed for both maintainer PRs and branch builds unless a token was provided.
Expected behavior
Tokenless uploads should continue working for public repositories after an organization rename.
Actual behavior
Uploads fail with
Token required - not valid tokenless uploaduntil the repository is manually erased and re-synced in Codecov.Resolution / Workaround
Erasing the repository in Codecov (“Danger Zone → Erase repository”) and re-syncing it fixes the issue. This suggests stale backend state tied to the pre-rename organization slug that is not cleared automatically.
Impact
This is non-obvious, disruptive for OSS projects, and results in loss of historical coverage data.
Suggestion
Codecov should automatically migrate or invalidate per-project auth state after an organization rename, or surface a clear warning with a guided fix.