Features Blog Docs Pricing Explore Changelog

Changelog

New updates and improvements released to Codspeed.

November 19, 2025

Simpler Authentication with OIDC

You can now authenticate your CI workflows using OpenID Connect (OIDC) tokens instead of CODSPEED_TOKEN secrets. This makes integrating and authenticating jobs safer and simpler. OIDC uses short-lived tokens automatically generated by your CI provider (GitHub Actions or GitLab CI). These tokens are cryptographically signed and verified, eliminating the need to manage long-lived secrets.

Backward compatible: Existing workflows using CODSPEED_TOKEN, or public repositories without a token will continue to work without any changes.

How to migrate

GitHub Actions

To use OIDC authentication in GitHub Actions:

Add the required permissions to your workflow file.
Remove the token input from the CodSpeed action step.

Here's an example of migrating a GitHub Actions workflow:

name: Benchmarks

on:
  push:
    branches: [main]
  pull_request:

permissions:
  contents: read # required for actions/checkout
  id-token: write # required for OIDC authentication with CodSpeed

jobs:
  benchmarks:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
      - ... # other setup steps
      - name: Run Benchmarks
        uses: CodSpeedHQ/action@v4
        with:
          run: npm run bench
          mode: instrumentation
          token: ${{ secrets.CODSPEED_TOKEN }}

For public repository forks where OIDC tokens aren't available, CodSpeed automatically falls back to the existing tokenless validation process.

Learn more in our GitHub Actions documentation.

GitLab CI

To use OIDC authentication in GitLab CI:

Add the CODSPEED_TOKEN variable as an OIDC token in your job configuration.
Remove the CODSPEED_TOKEN secret from your project settings.

Here's an example of migrating a GitLab CI workflow:

workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
codspeed:
  id_tokens:
    CODSPEED_TOKEN:
      aud: codspeed.io
  stage: test
  image: python:3.12
  before_script:
    - pip install -r requirements.txt
    - curl -fsSL https://github.com/CodSpeedHQ/runner/releases/latest/download/codspeed-runner-installer.sh | bash -s -- --quiet
    - source $HOME/.cargo/env
  script:
    - codspeed run --mode instrumentation -- pytest tests/ --codspeed

Learn more in our GitLab CI documentation.

Performance Regressions?
Not on Our Watch!

Book a Demo Get Started For Free

Resources Home Pricing Docs Blog GitHub Changelog Advent 🎄

Getting Started Sample repository Explore repositories Support

AboutCareers Contact Us Terms of Service Privacy Policy

{531882}Analyzed Commits

Explore Repos

Backed by

Changelog

Simpler Authentication with OIDC

GitHub Actions

GitLab CI

Performance Regressions?.css-x3npl{display:inline;background-image:linear-gradient(180deg, #FDB982 0%, #FC6E39 62.5%);color:transparent;-webkit-background-clip:text;background-clip:text;}Not on Our Watch!

Performance Regressions?
Not on Our Watch!