When looking at moving CI to Actions I notice the codecov token is in .travis.sh. It's best practice to store those sorts of tokens as secure environment variables for the repository rather than as plain text with the rest of the code as they're essentially passwords. More info here. If we move back to Travis, it has an equivalent place to store the token.

That's correct, when I set up .travis.yml at the time, I had to insert the token in the because the repository is private. With the Github actions, the file was removed so I guess this is not an issue anymore?

I've just moved it from .travis.yml to here so could still do with regenerating a new, different token, and moving to a private github variable.

Ok, I see you just moved the token. I will have a look at this when I have time. For some reason, I struggled to add this to a private Github variable but will give this another try later in the future

Feel free to give me a shout if you get stuck.

I sorted it, I'm fully convinced with Github Actions. It's free and quite comprehensive and the workflow you wrote is really good. I just replaced the line in here with "codecov -t ${{ secrets.CODECOV_TOKEN }}". I added the CODECOV_TOKEN to the Github environment. I did it in the ongoing PR #91