Codecov token stored in CI scripts
alexdaniel654 opened this issue · comments
When looking at moving CI to Actions I notice the codecov token is in .travis.sh
. It's best practice to store those sorts of tokens as secure environment variables for the repository rather than as plain text with the rest of the code as they're essentially passwords. More info here. If we move back to Travis, it has an equivalent place to store the token.
That's correct, when I set up .travis.yml at the time, I had to insert the token in the because the repository is private. With the Github actions, the file was removed so I guess this is not an issue anymore?
I've just moved it from .travis.yml
to here so could still do with regenerating a new, different token, and moving to a private github variable.
Ok, I see you just moved the token. I will have a look at this when I have time. For some reason, I struggled to add this to a private Github variable but will give this another try later in the future
Feel free to give me a shout if you get stuck.