Project

General

Profile

action #91250

handle codecov Bash Uploader Security Update

Added by okurz 3 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Organisational
Target version:
Start date:
2021-04-15
Due date:
2021-04-29
% Done:

0%

Estimated time:
Difficulty:

Description

Motivation

https://about.codecov.io/security-update/

Suggestions

As far as I can see we only have OSCLOGIN and OSCPASS as secrets within both os-autoinst and openQA.
I don't see where we use these variables if at all. Is this for the OBS check? or not needed anymore?
tinita stated that we likely only used them in the experiment for automatic builds on PRs over GHA.

History

#1 Updated by okurz 3 months ago

I will delete these in github in both os-autoinst and openQA and then we see what happens.
The according tokens should also be deleted in OBS. It is not yet clear to which user these belong.

#2 Updated by okurz 3 months ago

  • Due date set to 2021-04-29
  • Status changed from In Progress to Feedback
  • Priority changed from Urgent to Normal

Actually these were credentials for the complete environment, so not only os-autoinst or openQA. Which repo within the os-autoinst repo uses OSCLOGIN/OSCPASS?

#3 Updated by okurz 3 months ago

  • Status changed from Feedback to Resolved

Seems like it's all good now

Also available in: Atom PDF