Project

General

Profile

Actions

action #91250

closed

handle codecov Bash Uploader Security Update

Added by okurz over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Organisational
Target version:
Start date:
2021-04-15
Due date:
2021-04-29
% Done:

0%

Estimated time:

Description

Motivation

https://about.codecov.io/security-update/

Suggestions

As far as I can see we only have OSCLOGIN and OSCPASS as secrets within both os-autoinst and openQA.
I don't see where we use these variables if at all. Is this for the OBS check? or not needed anymore?
tinita stated that we likely only used them in the experiment for automatic builds on PRs over GHA.

Actions #1

Updated by okurz over 3 years ago

I will delete these in github in both os-autoinst and openQA and then we see what happens.
The according tokens should also be deleted in OBS. It is not yet clear to which user these belong.

Actions #2

Updated by okurz over 3 years ago

  • Due date set to 2021-04-29
  • Status changed from In Progress to Feedback
  • Priority changed from Urgent to Normal

Actually these were credentials for the complete environment, so not only os-autoinst or openQA. Which repo within the os-autoinst repo uses OSCLOGIN/OSCPASS?

Actions #3

Updated by okurz over 3 years ago

  • Status changed from Feedback to Resolved

Seems like it's all good now

Actions

Also available in: Atom PDF