action #91250
closed
handle codecov Bash Uploader Security Update
Added by okurz about 3 years ago.
Updated about 3 years ago.
Description
Motivation¶
https://about.codecov.io/security-update/
Suggestions¶
As far as I can see we only have OSCLOGIN and OSCPASS as secrets within both os-autoinst and openQA.
I don't see where we use these variables if at all. Is this for the OBS check? or not needed anymore?
tinita stated that we likely only used them in the experiment for automatic builds on PRs over GHA.
I will delete these in github in both os-autoinst and openQA and then we see what happens.
The according tokens should also be deleted in OBS. It is not yet clear to which user these belong.
- Due date set to 2021-04-29
- Status changed from In Progress to Feedback
- Priority changed from Urgent to Normal
Actually these were credentials for the complete environment, so not only os-autoinst or openQA. Which repo within the os-autoinst repo uses OSCLOGIN/OSCPASS?
- Status changed from Feedback to Resolved
Seems like it's all good now
Also available in: Atom
PDF