Issue with setting up coverage with CircleCI #127

lilithxxx · 2019-07-31T05:57:11Z

We are trying to set up codacy with CircleCI and are running into issues because CircleCI does not advise turning on the setting "pass-secrets-to-builds-from-forked-pull-requests" (https://circleci.com/docs/2.0/oss/#pass-secrets-to-builds-from-forked-pull-requests). This setting is necessary to be enabled else the env variable 'CODACY_PROJECT_TOKEN' won't be accessible in the commits and PRs.

So, is it advisable to turn on the above setting and if not, is there any other way the env variable (CODACY_PROJECT_TOKEN) can be accessed?

ljmf00 · 2019-09-04T15:12:34Z

Hi @lilithxxx ,

Passing secrets to builds from forked PRs is dangerous, if you have actual secrets there. Because CODACY_PROJECT_TOKEN is supposed to be private, you should skip the coverage if you don't have that environment variable available.

mrfyda · 2019-11-08T09:40:55Z

I added this as product feedback to our backlog under "Authentication to upload coverage for forks PRs".

gjsduarte assigned ljmf00 Aug 26, 2019

ljmf00 added the question label Sep 4, 2019

ljmf00 mentioned this issue Sep 10, 2019

Add a safe check for coverage report token #133

Merged

ljmf00 added the waiting response label Sep 16, 2019

mrfyda closed this as completed Nov 8, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Issue with setting up coverage with CircleCI #127

Issue with setting up coverage with CircleCI #127

lilithxxx commented Jul 31, 2019 •

edited

ljmf00 commented Sep 4, 2019

mrfyda commented Nov 8, 2019

Issue with setting up coverage with CircleCI #127

Issue with setting up coverage with CircleCI #127

Comments

lilithxxx commented Jul 31, 2019 • edited

ljmf00 commented Sep 4, 2019

mrfyda commented Nov 8, 2019

lilithxxx commented Jul 31, 2019 •

edited