You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are trying to set up codacy with CircleCI and are running into issues because CircleCI does not advise turning on the setting "pass-secrets-to-builds-from-forked-pull-requests" (https://circleci.com/docs/2.0/oss/#pass-secrets-to-builds-from-forked-pull-requests). This setting is necessary to be enabled else the env variable 'CODACY_PROJECT_TOKEN' won't be accessible in the commits and PRs.
So, is it advisable to turn on the above setting and if not, is there any other way the env variable (CODACY_PROJECT_TOKEN) can be accessed?
The text was updated successfully, but these errors were encountered:
Passing secrets to builds from forked PRs is dangerous, if you have actual secrets there. Because CODACY_PROJECT_TOKEN is supposed to be private, you should skip the coverage if you don't have that environment variable available.
We are trying to set up codacy with CircleCI and are running into issues because CircleCI does not advise turning on the setting "pass-secrets-to-builds-from-forked-pull-requests" (https://circleci.com/docs/2.0/oss/#pass-secrets-to-builds-from-forked-pull-requests). This setting is necessary to be enabled else the env variable 'CODACY_PROJECT_TOKEN' won't be accessible in the commits and PRs.
So, is it advisable to turn on the above setting and if not, is there any other way the env variable (CODACY_PROJECT_TOKEN) can be accessed?
The text was updated successfully, but these errors were encountered: