This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Implement Github OIDC authentication to Github actions #53
Labels
You can continue the conversation there. Go to discussion →
What product do you want to improve?
uploader and codecov-api
Is your feature request related to a problem? Please describe.
no
Describe the solution you'd like
Currently minimal github action pipeline is following:
However, the I would like to propose removal of tokens in GHA pipelines. That can be achieved by using Github (or github enterprise) OIDC authentications (https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect).
After uploader and codecov-api supports Github oidc the new way of doing should be:
No more hassle with the hardcoded tokens and copy pasting them!
Basically, you can get the id token in github actions https://github.com/elisa-actions/healthcheck-event/blob/main/src/main.ts#L57 and that can be used for authenticating. Of course then codecov-api needs logic to verify the github id token correctly.
The text was updated successfully, but these errors were encountered: