Codecov wanted #463
Replies: 4 comments 1 reply
-
|
Since Codecov seems to be a serious security issue (if I read that email correctly) then I don't see any reason to add it back. |
Beta Was this translation helpful? Give feedback.
-
|
If I understood the NERSC email correctly, then the issue was a compromise at Codecov in which the attacker used the Codecov access token to get sensitive data from GitHub repositories. This should be fixable by replacing the access tokens. One would hope that Codecov will protect themselves a little bit better in the future. I don't see using Codecov as inherently more dangerous than other external services. As an aside, at this point we are only authorizing Docker Hub because we are hosting our CI images there. The reason we were using Codecov was that I had hoped that a coverage analysis could help us in adding more tests. If we still think that having code coverage analysis we should re-enable the tests. |
Beta Was this translation helpful? Give feedback.
-
|
I agree, the question is whether codecov was useful. I personally did not find it to be so. FWIW. |
Beta Was this translation helpful? Give feedback.
-
|
Well to be honest I thought the same. I just wanted to make sure this feature doesn't get lost in case someone really, really wants it back 😄 |
Beta Was this translation helpful? Give feedback.
-
|
I submitted #465 to clean up the README @jmohdyusof |
Beta Was this translation helpful? Give feedback.
-
As I pointed out in #459 we dropped using Codecov a while back when we transitioned to using GitHub Actions. Do we want this test back?
Beta Was this translation helpful? Give feedback.
All reactions