Use codeclimate reporter id from gh secrets

Even though codeclimate doesn't consider the reporter id to be secret, as it doesn't allow accessing any sensitive information and it's write-only, it's still possible to use this id to maliciously upload coverage from other projects as coverage for this project. There isn't much of a reason why anyone would want to do this, all it would achieve is potentially messing up the project status page that shows the coverage score. But just the fact that this is possible is still uncomfortable in my opinion. For that reason, the coverage id for this project has been regenerated and moved to github secrets.
py-mine · Jul 13, 2024 · 68e44a0 · 68e44a0
1 parent f785eff
commit 68e44a0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -72,7 +72,7 @@ jobs:
       - name: Upload coverage to codeclimate
         uses: paambaati/[email protected]
         env:
-          CC_TEST_REPORTER_ID: 0ec6191ea237656410b90dded9352a5b16d68f8d86d60ea8944abd41d532e869
+          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
         with:
           coverageLocations: .coverage.xml:coverage.py