From 68e44a05e9e8a147b0c95c5b0c39692321ab92a1 Mon Sep 17 00:00:00 2001 From: ItsDrike Date: Sat, 13 Jul 2024 18:07:05 +0200 Subject: [PATCH] Use codeclimate reporter id from gh secrets Even though codeclimate doesn't consider the reporter id to be secret, as it doesn't allow accessing any sensitive information and it's write-only, it's still possible to use this id to maliciously upload coverage from other projects as coverage for this project. There isn't much of a reason why anyone would want to do this, all it would achieve is potentially messing up the project status page that shows the coverage score. But just the fact that this is possible is still uncomfortable in my opinion. For that reason, the coverage id for this project has been regenerated and moved to github secrets. --- .github/workflows/unit-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 882eb12e..aefbb498 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -72,7 +72,7 @@ jobs: - name: Upload coverage to codeclimate uses: paambaati/codeclimate-action@v8.0.0 env: - CC_TEST_REPORTER_ID: 0ec6191ea237656410b90dded9352a5b16d68f8d86d60ea8944abd41d532e869 + CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} with: coverageLocations: .coverage.xml:coverage.py