Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

GitHub Actions actually requires you to explicitly pass secrets to individual steps. If you're using GitHub Actions, what got leaked was the commit metadata, and the codecov token itself. Unless you manually passed the entire environment to the codecov step, that is.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: