lhotari commented on issue #19952: URL: https://github.com/apache/pulsar/issues/19952#issuecomment-1487997039
For the upload issue, Codecov now recommends to [specify an upload token for the build]((https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954): > Public repositories that rely on PRs via forks will find that they cannot effectively use Codecov if the token is stored as a GitHub secret. The scope of the Codecov token is only to confirm that the coverage uploaded comes from a specific repository, not to pull down source code or make any code changes. > >For this reason, we recommend that teams with public repositories that rely on PRs via forks consider the security ramifications of making the Codecov token available as opposed to being in a secret. I'll first create a ticket to ASF infra for creating the token for apache/pulsar. After the token is available, I can work on an improvement where this token is used for builds and PRs that target apache/pulsar. For builds in own forks, I'll add instructions for setting that up. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
