Is the verbose mode (-v
) supposed to let the clear-text token into the output of codecov -v create-commit
?
#469
Labels
bug
Something isn't working
Here https://github.com/pytest-dev/pytest/actions/runs/9746387730/job/26896668869?pr=12553#step:9:66 I noticed that one debug log entry has it sanitized, and the other reveals the token value within an escaped JSON string. I haven't attempted debugging why this is happening, but it seems it might be related to said escaping.
It's not very problematic in this specific project, though.
P.S. Your own dogfooding step @ https://github.com/codecov/codecov-cli/actions/runs/9715039688/job/26815507245#step:6:2 does not manifest this problem since it only invokes
do-upload
and doesn't runcreate-commit
as the action wrapper does.P.P.S. Many people use
${{ secrets.CODECOV_TOKEN }}
in the GHA realm, so GHA masks the value for them, on a different level. But when the value is not coming from a secret, it's not hidden by the platform.The text was updated successfully, but these errors were encountered: