> On Apr 16, 2021, at 11:26 AM, Adi Roiban <a...@roiban.ro > <mailto:a...@roiban.ro>> wrote: > > For twisted/twisted and I think that other repos the main secret available > for GitHub Action is the PYPY upload token.
Just to make sure here - you mean PyPI, right? > I guess that what we can do is stop using the codecov.io <http://codecov.io/> > bash uploaded and > switch back to python uploader. > > Any other ideas ? I think we are actually OK given the constraints on the env vars, but just to be safe, we should invalidate / rotate the PyPI upload token. Any admins have a few spare minutes to do that? (And likeā¦ check to make sure nobody uploaded anything surprising on our project page ;-)). -g
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
