I'm trying to set up codecov monitoring for a public R package, where GitHub Actions will run covr::codecov
. I'm looking at this .yaml example (Source):
- name: Test coverage
if: matrix.r == '3.6'
run: |
Rscript -e 'remotes::install_github("r-lib/covr@gh-actions")'
Rscript -e 'covr::codecov(token = "${{secrets.CODECOV_TOKEN}}")'
Is it safe for me to put my codecov token in the .yaml file in place of where the above example has CODECOV_TOKEN
?
No, don't put the token in the .yaml file. For use with GitHub Actions, you add the token to the Secrets section of your GitHub repository, then leave the .yaml code above as it is.
Add the secret at the URL (modify with your names): https://github.com/USERNAME/REPONAME/settings/secrets and call it CODECOV_TOKEN. Then this .yaml code will find it.
(You get the repo's codecov token from https://codecov.io/gh/USERNAME/REPONAME)